Export identity data #77
Conversation
Makefile
Outdated
| @@ -45,7 +45,9 @@ APPVERSION=$(APPVERSION_MAJOR).$(APPVERSION_MINOR).$(APPVERSION_PATCH) | |||
| APP_LOAD_PARAMS = --appFlags 0x00 $(COMMON_LOAD_PARAMS) | |||
|
|
|||
| # Restrict derivation paths to the Concordium specific path. | |||
There was a problem hiding this comment.
| # Restrict derivation paths to the Concordium specific path. | |
| # Restrict derivation paths to the Concordium specific paths. |
src/exportData.h
Outdated
| #define _CONCORDIUM_APP_EXPORT_DATA_H_ | ||
|
|
||
| /** | ||
| * Handles the export of private keys that are allowed to leave the device. |
There was a problem hiding this comment.
This should state what private key material that is.
src/exportData.h
Outdated
| * @param p2 If set to 0x01, then the seeds are exported (Using this is deprecated). If set to 0x02, then the BLS keys | ||
| * are exported. 0x00 is not used to ensure that old clients fail when calling this functionality. | ||
| */ | ||
| void handleExportData(uint8_t *dataBuffer, uint8_t p1, uint8_t p2, volatile unsigned int *flags, bool isInitialCall); |
There was a problem hiding this comment.
handleExportData is a little too generic. I suggest something like handleExportPrivateKeyData or something that makes it clear that it contains private key material. Export data could be anything.
There was a problem hiding this comment.
Changed it to handleExportPrivateIdentityData, because not everything are really keys. 🤔
src/exportData.h
Outdated
| * The export paths are restricted so that the method cannot access any account paths. | ||
| * @param p1 has to be 0x00 for export of PRF key for decryption, 0x01 for export of PRF key for recovering credentials | ||
| * and 0x02 for export of PRF key and IdCredSec. | ||
| * @param p2 If set to 0x01, then the seeds are exported (Using this is deprecated). If set to 0x02, then the BLS keys |
There was a problem hiding this comment.
This is new functionality so we should not have to support the deprecated functionality, and we don't need to reserve 0x00 either. Perhaps the documentation here is just outdated (or copied from another method).
There was a problem hiding this comment.
I think the entire doc for that function was copied. 🤔
| @@ -120,9 +120,10 @@ void handleVerifyAddress(uint8_t *cdata, volatile unsigned int *flags) { | |||
| uint32_t credCounter = U4BE(cdata, 4); | |||
| getIdentityAccountDisplay(ctx->display, sizeof(ctx->display), identity, credCounter); | |||
|
|
|||
| // TODO use P1 to support new version | |||
There was a problem hiding this comment.
Do we have a task that covers this TODO?
There was a problem hiding this comment.
I have a separate PR open for this.
#83
doc/export_data.md
Outdated
| @@ -0,0 +1,39 @@ | |||
| # Export data | |||
|
|
|||
| This method allows exporting various data for the identity. This data does not include not account signing keys, and note that it is not possible to export keys that are used for signatures. | |||
There was a problem hiding this comment.
| This method allows exporting various data for the identity. This data does not include not account signing keys, and note that it is not possible to export keys that are used for signatures. | |
| This method allows exporting various data for the identity. This data does not include account signing keys, and note that it is not possible to export keys that are used for signatures. |
doc/export_data.md
Outdated
| 2. Signature retrieval / blinding randomness - 0x04 | ||
| 3. Attribute randomness - 0x05 | ||
|
|
||
| If P1 = 0x00, then the if user accepts, all data (P1 \in [2-5]) can be exported for the same P2, identity and identity provider without prompting the user. Note that the instruction should be repeated with P1 = 0x00 to finish the session. |
There was a problem hiding this comment.
I don't think this is a good idea. It seems insecure that you can keep requesting this at any point in the future. I think I need you reiterate why we need this accepted first, ask for data later approach. What is the problem with the method just returning the required data when asked for everything?
There was a problem hiding this comment.
I have reworked it.
Purpose
Allow the app to export all identity data:
Changes
Checklist
hard-to-understand areas.