Merge pull request eu-digital-green-certificates#27 from eu-digital-g…

…reen-certificates/feature/Secure-Backgrounding Feature/secure backgrounding
PaulBallmann · Apr 28, 2021 · 99ea524 · 99ea524
2 parents 8bf0fca + e3432b6
commit 99ea524
Show file tree

Hide file tree

Showing 10 changed files with 107 additions and 5 deletions.
diff --git a/DGCAVerifier.xcodeproj/project.pbxproj b/DGCAVerifier.xcodeproj/project.pbxproj
@@ -18,6 +18,7 @@
 		CE157F9B262E2A9F00FE4821 /* SwiftCBOR.CBOR.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE157F9A262E2A9F00FE4821 /* SwiftCBOR.CBOR.swift */; };
 		CE1BDF99262A4CD600766F97 /* X509.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE1BDF98262A4CD600766F97 /* X509.swift */; };
 		CE1D1EF6263597A2004C8919 /* LocalData.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE1D1EF5263597A2004C8919 /* LocalData.swift */; };
+		CE37B643263867D700DEE13D /* SecureBackground.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE37B642263867D700DEE13D /* SecureBackground.swift */; };
 		CE3CC93C2628A7820079FB78 /* ASN1.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE3CC93B2628A7820079FB78 /* ASN1.swift */; };
 		CE3CC9442628C2130079FB78 /* CBOR.swift in Sources */ = {isa = PBXBuildFile; fileRef = CE3CC9432628C2130079FB78 /* CBOR.swift */; };
 		CE44798D26304D8F009A836B /* JSONSchema in Frameworks */ = {isa = PBXBuildFile; productRef = CE44798C26304D8F009A836B /* JSONSchema */; };
@@ -80,6 +81,7 @@
 		CE157F9A262E2A9F00FE4821 /* SwiftCBOR.CBOR.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SwiftCBOR.CBOR.swift; sourceTree = "<group>"; };
 		CE1BDF98262A4CD600766F97 /* X509.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = X509.swift; sourceTree = "<group>"; };
 		CE1D1EF5263597A2004C8919 /* LocalData.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LocalData.swift; sourceTree = "<group>"; };
+		CE37B642263867D700DEE13D /* SecureBackground.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureBackground.swift; sourceTree = "<group>"; };
 		CE3CC93B2628A7820079FB78 /* ASN1.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ASN1.swift; sourceTree = "<group>"; };
 		CE3CC9432628C2130079FB78 /* CBOR.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CBOR.swift; sourceTree = "<group>"; };
 		CE44799126306C86009A836B /* String.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = String.swift; sourceTree = "<group>"; };
@@ -171,6 +173,7 @@
 				CE1BDF98262A4CD600766F97 /* X509.swift */,
 				CE8912E426321AA500CB92AF /* KID.swift */,
 				CE8912E926321DAA00CB92AF /* SHA256.swift */,
+				CE37B642263867D700DEE13D /* SecureBackground.swift */,
 				CE8912F42634C60E00CB92AF /* GatewayConnection.swift */,
 				CE8912FF263570CF00CB92AF /* Enclave.swift */,
 				CE582DC02635AE5F008F35D7 /* SecureStorage.swift */,
@@ -449,6 +452,7 @@
 				CE8912EA26321DAA00CB92AF /* SHA256.swift in Sources */,
 				CE3CC9442628C2130079FB78 /* CBOR.swift in Sources */,
 				CE44799226306C86009A836B /* String.swift in Sources */,
+				CE37B643263867D700DEE13D /* SecureBackground.swift in Sources */,
 				CE8912F52634C60E00CB92AF /* GatewayConnection.swift in Sources */,
 				CE582DC12635AE5F008F35D7 /* SecureStorage.swift in Sources */,
 				CE44799726306C9B009A836B /* Data+Base45.swift in Sources */,

diff --git a/DGCAVerifier/Services/Enclave.swift b/DGCAVerifier/Services/Enclave.swift
@@ -31,7 +31,6 @@ import Foundation
 struct Enclave {
   static let encryptAlg = SecKeyAlgorithm.eciesEncryptionCofactorVariableIVX963SHA256AESGCM
   static let signAlg = SecKeyAlgorithm.ecdsaSignatureMessageX962SHA512
-  static let symmetricKey = generateOrLoadKey(with: "symmetricKey")
 
   static func tag(for name: String) -> Data {
     "\(Bundle.main.bundleIdentifier ?? "app").\(name)".data(using: .utf8)!
@@ -94,7 +93,7 @@ struct Enclave {
     return (item as! SecKey)
   }
 
