i m testing it on windows machine, and generated the key from an online linux terminal by head base64 command. i m not able to know whats the issue, i hope i have given the correct permitions on gcp secret manager.

1) config.ts
#encryption
should succeed in getting encryption key:
Error: Timeout of 2000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (C:\Users\Harish\firebase\opentrace-cloud-functions-master\functions\test\opentrace\config.test.ts)

Got everything working, except that when I try to upload data, this function fails

I tried mocking some data in firestore (and am using the default PinGenerator() - have not sub-classed it yet). Not very familiar with Firestore - is there some guidance on what the flow should be like and how to create the entities in firestore so this works?

I believe the use of the synchronous version of crypto.randomBytes() in a server context to generate the IV is not recommended.
https://nodejs.org/uk/docs/guides/dont-block-the-event-loop/#blocking-the-event-loop-node-js-core-modules

The synchronous version can block the Event Loop and a malicious actor can repeatedly request TempIDs resulting in a possible DOS attack.

This is a very loaded issue, and probably should be broken down into separate issues. For now, it's one issue so as to not look "spammy".

Table of Contents

• Add CONTRIBUTING.md
• Add SECURITY.md
• Add external core contributors
• Adopt Contributor Covenant 2.0 Code of Conduct
• Adopt Developer Certificate of Origin
• Adopt All Contributors specification
• Adopt Cloud Native Module LTS policy
• Use ESlint and Prettier
• Abstract away from Google Firebase
• Publish to NPM
• Utilize a monorepo structure
• Utilize a proper dependency injection system
• Utilize PR testing tooling
• Utilize static vulnerability scanning platforms
• Utilize dynamic code analysis platforms
• Utilize license scanning tools
• Switch to a more open license (Apache 2.0 or MIT)?
• Add OpenAPI 3.0 Spec docs
• Utilize proper logging tools instead of console.*()
• Code style: do not allow anonymous functions

Currently, there are many areas of improvement to encourage contributions to the OpenTrace projects. This may cause friction in community contributions and adoption.

Some potential actionable things we can do:

• Add CONTRIBUTING.md

  Explain...

  1. How to create a new PR
     a. Should we squash our commits?
     b. Does the project adopt a certain commit message style (e.g. Conventional Commits)
     c. Which code editor is recommended, and which extensions? (e.g vscode/vscodium with ESlint and Prettier extensions)
  2. Code style guide
  3. Does the project adopt a CLA or DCO?

• Add SECURITY.md

  Having a well-defined responsible disclosure workflow is important. The Node.js seucirty WG Responsible Disclosure Template can be the baseline for our SECURITY.md.

• Add external core contributors

  Correct me if I'm wrong, but this project is managed by people in GovTech or people with close connections to GovTech. It may be a good idea to bring in other people from outside as core contributors to increase support towards the community.

• Adopt Contributor Covenant 2.0 Code of Conduct

  The "CC 2.0 CoC" helps to formalise the contributors' code of conduct and provide an avenue of reporting violations of the CoC.

• Adopt Developer Certificate of Origin (CLA vs DCO)

  A DCO will help reduce uncertainties on the legality of contributions by the community. It's also more "open" than a CLA.

  DCO Signed-off-by can be enforced with the GitHub Probot DCO app.

• Adopt All Contributors specification

  This will encourage community contributions as it allow them to be given visible attribution. It's adopted by several other open source projects.

• Adopt Cloud Native Module LTS policy.

  This is useful to ensuring support of Node.js LTS and Current versions. This shouldn't be much of an issue as the project uses Typescript.

• Use ESlint and Prettier

  To ensure code consistency, ESlint and Prettier should be adopted. They're arguably the 2 most common tools used for this purpose.

  Also, tslint has been deprecated.

• Abstract away from Google Firebase

  The project is currently tightly-coupled with Firebase. It may not be feasible for every organisation to adopt and it puts reliance onto one vendor.

  We can abstract the core components of OpenTrace and then allow vendor-specific wrappers to adopt this common core.

