From 28198755ab0ddb6929c495ad3e09ac6572ef1400 Mon Sep 17 00:00:00 2001 From: Berend Sliedrecht Date: Thu, 25 Jul 2024 10:52:25 +0200 Subject: [PATCH] update secure-env to 0.5 Signed-off-by: Berend Sliedrecht --- Cargo.lock | 41 +- askar-crypto/Cargo.toml | 2 +- askar-crypto/src/alg/p256_hardware.rs | 22 +- .../aries-askar-react-native-example/app.json | 8 + .../package.json | 1 + .../src/App.tsx | 40 +- wrappers/javascript/pnpm-lock.yaml | 6390 +++++++---------- 7 files changed, 2547 insertions(+), 3957 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e1d1c322e..60fb21d77 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -103,9 +103,9 @@ checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" [[package]] name = "animo-secure-env" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26d767c00865980cef4803ed5f2507e73a406aee0cb883fa8e79541eb52d3265" +checksum = "a78ced96a62b1acf30006deb82d637d60ce7cc507ad522f3b2d00a31842671b0" dependencies = [ "jni", "lazy_static", @@ -385,9 +385,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.1" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" dependencies = [ "serde", ] @@ -1620,7 +1620,7 @@ version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.6.0", "cfg-if", "libc", ] @@ -1637,11 +1637,10 @@ dependencies = [ [[package]] name = "num-bigint" -version = "0.4.4" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" dependencies = [ - "autocfg", "num-integer", "num-traits", ] @@ -1665,11 +1664,10 @@ dependencies = [ [[package]] name = "num-integer" -version = "0.1.45" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ - "autocfg", "num-traits", ] @@ -1686,9 +1684,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", @@ -2138,7 +2136,7 @@ version = "0.38.28" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", @@ -2231,22 +2229,23 @@ dependencies = [ [[package]] name = "security-framework" -version = "2.10.0" +version = "2.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6" +checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.6.0", "core-foundation", "core-foundation-sys", "libc", + "num-bigint", "security-framework-sys", ] [[package]] name = "security-framework-sys" -version = "2.10.0" +version = "2.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41f3cc463c0ef97e11c3461a9d3787412d30e8e7eb907c79180c4a57bf7c04ef" +checksum = "75da29fe9b9b08fe9d6b22b5b4bcbc75d8db3aa31e639aa56bb62e9d46bfceaf" dependencies = [ "core-foundation-sys", "libc", @@ -2507,7 +2506,7 @@ checksum = "e37195395df71fd068f6e2082247891bc11e3289624bbc776a0cdfa1ca7f1ea4" dependencies = [ "atoi", "base64", - "bitflags 2.4.1", + "bitflags 2.6.0", "byteorder", "bytes", "chrono", @@ -2550,7 +2549,7 @@ checksum = "d6ac0ac3b7ccd10cc96c7ab29791a7dd236bd94021f31eec7ba3d46a74aa1c24" dependencies = [ "atoi", "base64", - "bitflags 2.4.1", + "bitflags 2.6.0", "byteorder", "chrono", "crc", diff --git a/askar-crypto/Cargo.toml b/askar-crypto/Cargo.toml index 0b908619a..15e116329 100644 --- a/askar-crypto/Cargo.toml +++ b/askar-crypto/Cargo.toml @@ -101,7 +101,7 @@ p384 = { version = "0.13", default-features = false, features = [ "ecdh", ], optional = true } rand = { version = "0.8", default-features = false } -secure-env = { package = "animo-secure-env", version = "0.4", optional = true } +secure-env = { package = "animo-secure-env", version = "0.5", optional = true } serde = { version = "1.0", default-features = false, features = ["derive"] } serde-json-core = { version = "0.5", default-features = false } sha2 = { version = "0.10", default-features = false } diff --git a/askar-crypto/src/alg/p256_hardware.rs b/askar-crypto/src/alg/p256_hardware.rs index f60668eda..1438b8137 100644 --- a/askar-crypto/src/alg/p256_hardware.rs +++ b/askar-crypto/src/alg/p256_hardware.rs @@ -62,11 +62,12 @@ impl P256HardwareKeyPair { } /// Sign a message with the secret key - pub fn sign(&self, message: &[u8]) -> Option<[u8; ES256_SIGNATURE_LENGTH]> { - self.inner - .sign(message) - .ok() - .and_then(|s| s.try_into().ok()) + pub fn sign(&self, message: &[u8]) -> Result<[u8; ES256_SIGNATURE_LENGTH], Error> { + let signature = self.inner.sign(message)?; + signature.as_slice().try_into().map_err(err_map!