refactor: enable usage of legacy Anoncrypt packer. Make nested forwar…

…ds while creating forward message. Add legacyForward model (#3272) * refactor: remote cryptobox URLs renamed to /wrap and /unwrap (#3259) this change updates the remote CryptoBox api URIs to point to remote KMS's key /wrap and /unwrap to match ECDH-ES and ECDH-1PU key wrapping. This change requires the KMS server to udpate /easy to /wrap, /easyOpen and /sealOpen to /unwrap Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com> Signed-off-by: Abdulbois <abdulbois.tursunov@avast.com> * refactor: re enable remote kms bdd-tests with unwrapKey (#3263) This change updates the webkms server in bdd tests and re enables commented out webkms tests requiring cryptobox's /wrap and /unwrap operations. closes #3262 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com> Signed-off-by: Abdulbois <abdulbois.tursunov@avast.com> * refactor: Enable usage of legacy Anoncrypt packer. Make nested forwards while creating forward message. Add legacyForward model - Add legacy Anoncrypt packer while creating packers - Add ability to create nested packed forwards (one nested forward for each routing key) - Check and convert msg field of Forward to Envelope in order to support DIDComm V1 Forward types - Revert part of 04bfea8 commit related to generating keys inside mediator service. Because with previous changes (having two types of generated keys belonging to the same router) it breaks Route Coordination protocol (while creating nested forwards it will pack two times to the same mediator then mediator cannot handle second forward message) Signed-off-by: Abdulbois <abdulbois.tursunov@avast.com> * refactor: Remove test due to forcing anoncrypt while calling createForwardMessage. Fix lint errors Signed-off-by: Abdulbois <abdulbois.tursunov@avast.com> Co-authored-by: Baha <29608896+Baha-sk@users.noreply.github.com>
hyperledger-archives · Jul 18, 2022 · cea4427 · cea4427
1 parent d96b693
commit cea4427
Show file tree

Hide file tree

Showing 11 changed files with 184 additions and 89 deletions.
diff --git a/cmd/aries-agent-mobile/go.sum b/cmd/aries-agent-mobile/go.sum
@@ -275,11 +275,14 @@ github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2
 github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 h1:wD1IWQwAhdWclCwaf6DdzgCAe9Bfz1M+4AHRd7N786Y=
 github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693/go.mod h1:6hSY48PjDm4UObWmGLyJE9DxYVKTgR9kbCspXXJEhcU=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8 h1:RBkacARv7qY5laaXGlF4wFB/tk5rnthhPb8oIBGoagY=

diff --git a/cmd/aries-agent-rest/go.sum b/cmd/aries-agent-rest/go.sum
@@ -347,11 +347,14 @@ github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 h1:wD1IWQwAhdWcl
 github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693/go.mod h1:6hSY48PjDm4UObWmGLyJE9DxYVKTgR9kbCspXXJEhcU=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=

diff --git a/go.mod b/go.mod
@@ -56,6 +56,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
+	github.com/stretchr/objx v0.4.0 // indirect
 	github.com/tidwall/match v1.0.3 // indirect
 	github.com/tidwall/pretty v1.0.2 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect

diff --git a/go.sum b/go.sum
@@ -322,11 +322,14 @@ github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2
 github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 h1:wD1IWQwAhdWclCwaf6DdzgCAe9Bfz1M+4AHRd7N786Y=
 github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693/go.mod h1:6hSY48PjDm4UObWmGLyJE9DxYVKTgR9kbCspXXJEhcU=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/teserakt-io/golang-ed25519 v0.0.0-20200315192543-8255be791ce4/go.mod h1:9PdLyPiZIiW3UopXyRnPYyjUXSpiQNHRLu8fOsR3o8M=

diff --git a/pkg/didcomm/dispatcher/outbound/outbound.go b/pkg/didcomm/dispatcher/outbound/outbound.go
@@ -24,7 +24,6 @@ import (
 	"github.com/hyperledger/aries-framework-go/pkg/framework/aries/api/vdr"
 	"github.com/hyperledger/aries-framework-go/pkg/kms"
 	"github.com/hyperledger/aries-framework-go/pkg/store/connection"
-	"github.com/hyperledger/aries-framework-go/pkg/vdr/fingerprint"
 	"github.com/hyperledger/aries-framework-go/spi/storage"
 )
 
@@ -66,6 +65,15 @@ type Dispatcher struct {
 	didcommV2Handler     *middleware.DIDCommMessageMiddleware
 }
 
+// legacyForward is DIDComm V1 route Forward msg as declared in
+// https://github.com/hyperledger/aries-rfcs/blob/main/concepts/0094-cross-domain-messaging/README.md
+type legacyForward struct {
+	Type string          `json:"@type,omitempty"`
+	ID   string          `json:"@id,omitempty"`
+	To   string          `json:"to,omitempty"`
+	Msg  *model.Envelope `json:"msg,omitempty"`
+}
+
 var logger = log.New("aries-framework/didcomm/dispatcher")
 