  There are other FaaS services that other people may choose to adopt:

  • Apache OpenWhisk
  • Severless Framework
  • Kubeless
  • Knative

  Furthermore, other users may want to use a non-FaaS model:

  • Cloud Foundry (PaaS)
  • K8s/Docker (Containers)

  In Addition, users may want to use a different storage service:

  • AWS S3
  • OpenStack Swift
  • Azure Blob Storage

  Note: We don't need to support these tools directly, but we need to enable users to be able to adapt the application to support it. We can achieve this by creating well-defined APIs for wrappers to utilize.

• Publish to NPM

  Linking back to the previous point above, we should publish the common core of OpenTrace to NPM to allow other projects to more easily integrate OpenTrace.

• Utilize a monorepo structure

  Linking back to the previous 2 points above, we should utilize a monorepo structure to manage inter-packages dependencies. This ease the management of separate wrappers for different vendors and allowing them to depend on the common core.

• Utilize a proper dependency injection system

  Currently, there's no DI. This means that the extension points aren't as clear as they could be. One example is processUploadedData.ts. It requires direct modification of the file which may be a fragile API as the project continues to evolve.

• Utilize PR testing tooling

  Linking back to the point about having a common core for OpenTrace, we should utilize the free tooling provided for open source projects. One case is PR testing with GitHub Actions (which is based off Azure Pipelines). It's free for open source projects and can help with:

  • Preventing regressions
  • Reducing effort to contribute

• Utilize dependecy updater tools

  Node.js' design means that each project tends to have many dependencies. This makes it difficult to keep them up-to-date consistently. Free tools such as WhiteSource Renovate can help ensure that dependencies and package locks are up-to-date.

• Utilize static vulnerability scanning platforms

  Snyk is a common tool for this. This will ensure that the project does not have any known vulnerabilities

• Utilize dynamic code analysis platforms

  Dynamic code analysis platforms can mitigate potentially dangerous code from being contributed into the project. Semmle LGTM and DeepScan are the commonly-used tool.

• Utilize license scanning tools

  As Node.js projects utilize many direct and indirect dependencies, it is difficult to ensure compliance and compatibility of the license. FOSSA is a common SAAS tool to check for license issues.

• Switch to a more open license (Apache 2.0 or MIT)?

  GPL 3.0 can make it difficult for certain users (or other projects) to adopt the project. This can be due to restricted IPs or policies.

  • While Apache 2.0-licensed code can be used in a GPL v3.0-licensed projects, the other way is not possible.

  • Many projects (notwithstanding Linux and alike using GPL v2.0) use Apache 2.0 or MIT

  • Apache 2.0 (or even better, MIT) is more compatible with other licenses.

  • Case in point, Twitter Bootstrap had to re-license to MIT to support Drupal's GPL license.

  • Another case is opentrace-community/opentrace-ios#2

• Add OpenAPI 3.0 Spec docs

  There's no OAS3 Spec docs, which prevents users from utilizing code generation tools that leverage the OAS3 Spec docs.

• Utilize proper logging tools instead of console.*()

  Tools such as Winston help ensure that logging is managed properly. This can prevent code bloat, allow re-routing of logs to another consumer, and properly tag and filter by log levels.

• Code style: do not allow anonymous functions

  Anonymous functions would obfuscate the stack trace should an error occur.
  An example of anonymous functions being used in this project

This isn't complete list nor a must-have by any means, but it's a good discussion starting point.

It appears that the Firebase and Cloud Functions definition may be incomplete.

How does one go about generating an upload code?

npm --prefix functions test

functions@ test C:\TraceTogether\functions
mocha -r ts-node/register test/**/*.test.ts

Warning, FIREBASE_CONFIG and GCLOUD_PROJECT environment variables are missing. Initializing firebase-admin will fail

