Merge pull request #122 from niscy-eudiw/SecureArea

Refactoring for SecureArea functionality
eu-digital-identity-wallet · Nov 28, 2024 · 7dd9b27 · 7dd9b27
2 parents 7fae108 + dd1406b
commit 7dd9b27
Show file tree

Hide file tree

Showing 21 changed files with 331 additions and 227 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -5,8 +5,6 @@
         "ghcr.io/devcontainers/features/common-utils:2": {
             "installZsh": "false",
             "username": "vscode",
-            "userUid": "1000",
-            "userGid": "1000",
             "upgradePackages": "false"
         },
         "ghcr.io/devcontainers/features/git:1": {

diff --git a/.github/workflows/swift.yml b/.github/workflows/swift.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
       - uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: '16.0'
+          xcode-version: '16.1'
       - name: Get swift version
         run: swift --version
       - uses: actions/checkout@v4

diff --git a/Package.resolved b/Package.resolved
@@ -1,5 +1,5 @@
 {
-  "originHash" : "d38f85b065a32877c668f73f6814a437fd82f13d6bf2d947c60a917106f9ce7b",
+  "originHash" : "3c60eb55cb4a02f67cb382900b7e167b7d424741343da03faed156ca08377032",
   "pins" : [
     {
       "identity" : "blueecc",
@@ -24,35 +24,35 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-data-model.git",
       "state" : {
-        "revision" : "c1b4383d6fc3387a8ed4c79177548624c4e34e3a",
-        "version" : "0.3.3"
+        "revision" : "29f30a92427733db0c7b9cea9616607a1df24284",
+        "version" : "0.4.0"
       }
     },
     {
       "identity" : "eudi-lib-ios-iso18013-data-transfer",
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-data-transfer.git",
       "state" : {
-        "revision" : "25a71bea1d4bddd7faf8490f39dbf52ef902b671",
-        "version" : "0.3.8"
+        "revision" : "b774365cae01babdc2807d602e53ac2ddb7c6958",
+        "version" : "0.4.0"
       }
     },
     {
       "identity" : "eudi-lib-ios-iso18013-security",
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-security.git",
       "state" : {
-        "revision" : "13d65a1010ee9e6219f8bccbab6eb32f67405d86",
-        "version" : "0.2.6"
+        "revision" : "6d335f19cb5bdb590bf2f5557c4d91dda146555b",
+        "version" : "0.3.0"
       }
     },
     {
       "identity" : "eudi-lib-ios-openid4vci-swift",
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift.git",
       "state" : {
-        "revision" : "5483f37046bcd5607af5b817cea3147257b3f3c6",
-        "version" : "0.7.0"
+        "revision" : "18f4906739cebedf63cbf57002d313dc5ab8e087",
+        "version" : "0.8.0"
       }
     },
     {
@@ -69,17 +69,17 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift.git",
       "state" : {
-        "revision" : "f103311dd3bd975b12919d4c3c1e099b6cb40330",
-        "version" : "0.6.0"
+        "revision" : "1049277d9b5818416b313f58a5eaf139de9881b3",
+        "version" : "0.6.1"
       }
     },
     {
       "identity" : "eudi-lib-ios-wallet-storage",
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-wallet-storage.git",
       "state" : {
-        "revision" : "9fe492a8648877cd3bc39baed50a1b85d4a50273",
-        "version" : "0.3.0"
+        "revision" : "32079a4b2425886a864efaaf2beeee234cb53efc",
+        "version" : "0.4.0"
       }
     },
     {
@@ -177,17 +177,17 @@
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/apple/swift-crypto.git",
       "state" : {
-        "revision" : "06dc63c6d8da54ee11ceb268cde1fa68161afc96",
-        "version" : "3.9.1"
+        "revision" : "ff0f781cf7c6a22d52957e50b104f5768b50c779",
+        "version" : "3.10.0"
       }
     },
     {
       "identity" : "swift-log",
       "kind" : "remoteSourceControl",
       "location" : "https://github.com/apple/swift-log.git",
       "state" : {
-        "revision" : "9cb486020ebf03bfa5b5df985387a14a98744537",
-        "version" : "1.6.1"
+        "revision" : "96a2f8a0fa41e9e09af4585e2724c4e825410b91",
+        "version" : "1.6.2"
       }
     },
     {

diff --git a/Package.swift b/Package.swift
@@ -15,10 +15,10 @@ let package = Package(
     dependencies: [
     .package(url: "https://github.com/apple/swift-log.git", from: "1.5.3"),
 		.package(url: "https://github.com/crspybits/swift-log-file", from: "0.1.0"),
-		.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-data-transfer.git",  exact: "0.3.8"),
-		.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-wallet-storage.git", exact: "0.3.0"),
-		.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift.git", exact: "0.6.0"),
-		.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift.git", exact: "0.7.0"),
+		.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-data-transfer.git",  exact: "0.4.0"),
+		.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-wallet-storage.git", exact: "0.4.0"),
+		.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift.git", exact: "0.6.1"),
+		.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift.git", exact: "0.8.0"),
 	],
     targets: [
         // Targets are the basic building blocks of a package, defining a module or a test suite.

diff --git a/README.md b/README.md
@@ -100,17 +100,11 @@ Detailed documentation is provided in the DocC documentation [here](https://eu-d
 ## Initialization
 The [EudiWallet](https://eu-digital-identity-wallet.github.io/eudi-lib-ios-wallet-kit/documentation/eudiwalletkit/eudiwallet) class provides a unified API for the two user attestation presentation flows. It is initialized with a document storage manager instance. For SwiftUI apps, the wallet instance can be added as an ``environmentObject`` to be accessible from all views. A KeyChain implementation of document storage is available.
 
