diff --git a/CHANGELOG.md b/CHANGELOG.md index 9da3f1f9..05adf796 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,8 @@ ## 3.0 -### Next -* Remove Swift verifier logic to obtain a general speed-up - ### 3.7.0 (Supreme 0.2.0) +* Remove Swift verifier logic to obtain a general speed-up * Implement supreme signing capabilities * Introduce Attestation Data Structure * Dependency Updates: diff --git a/README.md b/README.md index a81882f0..a82ed390 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,8 @@ [![Kotlin](https://img.shields.io/badge/kotlin-multiplatform-orange.svg?logo=kotlin)](http://kotlinlang.org) [![Kotlin](https://img.shields.io/badge/kotlin-2.0.0-blue.svg?logo=kotlin)](http://kotlinlang.org) [![Java](https://img.shields.io/badge/java-17+-blue.svg?logo=OPENJDK)](https://www.oracle.com/java/technologies/downloads/#java11) -[![Maven Central](https://img.shields.io/maven-central/v/at.asitplus.signum/indispensable)](https://mvnrepository.com/artifact/at.asitplus.signum/) +[![Maven Central (indispensable)](https://img.shields.io/maven-central/v/at.asitplus.signum/indispensable?label=maven-central%20%28indispensable%29)](https://mvnrepository.com/artifact/at.asitplus.signum/) +[![Maven Central (Supreme)](https://img.shields.io/maven-central/v/at.asitplus.signum/supreme?label=maven-central%20%28Supreme%29)](https://mvnrepository.com/artifact/at.asitplus.signum/supreme) @@ -24,7 +25,9 @@ This [Kotlin Multiplatform](https://kotlinlang.org/docs/multiplatform.html) library provides platform-independent data types and functionality related to crypto and PKI applications: -* **Multiplatform ECDSA and RSA verification** +* **Multiplatform ECDSA and RSA Signer and Verifier** → Check out the included [CMP demo App](demoapp) to see it in action + * **Supports Attestation on iOS and Android** + * **Biometric Authentication on Android and iOS without Callbacks or Activity Passing** (✨Magic!✨) * Public Keys (RSA and EC) * Algorithm Identifiers (Signatures, Hashing) * X509 Certificate Class (create, encode, decode) @@ -520,8 +523,6 @@ SEQUENCE (8 elem) * No OCSP and CRL Checks (though it is perfectly possible to parse this data from a certificate and implement the checks) * We do need more comprehensive tests, but we're getting there, mostly thanks to [@iaik-jheher](https://github.com/iaik-jheher) and [@n0900](https://github.com/n0900). -* We don't yet know how compliant everything really is, but this code has been successfully handling cryptographic material - for a couple of months now and we're improving whenever we hit an issue. * Number of supported Algorithms is limited to the usual suspects (sorry, no Bernstein curves )-:) diff --git a/build.gradle.kts b/build.gradle.kts index ea278502..e7270272 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,7 +1,7 @@ import org.jetbrains.dokka.gradle.DokkaMultiModuleTask plugins { - id("at.asitplus.gradle.conventions") version "2.0.20+20240904" + id("at.asitplus.gradle.conventions") version "2.0.20+20240829" id("com.android.library") version "8.2.2" apply (false) } group = "at.asitplus.signum" diff --git a/demoapp/README.MD b/demoapp/README.MD index 7b840d1d..989d7609 100644 --- a/demoapp/README.MD +++ b/demoapp/README.MD @@ -1,22 +1,27 @@ # Supreme Multiplatform (JVM, Android, iOS) Demo App +

![img.png](img.png) -This app showcases the _Supreme_ KMP Crypto provider on Android and on iOS. Demoing the JVM target would require additional configuration due to limitations of Kotlin. -It was decided to avoid this clutter for the demo app, since the Supreme test suite already showcases the JVM provider usage. +

+This app showcases the _Supreme_ KMP Crypto provider on JVM, Android and on iOS. It is possible to generate key pairs, sign data, and verify the signature. -Generation of attestation statements is also supported, although on iOS, only P-256 keys can be attested due to platform constreaints. -The default JVM provider does not natively support the creation of attestation statements. +Generation of attestation statements is also supported, although on iOS, only P-256 keys can be attested due to platform constraints. +The default JVM provider does not natively support the creation of attestation statements, so it is a NOOP there. + +Except for the JVM (because there is no system-wide keystore), the app relies only on multiplatform code. +Hence, everything is located in the common [App.kt](composeApp/src/commonMain/kotlin/at/asitplus/cryptotest/App.kt). +As can be seen, no activity passing and callbacks are required, even for biometric auth! Everything _just works_© automagically… ## Before running! - check your system with [KDoctor](https://github.com/Kotlin/kdoctor) - install JDK 17 on your machine - add `local.properties` file to the project root and set a path to Android SDK there -### Android +## Android To run the application on android device/emulator: - open project in Android Studio and run imported android run configuration @@ -24,10 +29,11 @@ To build the application bundle: - run `./gradlew :composeApp:assembleDebug` - find `.apk` file in `composeApp/build/outputs/apk/debug/composeApp-debug.apk` -### iOS +## iOS To run the application on iPhone device/simulator: - Open `iosApp/iosApp.xcproject` in Xcode and run standard configuration - Or use [Kotlin Multiplatform Mobile plugin](https://plugins.jetbrains.com/plugin/14936-kotlin-multiplatform-mobile) for Android Studio +**Attestation and biometric auth is not supported on the simulator!