-  static func generateOrLoadKey(with name: String) -> SecKey? {
+  static func loadOrGenerateKey(with name: String) -> SecKey? {
     if let key = loadKey(with: name) {
       return key
     }

diff --git a/DGCAVerifier/Services/SecureBackground.swift b/DGCAVerifier/Services/SecureBackground.swift
@@ -0,0 +1,52 @@
+//
+/*-
+ * ---license-start
+ * eu-digital-green-certificates / dgca-verifier-app-ios
+ * ---
+ * Copyright (C) 2021 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+//  
+//  SecureBackground.swift
+//  DGCAVerifier
+//  
+//  Created by Yannick Spreen on 4/27/21.
+//  
+
+
+import Foundation
+import UIKit
+
+struct SecureBackground {
+  static var imageView: UIImageView?
+  public static var image: UIImage?
+
+  public static func enable() {
+    disable()
+    guard let image = image else {
+      return
+    }
+    let imageView = UIImageView(image: image)
+    UIApplication.shared.windows[0].addSubview(imageView)
+    Self.imageView = imageView
+  }
+
+  public static func disable() {
+    if imageView != nil {
+      imageView?.removeFromSuperview()
+      imageView = nil
+    }
+  }
+}
diff --git a/DGCAVerifier/Services/SecureStorage.swift b/DGCAVerifier/Services/SecureStorage.swift
@@ -36,6 +36,7 @@ struct SecureDB: Codable {
 struct SecureStorage<T: Codable> {
   let documents: URL! = try? FileManager.default.url(for: .documentDirectory, in: .userDomainMask, appropriateFor: nil, create: true)
   var path: URL! { URL(string: documents.absoluteString + "secure.db") }
+  let secureStorageKey = Enclave.loadOrGenerateKey(with: "secureStorageKey")
 
   /**
    Loads encrypted db and overrides it with an empty one if that fails.
@@ -60,7 +61,7 @@ struct SecureStorage<T: Codable> {
 
     guard
       let (data, signature) = read(),
-      let key = Enclave.symmetricKey,
+      let key = secureStorageKey,
       Enclave.verify(data: data, signature: signature, with: key).0
     else {
       completion?(nil)
@@ -82,7 +83,7 @@ struct SecureStorage<T: Codable> {
   public func save(_ instance: T, completion: ((Bool) -> Void)? = nil) {
     guard
       let data = try? JSONEncoder().encode(instance),
-      let key = Enclave.symmetricKey,
+      let key = secureStorageKey,
       let encrypted = Enclave.encrypt(data: data, with: key).0
     else {
       completion?(false)

diff --git a/DGCAVerifier/SupportingFiles/AppDelegate.swift b/DGCAVerifier/SupportingFiles/AppDelegate.swift
@@ -34,5 +34,13 @@ class AppDelegate: UIResponder, UIApplicationDelegate {
     return true
   }
 
+  func applicationWillResignActive(_ application: UIApplication) {
+    SecureBackground.enable()
+  }
+
+  func applicationDidBecomeActive(_ application: UIApplication) {
+    SecureBackground.disable()
+  }
+
 }
 
diff --git a/...er/SupportingFiles/Assets.xcassets/hea_dgf_icons-2.imageset/hea_dgf_icons-2.png b/...er/SupportingFiles/Assets.xcassets/hea_dgf_icons-2.imageset/hea_dgf_icons-2.png
diff --git a/DGCAVerifier/SupportingFiles/Assets.xcassets/hea_dgf_icons-3.imageset/Contents.json b/DGCAVerifier/SupportingFiles/Assets.xcassets/hea_dgf_icons-3.imageset/Contents.json
@@ -0,0 +1,21 @@
+{
+  "images" : [
+    {
+      "filename" : "hea_dgf_icons-2.png",
+      "idiom" : "universal",
+      "scale" : "1x"
+    },
+    {
+      "idiom" : "universal",
+      "scale" : "2x"
+    },
+    {
+      "idiom" : "universal",
+      "scale" : "3x"
+    }
+  ],
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}
diff --git a/...er/SupportingFiles/Assets.xcassets/hea_dgf_icons-3.imageset/hea_dgf_icons-2.png b/...er/SupportingFiles/Assets.xcassets/hea_dgf_icons-3.imageset/hea_dgf_icons-2.png
diff --git a/DGCAVerifier/SupportingFiles/SceneDelegate.swift b/DGCAVerifier/SupportingFiles/SceneDelegate.swift
@@ -30,5 +30,15 @@ class SceneDelegate: UIResponder, UIWindowSceneDelegate {
 
   var window: UIWindow?
 
+  @available(iOS 13.0, *)
+  func sceneWillResignActive(_ scene: UIScene) {
+    SecureBackground.enable()
+  }
+
+  @available(iOS 13.0, *)
+  func sceneDidBecomeActive(_ scene: UIScene) {
+    SecureBackground.disable()
+  }
+
 }
 
diff --git a/DGCAVerifier/ViewControllers/Home.swift b/DGCAVerifier/ViewControllers/Home.swift
@@ -36,7 +36,14 @@ class HomeVC: UIViewController {
     GatewayConnection.timer?.invalidate()
     LocalData.initialize {
       DispatchQueue.main.async { [weak self] in
-        self?.performSegue(withIdentifier: "scanner", sender: self)
+        guard let self = self else {
+          return
+        }
+        let renderer = UIGraphicsImageRenderer(size: self.view.bounds.size)
+        SecureBackground.image = renderer.image { rendererContext in
+          self.view.layer.render(in: rendererContext.cgContext)
+        }
+        self.performSegue(withIdentifier: "scanner", sender: self)
       }
     }
   }