aries-askar
aries-askar copied to clipboard
P256 keys using Secure Enclave and Android StrongBox
This PR contains the functionality to add support for hardware-backed P256 keys on iOS and Android Using iOS Secure Enclave and Android StrongBox. This is done by using the secure-env library. iOS is accessed via Security.framework
and Android via JNI. Using these features you must build the library with mobile_secure_element
or askar-crypto
directly with p256_hardware
.
During the implementation I ran into some issues due to askar-crypto
being no_std
. because of this I made the rng: impl KeyMaterial
optional as well as the id: &str
. My initial intention was to create a structure or enum for KeyGenOps
, but due to not always having access to an allocator I could not leverage Box
and dynamic dispatch. If there are any solutions for this, I would be happy to change the current implementation.
askar-crypto
now also has a method to get the key by id. Which ties askar-crypto
directly to storage, but I could not find any other way of doing this due to the nature of Secure Elements.
~~Over FFI, when supplying an id
to askar_key_generate
, the key will be created on hardware. This seems a bit too implicit for me. My next approach would be generate a random id, uuid
or something and simply pass in a boolean for hardware_backed
.~~
Implemented that we generate an id now for secure element keys and the user just has to provide hardware_backed
argument over FFI as an i8.
Still in draft for now, as I have to do some testing.
Will also include an updated python wrapper (only software as key_backend allowed) and an updated node.js wrapper. React Native will be done in #246 as that will also include the React Native Example app and move to pnpm.