Authcrypt Encrypt Using (X)Chach20Poly1035

	This change adds support to encrypt agent's payloads
	for the Pack() call at the transport layer

	It follows JWE encryption instructions from Aries
	Issue: hyperledger/aries-rfcs#133

Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>

go.mod

@@ -6,10 +6,12 @@ module github.com/hyperledger/aries-framework-go
 
 require (
 	github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d
+	github.com/square/go-jose/v3 v3.0.0-20190722231519-723929d55157
 	github.com/stretchr/testify v1.3.0
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.1.0
+	golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
 	golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7
 )

go.sum

@@ -17,6 +17,8 @@ github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/square/go-jose/v3 v3.0.0-20190722231519-723929d55157 h1:2gZJx413/VIV3NUbCfGKoB6dHlCxGyTv8SZbtNmuJ8g=
+github.com/square/go-jose/v3 v3.0.0-20190722231519-723929d55157/go.mod h1:xxWwA0zGRzuxAFnML4iyQMVPKwv28JDRwmyS2BldbmE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -28,12 +30,21 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.1.0 h1:ngVtJC9TY/lg0AA/1k48FYhBrhRoFlEmWzsehpNAaZg=
 github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd h1:nTDtHvHSdCn1m6ITfMRqtOd/9+7a3s8RBNOZ3eYZzJA=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e h1:o3PsSEY8E4eXWkXrIP9YJALUkVZqzHJT5DOasTyn8Vs=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=

pkg/didcomm/crypto/crypter.go

@@ -0,0 +1,22 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package crypto
+
+// Crypter is an Aries envelop encrypter to support
+// secure DIDComm exchange of envelops between Aries agents
+type Crypter interface {
+	// Encrypt a payload in an Aries compliant format
+	// returns:
+	// 		[]byte containing the encrypted envelope
+	//		error if encryption failed
+	Encrypt(payload string) ([]byte, error)
+	// Decrypt an envelop in an Aries compliant format
+	// returns:
+	// 		string containing the decrypted payload
+	//		error if encryption failed
+	Decrypt(envelope []byte) (string, error)
+}

pkg/didcomm/crypto/jwe/authcrypt/decrypt.go

@@ -0,0 +1,41 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package authcrypt
+
+import (
+	"golang.org/x/crypto/blake2b"
+	"golang.org/x/crypto/chacha20poly1305"
+	"golang.org/x/crypto/nacl/box"
+)
+
+// Decrypt will JWE decode the envelop argument for the sender and recipients
+// Using (X)Chacha20 encryption algorithm and Poly1035 authenticator
+func (c *Crypter) Decrypt(envelope []byte) (string, error) {
+	// TODO implement decryption and call decryptOID for the recipient's OID
+	decryptOID(nil, nil, nil)
+	return "", nil
+}
+
+// decryptOID will decrypt a recipient's encrypted OID (in the case of this package, it is represented as
+// ephemeral key concatenated with the sender's public key) using the recipient's privKey/pubKey keypair,
+// this is equivalent to libsodium's C function: crypto_box_seal()
+// https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes#usage
+func decryptOID(privKey, pubKey *[chacha20poly1305.KeySize]byte, encrypted []byte) []byte {
+	var epk [32]byte
+	var nonce [24]byte
+	copy(epk[:], encrypted[:chacha20poly1305.KeySize])
+
+	nonceWriter, _ := blake2b.New(24, nil)
+	nonceSlice := nonceWriter.Sum(append(epk[:], pubKey[:]...))
+	copy(nonce[:], nonceSlice)
+
+	decrypted, ok := box.Open(nil, encrypted[32:], &nonce, &epk, privKey)
+	if !ok {
+		panic("Decryption error.")
+	}
+	return decrypted
+}