Error: Failed to read credentials from file "C:\TraceTogether\functions\src\credentials\testdev.json": Error: ENOENT: no such file or directory, open '"C:\TraceTogether\functions\src\credentials\testdev.json"'
at FirebaseAppError.FirebaseError [as constructor] (C:\TraceTogether\functions\node_modules\firebase-admin\lib\utils\error.js:42:28)
at FirebaseAppError.PrefixedFirebaseError [as constructor] (C:\TraceTogether\functions\node_modules\firebase-admin\lib\utils\error.js:88:28)
at new FirebaseAppError (C:\TraceTogether\functions\node_modules\firebase-admin\lib\utils\error.js:123:28)
at readCredentialFile (C:\TraceTogether\functions\node_modules\firebase-admin\lib\auth\credential.js:383:15)
at credentialFromFile (C:\TraceTogether\functions\node_modules\firebase-admin\lib\auth\credential.js:362:27)
at Object.getApplicationDefault (C:\TraceTogether\functions\node_modules\firebase-admin\lib\auth\credential.js:281:16)
at FirebaseNamespaceInternals.initializeApp (C:\TraceTogether\functions\node_modules\firebase-admin\lib\firebase-namespace.js:61:47)
at FirebaseNamespace.initializeApp (C:\TraceTogether\functions\node_modules\firebase-admin\lib\firebase-namespace.js:409:30)
at Object. (C:\TraceTogether\functions\test\index.test.ts:10:9)
at Module._compile (internal/modules/cjs/loader.js:1147:30)
at Module.m._compile (C:\TraceTogether\functions\node_modules\ts-node\src\index.ts:836:23)
at Module._extensions..js (internal/modules/cjs/loader.js:1167:10)
at Object.require.extensions. [as .ts] (C:\TraceTogether\functions\node_modules\ts-node\src\index.ts:839:12)
at Module.load (internal/modules/cjs/loader.js:996:32)
at Function.Module._load (internal/modules/cjs/loader.js:896:14)
at Module.require (internal/modules/cjs/loader.js:1036:19)
at require (internal/modules/cjs/helpers.js:72:18)
at requireOrImport (C:\TraceTogether\functions\node_modules\mocha\lib\esm-utils.js:15:12)
at Object.exports.loadFilesAsync (C:\TraceTogether\functions\node_modules\mocha\lib\esm-utils.js:28:26)
at Mocha.loadFilesAsync (C:\TraceTogether\functions\node_modules\mocha\lib\mocha.js:351:19)
at singleRun (C:\TraceTogether\functions\node_modules\mocha\lib\cli\run-helpers.js:107:15)
at exports.runMocha (C:\TraceTogether\functions\node_modules\mocha\lib\cli\run-helpers.js:144:11)
at Object.exports.handler (C:\TraceTogether\functions\node_modules\mocha\lib\cli\run.js:306:11)
at Object.runCommand (C:\TraceTogether\functions\node_modules\yargs\lib\command.js:242:26)
at Object.parseArgs [as _parseArgs] (C:\TraceTogether\functions\node_modules\yargs\yargs.js:1096:28)
at Object.parse (C:\TraceTogether\functions\node_modules\yargs\yargs.js:575:25)
at Object.exports.main (C:\TraceTogether\functions\node_modules\mocha\lib\cli\cli.js:68:6)
at Object. (C:\TraceTogether\functions\node_modules\mocha\bin\mocha:133:29)
at Module._compile (internal/modules/cjs/loader.js:1147:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1167:10)
at Module.load (internal/modules/cjs/loader.js:996:32)
at Function.Module._load (internal/modules/cjs/loader.js:896:14)
at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
at internal/main/run_main_module.js:17:47
npm ERR! Test failed. See above for more details.

I have generated a JSON key for local but i am getting the following error. Any ideas?

Hi ,
I can uploaded file to firebase, but don't know why I got message "not found"?

do you have any suggestion?

{"records":[{"id":1,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-68,"timestamp":1587447428,"v":2},{"id":2,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-52,"timestamp":1587447506,"v":2},{"id":3,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-25,"timestamp":1587447541,"v":2},{"id":4,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-59,"timestamp":1587447600,"v":2},{"id":5,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-33,"timestamp":1587447659,"v":2},{"id":6,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-38,"timestamp":1587447720,"v":2},{"id":7,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-33,"timestamp":1587447779,"v":2},{"id":8,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-38,"timestamp":1587447839,"v":2},{"id":9,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-38,"timestamp":1587447902,"v":2},{"id":10,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-31,"timestamp":1587447960,"v":2},{"id":11,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-34,"timestamp":1587448020,"v":2},{"id":12,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-33,"timestamp":1587448082,"v":2},{"id":13,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-34,"timestamp":1587448141,"v":2},{"id":14,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-49,"timestamp":1587448199,"v":2},{"id":15,"modelC":"iPhone 6s","modelP":"MI MAX 3","msg":"not_found","org":"OT_HA","rssi":-48,"timestamp":1587448259,"v":2}

Hi,
I encountered the following error when running the 'firebase deploy' command.
is it anything to with parameter regions in config.ts?