+The wallet developer can customize cryptographic key operations by passing `SecureArea` instances to the wallet, otherwise the wallet-kit creates 'SecureEnclave' (default) and 'Software' secure areas. The wallet developer can specify key create options per doc-type such as curve type, secure area name, and key unlock policy.
+
 ```swift
-let wallet = EudiWallet.standard
-wallet.userAuthenticationRequired = true
-wallet.trustedReaderCertificates = [...] // array of der certificate data
-wallet.openId4VpVerifierApiUri = "https:// ... verifier api uri ..."
-wallet.verifierApiUri = configLogic.verifierConfig.apiUri
-wallet.verifierLegalName = configLogic.verifierConfig.legalName
-wallet.openID4VciIssuerUrl = configLogic.vciConfig.issuerUrl
-wallet.openID4VciClientId = configLogic.vciConfig.clientId
-wallet.openID4VciRedirectUri = configLogic.vciConfig.redirectUri
-wallet.loadAllDocuments()
+let wallet = try! EudiWallet(serviceName: "my_wallet_app",
+   trustedReaderCertificates: [Data(name: "eudi_pid_issuer_ut", ext: "der")!] )
 ```	
 
 
@@ -182,22 +176,15 @@ If ``userAuthenticationRequired`` is true, user authentication is required. The
 After issuing a document, the document data and corresponding private key are stored in the wallet storage.
 
 ### Issue document by docType
-When the document docType to be issued use the `issueDocument(docType:format:)` method.
-
-__Important Notes__:
+When the document docType to be issued use the `issueDocument(docType:format:keyOptions:)` method.
 
-- Currently, only mso_mdoc format is supported
-- Currently, only ES256 algorithm is supported for signing OpenId4CVI proof of possession of the
-  publicKey.
+* Currently, only mso_mdoc format is supported
 
 The following example shows how to issue an EUDI Personal ID document using OpenID4VCI:
 
 ```swift
-wallet.openID4VciIssuerUrl = "https://eudi.netcompany-intrasoft.com/pid-issuer" 
-wallet.openID4VciClientId = "wallet-dev"
-wallet.openID4VciRedirectUri = "eudi-openid4ci://authorize/" 
 do {
-  let doc = try await userWallet.issueDocument(docType: EuPidModel.euPidDocType, format: .cbor)
+  let doc = try await userWallet.issueDocument(docType: EuPidModel.euPidDocType, format: .cbor, keyOptions: KeyOptions(secureAreaName: "SecureEnclave", accessControl: [.requireUserPresence])])
   // document has been added to wallet storage, you can display it
 }
 catch {
@@ -218,11 +205,12 @@ The following example shows how to resolve a credential offer:
   }
 ```
 
-After user acceptance of the offer, the selected documents can be issued using the `issueDocumentsByOfferUrl(offerUri:docTypes:txCodeValue:format:)` method.
+After user acceptance of the offer, the selected documents can be issued using the `issueDocumentsByOfferUrl(offerUri:docTypes:docTypeKeyOptions:txCodeValue:format:)` method.
 The `txCodeValue` parameter is not used in the case of the authorization code flow.
 The following example shows how to issue documents by offer URL:
 ```swift
- let documents = try await walletController.issueDocumentsByOfferUrl(offerUri: uri,  docTypes: docOffers, format: .cbor, txCodeValue: txCodeValue )
+ let documents = try await walletController.issueDocumentsByOfferUrl(offerUri: uri,  docTypes: docOffers,
+   docTypeKeyOptions: [EuPidModel.euPidDocType : KeyOptions(secureAreaName: "SecureEnclave", accessControl: [.requireUserPresence])], format: .cbor, txCodeValue: txCodeValue )
 ```
 
 ### Authorization code flow
@@ -241,13 +229,13 @@ information. Specifically, the `txCodeSpec` field in the `OfferedIssuanceModel`
 
 From the user's perspective, the application must provide a way to input the transaction code.
 
-After user acceptance of the offer, the selected documents can be issued using the `issueDocumentsByOfferUrl(offerUri:docTypes:txCodeValue:format:)` method.
+After user acceptance of the offer, the selected documents can be issued using the `issueDocumentsByOfferUrl(offerUri:docTypes:docTypeKeyOptions:txCodeValue:format:)` method.
 When the transaction code is provided, the issuance process can be resumed by calling the above-mentioned method and passing the transaction code in the `txCodeValue` parameter.
 
 ### Dynamic issuance
 Wallet kit supports the Dynamic [PID based issuance](https://github.com/eu-digital-identity-wallet/eudi-wallet-product-roadmap/issues/82)
 
-After calling `issueDocument(docType:format:)` or `issueDocumentsByOfferUrl(offerUri:docTypes:txCodeValue:format:)` the wallet application need to check if the doc is pending and has a `authorizePresentationUrl` property. If the property is present, the application should perform the OpenID4VP presentation using the presentation URL. On success, the `resumePendingIssuance(pendingDoc:, webUrl:)` method should be called with the authorization URL provided by the server.
+After calling `issueDocument(docType:format:keyOptions: KeyOptions:)` or `issueDocumentsByOfferUrl(offerUri:docTypes:docTypeKeyOptions:txCodeValue:format:)` the wallet application need to check if the doc is pending and has a `authorizePresentationUrl` property. If the property is present, the application should perform the OpenID4VP presentation using the presentation URL. On success, the `resumePendingIssuance(pendingDoc:, webUrl:)` method should be called with the authorization URL provided by the server.
 ```swift
 if let urlString = newDocs.last?.authorizePresentationUrl { 
 	// perform openid4vp presentation using the urlString