 // NewOutbound return new dispatcher outbound instance.
@@ -340,32 +348,21 @@ func (o *Dispatcher) Forward(msg interface{}, des *service.Destination) error {
 	return fmt.Errorf("outboundDispatcher.Forward: no transport found for serviceEndpoint: %s", uri)
 }
 
-//nolint:funlen
 func (o *Dispatcher) createForwardMessage(msg []byte, des *service.Destination) ([]byte, error) {
-	forwardMsgType := service.ForwardMsgType
-
 	mtProfile := o.mediaTypeProfile(des)
 
 	var (
-		senderKey []byte
-		err       error
+		forwardMsgType string
+		err            error
 	)
 
 	switch mtProfile {
 	case transport.MediaTypeV2EncryptedEnvelopeV1PlaintextPayload, transport.MediaTypeV2EncryptedEnvelope,
 		transport.MediaTypeAIP2RFC0587Profile, transport.MediaTypeV2PlaintextPayload, transport.MediaTypeDIDCommV2Profile:
 		// for DIDComm V2, do not set senderKey to force Anoncrypt packing. Only set the V2 forwardMsgType.
 		forwardMsgType = service.ForwardMsgTypeV2
-	default: // default is DIDComm V1, create a dummy key as senderKey
-		// create key set
-		_, senderKey, err = o.kms.CreateAndExportPubKeyBytes(kms.ED25519Type)
-		if err != nil {
-			return nil, fmt.Errorf("failed Create and export Encryption Key: %w", err)
-		}
-
-		senderDIDKey, _ := fingerprint.CreateDIDKey(senderKey)
-
-		senderKey = []byte(senderDIDKey)
+	default: // default is DIDComm V1
+		forwardMsgType = service.ForwardMsgType
 	}
 
 	routingKeys, err := des.ServiceEndpoint.RoutingKeys()
@@ -382,26 +379,74 @@ func (o *Dispatcher) createForwardMessage(msg []byte, des *service.Destination)
 		routingKeys = des.RoutingKeys
 	}
 
-	// create forward message
-	forward := &model.Forward{
-		Type: forwardMsgType,
-		ID:   uuid.New().String(),
-		To:   des.RecipientKeys[0],
-		Msg:  msg,
+	fwdKeys := append([]string{des.RecipientKeys[0]}, routingKeys...)
+
+	packedMsg, err := o.createPackedNestedForwards(msg, fwdKeys, forwardMsgType, mtProfile)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create packed nested forwards: %w", err)
+	}
+
+	return packedMsg, nil
+}
+
+func (o *Dispatcher) createPackedNestedForwards(msg []byte, routingKeys []string, fwdMsgType, mtProfile string) ([]byte, error) { //nolint: lll
+	for i, key := range routingKeys {
+		if i+1 >= len(routingKeys) {
+			break
+		}
+		// create forward message
+		forward := model.Forward{
+			Type: fwdMsgType,
+			ID:   uuid.New().String(),
+			To:   key,
+			Msg:  msg,
+		}
+
+		var err error
+
+		msg, err = o.packForward(forward, []string{routingKeys[i+1]}, mtProfile)
+		if err != nil {
+			return nil, fmt.Errorf("failed to pack forward msg: %w", err)
+		}
 	}
 
+	return msg, nil
+}
+
+func (o *Dispatcher) packForward(fwd model.Forward, toKeys []string, mtProfile string) ([]byte, error) {
+	env := &model.Envelope{}
+
+	var (
+		forward interface{}
+		err     error
+		req     []byte
+	)
+	// try to convert msg to Envelope
+	err = json.Unmarshal(fwd.Msg, env)
+	if err == nil {
+		forward = legacyForward{
+			Type: fwd.Type,
+			ID:   fwd.ID,
+			To:   fwd.To,
+			Msg:  env,
+		}
+	} else {
+		forward = fwd
+	}
 	// convert forward message to bytes
-	req, err := json.Marshal(forward)
+	req, err = json.Marshal(forward)
 	if err != nil {
 		return nil, fmt.Errorf("failed marshal to bytes: %w", err)
 	}
 
-	packedMsg, err := o.packager.PackMessage(&transport.Envelope{
+	var packedMsg []byte
+	packedMsg, err = o.packager.PackMessage(&transport.Envelope{
 		MediaTypeProfile: mtProfile,
 		Message:          req,
-		FromKey:          senderKey,
-		ToKeys:           routingKeys,
+		FromKey:          []byte{},
+		ToKeys:           toKeys,
 	})
+
 	if err != nil {
 		return nil, fmt.Errorf("failed to pack forward msg: %w", err)
 	}

diff --git a/pkg/didcomm/dispatcher/outbound/outbound_test.go b/pkg/didcomm/dispatcher/outbound/outbound_test.go
@@ -13,6 +13,7 @@ import (
 	"testing"
 
