feat(keyresolver): add X25519 and service resolution via go-trust

- Add X25519Resolver interface for key agreement key resolution
- Add ServiceResolver interface for DIDComm service endpoint discovery
- Implement ResolveX25519 and ResolveService in GoTrustResolver
  - Delegates to go-trust via AuthZEN for network DIDs
  - Extracts keyAgreement and service from trust_metadata
- Implement ResolveX25519 and ResolveService in LocalResolver
  - Supports did:peer:2 inline services (S purpose code)
  - Supports did:peer:2 encryption keys (E purpose code)
  - Fallback Ed25519→X25519 conversion for did:key
- Update SmartResolver to route X25519/Service resolution
  - Local DIDs resolved locally, network DIDs via go-trust
- Update DIDComm resolver to use new keyresolver methods
  - ResolveKeyAgreement now uses keyAgreement from trust_metadata
  - ResolveService now fully implemented via go-trust

All network DID methods (did:web, did:webvh, etc.) are delegated to
go-trust via AuthZEN. Only self-contained DIDs (did:key, did:jwk,
did:peer) are resolved locally.

Author: leifj

pkg/didcomm/resolver.go

@@ -87,39 +87,52 @@ type DIDCommService struct {
 
 // ResolveKeyAgreement resolves key agreement keys for a DID.
 // These keys are used for encryption (ECDH key exchange).
+// For network DIDs, this delegates to go-trust via AuthZEN to extract keyAgreement keys
+// from the resolved DID document. For local DIDs (did:key, did:jwk, did:peer), resolution
+// is performed locally.
 func (r *Resolver) ResolveKeyAgreement(ctx context.Context, did string) ([]KeyAgreementKey, error) {
-	// For now, we use the existing resolver to get the DID document
-	// and extract key agreement keys from it.
-	// This is a simplified implementation that will be expanded.
+	// First, try to resolve X25519 key directly from keyAgreement section
+	// This delegates to go-trust for network DIDs and uses local resolution for self-contained DIDs
+	x25519Key, err := r.smart.ResolveX25519(did)
+	if err == nil {
+		return []KeyAgreementKey{
+			{
+				ID:         did + "#key-agreement-1",
+				Type:       "X25519KeyAgreementKey2020",
+				Controller: did,
+				PublicKey:  x25519Key,
+			},
+		}, nil
+	}
 
-	// Try to resolve as Ed25519 first (many DIDs use Ed25519 for both signing and key agreement via conversion)
-	edKey, err := r.smart.ResolveEd25519(did)
+	// Fallback: try ECDSA for P-256/P-384 key agreement
+	ecKey, err := r.smart.ResolveECDSA(did)
 	if err == nil {
-		// Convert Ed25519 to X25519 for key agreement
-		x25519Key, err := ed25519PublicKeyToX25519(edKey)
+		ecdhKey, err := ecdsaPublicKeyToECDH(ecKey)
 		if err == nil {
 			return []KeyAgreementKey{
 				{
 					ID:         did + "#key-agreement-1",
-					Type:       "X25519KeyAgreementKey2020",
+					Type:       "JsonWebKey2020",
 					Controller: did,
-					PublicKey:  x25519Key,
+					PublicKey:  ecdhKey,
 				},
 			}, nil
 		}
 	}
 
-	// Try ECDSA resolver for P-256/P-384 via SmartResolver's ResolveECDSA method
-	ecKey, err := r.smart.ResolveECDSA(did)
+	// Last resort: try Ed25519 to X25519 conversion
+	// This works for DIDs that only have a signing key (Ed25519) and no explicit keyAgreement
+	edKey, err := r.smart.ResolveEd25519(did)
 	if err == nil {
-		ecdhKey, err := ecdsaPublicKeyToECDH(ecKey)
+		x25519Key, err := ed25519PublicKeyToX25519(edKey)
 		if err == nil {
 			return []KeyAgreementKey{
 				{
 					ID:         did + "#key-agreement-1",
-					Type:       "JsonWebKey2020",
+					Type:       "X25519KeyAgreementKey2020",
 					Controller: did,
-					PublicKey:  ecdhKey,
+					PublicKey:  x25519Key,
 				},
 			}, nil
 		}
@@ -163,11 +176,20 @@ func (r *Resolver) ResolveVerification(ctx context.Context, did string) ([]Verif
 }
 
