fix: use encryption key

[tzskp1]

WHY

• The original implementation uses a broken ECDH scheme and does not utilize an encryption key.
• The original implementation unnecessarily uses BIP32.
• The original implementation signs twice in the DIDComm encryption service.
• The original code is unclean and lacks proper structure.

WHAT

• I corrected the encryption service to use an encryption key. To achieve this, I modified the create operation payload of Sidetree to include the encryption public key.
• I removed BIP32 and the anyhow crate from the code and dependencies.
• I switched to using a high-level PRNG (rand_core).
• I updated the naming conventions to follow Rust guidelines.
• I minimized the use of Box<dyn trait> to enhance performance and readability.
• I refactored the interfaces (traits) for better structure.
• I removed extensions with poorly designed interfaces (C function symbols).
• I corrected the typo in the recovery key (recover).
• I upgraded the dependencies to their latest versions.
• I migrate async-trait to trait-variant.

[tzskp1]

This procedure is totaly insane.

First, secp256k1 is not adapted to DIDComm encryption.

See:

• https://identity.foundation/didcomm-messaging/spec/#curves-and-content-encryption-algorithms

Second, the didcomm-rs api does the ecdh scheme. However, this implementation does the ecdh scheme before calling the didcomm-rs api.
In other words, this implementation performs the ecdh scheme twice.

See:

• https://github.com/nodecross/didcomm-rs/blob/b206c57b85165dec6e4e5a8f734b27ad5ef7befe/src/messages/message.rs#L633
  • https://github.com/nodecross/didcomm-rs/blob/b206c57b85165dec6e4e5a8f734b27ad5ef7befe/src/messages/message.rs#L522
    • https://github.com/nodecross/didcomm-rs/blob/b206c57b85165dec6e4e5a8f734b27ad5ef7befe/src/messages/helpers/encryption.rs#L140
      • https://github.com/nodecross/didcomm-rs/blob/b206c57b85165dec6e4e5a8f734b27ad5ef7befe/src/messages/helpers/encryption.rs#L366

In addition, this implementation uses the seal_signed API even though the message is converted to VC.

[tzskp1]

DIDComm Sequence Diagram (New Implementation)

sequenceDiagram
  autonumber
  actor app1 as Your App1
  participant agent1 as NodeX Agent
	actor app2 as Your App2
  participant agent2 as NodeX Agent
	participant studio as NodeX Studio
  participant sidetree as Sidetree
  
	app1->>agent1: /create-didcomm-message
  Note left of agent1: Message
	agent1->>agent1: sign as VC
  Note left of agent1: Use signing secret key of agent1 from the keyring.
  agent1->>sidetree: get DIDDocument of agent2
  sidetree-->agent1: response
	agent1->>agent1: encrypt as DIDComm message
	Note left of agent1: Use encryption public key of agent2 from the DIDDocument.
  Note left of agent1: Use encryption secret key of agent1 from the keyring.
	agent1->>studio: http post
	Note right of agent1: Log(from, to, message_id, code)
	studio-->agent1: response
	agent1-->app1: Message(Encrypted)

  app1->>app2: send over any transport
	Note left of app2: Message(Encrypted)

	app2->>agent2: /verify-didcomm-message
  Note left of agent2: Message(Encrypted)
  agent2->>agent2: check that what is sender DID
  agent2->>sidetree: get DIDDocument of sender
  sidetree-->agent2: response
	agent2->>agent2: decrypt as DIDComm message
	Note left of agent2: Use encryption public key of agent1(sender) from the DIDDocument.
  Note left of agent2: Use encryption secret key of agent2 from the keyring.
	agent2->>agent2: verify as VC
	Note left of agent2: Use signing public key of agent1(sender) from the DIDDocument.
	agent2->>studio: http post
	Note left of studio: Log(from, to, message_id, code)
	studio->>studio: verify message_id is matched
	studio->>studio: check that sender and receiver belong to the same project
	studio-->agent2: response
	agent2-->app2: response
	Note left of agent2: Message
	app2->>app2: message processing...

Loading