 	"github.com/google/uuid"
+	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
 	"github.com/hyperledger/aries-framework-go/pkg/common/model"
@@ -47,6 +48,38 @@ func TestNewOutbound(t *testing.T) {
 	})
 }
 
+func TestOutBoundDispatcher_createPackedNestedForwards(t *testing.T) {
+	t.Run("test send with nested forward message - success", func(t *testing.T) {
+		data := "data"
+		recKey1 := "recKey1"
+		rtKey1 := "rtKey1"
+		rtKey2 := "rtKey2"
+		packager := &mockPackager{}
+		expectedRequest := `{"protected":"","iv":"","ciphertext":"","tag":""}`
+
+		o, err := NewOutbound(&mockProvider{
+			packagerValue:           packager,
+			outboundTransportsValue: []transport.OutboundTransport{&mockOutboundTransport{expectedRequest: expectedRequest}},
+			storageProvider:         mockstore.NewMockStoreProvider(),
+			protoStorageProvider:    mockstore.NewMockStoreProvider(),
+			mediaTypeProfiles:       []string{transport.MediaTypeDIDCommV2Profile},
+		})
+		require.NoError(t, err)
+
+		packager.On("PackMessage", []string{recKey1}).Return([]byte(expectedRequest))
+		packager.On("PackMessage", []string{rtKey1}).Return([]byte(expectedRequest))
+		packager.On("PackMessage", []string{rtKey2}).Return([]byte(expectedRequest))
+
+		require.NoError(t, o.Send(data, "", &service.Destination{
+			ServiceEndpoint: model.NewDIDCommV2Endpoint([]model.DIDCommV2Endpoint{
+				{URI: "url", RoutingKeys: []string{rtKey1, rtKey2}},
+			}),
+			RecipientKeys: []string{recKey1},
+		}))
+		packager.AssertExpectations(t)
+	})
+}
+
 func TestOutboundDispatcher_Send(t *testing.T) {
 	t.Run("test success", func(t *testing.T) {
 		o, err := NewOutbound(&mockProvider{
@@ -173,29 +206,6 @@ func TestOutboundDispatcher_Send(t *testing.T) {
 		}))
 	})
 
-	t.Run("test send with forward message - create key failure", func(t *testing.T) {
-		o, err := NewOutbound(&mockProvider{
-			packagerValue:           &mockpackager.Packager{PackValue: createPackedMsgForForward(t)},
-			outboundTransportsValue: []transport.OutboundTransport{&mockdidcomm.MockOutboundTransport{AcceptValue: true}},
-			kms: &mockkms.KeyManager{
-				CrAndExportPubKeyErr: errors.New("create and export key error"),
-			},
-			storageProvider:      mockstore.NewMockStoreProvider(),
-			protoStorageProvider: mockstore.NewMockStoreProvider(),
-			mediaTypeProfiles:    []string{transport.MediaTypeAIP2RFC0019Profile},
-		})
-		require.NoError(t, err)
-
-		err = o.Send("data", mockdiddoc.MockDIDKey(t), &service.Destination{
-			ServiceEndpoint: model.NewDIDCommV2Endpoint([]model.DIDCommV2Endpoint{
-				{URI: "url", RoutingKeys: []string{"xyz"}},
-			}),
-			RecipientKeys: []string{"abc"},
-		})
-		require.EqualError(t, err, "outboundDispatcher.Send: failed to create forward msg: failed Create "+
-			"and export Encryption Key: create and export key error")
-	})
-
 	t.Run("test send with forward message - packer error", func(t *testing.T) {
 		o, err := NewOutbound(&mockProvider{
 			packagerValue:           &mockpackager.Packager{PackErr: errors.New("pack error")},
@@ -778,9 +788,21 @@ func (o *mockOutboundTransport) Accept(url string) bool {
 }
 
 // mockPackager mock packager.
-type mockPackager struct{}
+type mockPackager struct {
+	mock.Mock
+}
 
 func (m *mockPackager) PackMessage(e *transport.Envelope) ([]byte, error) {
+	if len(m.ExpectedCalls) > 0 {
+		args := m.Called(e.ToKeys)
+		switch v := args.Get(0).(type) {
+		case []byte:
+			return v, nil
+		default:
+			return e.Message, nil
+		}
+	}
+
 	return e.Message, nil
 }
 

diff --git a/pkg/didcomm/packager/packager.go b/pkg/didcomm/packager/packager.go
@@ -18,6 +18,7 @@ import (
 	"github.com/hyperledger/aries-framework-go/pkg/crypto"
 	"github.com/hyperledger/aries-framework-go/pkg/didcomm/packer"
 	"github.com/hyperledger/aries-framework-go/pkg/didcomm/packer/authcrypt"
+	legacyAuthCrypt "github.com/hyperledger/aries-framework-go/pkg/didcomm/packer/legacy/authcrypt"
 	"github.com/hyperledger/aries-framework-go/pkg/didcomm/transport"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/did"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/jose/jwk/jwksupport"
@@ -83,8 +84,10 @@ func New(ctx Provider) (*Packager, error) {
 func (bp *Packager) addPacker(pack packer.Packer) {
 	packerID := pack.EncodingType()
 
