Add KID validation.

PaulBallmann · Apr 23, 2021 · 5cf17f0 · 5cf17f0
1 parent ba4173f
commit 5cf17f0
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 16 deletions.
diff --git a/PatientScannerDemo.xcodeproj/project.pbxproj b/PatientScannerDemo.xcodeproj/project.pbxproj
@@ -24,6 +24,7 @@
 		CE44799726306C9B009A836B /* Data+Base45.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE44799626306C9B009A836B /* Data+Base45.swift */; };
 		CE7DE7FA2625EF18007E6694 /* SwiftCBOR in Frameworks */ = {isa = PBXBuildFile; productRef = CE7DE7F92625EF18007E6694 /* SwiftCBOR */; };
 		CE8912E526321AA500CB92AF /* KID.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE8912E426321AA500CB92AF /* KID.swift */; };
+		CE8912EA26321DAA00CB92AF /* SHA256.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE8912E926321DAA00CB92AF /* SHA256.swift */; };
 		CEA1555D262F63B30024B7AC /* EuDgcSchema.swift in Sources */ = {isa = PBXBuildFile; fileRef = CEA1555C262F63B30024B7AC /* EuDgcSchema.swift */; };
 		CEA15563262F6DAB0024B7AC /* ChildDismissedDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = CEA15562262F6DAB0024B7AC /* ChildDismissedDelegate.swift */; };
 		CEA1556B262F784E0024B7AC /* SelfSizedTableView.swift in Sources */ = {isa = PBXBuildFile; fileRef = CEA1556A262F784E0024B7AC /* SelfSizedTableView.swift */; };
@@ -77,6 +78,7 @@
 		CE44799126306C86009A836B /* String.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = String.swift; sourceTree = "<group>"; };
 		CE44799626306C9B009A836B /* Data+Base45.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "Data+Base45.swift"; sourceTree = "<group>"; };
 		CE8912E426321AA500CB92AF /* KID.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = KID.swift; sourceTree = "<group>"; };
+		CE8912E926321DAA00CB92AF /* SHA256.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SHA256.swift; sourceTree = "<group>"; };
 		CEA1555C262F63B30024B7AC /* EuDgcSchema.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EuDgcSchema.swift; sourceTree = "<group>"; };
 		CEA15562262F6DAB0024B7AC /* ChildDismissedDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ChildDismissedDelegate.swift; sourceTree = "<group>"; };
 		CEA1556A262F784E0024B7AC /* SelfSizedTableView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SelfSizedTableView.swift; sourceTree = "<group>"; };
@@ -156,6 +158,7 @@
 				CE3CC9432628C2130079FB78 /* CBOR.swift */,
 				CE1BDF98262A4CD600766F97 /* X509.swift */,
 				CE8912E426321AA500CB92AF /* KID.swift */,
+				CE8912E926321DAA00CB92AF /* SHA256.swift */,
 			);
 			path = Services;
 			sourceTree = "<group>";
@@ -423,6 +426,7 @@
 				CE13CF0A262DCDDA0070C80E /* CertificateViewer.swift in Sources */,
 				CEC2C4C32625ED030056E406 /* JWK.swift in Sources */,
 				CEC2C4C42625ED030056E406 /* Base45.swift in Sources */,
+				CE8912EA26321DAA00CB92AF /* SHA256.swift in Sources */,
 				CE3CC9442628C2130079FB78 /* CBOR.swift in Sources */,
 				CE44799226306C86009A836B /* String.swift in Sources */,
 				CE44799726306C9B009A836B /* Data+Base45.swift in Sources */,

diff --git a/PatientScannerDemo.xcodeproj/xcshareddata/IDETemplateMacros.plist b/PatientScannerDemo.xcodeproj/xcshareddata/IDETemplateMacros.plist
@@ -23,12 +23,12 @@
  * limitations under the License.
  * ---license-end
  */
-//
-// ___FILENAME___
-// ___PACKAGENAME___
-//
-// Created by ___FULLUSERNAME___ on ___DATE___.
-//
+//  
+//  ___FILENAME___
+//  ___PACKAGENAME___
+//  
+//  Created by ___FULLUSERNAME___ on ___DATE___.
+//  
         </string>
     </dict>
 </plist>
diff --git a/PatientScannerDemo/Services/KID.swift b/PatientScannerDemo/Services/KID.swift
@@ -19,10 +19,10 @@
  * ---license-end
  */
 //
-// KID.swift
-// PatientScannerDemo
+//  KID.swift
+//  PatientScannerDemo
 //
-// Created by Yannick Spreen on 4/22/21.
+//  Created by Yannick Spreen on 4/22/21.
 //
 
 
@@ -32,4 +32,12 @@ struct KID {
   public static func stringFrom(kidBytes: [UInt8]) -> String {
     return Data(kidBytes.prefix(8)).base64EncodedString()
   }
+  public static func from(_ encodedCert: String) -> [UInt8] {
+    guard
+      let data = Data(base64Encoded: encodedCert)
+    else {
+      return []
+    }
+    return SHA256.digest(input: data as NSData).uint
+  }
 }
diff --git a/PatientScannerDemo/Services/SHA256.swift b/PatientScannerDemo/Services/SHA256.swift
@@ -0,0 +1,40 @@
+//
+/*-
+ * ---license-start
+ * eu-digital-green-certificates / dgca-verifier-app-ios
+ * ---
+ * Copyright (C) 2021 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+//
+//  SHA256.swift
+//  PatientScannerDemo
+//
+//  Created by Yannick Spreen on 4/22/21.
+//
+//  https://stackoverflow.com/a/38788437/2585092
+//
+
+import Foundation
+import CommonCrypto
+
+struct SHA256 {
+  public static func digest(input: NSData) -> Data {
+    let digestLength = Int(CC_SHA256_DIGEST_LENGTH)
+    var hash = [UInt8](repeating: 0, count: digestLength)
+    CC_SHA256(input.bytes, UInt32(input.length), &hash)
+    return Data(NSData(bytes: hash, length: digestLength))
+  }
+}
diff --git a/PatientScannerDemoTests/EHNTests.swift b/PatientScannerDemoTests/EHNTests.swift
@@ -8,7 +8,6 @@
 @testable import PatientScannerDemo
 import XCTest
 
-
 class EHNTests: XCTestCase {
   func testCoseEcdsa() throws {
     var barcode = "HC1:NCFY70R30FFWTWGSLKC 4O992$V M63TMF2V*D9LPC.3EHPCGEC27B72VF/347O4-M6Y9M6FOYG4ILDEI8GR3ZI$15MABL:E9CVBGEEWRMLE C39S0/ANZ52T82Z-73D63P1U 1$PKC 72H2XX09WDH889V5"
@@ -123,6 +122,7 @@ class EHNTests: XCTestCase {
         return
       }
       let encodedCert = body.base64EncodedString()
+      XCTAssert(KID.stringFrom(kidBytes: KID.from(encodedCert)) == kid)
       if COSE.verify(data, with: encodedCert) {
         expectation.fulfill()
       } else {

diff --git a/templates/file-header.txt b/templates/file-header.txt
@@ -17,9 +17,9 @@
  * limitations under the License.
  * ---license-end
  */
-//
-// ___FILENAME___
-// ___PACKAGENAME___
-//
-// Created by ___FULLUSERNAME___ on ___DATE___.
-//
+//  
+//  ___FILENAME___
+//  ___PACKAGENAME___
+//  
+//  Created by ___FULLUSERNAME___ on ___DATE___.
+//