feat: [SIW-742] Add cose-js sign and common utils

[hevelius]

Short description

This PR adds cose-js utils to get encryption on cbor. This PR adds only base cose-js utils methods. In another PR we refactor the doSign method to perform an encryption using io-react-native-crypto to access SE/TEE.

Note: The cose-js files are base on this repository https://github.com/erdtman/cose-js

List of Changes

• Add cose directory with sign and common utils
• Add node-rsa as dependency
• Add elliptic as dependency
• Update example app to test COSE sign on a mocked plain text
• Update temp function in ProximityManager to perform a COSE sign

How Has This Been Tested?

Screenshots (if appropriate):

[balanza]

issue: Curious choice to go for as a plain vanilla JS file. We usually don't do it for several reasons:

• types help you describe what the code does
• types force you to reason about the possible combination of inputs a function can support
• types force you to parse input data before passing it to functions (implying input validation)
• types help you to spot corner cases on the code ("I didn't think this value could be null")

Can we go for a vanilla JS solution? Sure, as long as the need is well-motivate and the safety loss is mitigated (with plenty of unit tests and comments).

My advice is we either use Typescript (and we invest time in type-modeling) or we have tons of tests and comments.

‏

[balanza]

question:

one could question this but it makes testing easier

I question the question 🙃
What's the issue?
‏

[balanza]

question: ‏What does this function does? Why it returns nothing?

[hevelius]

issue: Curious choice to go for as a plain vanilla JS file. We usually don't do it for several reasons:

• types help you describe what the code does
• types force you to reason about the possible combination of inputs a function can support
• types force you to parse input data before passing it to functions (implying input validation)
• types help you to spot corner cases on the code ("I didn't think this value could be null")

Can we go for a vanilla JS solution? Sure, as long as the need is well-motivate and the safety loss is mitigated (with plenty of unit tests and comments).

My advice is we either use Typescript (and we invest time in type-modeling) or we have tons of tests and comments.

‏

@balanza the cose-js code is based on another repository and this is its original code. However it is not yet clear whether we can use this cose-js implementation for reasons related to the ISO-18013 standard. For velocity reasons, the transition to typescript is not envisaged. Refactoring in TypeScript will be the next step. I added a Jira task about it.

[balanza]

I don't understand the core problem. is there a technical reason we cannot use Typescript, or is just a consideration on the effort?

[hevelius]

I don't understand the core problem. is there a technical reason we cannot use Typescript, or is just a consideration on the effort?

Related to Typescript only effort

[balanza]

Related to Typescript only effort

Ok, thanks. I stick with my opinion: a JS implementation with a comparable level of "quality" requires more accuracy in testing and documenting. We can compare this extra effort with the type-gymnastic we are saving.

Otherwise, we are deliberately adding some below-the-standard code, I don't think we need to do it.

[grausof]

LGTM

[grausof]

Related to Typescript only effort

Ok, thanks. I stick with my opinion: a JS implementation with a comparable level of "quality" requires more accuracy in testing and documenting. We can compare this extra effort with the type-gymnastic we are saving.

Otherwise, we are deliberately adding some below-the-standard code, I don't think we need to do it.

@balanza @hevelius Take a look here erdtman/cose-js#45