( + Unexpected, + "Could not convert signature into correct length" + )) } /// Verify a signature with the public key @@ -82,7 +83,7 @@ impl P256HardwareKeyPair { /// used. pub fn generate(id: &str) -> Result { Ok(Self { - inner: SecureEnvironment::generate_keypair(id)?, + inner: SecureEnvironment::generate_keypair(id, true)?, key_id: SecretBytes::from_slice(id.as_bytes()), }) } @@ -131,12 +132,9 @@ impl KeySign for P256HardwareKeyPair { ) -> Result<(), Error> { match sig_type { None | Some(SignatureType::ES256) => { - if let Some(sig) = self.sign(message) { - out.buffer_write(&sig[..])?; - Ok(()) - } else { - Err(err_msg!(Unsupported, "Undefined secret key")) - } + let sig = self.sign(message)?; + out.buffer_write(&sig[..])?; + Ok(()) } #[allow(unreachable_patterns)] _ => Err(err_msg!(Unsupported, "Unsupported signature type")), diff --git a/wrappers/javascript/packages/aries-askar-react-native-example/app.json b/wrappers/javascript/packages/aries-askar-react-native-example/app.json index 7caf588fc..f565e08f2 100644 --- a/wrappers/javascript/packages/aries-askar-react-native-example/app.json +++ b/wrappers/javascript/packages/aries-askar-react-native-example/app.json @@ -11,6 +11,14 @@ "resizeMode": "contain", "backgroundColor": "#ffffff" }, + "plugins": [ + [ + "expo-local-authentication", + { + "faceIDPermission": "Allow $(PRODUCT_NAME) to use Face ID." + } + ] + ], "assetBundlePatterns": ["**/*"], "ios": { "supportsTablet": true, diff --git a/wrappers/javascript/packages/aries-askar-react-native-example/package.json b/wrappers/javascript/packages/aries-askar-react-native-example/package.json index 4bb1f14c0..709880ed9 100644 --- a/wrappers/javascript/packages/aries-askar-react-native-example/package.json +++ b/wrappers/javascript/packages/aries-askar-react-native-example/package.json @@ -12,6 +12,7 @@ "dependencies": { "@hyperledger/aries-askar-react-native": "workspace:*", "expo": "~51.0.2", + "expo-local-authentication": "~14.0.1", "expo-status-bar": "~1.12.1", "react": "18.2.0", "react-native": "0.74.1" diff --git a/wrappers/javascript/packages/aries-askar-react-native-example/src/App.tsx b/wrappers/javascript/packages/aries-askar-react-native-example/src/App.tsx index f656fc889..9e427cd18 100644 --- a/wrappers/javascript/packages/aries-askar-react-native-example/src/App.tsx +++ b/wrappers/javascript/packages/aries-askar-react-native-example/src/App.tsx @@ -1,5 +1,7 @@ -import { ariesAskar } from '@hyperledger/aries-askar-react-native' -import { StyleSheet, Text, View } from 'react-native' +import { KeyAlgs, KeyBackend, LocalKeyHandle, ariesAskar } from '@hyperledger/aries-askar-react-native' +import { authenticateAsync } from 'expo-local-authentication' +import { useState } from 'react' +import { Button, StyleSheet, Text, View } from 'react-native' const styles = StyleSheet.create({ container: { @@ -10,8 +12,32 @@ const styles = StyleSheet.create({ }, }) -export const App = () => ( - - {ariesAskar.version()} - -) +export const App = () => { + const [signature, setSignature] = useState() + + const sign = async () => { + const key = ariesAskar.keyGenerate({ + algorithm: KeyAlgs.EcSecp256r1, + keyBackend: KeyBackend.SecureElement, + ephemeral: false, + }) + const result = await authenticateAsync() + if (result.success) { + const sig = ariesAskar.keySignMessage({ + message: new Uint8Array(10).fill(42), + localKeyHandle: new LocalKeyHandle(key.handle), + }) + setSignature(sig) + } else { + throw new Error('Could not authenticate') + } + } + + return ( + + {ariesAskar.version()} +