-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fetch verification certificate #1223
Conversation
ace5fad
to
802049a
Compare
@@ -16,8 +22,15 @@ export const AffectedUserProvider = ({ | |||
}): JSX.Element => { | |||
const [code, setCode] = useState(''); | |||
|
|||
const generateHMACDigest = async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't 100% sure where all of this wants to live. On the one hand this all could live in the ./hmac.ts
and we could lean into treating it more of a service, on the other hand i like have having the application logic independent from the details of the crypto stuff. Especially considering that it's currently unclear if we should be fetching the certificate as soon as possible or only have the user has consented to sharing data.
app/bt/AffectedUserFlow/hmac.ts
Outdated
|
||
import { ExposureKey } from './exposureKey'; | ||
|
||
export const generateKey = async (): Promise<ArrayBuffer> => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might makes sense to add some specs for these functions.
// }; | ||
|
||
export const storeHMACKey = async (hmacKey: string): Promise<void> => { | ||
// exposureKeyModule.storeHMACKey(hmacKey); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this work might makes sense in a separate pr.
5aad538
to
6c7585d
Compare
}; | ||
|
||
interface RawExposureKey { | ||
key: null | string; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mattThousand , noticing that we are getting keys that look like:
{"key": null, "rollingPeriod": 144, "rollingStartNumber": 2657520, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2657376, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2657232, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2657088, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2656944, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2656800, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2656656, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2656512, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2656368, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2656224, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2656080, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2655936, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2655792, "transmissionRisk": 0}, {"key": null, "rollingPeriod": 144, "rollingStartNumber": 2655648, "transmissionRisk": 0}
from the native layer.
Do you know why the key field is coming in a null
?
ios/BT/ExposureManager.swift
Outdated
@@ -306,6 +306,36 @@ final class ExposureManager: NSObject { | |||
} | |||
} | |||
|
|||
@objc func getExposureKeys(callback: @escaping RCTResponseSenderBlock) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets remove this one as the Promise style seems to work.
Why: After verifying the users provided code to the verification server and receiving a token, we need to generated a hashed version of the users keys (and potentially metadata) and post this to verification server to receive a certificate which we can use to post exposure keys to the key server. This commit: Introduces the logic for generating and HMAC of the current exposure keys and posting this data along with the previously received token to api/certificate. We introduced react-native-simple-crypto for calculating the HMAC hashing on the JS side as this will reduce the amount of code that the native layer will need to implement. In a future iteration, it might make sense to do all of the cryptographic logic in the native layer as this will allow us to remove the dependency react-native-simple-crypto A native module promise, `ExposureKeyModule.fetchExposureKeys`, was added to fetch the exposure keys and serialize them to send the encrypted payload to the verification server. Next Steps: - Save the hmacKey to `realm` - Save the certificate generated on the verification server to `realm` - Post the exposure keys to the `GAEN` with the certificate and the HMAC key - Handle errors on the exposure keys, post exposure data flow - Add in user metadata to the request that goes to the Verification Server Co-Authored-By: Alejandro Dustet<aledustet@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In an effort to unblock ongoing work, we are going t merge this and work on the improvements in future commits, please feel free to add your review in either this or subsequent PR's for this feature, we will mark them as such.
Why:
After verifying the users provided code to the verification server and receiving a token, we need to generated a hashed version of the users keys (and potentially metadata) and post this to verification server to receive a certificate which we can use to post exposure keys to the key server.
This commit:
Introduces the logic for generating and HMAC of the current exposure keys and posting this data along with the previously received token to api/certificate.
We introduced react-native-simple-crypto for calculating the HMAC hashing on the JS side as this will reduce the amount of code that the native layer will need to implement. In a future iteration, it might make sense to do all of the cryptographic logic in the native layer as this will allow us to remove the dependency react-native-simple-crypto
A native module promise,
ExposureKeyModule.fetchExposureKeys
, was added to fetch the exposure keys and serialize them to send the encrypted payload to the verification server.Next Steps:
realm
realm
GAEN
with the certificate and the HMAC keyCo-Authored-By: Alejandro Dustetaledustet@gmail.com