prepare biometric auth on agreement

a-sit-plus · Jan 13, 2025 · a128807 · a128807
1 parent 0c7df4d
commit a128807
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 12 deletions.
diff --git a/supreme/src/androidMain/kotlin/at/asitplus/signum/supreme/agreement/KeyAgreement.android.kt b/supreme/src/androidMain/kotlin/at/asitplus/signum/supreme/agreement/KeyAgreement.android.kt
@@ -3,11 +3,13 @@ package at.asitplus.signum.supreme.agreement
 import at.asitplus.signum.indispensable.CryptoPublicKey
 import at.asitplus.signum.indispensable.toJcaPublicKey
 import at.asitplus.signum.supreme.HazardousMaterials
+import at.asitplus.signum.supreme.dsl.DSLConfigureFn
 import at.asitplus.signum.supreme.hazmat.jcaPrivateKey
+import at.asitplus.signum.supreme.os.PlatformSigningProviderSignerSigningConfigurationBase
 import at.asitplus.signum.supreme.sign.Signer
-import javax.crypto.KeyAgreement
 
-actual fun Signer.ECDSA.performAgreement(publicKey: CryptoPublicKey.EC): ByteArray =
+actual fun Signer.ECDSA.performAgreement(publicKey: CryptoPublicKey.EC, config: DSLConfigureFn<PlatformSigningProviderSignerSigningConfigurationBase>): ByteArray =
+    /*TODO: check auth similar to https://github.com/a-sit-plus/kmp-crypto/blob/02ee22227dcef3ee03e65a19f0aa578168f7b518/supreme/src/androidMain/kotlin/at/asitplus/signum/supreme/os/AndroidKeyStoreProvider.kt#L360*/
     javax.crypto.KeyAgreement.getInstance("ECDH").also {
         @OptIn(HazardousMaterials::class)
         it.init(jcaPrivateKey)

diff --git a/supreme/src/commonMain/kotlin/at/asitplus/signum/supreme/agreement/KeyAgreement.kt b/supreme/src/commonMain/kotlin/at/asitplus/signum/supreme/agreement/KeyAgreement.kt
@@ -6,17 +6,24 @@ import at.asitplus.signum.indispensable.CryptoPrivateKey
 import at.asitplus.signum.indispensable.CryptoPublicKey
 import at.asitplus.signum.indispensable.SignatureAlgorithm
 import at.asitplus.signum.indispensable.nativeDigest
+import at.asitplus.signum.supreme.dsl.DSLConfigureFn
+import at.asitplus.signum.supreme.os.PlatformSigningProviderSignerSigningConfigurationBase
 import at.asitplus.signum.supreme.sign.Signer
 import at.asitplus.signum.supreme.sign.curve
 import at.asitplus.signum.supreme.sign.signerFor
 
 /**
  * Elliptic-curve Diffie-Hellman key agreement.
  * Curves of public key and signer need to match!
+ *
+ * [config] can be used to display a custom authentication prompt
  */
-fun Signer.ECDSA.keyAgreement(publicKey: CryptoPublicKey.EC): KmmResult<ByteArray> = catching {
+fun Signer.ECDSA.keyAgreement(
+    publicKey: CryptoPublicKey.EC,
+    config: DSLConfigureFn<PlatformSigningProviderSignerSigningConfigurationBase> = null
+): KmmResult<ByteArray> = catching {
     require(curve == publicKey.curve) { "Private and public key curve mismatch" }
-    performAgreement(publicKey)
+    performAgreement(publicKey, config)
 }
 
 /**
@@ -34,13 +41,21 @@ fun CryptoPrivateKey.WithPublicKey<CryptoPublicKey.EC>.keyAgreement(publicKey: C
  * Elliptic-curve Diffie-Hellman key agreement.
  * Curves of public key and signer need to match!
  */
-fun CryptoPublicKey.EC.keyAgreement(privateKey: CryptoPrivateKey.WithPublicKey<CryptoPublicKey.EC>) = privateKey.keyAgreement(this)
+fun CryptoPublicKey.EC.keyAgreement(privateKey: CryptoPrivateKey.WithPublicKey<CryptoPublicKey.EC>) =
+    privateKey.keyAgreement(this)
 
