Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address a few bugs in IsoMdlPresentation and modify MDoc #44

Merged
merged 5 commits into from
Oct 23, 2024
Merged

Address a few bugs in IsoMdlPresentation and modify MDoc #44

merged 5 commits into from
Oct 23, 2024

Conversation

rschulman
Copy link
Contributor

Makes IsoMdlPresentation init public and adjusts the code that retrieves the signing key from the key store to match that which is currently in the CA DMV wallet. Also removes an unused init argument from the MDoc init function and renames another argument.

@rschulman rschulman requested a review from sbihel October 22, 2024 14:27
@cobward
Copy link
Contributor

cobward commented Oct 22, 2024
edited
Loading

retrieves the signing key from the key store to match that which is currently in the CA DMV wallet.

@rschulman I'm wondering if we should alter the API so that the calling code passes the private key into this function? It looks like there are two ways of looking up the keypair - ApplicationTag, which CA DMV currently uses, and ApplicationLabel which might be more "correct"?

Alternatively, we could provide an interface like this:

public class KeyRetrieval: NSObject {
    /**
     * Retrieves a private key by alias.
     */
    public func retrieve(keyAlias: String) -> SecKey? {
        // ...
    }
}

Which could then be overridden in the CA DMV app.

We could also use the KeyManager class that already exists in the codebase, but my feeling is that it is not future-proof as it supports limited curves, encryption and signing methods, so may end up going away in the medium term.

@sbihel
Copy link
Member

sbihel commented Oct 22, 2024

I agree with Jacob that fetching the key "by hand" isn't the best way if it turns out there are multiple ways of referring to a key in the secure element.

About the private init, it's because this function was meant to be used all the time as MDoc presentation always supports multiple MDocs. But I can understand if it's necessary for certain UX flows.

@rschulman
Copy link
Contributor Author

I've pushed an update requiring the consumer to pass in the signing key.

@rschulman rschulman merged commit 8824cb9 into main Oct 23, 2024
1 check passed
@rschulman rschulman deleted the fix/isomdl-bugs branch October 23, 2024 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ryanmtate Ryanmtate Ryanmtate approved these changes

@sbihel sbihel Awaiting requested review from sbihel

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rschulman @cobward @sbihel @Ryanmtate