 // ResolveService resolves DIDCommMessaging service endpoints for a DID.
+// For network DIDs, this delegates to go-trust via AuthZEN to extract service endpoints
+// from the resolved DID document. For did:peer:2, services are extracted from the inline data.
 func (r *Resolver) ResolveService(ctx context.Context, did string) (*DIDCommService, error) {
-	// This requires full DID document resolution.
-	// For now, return an error indicating service resolution is not yet implemented.
-	// Full implementation will parse the DID document and extract DIDCommMessaging services.
-	return nil, fmt.Errorf("%w: service resolution not yet implemented", ErrServiceNotFound)
+	svc, err := r.smart.ResolveService(did)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %v", ErrServiceNotFound, err)
+	}
+
+	return &DIDCommService{
+		ID:              svc.ID,
+		ServiceEndpoint: svc.ServiceEndpoint,
+		RoutingKeys:     svc.RoutingKeys,
+		Accept:          svc.Accept,
+	}, nil
 }
 
 // ed25519PublicKeyToX25519 converts an Ed25519 public key to X25519 for key agreement.

pkg/keyresolver/did_helpers.go

@@ -3,6 +3,7 @@
 package keyresolver
 
 import (
+	"crypto/ecdh"
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/elliptic"
@@ -112,6 +113,250 @@ func ExtractECDSAFromMetadata(metadata any, verificationMethod string) (*ecdsa.P
 	return nil, fmt.Errorf("ECDSA verification method not found: %s", verificationMethod)
 }
 
