DOB hash calculation & wiring (EXPOSUREAPP-7488, EXPOSUREAPP-7509) #3317
Conversation
d4rken
commented
May 28, 2021
•
edited
edited
- Adds date of birth hash calculation for PCR test registration
- Wires up date of birth hash to be passed from to verification server (UI test registration request -> corona test repo -> test processor -> playbook -> server -> api)
- Extends verification server API with new attribute and adjusts request padding calculation
…ated properties. +Some additional wiring, plumbing and tests for future PRs.
# Conflicts: # Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/type/rapidantigen/RapidAntigenProcessor.kt
…tests' into feature/7487-dgc-properties-for-tests
Some refactoring to make it less complicated to adjust for future changes.
# Conflicts: # Corona-Warn-App/src/main/java/de/rki/coronawarnapp/coronatest/type/pcr/PCRProcessor.kt
@SerializedName("requestPadding") val requestPadding: String? = null | ||
@SerializedName("keyType") val keyType: VerificationKeyType, | ||
@SerializedName("key") val key: String, | ||
@SerializedName("keyDob") val dateOfBirthKey: String? = null, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new optional attribute
@SerializedName("GUID") | ||
GUID, | ||
|
||
@SerializedName("TELETAN") | ||
TELETAN; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We previously just relied on the enums never being renamed or obfuscated, this was a bit too fragile for my taste.
/** | ||
* The specific sizes are not important, but all requests should be padded up to the same size. | ||
* Pick a total size that is guaranteed to be above or equal to the maximum size a request can be. | ||
*/ | ||
// `"requestPadding":""` | ||
private const val BODY_SIZE_PADDING_OVERHEAD = 19 // | ||
|
||
// `{}` json brackets | ||
private const val BODY_SIZE_OVERHEAD = BODY_SIZE_PADDING_OVERHEAD + 2 | ||
private const val BODY_SIZE_EXPECTED = 250 | ||
|
||
/** | ||
* The header itself is larger. | ||
* We care about the header fields we set that are request specific. | ||
* We don't need to pad for device specific fields set by OK http. | ||
*/ | ||
// `POST /version/v1/registrationToken` -> 34 (longest method + url atm) use 64 to have a buffer | ||
private const val HEADER_SIZE_LONGEST_METHOD = 34 | ||
|
||
const val PADDING_LENGTH_HEADER_REGISTRATION_TOKEN = 0 | ||
const val PADDING_LENGTH_BODY_REGISTRATION_TOKEN_TELETAN = 51 + VERIFICATION_BODY_FILL | ||
const val PADDING_LENGTH_BODY_REGISTRATION_TOKEN_GUID = 0 + VERIFICATION_BODY_FILL | ||
// `cwa-fake 0\n` -> 12 | ||
private const val HEADER_SIZE_VAL_FAKE = 12 | ||
|
||
// padding test result | ||
const val PADDING_LENGTH_HEADER_TEST_RESULT = 7 | ||
const val PADDING_LENGTH_BODY_TEST_RESULT = 31 + VERIFICATION_BODY_FILL | ||
// `cwa-header-padding\n` -> 22 | ||
private const val HEADER_SIZE_VAL_PADDING = 22 | ||
private const val HEADER_SIZE_OVERHEAD = HEADER_SIZE_VAL_FAKE + HEADER_SIZE_VAL_PADDING | ||
private const val HEADER_SIZE_OUR_DATA = HEADER_SIZE_LONGEST_METHOD + HEADER_SIZE_OVERHEAD |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We pad the request for plausible deniability, so they all have the same size.
Previously the padding was difficult to understand why a certain value was picked, as we summed up the differences to other API requests, this was a bit too 🧙.
This PR changes the padding calculation to start of with an expected size, and then each API call subtracts its own size, and what we are left with is the required padding.
val key by lazy { | ||
val dobFormatted = dateOfBirth.toString(DOB_FORMATTER) | ||
val keyHash = "${testGuid}$dobFormatted".toSHA256() | ||
"x${keyHash.substring(1)}" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Date of Birth hash calculation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love the new padding calculations ❤️ tests seem good to me aswell
Kudos, SonarCloud Quality Gate passed! |