Please kindly help.

Following my environment:
OS: Debian 10
Node: v10.20.1
Npm: v6.14.4
Firebase tools: v8.2.0

=======================================================
⚠ functions: package.json indicates an outdated version of firebase-functions.
Please upgrade using npm install --save firebase-functions@latest in your functions directory.

=== Deploying to 'mytracetogetherproject'...

i deploying functions
Running command: npm --prefix "$RESOURCE_DIR" run lint

functions@ lint /home/alexisdemo009/functions
tslint --project tsconfig.json

Running command: npm --prefix "$RESOURCE_DIR" run build

functions@ build /home/alexisdemo009/functions
tsc

✔ functions: Finished running predeploy script.
i functions: ensuring required API cloudfunctions.googleapis.com is enabled...
✔ functions: required API cloudfunctions.googleapis.com is enabled
i functions: preparing functions directory for uploading...

Error: Error occurred while parsing your function triggers.

Error: You must specify at least one region
at assertRegionsAreValid (/home/alexisdemo009/functions/node_modules/firebase-functions/lib/function-builder.js:59:15)
at FunctionBuilder.region (/home/alexisdemo009/functions/node_modules/firebase-functions/lib/function-builder.js:107:13)
at Object.https (/home/alexisdemo009/functions/lib/firebaseFunctions.js:13:10)
at Object. (/home/alexisdemo009/functions/lib/index.js:11:45)
at Module._compile (internal/modules/cjs/loader.js:778:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
at Module.load (internal/modules/cjs/loader.js:653:32)
at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
at Function.Module._load (internal/modules/cjs/loader.js:585:3)
at Module.require (internal/modules/cjs/loader.js:692:17)

Having trouble? Try firebase [command] --help

when i am trying the firebase login it will be redirect the
http://localhost:9005/?state=594798400&code=4/ywEwp3M06hnF9-tUtmnHrf-vPxv--UsLvIPK2hY-2WF0htIpJrcAOecUER--TwzDgl2Rq7JJqgtmJNfxG08ONko&scope=email%20https://www.googleapis.com/auth/userinfo.email%20openid%20https://www.googleapis.com/auth/cloudplatformprojects.readonly%20https://www.googleapis.com/auth/firebase%20https://www.googleapis.com/auth/cloud-platform&authuser=0&prompt=consent

this page
can you help me.

How do I get each Bluetooth unique ID of every device I connect to? How is the number of detections increased? And how do you know when a device found has been detected before. Where is the unique Bluetooth ID saved for all these functions???

How can we get a user from auth based on uploaded data

What is the recommended way to decrypt the msg property in the files uploaded by the user? Is there an example of this or a recommended approach?

when i try to run firbase add commend throws below error

C:\Users\Harish>firebase use --add

Error: firebase use must be run from a Firebase project directory.

Run firebase init to start a project directory in the current folder.

Having trouble? Try firebase [command] --help

Hi, When I want to upload data, the following appears:

The app keeps crashing with this error after deploying to firebase functinos
Caused by: java.net.URISyntaxException: Illegal character in authority at index 8: https://<asia-east2>-trace-8rbv.cloudfunctions.net/ at java.net.URI$Parser.fail(URI.java:2893) at java.net.URI$Parser.parseAuthority(URI.java:3231) at java.net.URI$Parser.parseHierarchical(URI.java:3142) at java.net.URI$Parser.parse(URI.java:3098) at java.net.URI.<init>(URI.java:584) at okhttp3.HttpUrl.uri(HttpUrl.java:379) at okhttp3.internal.connection.RouteSelector.resetNextProxy(RouteSelector.java:129)  at okhttp3.internal.connection.RouteSelector.<init>(RouteSelector.java:63)  at okhttp3.internal.connection.StreamAllocation.<init>(StreamAllocation.java:101)  at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:112)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)  at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)  at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:254)  at okhttp3.RealCall$AsyncCall.execute(RealCall.java:200)  at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32)  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)  at java.lang.Thread.run(Thread.java:764) 
Please assist

Keep getting this error in command prompt...