+// ExtractX25519FromMetadata extracts an X25519 key agreement key from trust_metadata.
+// It looks for keys in the keyAgreement section of the DID document.
+func ExtractX25519FromMetadata(metadata any, did string) (*ecdh.PublicKey, error) {
+	doc, ok := metadata.(map[string]any)
+	if !ok {
+		return nil, fmt.Errorf("invalid metadata format: expected map, got %T", metadata)
+	}
+
+	// Get keyAgreement section
+	keyAgreement, err := getKeyAgreementMethods(doc)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, ka := range keyAgreement {
+		kaMap, ok := ka.(map[string]any)
+		if !ok {
+			continue
+		}
+
+		// Try publicKeyJwk (preferred for X25519)
+		if jwk, ok := kaMap["publicKeyJwk"].(map[string]any); ok {
+			key, err := JWKToX25519(jwk)
+			if err == nil {
+				return key, nil
+			}
+		}
+
+		// Try publicKeyMultibase (X25519 multicodec is 0xec)
+		if multibase, ok := kaMap["publicKeyMultibase"].(string); ok {
+			key, err := decodeMultikeyX25519(multibase)
+			if err == nil {
+				return key, nil
+			}
+		}
+	}
+
+	return nil, fmt.Errorf("X25519 key agreement key not found for: %s", did)
+}
+
+// ExtractServiceFromMetadata extracts a DIDCommMessaging service from trust_metadata.
+func ExtractServiceFromMetadata(metadata any, did string) (*DIDCommService, error) {
+	doc, ok := metadata.(map[string]any)
+	if !ok {
+		return nil, fmt.Errorf("invalid metadata format: expected map, got %T", metadata)
+	}
+
+	// Get service section
+	services, err := getServices(doc)
+	if err != nil {
+		return nil, err
+	}
+
+	// Find DIDCommMessaging service
+	for _, svc := range services {
+		svcMap, ok := svc.(map[string]any)
+		if !ok {
+			continue
+		}
+
+		svcType, _ := svcMap["type"].(string)
+		if svcType != "DIDCommMessaging" {
+			continue
+		}
+
+		return parseServiceMap(svcMap)
+	}
+
+	return nil, fmt.Errorf("DIDCommMessaging service not found for: %s", did)
+}
+
+// getKeyAgreementMethods extracts the keyAgreement section from a DID document.
+func getKeyAgreementMethods(doc map[string]any) ([]any, error) {
+	// Direct array of verification methods
+	if kas, ok := doc["keyAgreement"].([]any); ok {
+		return resolveKeyAgreementRefs(kas, doc)
+	}
+
+	// Try as array of maps
+	if kas, ok := doc["keyAgreement"].([]map[string]any); ok {
+		result := make([]any, len(kas))
+		for i, ka := range kas {
+			result[i] = ka
+		}
+		return result, nil
+	}
+
+	return nil, fmt.Errorf("no keyAgreement section found in metadata")
+}
+
+// resolveKeyAgreementRefs resolves keyAgreement references to full verification methods.
+// keyAgreement can contain either full verification methods or string references.
+func resolveKeyAgreementRefs(kas []any, doc map[string]any) ([]any, error) {
+	vms, _ := getVerificationMethods(doc)
+	result := make([]any, 0, len(kas))
+
+	for _, ka := range kas {
+		switch v := ka.(type) {
+		case map[string]any:
+			// Already a full verification method
+			result = append(result, v)
+		case string:
+			// Reference to a verification method - resolve it
+			for _, vm := range vms {
+				vmMap, ok := vm.(map[string]any)
+				if !ok {
+					continue
+				}
+				if id, ok := vmMap["id"].(string); ok && (id == v || strings.HasSuffix(v, "#"+id)) {
+					result = append(result, vmMap)
+					break
+				}
+			}
+		}
+	}
+
+	if len(result) == 0 {
+		return nil, fmt.Errorf("no keyAgreement methods resolved")
+	}
+
+	return result, nil
+}
+
+// getServices extracts the service section from a DID document.
+func getServices(doc map[string]any) ([]any, error) {
+	// Direct array
+	if svcs, ok := doc["service"].([]any); ok {
+		return svcs, nil
+	}
+
+	// Try as array of maps
+	if svcs, ok := doc["service"].([]map[string]any); ok {
+		result := make([]any, len(svcs))
+		for i, svc := range svcs {
+			result[i] = svc
+		}
+		return result, nil
+	}
+
+	return nil, fmt.Errorf("no service section found in metadata")
+}
+
+// parseServiceMap parses a DIDCommMessaging service entry from a map.
+func parseServiceMap(svcMap map[string]any) (*DIDCommService, error) {
+	svc := &DIDCommService{}
+
+	// ID
+	if id, ok := svcMap["id"].(string); ok {
+		svc.ID = id
+	}
+
+	// ServiceEndpoint can be string, array, or object
+	switch ep := svcMap["serviceEndpoint"].(type) {
+	case string:
+		svc.ServiceEndpoint = ep
+	case []any:
+		if len(ep) > 0 {
+			if s, ok := ep[0].(string); ok {
+				svc.ServiceEndpoint = s
+			} else if obj, ok := ep[0].(map[string]any); ok {
+				if uri, ok := obj["uri"].(string); ok {
+					svc.ServiceEndpoint = uri
+				}
+			}
+		}
+	case map[string]any:
+		if uri, ok := ep["uri"].(string); ok {
+			svc.ServiceEndpoint = uri
+		}
+	}
+
+	// RoutingKeys
+	if rks, ok := svcMap["routingKeys"].([]any); ok {
+		for _, rk := range rks {
+			if s, ok := rk.(string); ok {
+				svc.RoutingKeys = append(svc.RoutingKeys, s)
+			}
+		}
+	}
+
+	// Accept
+	if accepts, ok := svcMap["accept"].([]any); ok {
+		for _, a := range accepts {
+			if s, ok := a.(string); ok {
+				svc.Accept = append(svc.Accept, s)
+			}
+		}
+	}
+
+	if svc.ServiceEndpoint == "" {
+		return nil, fmt.Errorf("service has no endpoint")
+	}
+
+	return svc, nil
+}
+
+// JWKToX25519 extracts an X25519 public key from a JWK.
+func JWKToX25519(jwk map[string]any) (*ecdh.PublicKey, error) {
+	kty, _ := jwk["kty"].(string)
+	crv, _ := jwk["crv"].(string)
+
+	if kty != "OKP" || crv != "X25519" {
+		return nil, fmt.Errorf("not an X25519 JWK: kty=%s, crv=%s", kty, crv)
+	}
+
+	x, ok := jwk["x"].(string)
+	if !ok {
+		return nil, fmt.Errorf("missing x coordinate in X25519 JWK")
+	}
+
+	pubBytes, err := base64.RawURLEncoding.DecodeString(x)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode x coordinate: %w", err)
+	}
+
+	return ecdh.X25519().NewPublicKey(pubBytes)
+}
+
+// decodeMultikeyX25519 decodes an X25519 key from multibase format.
+// X25519 multicodec is 0xec (236), varint encoded as 0xec 0x01
+func decodeMultikeyX25519(multikey string) (*ecdh.PublicKey, error) {
+	if len(multikey) == 0 {
+		return nil, fmt.Errorf("empty multikey")
+	}
+
+	// Decode multibase
+	_, decoded, err := multibase.Decode(multikey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode multibase: %w", err)
+	}
+
+	// Check length (2 bytes multicodec + 32 bytes key)
+	if len(decoded) != 34 {
+		return nil, fmt.Errorf("invalid multikey length: expected 34, got %d", len(decoded))
+	}
+
+	// Check X25519 multicodec prefix (0xec, 0x01)
+	if decoded[0] != 0xec || decoded[1] != 0x01 {
+		return nil, fmt.Errorf("not an X25519 multikey: multicodec 0x%02x%02x", decoded[0], decoded[1])
+	}
+
+	return ecdh.X25519().NewPublicKey(decoded[2:])
+}
+
 // getVerificationMethods extracts the verification methods array from a DID document.
 func getVerificationMethods(doc map[string]any) ([]any, error) {
 	// Standard DID document format