** Only Apple could fix this, but this is unlikely to ever happen. diff --git a/demoapp/composeApp/src/commonMain/kotlin/at/asitplus/cryptotest/App.kt b/demoapp/composeApp/src/commonMain/kotlin/at/asitplus/cryptotest/App.kt index bd831df8..a89f3749 100644 --- a/demoapp/composeApp/src/commonMain/kotlin/at/asitplus/cryptotest/App.kt +++ b/demoapp/composeApp/src/commonMain/kotlin/at/asitplus/cryptotest/App.kt @@ -73,55 +73,6 @@ import kotlin.random.Random import kotlin.reflect.KProperty import kotlin.time.Duration.Companion.seconds -val SAMPLE_CERT_CHAIN = listOf( - "MIIDljCCAxygAwIBAgISBAkE/SHlMi5J8uQGoGCZBnhSMAoGCCqGSM49BAMDMDIx\n" + - "CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF\n" + - "MTAeFw0yNDAzMTMyMDQ2MjZaFw0yNDA2MTEyMDQ2MjVaMBwxGjAYBgNVBAMTEXN0\n" + - "YWNrb3ZlcmZsb3cuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENMSrkEQf\n" + - "2x8dEAh73snPfgxMIK+VYUyIIYA+NuRhhyZuL2ZV9N4ZUibe/eEad3Y8HND3Kuz/\n" + - "2vxFzJvR8nlKSqOCAiYwggIiMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr\n" + - "BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUeQJ7DtZq\n" + - "02WUcs0cMmOa/eJEuxcwHwYDVR0jBBgwFoAUWvPtK/w2wjd5uVIw6lRvz1XLLqww\n" + - "VQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTEuby5sZW5jci5v\n" + - "cmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lMS5pLmxlbmNyLm9yZy8wMQYDVR0RBCow\n" + - "KIITKi5zdGFja292ZXJmbG93LmNvbYIRc3RhY2tvdmVyZmxvdy5jb20wEwYDVR0g\n" + - "BAwwCjAIBgZngQwBAgEwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQA7U3d1Pi25\n" + - "gE6LMFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAY45x+icAAAEAwBGMEQCICqwZ2ic\n" + - "dHGogPX6/nRhsJ2AMWROA2MkZ+zZ/8dvzaCoAiBDqexmj0syXLpaCAhZ7Jjps+QN\n" + - "UHsHX8F/VE2eQ4fmdAB1AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRz\n" + - "AAABjjnH6KcAAAQDAEYwRAIgRB4bHal+3msYGbblbfHhWcVm+95f7fkEWQabASE2\n" + - "qycCIFJ/P1mixU1zSN6L/hZSvP8RTgUxy/xvbfrcF8giDNA/MAoGCCqGSM49BAMD\n" + - "A2gAMGUCMDe8nbCNF3evyvyGNxKOaScHhZ9ScGi5zeEo4ogiY6f25FV3wzfE2enB\n" + - "3QUOvZLJbgIxAIc//kc6UgMSKC+FNL3LM3c4avx9jaKZwUvlcOvxrSExYvnmxqrA\n" + - "jC2PPx8F/hF+ww==", - "MIICxjCCAk2gAwIBAgIRALO93/inhFu86QOgQTWzSkUwCgYIKoZIzj0EAwMwTzEL\n" + - "MAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNo\n" + - "IEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDIwHhcNMjAwOTA0MDAwMDAwWhcN\n" + - "MjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5j\n" + - "cnlwdDELMAkGA1UEAxMCRTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQkXC2iKv0c\n" + - "S6Zdl3MnMayyoGli72XoprDwrEuf/xwLcA/TmC9N/A8AmzfwdAVXMpcuBe8qQyWj\n" + - "+240JxP2T35p0wKZXuskR5LBJJvmsSGPwSSB/GjMH2m6WPUZIvd0xhajggEIMIIB\n" + - "BDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB\n" + - "MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFFrz7Sv8NsI3eblSMOpUb89V\n" + - "yy6sMB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEB\n" + - "BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzAnBgNVHR8E\n" + - "IDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYG\n" + - "Z4EMAQIBMA0GCysGAQQBgt8TAQEBMAoGCCqGSM49BAMDA2cAMGQCMHt01VITjWH+\n" + - "Dbo/AwCd89eYhNlXLr3pD5xcSAQh8suzYHKOl9YST8pE9kLJ03uGqQIwWrGxtO3q\n" + - "YJkgsTgDyj2gJrjubi1K9sZmHzOa25JK1fUpE8ZwYii6I4zPPS/Lgul/", - "MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw\n" + - "CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg\n" + - "R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00\n" + - "MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT\n" + - "ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw\n" + - "EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW\n" + - "+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9\n" + - "ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T\n" + - "AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI\n" + - "zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW\n" + - "tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1\n" + - "/q4AaOeMSQ+2b1tbFfLn" -).map { X509Certificate.decodeFromDer(it.replace("\n", "").decodeBase64Bytes()) } /* because we also want it to work on the jvm; you don't need this workaround for ios/android, just use PlatformSigningProvider directly */ diff --git a/demoapp/img.png b/demoapp/img.png index 8cfb4927..bb44ce7c 100644 Binary files a/demoapp/img.png and b/demoapp/img.png differ diff --git a/gradle.properties b/gradle.properties index 98b3c9c0..8e33a123 100644 --- a/gradle.properties +++ b/gradle.properties @@ -2,8 +2,8 @@ kotlin.code.style=official kotlin.js.compiler=ir org.gradle.jvmargs=-Xmx4g -Dfile.encoding=UTF-8 -artifactVersion = 3.7.0-SNAPSHOT -supremeVersion=0.2.0-SNAPSHOT +artifactVersion=3.7.0 +supremeVersion=0.2.0 # This is not a well-defined property, the ASP convention plugin respects it, though jdk.version=17