 /**
  * Elliptic-curve Diffie-Hellman key agreement.
  * Curves of public key and signer need to match!
+ *
+ * [config] can be used to display a custom authentication prompt
  */
-fun CryptoPublicKey.EC.keyAgreement(signer: Signer.ECDSA) = signer.keyAgreement(this)
+fun CryptoPublicKey.EC.keyAgreement(
+    signer: Signer.ECDSA,
+    config: DSLConfigureFn<PlatformSigningProviderSignerSigningConfigurationBase> = null
+) = signer.keyAgreement(this, config)
 
-//TODO CFG lambda for auth dialog, etc
-internal expect fun Signer.ECDSA.performAgreement(publicKey: CryptoPublicKey.EC): ByteArray
+internal expect fun Signer.ECDSA.performAgreement(
+    publicKey: CryptoPublicKey.EC,
+    config: DSLConfigureFn<PlatformSigningProviderSignerSigningConfigurationBase>
+): ByteArray
diff --git a/supreme/src/iosMain/kotlin/at/asitplus/signum/supreme/agreement/KeyAgreement.ios.kt b/supreme/src/iosMain/kotlin/at/asitplus/signum/supreme/agreement/KeyAgreement.ios.kt
@@ -7,8 +7,10 @@ import at.asitplus.signum.internals.corecall
 import at.asitplus.signum.internals.takeFromCF
 import at.asitplus.signum.internals.toByteArray
 import at.asitplus.signum.supreme.dsl.DSL
+import at.asitplus.signum.supreme.dsl.DSLConfigureFn
 import at.asitplus.signum.supreme.os.IosSigner
 import at.asitplus.signum.supreme.os.IosSignerSigningConfiguration
+import at.asitplus.signum.supreme.os.PlatformSigningProviderSignerSigningConfigurationBase
 import at.asitplus.signum.supreme.sign.ECPrivateKeySigner
 import at.asitplus.signum.supreme.sign.EphemeralSigner
 import at.asitplus.signum.supreme.sign.PrivateKeySigner
@@ -18,14 +20,13 @@ import kotlinx.cinterop.memScoped
 import platform.Foundation.NSData
 
 @OptIn(ExperimentalForeignApi::class)
-internal actual fun Signer.ECDSA.performAgreement(publicKey: CryptoPublicKey.EC): ByteArray {
+internal actual fun Signer.ECDSA.performAgreement(publicKey: CryptoPublicKey.EC, config: DSLConfigureFn<PlatformSigningProviderSignerSigningConfigurationBase>): ByteArray {
 
     return catchingUnwrapped {
-
         val priv =  if( this is EphemeralSigner.EC)
             this.privateKey.value
         else if (this is IosSigner)
-            this.privateKeyManager.get(DSL.resolve(::IosSignerSigningConfiguration, null)).value
+            this.privateKeyManager.get(DSL.resolve(::IosSignerSigningConfiguration, config)).value
         else if(this is ECPrivateKeySigner)
             this.secKey
         else throw IllegalArgumentException(this::class.qualifiedName!!)

diff --git a/supreme/src/jvmMain/kotlin/at/asitplus/signum/supreme/agreement/KeyAgreement.jvm.kt b/supreme/src/jvmMain/kotlin/at/asitplus/signum/supreme/agreement/KeyAgreement.jvm.kt
@@ -3,11 +3,13 @@ package at.asitplus.signum.supreme.agreement
 import at.asitplus.signum.indispensable.CryptoPublicKey
 import at.asitplus.signum.indispensable.toJcaPublicKey
 import at.asitplus.signum.supreme.HazardousMaterials
+import at.asitplus.signum.supreme.dsl.DSLConfigureFn
 import at.asitplus.signum.supreme.hazmat.jcaPrivateKey
+import at.asitplus.signum.supreme.os.PlatformSigningProviderSignerSigningConfigurationBase
 import at.asitplus.signum.supreme.sign.Signer
 import javax.crypto.KeyAgreement
 
-actual fun Signer.ECDSA.performAgreement(publicKey: CryptoPublicKey.EC): ByteArray =
+internal actual fun Signer.ECDSA.performAgreement(publicKey: CryptoPublicKey.EC, config: DSLConfigureFn<PlatformSigningProviderSignerSigningConfigurationBase>): ByteArray =
     KeyAgreement.getInstance("ECDH").also {
         @OptIn(HazardousMaterials::class)
         it.init(jcaPrivateKey)