Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update secure-env to 0.5 #289

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 20 additions & 21 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion askar-crypto/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ p384 = { version = "0.13", default-features = false, features = [
"ecdh",
], optional = true }
rand = { version = "0.8", default-features = false }
secure-env = { package = "animo-secure-env", version = "0.4", optional = true }
secure-env = { package = "animo-secure-env", version = "0.5", optional = true }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just as a matter of interest — what is the animo-secure-env?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It allows hardware backed key generation and signing on iOS / android. We should probably have chosen a more descriptive name :)

See https://github.com/animo/secure-env

serde = { version = "1.0", default-features = false, features = ["derive"] }
serde-json-core = { version = "0.5", default-features = false }
sha2 = { version = "0.10", default-features = false }
Expand Down
22 changes: 10 additions & 12 deletions askar-crypto/src/alg/p256_hardware.rs
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,12 @@ impl P256HardwareKeyPair {
}

/// Sign a message with the secret key
pub fn sign(&self, message: &[u8]) -> Option<[u8; ES256_SIGNATURE_LENGTH]> {
self.inner
.sign(message)
.ok()
.and_then(|s| s.try_into().ok())
pub fn sign(&self, message: &[u8]) -> Result<[u8; ES256_SIGNATURE_LENGTH], Error> {
let signature = self.inner.sign(message)?;
signature.as_slice().try_into().map_err(err_map!(
Unexpected,
"Could not convert signature into correct length"
))
}

/// Verify a signature with the public key
Expand All @@ -82,7 +83,7 @@ impl P256HardwareKeyPair {
/// used.
pub fn generate(id: &str) -> Result<Self, Error> {
Ok(Self {
inner: SecureEnvironment::generate_keypair(id)?,
inner: SecureEnvironment::generate_keypair(id, true)?,
key_id: SecretBytes::from_slice(id.as_bytes()),
})
}
Expand Down Expand Up @@ -131,12 +132,9 @@ impl KeySign for P256HardwareKeyPair {
) -> Result<(), Error> {
match sig_type {
None | Some(SignatureType::ES256) => {
if let Some(sig) = self.sign(message) {
out.buffer_write(&sig[..])?;
Ok(())
} else {
Err(err_msg!(Unsupported, "Undefined secret key"))
}
let sig = self.sign(message)?;
out.buffer_write(&sig[..])?;
Ok(())
}
#[allow(unreachable_patterns)]
_ => Err(err_msg!(Unsupported, "Unsupported signature type")),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@
"resizeMode": "contain",
"backgroundColor": "#ffffff"
},
"plugins": [
[
"expo-local-authentication",
{
"faceIDPermission": "Allow $(PRODUCT_NAME) to use Face ID."
}
]
],
"assetBundlePatterns": ["**/*"],
"ios": {
"supportsTablet": true,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
"dependencies": {
"@hyperledger/aries-askar-react-native": "workspace:*",
"expo": "~51.0.2",
"expo-local-authentication": "~14.0.1",
"expo-status-bar": "~1.12.1",
"react": "18.2.0",
"react-native": "0.74.1"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
import { ariesAskar } from '@hyperledger/aries-askar-react-native'
import { StyleSheet, Text, View } from 'react-native'
import { KeyAlgs, KeyBackend, LocalKeyHandle, ariesAskar } from '@hyperledger/aries-askar-react-native'
import { authenticateAsync } from 'expo-local-authentication'
import { useState } from 'react'
import { Button, StyleSheet, Text, View } from 'react-native'

const styles = StyleSheet.create({
container: {
Expand All @@ -10,8 +12,32 @@ const styles = StyleSheet.create({
},
})

export const App = () => (
<View style={styles.container}>
<Text>{ariesAskar.version()}</Text>
</View>
)
export const App = () => {
const [signature, setSignature] = useState<Uint8Array>()

const sign = async () => {
const key = ariesAskar.keyGenerate({
algorithm: KeyAlgs.EcSecp256r1,
keyBackend: KeyBackend.SecureElement,
ephemeral: false,
})
const result = await authenticateAsync()
if (result.success) {
const sig = ariesAskar.keySignMessage({
message: new Uint8Array(10).fill(42),
localKeyHandle: new LocalKeyHandle(key.handle),
})
setSignature(sig)
} else {
throw new Error('Could not authenticate')
}
}

return (
<View style={styles.container}>
<Text>{ariesAskar.version()}</Text>
<Button title="sign" onPress={sign} />
{signature && <Text>{signature.join('.')}</Text>}
</View>
)
}
Loading
Loading