-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AndroidSecureArea keys creation improvements #365
AndroidSecureArea keys creation improvements #365
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did a quick test of this PR and it looks like quite a lot of work remains. Observations
-
User auth timeout can not go below 1. It should be possible to set to 0 (which means "auth for every use of the key")
-
after presenting an mDL, the holder returns to the main screen even when Auto close connection preference is not checked in Settings
-
when
allowLskf
is unchecked,BiometricPrompt
still has a Use PIN secondary button. Should not be shown. -
Authentication Key Curve drop-down always show
["P-256", "Ed25519", "X25519"]
- when mdoc ECDSA authentication is selected it should show
["P-256", "Ed25519"]
- when mdoc MAC authentication is selected it should show
["P-256", "X25519"]
- when mdoc ECDSA authentication is selected it should show
-
For BC keys, there's no way to choose mdoc authentication mode, this is only possible for Android Keystore keys.
- This needs to be possible
-
Auth keys are still mismanaged as pointed out on chat last week (Aug 29). See the thread/topic starting with me saying Have you noticed how "Refresh Auth Keys" tend to just create a lot of new keys when it shouldn't?
-
It doesn't seem like there is a
getAndroidHardwareCapabilities()
class yet as we discussed earlier this week. It should have the following booleans to reflect the capabilities of the Android device the app is running on:- `attest_key``
secure_lock_screen
ecdh- curve_25519
strongbox
strongbox_ecdh
strongbox_25519
strongbox_attest_key
configure_user_authentication_type
@@ -161,24 +161,37 @@ | |||
<string name="document_color_blue">Blue</string> | |||
<string name="document_color_red">Red</string> | |||
|
|||
<string name="keystore_android">Android Keystore</string> | |||
<string name="keystore_bouncy_castle">BouncyCastle Keystore</string> | |||
<string name="keystore_android">Android</string> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be called Android Keystore, not just Android.
userAuthenticationType: Int, | ||
useStrongBox: Boolean, | ||
ecCurve: Int, | ||
validUntil: Timestamp | ||
): AndroidKeystoreSecureArea.CreateKeySettings { | ||
|
||
return AndroidKeystoreSecureArea.CreateKeySettings.Builder(provisioningChallenge) | ||
.setKeyPurposes(SecureArea.KEY_PURPOSE_SIGN or SecureArea.KEY_PURPOSE_AGREE_KEY) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only pick one of them, never both. If mdoc ECDSA authentication is used, pick KEY_PURPOSE_SIGN
. If mdoc MAC authentication is used, pick KEY_PURPOSE_AGREE_KEY
.
provisionInfo.androidAuthKeyCurveOption.toEcCurve(), | ||
provisionInfo.useStrongBox, | ||
provisionInfo.validityInDays.toTimestampFromNow() | ||
) | ||
} else if (provisionInfo.passphrase != null) { | ||
createBouncyCastleKey(provisionInfo.passphrase) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Delete createAndroidKey()
and createBouncyCastleKey()
and just call createKey()
directly on the SecureArea
object. In general, please try to reduce the number of places where there's SecureArea-specific codepaths - this is so it'll be easier to add support for a new SecureArea
in the future.
fba0cc7
to
4bd4126
Compare
We did review the PR internally, and now we making it open. We have addressed the requested changed.
|
738afa4
to
fa2205d
Compare
I checked out the branch and did a quick testdrive, some observations
|
fa2205d
to
2dfa1ce
Compare
2dfa1ce
to
82a1e50
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, let's merge this
Partly Fixes #360