-	_, ok := pack.(*authcrypt.Packer)
-	if ok {
+	_, isAuthCrypt := pack.(*authcrypt.Packer)
+	_, isLegacyAuthCrypt := pack.(*legacyAuthCrypt.Packer)
+
+	if isAuthCrypt || isLegacyAuthCrypt {
 		// anoncrypt and authcrypt have the same encoding type
 		// so authcrypt will have an appended suffix
 		packerID += authSuffix
@@ -276,6 +279,7 @@ type envelopeStub struct {
 type headerStub struct {
 	Type string `json:"typ,omitempty"`
 	SKID string `json:"skid,omitempty"`
+	Alg  string `json:"alg,omitempty"`
 }
 
 //nolint:funlen, gocyclo
@@ -349,7 +353,7 @@ func getEncodingType(encMessage []byte) (string, []byte, error) {
 
 	packerID := prot.Type
 
-	if prot.SKID != "" {
+	if prot.SKID != "" || prot.Alg == "Authcrypt" {
 		// since Type protected header is the same for authcrypt and anoncrypt, the differentiating factor is SKID.
 		// If it is present, then it's authcrypt.
 		packerID += authSuffix
@@ -385,22 +389,20 @@ func (bp *Packager) UnpackMessage(encMessage []byte) (*transport.Envelope, error
 func (bp *Packager) getCTYAndPacker(envelope *transport.Envelope) (string, packer.Packer, error) {
 	switch envelope.MediaTypeProfile {
 	case transport.MediaTypeAIP2RFC0019Profile, transport.MediaTypeProfileDIDCommAIP1:
-		return transport.MediaTypeRFC0019EncryptedEnvelope, bp.packers[transport.MediaTypeRFC0019EncryptedEnvelope], nil
+		packerName := addAuthcryptSuffix(envelope.FromKey, transport.MediaTypeRFC0019EncryptedEnvelope)
+
+		return transport.MediaTypeRFC0019EncryptedEnvelope, bp.packers[packerName], nil
 	case transport.MediaTypeRFC0019EncryptedEnvelope:
-		return envelope.MediaTypeProfile, bp.packers[transport.MediaTypeRFC0019EncryptedEnvelope], nil
+		packerName := addAuthcryptSuffix(envelope.FromKey, transport.MediaTypeRFC0019EncryptedEnvelope)
+
+		return envelope.MediaTypeProfile, bp.packers[packerName], nil
 	case transport.MediaTypeV2EncryptedEnvelope, transport.MediaTypeV2PlaintextPayload,
 		transport.MediaTypeAIP2RFC0587Profile, transport.MediaTypeDIDCommV2Profile:
-		packerName := transport.MediaTypeV2EncryptedEnvelope
-		if len(envelope.FromKey) > 0 {
-			packerName += authSuffix
-		}
+		packerName := addAuthcryptSuffix(envelope.FromKey, transport.MediaTypeV2EncryptedEnvelope)
 
 		return transport.MediaTypeV2PlaintextPayload, bp.packers[packerName], nil
 	case transport.MediaTypeV2EncryptedEnvelopeV1PlaintextPayload, transport.MediaTypeV1PlaintextPayload:
-		packerName := transport.MediaTypeV2EncryptedEnvelope
-		if len(envelope.FromKey) > 0 {
-			packerName += authSuffix
-		}
+		packerName := addAuthcryptSuffix(envelope.FromKey, transport.MediaTypeV2EncryptedEnvelope)
 
 		return transport.MediaTypeV1PlaintextPayload, bp.packers[packerName], nil
 	default:
@@ -415,6 +417,14 @@ func (bp *Packager) getCTYAndPacker(envelope *transport.Envelope) (string, packe
 	return "", nil, fmt.Errorf("no packer found for mediatype profile: '%v'", envelope.MediaTypeProfile)
 }
 
+func addAuthcryptSuffix(fromKey []byte, packerName string) string {
+	if len(fromKey) > 0 {
+		packerName += authSuffix
+	}
+
+	return packerName
+}
+
 func (bp *Packager) resolveKeyAgreementFromDIDDoc(keyAgrID string) (*crypto.PublicKey, error) {
 	i := strings.Index(keyAgrID, "#")