Skip to content
This repository has been archived by the owner on Jun 20, 2023. It is now read-only.

Fix/6843 prevent antigen qr code tampering #2574

Merged
merged 11 commits into from
Apr 28, 2021
Merged

Fix/6843 prevent antigen qr code tampering #2574

merged 11 commits into from
Apr 28, 2021

Conversation

30mar
Copy link
Contributor

@30mar 30mar commented Apr 28, 2021

Description

  • Add Extra validation to prevent tampering with the AntigenQRCode
  • Fix some wrong properties
  • Add RATError Enums to provide more descriptive errors in testing
  • Add Unit Tests

Link to Jira

https://jira-ibs.wbs.net.sap/browse/EXPOSUREAPP-6843

@30mar 30mar added the bug Something isn't working label Apr 28, 2021
@30mar 30mar added this to the v2.1.0 milestone Apr 28, 2021
@30mar 30mar requested a review from a team April 28, 2021 15:03
@30mar 30mar enabled auto-merge April 28, 2021 15:08
mlenkeit
mlenkeit approved these changes Apr 28, 2021
View reviewed changes
Copy link
Member

@mlenkeit mlenkeit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, tested the following scenarios:

  • modified fn is rejected
  • modified ln is rejected
  • modified dob is rejected
  • unmodified is accepted
  • non-personalized with missing fields is accepted
  • non-personalized with empty fields is accepted

marcussc
marcussc reviewed Apr 28, 2021
View reviewed changes
src/xcode/ENA/ENA/Source/AppDelegate & Globals/Route.swift
let recomputedHashString = ENAHasher.sha256(informationString)
guard recomputedHashString == testInformation.hash else {
self = .rapidAntigen( .failure(.invalidTestCode(.hashMismatch)))
Log.error("recomputed hash: \(recomputedHashString) Doesn't match the original hash \(testInformation.hash)", log: .qrCode)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice log :)

@30mar 30mar disabled auto-merge April 28, 2021 15:23
@30mar 30mar enabled auto-merge April 28, 2021 15:31
@30mar
Disable lint rule for body length
f4857fe
@30mar
Merge branch 'fix/6843-prevent-Antigen-QRCode-tampering' of github.co…
dd737c2 
…m:corona-warn-app/cwa-app-ios into fix/6843-prevent-Antigen-QRCode-tampering
@30mar 30mar merged commit f207e3c into release/2.1.x Apr 28, 2021
@30mar 30mar deleted the fix/6843-prevent-Antigen-QRCode-tampering branch April 28, 2021 16:56
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nickguendling nickguendling nickguendling approved these changes

@mlenkeit mlenkeit mlenkeit approved these changes

@marcussc marcussc marcussc approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
v2.1.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@30mar @nickguendling @mlenkeit @marcussc