Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Biometric auth #416

Closed
wants to merge 41 commits into from
Closed

feat: Biometric auth #416

wants to merge 41 commits into from

Conversation

sjeohp-zz
Copy link
Contributor

No description provided.

@sjeohp
Biometric auth and rust lib refactor
37c740f 
* enable/disable biometric auth as an alternative to pin (when enabled:
encrypt pin, decrypt with biometric auth, sign/etc without pin entry)

* fall back to pin entry if biometry fails

* display biometric error messages to user so they know if a key has
been permanently invalidated, requiring manual re-enabling (could be
improved by re-enabling or disabling biometry immediately depending
on subsequent pin entry)

* sign transactions in rust without returning decrypted seed to js
@sjeohp
Merge branch 'secure-hardware'
5b6f962
@sjeohp
fix: minor fixes and tweaks
db6e098
@parity-cla-bot
Copy link

It looks like @sjeohp signed our Contributor License Agreement. 👍

Many thanks,

Parity Technologies CLA Bot

@hanwencheng hanwencheng mentioned this pull request Oct 14, 2019
Closed
7 tasks
@sjeohp-zz
Copy link
Contributor Author

sjeohp-zz commented Oct 15, 2019
edited
Loading

The objective here is to allow longer alpha-numeric pins to be practical.

  • Set a complex pin
  • Enable biometric auth
    • this encrypts the pin using a biometric key that stays in secure-hardware, and stores it.
  • Sign/backup/etc
    • secure-hardware decrypts the pin.
    • pin is used to decrypt seed.
    • if biometry fails for some reason (EG. if someone enrolls a new fingerprint or disables biometry in device settings, the existing keys will be invalidated), then fall back to pin entry.

Additionally: sign transactions while minimizing time the decrypted seed spends in memory, IE. decrypt and sign in rust without returning it to js.

@sjeohp-zz sjeohp-zz changed the title Biometrics and rust lib refactor feat: Biometric auth Oct 15, 2019
@sjeohp-zz sjeohp-zz marked this pull request as ready for review October 15, 2019 04:51
hanwencheng
hanwencheng reviewed Oct 16, 2019
View reviewed changes
ios/NativeSigner.xcodeproj/project.pbxproj Outdated
@@ -1661,7 +1634,7 @@
PRODUCT_BUNDLE_IDENTIFIER = io.parity.NativeSigner;
PRODUCT_NAME = NativeSigner;
SWIFT_OBJC_BRIDGING_HEADER = "NativeSigner/NativeSigner-Bridging-Header.h";
SWIFT_VERSION = 5.0;
SWIFT_VERSION = 4.2;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why downgrade swift version here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was testing with an old Xcode that didn't support 5. This change isn't important, I actually forgot about it.

@hanwencheng
Copy link
Contributor

hanwencheng commented Oct 16, 2019
edited
Loading

Many thanks for the PR!

From what I see the biometric auth workflow is: react native js code--> native code --> rust code, is that correct?

By the way I have not find the code for biometric auth part in native code, am I too early to review it now? Otherwise could you please point them out ?

For the native secure functions: it would be nice if you could make some test code in rust part or on Native part (on #353 I am also working on test cases). Both for the future development and the current reviewing and testing process.

@sjeohp-zz
Copy link
Contributor Author

By the way I have not find the code for biometric auth part in native code, am I too early to review it now? Otherwise could you please point them out ?

https://github.com/sjeohp/secure-native

For the native secure functions: it would be nice if you could make some test code in rust part or on Native part (on #353 I am also working on test cases). Both for the future development and the current reviewing and testing process.

👍

@hanwencheng
Copy link
Contributor

hanwencheng commented Oct 19, 2019
edited
Loading

I have the sample integration test for testing native modules, which is on hanwen-native-test branch, you may add another test as here.

@sjeohp-zz
Copy link
Contributor Author

I have the sample integration test for testing native modules, which is on hanwen-native-test branch, you may add another test as here.

I don't believe it will work in this case since the methods will fail without biometric input..

@hanwencheng
Copy link
Contributor

Ah, it is possible on iOS, first you start with await device.setBiometricEnrollment(true) and then use await device.matchFinger() to pass the biometric auth.

@sjeohp-zz sjeohp-zz self-assigned this Nov 12, 2019
@sjeohp-zz
Copy link
Contributor Author

I run them in AndroidStudio or Xcode. In theory you should be able to use xcodebuild from the command line.

Could you please put the command into package.json, and use a script like yarn unit:ios for example.

Yep, done

Having issues getting e2e working with the native lib at all, will discuss.

does import {NativeModule} from 'react-native' works ?

That breaks jest and still doesn't let me run the detox test. Working e2e tests for the native modules might have to be a separate PR.

@hanwencheng hanwencheng mentioned this pull request Dec 4, 2019
Closed
hanwencheng and others added 18 commits December 11, 2019 18:18
@hanwencheng hanwencheng mentioned this pull request Jan 21, 2020
Closed
14 tasks
@sjeohp-zz sjeohp-zz removed the request for review from maciejhirsz February 3, 2020 18:36
@sjeohp-zz sjeohp-zz closed this Mar 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hanwencheng hanwencheng hanwencheng left review comments

@pmespresso pmespresso pmespresso left review comments

Assignees

@sjeohp-zz sjeohp-zz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@sjeohp-zz @parity-cla-bot @hanwencheng @pmespresso @Tbaut @sjeohp