update secure-env to 0.5

Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
hyperledger · Jul 25, 2024 · 2819875 · 2819875
1 parent 7813768
commit 2819875
Show file tree

Hide file tree

Showing 7 changed files with 2,547 additions and 3,957 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/askar-crypto/Cargo.toml b/askar-crypto/Cargo.toml
@@ -101,7 +101,7 @@ p384 = { version = "0.13", default-features = false, features = [
     "ecdh",
 ], optional = true }
 rand = { version = "0.8", default-features = false }
-secure-env = { package = "animo-secure-env", version = "0.4", optional = true }
+secure-env = { package = "animo-secure-env", version = "0.5", optional = true }
 serde = { version = "1.0", default-features = false, features = ["derive"] }
 serde-json-core = { version = "0.5", default-features = false }
 sha2 = { version = "0.10", default-features = false }

diff --git a/askar-crypto/src/alg/p256_hardware.rs b/askar-crypto/src/alg/p256_hardware.rs
@@ -62,11 +62,12 @@ impl P256HardwareKeyPair {
     }
 
     /// Sign a message with the secret key
-    pub fn sign(&self, message: &[u8]) -> Option<[u8; ES256_SIGNATURE_LENGTH]> {
-        self.inner
-            .sign(message)
-            .ok()
-            .and_then(|s| s.try_into().ok())
+    pub fn sign(&self, message: &[u8]) -> Result<[u8; ES256_SIGNATURE_LENGTH], Error> {
+        let signature = self.inner.sign(message)?;
+        signature.as_slice().try_into().map_err(err_map!(
+            Unexpected,
+            "Could not convert signature into correct length"
+        ))
     }
 
     /// Verify a signature with the public key
@@ -82,7 +83,7 @@ impl P256HardwareKeyPair {
     /// used.
     pub fn generate(id: &str) -> Result<Self, Error> {
         Ok(Self {
-            inner: SecureEnvironment::generate_keypair(id)?,
+            inner: SecureEnvironment::generate_keypair(id, true)?,
             key_id: SecretBytes::from_slice(id.as_bytes()),
         })
     }
@@ -131,12 +132,9 @@ impl KeySign for P256HardwareKeyPair {
     ) -> Result<(), Error> {
         match sig_type {
             None | Some(SignatureType::ES256) => {
-                if let Some(sig) = self.sign(message) {
-                    out.buffer_write(&sig[..])?;
-                    Ok(())
-                } else {
-                    Err(err_msg!(Unsupported, "Undefined secret key"))
-                }
+                let sig = self.sign(message)?;
+                out.buffer_write(&sig[..])?;
+                Ok(())
             }
             #[allow(unreachable_patterns)]
             _ => Err(err_msg!(Unsupported, "Unsupported signature type")),

diff --git a/wrappers/javascript/packages/aries-askar-react-native-example/app.json b/wrappers/javascript/packages/aries-askar-react-native-example/app.json
@@ -11,6 +11,14 @@
       "resizeMode": "contain",
       "backgroundColor": "#ffffff"
     },
+    "plugins": [
+      [
+        "expo-local-authentication",
+        {
+          "faceIDPermission": "Allow $(PRODUCT_NAME) to use Face ID."
+        }
+      ]
+    ],
     "assetBundlePatterns": ["**/*"],
     "ios": {
       "supportsTablet": true,

diff --git a/wrappers/javascript/packages/aries-askar-react-native-example/package.json b/wrappers/javascript/packages/aries-askar-react-native-example/package.json
@@ -12,6 +12,7 @@
   "dependencies": {
     "@hyperledger/aries-askar-react-native": "workspace:*",
     "expo": "~51.0.2",
+    "expo-local-authentication": "~14.0.1",
     "expo-status-bar": "~1.12.1",
     "react": "18.2.0",
     "react-native": "0.74.1"

diff --git a/wrappers/javascript/packages/aries-askar-react-native-example/src/App.tsx b/wrappers/javascript/packages/aries-askar-react-native-example/src/App.tsx
@@ -1,5 +1,7 @@
-import { ariesAskar } from '@hyperledger/aries-askar-react-native'
-import { StyleSheet, Text, View } from 'react-native'
+import { KeyAlgs, KeyBackend, LocalKeyHandle, ariesAskar } from '@hyperledger/aries-askar-react-native'
+import { authenticateAsync } from 'expo-local-authentication'
+import { useState } from 'react'
+import { Button, StyleSheet, Text, View } from 'react-native'
 
 const styles = StyleSheet.create({
   container: {
@@ -10,8 +12,32 @@ const styles = StyleSheet.create({
   },
 })
 
-export const App = () => (
-  <View style={styles.container}>
-    <Text>{ariesAskar.version()}</Text>
-  </View>
-)
+export const App = () => {
+  const [signature, setSignature] = useState<Uint8Array>()
+
+  const sign = async () => {
+    const key = ariesAskar.keyGenerate({
+      algorithm: KeyAlgs.EcSecp256r1,
+      keyBackend: KeyBackend.SecureElement,
+      ephemeral: false,
+    })
+    const result = await authenticateAsync()
+    if (result.success) {
+      const sig = ariesAskar.keySignMessage({
+        message: new Uint8Array(10).fill(42),
+        localKeyHandle: new LocalKeyHandle(key.handle),
+      })
+      setSignature(sig)
+    } else {
+      throw new Error('Could not authenticate')
+    }
+  }
+
+  return (
+    <View style={styles.container}>
+      <Text>{ariesAskar.version()}</Text>
+      <Button title="sign" onPress={sign} />
+      {signature && <Text>{signature.join('.')}</Text>}
+    </View>
+  )
+}