> functions@ build C:\Users\Jerome\Videos\Tracer-1\functions
> tsc

src/config.ts:9:30 - error TS1011: An element access expression should take an argument.

9   regions: SUPPORTED_REGIONS[],



Found 1 error.

npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! functions@ build: `tsc`
npm ERR! Exit status 2
npm ERR!
npm ERR! Failed at the functions@ build script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\Jerome\AppData\Roaming\npm-cache\_logs\2020-04-23T14_37_32_030Z-debug.log

Error: functions predeploy error: Command terminated with non-zero exit code2

Hi All
Everything working ok with the deploy on firebase. Build ok in AndroidStudio the app. Validating ok OTP but can't reach the upload. Gettign this error "getUploadToken
Unhandled error Error [ERR_CRYPTO_INVALID_STATE]: Invalid state for operation getAuthTag" and "getTempIDs
Unhandled error Error [ERR_CRYPTO_INVALID_STATE]: Invalid state for operation getAuthTag"

Codes collection is missing in firebase.

Thx

When a user enters PIN to upload, there is an error logged in Firebase functions getUploadToken: Unhandled error Error [ERR_CRYPTO_INVALID_STATE]: Invalid state for operation getAuthTag. What can I do to fix it?

Please how do I get the phone numbers of all the Bluetooth devices my phone connects with, it doesn't seem to be included in the json file sent across.

I'm stuck at the below step:
npm --prefix functions install

npm ERR! Can't install : Missing package version

Any help will be appreciated. I'm using Powershell

Please how should the logic for processing the uploaded data be? code

every thing is well , but i dont know , how and where(with precision) to generate the upload pin .

When scanning via bluetooth it fails:

All test passing except Encryption key retrieval:

keyPath: "OpenTraceESKey"

#encryption getEncryptionSecret: Getting encryption key: projects/XXX/secrets/OpenTraceESKey/versions/1 getEncryptionKeyTest Error: 7 PERMISSION_DENIED: Permission 'secretmanager.versions.access' denied for resource 'projects/XXX/secrets/OpenTraceESKey/versions/1' (or it may not exist). at Object.callErrorFromStatus (C:\src\opentrace-cloud-functions\functions\node_modules\@grpc\grpc-js\src\call.ts:79:24) at Http2CallStream.<anonymous> (C:\src\opentrace-cloud-functions\functions\node_modules\@grpc\grpc-js\src\client.ts:155:18) at Http2CallStream.emit (events.js:322:22) at C:\src\opentrace-cloud-functions\functions\node_modules\@grpc\grpc-js\src\call-stream.ts:186:14 at processTicksAndRejections (internal/process/task_queues.js:79:11) { code: 7, details: "Permission 'secretmanager.versions.access' denied for resource 'projects/XXX/secrets/OpenTraceESKey/versions/1' (or it may not exist).", metadata: Metadata { internalRepr: Map { 'grpc-server-stats-bin' => [Array] }, options: {} }, note: 'Exception occurred in retry method that was not classified as transient' }

Key is stored in Secret Manager and [email protected] user has the access rights (in both IAM and Secret Manager).

Do we need the PRODUCTION_SERVICE_UUID And V2_CHARACTERISTIC_ID in order for the PIN to show up when the user wants to upload data for contact tracing...

Or did i do something wrong in my cloud functions?

There are no errors in the console when i run the app on my android device.
When i run the test i get the following results
config.ts
#encryption
√ should have a valid default algorithm
#encryption
getEncryptionSecret: Getting encryption key: projects/project/secrets/Encrykey/versions/1
√ should succeed in getting encryption key (1845ms)
#upload
√ should have valid buckets (1303ms)
#upload
√ should use a good pin generator

Would like to do some testing on the android application. Is there a way to do so without filling billing information for 'blaze' account on cloud functions? Currently having issues due to error "NOT-IDLE Failed to retrieve HandShakePin NOT_FOUND", possibly caused by no cloud functions being deployed.

After
UploadFragment: NOT-IDLE Uploading to Cloud Storage
UploadFragment: NOT-IDLE uploaded successfully

Here is the file format received by
processUploadedData
processUploadedData: Detected new file: streetPassRecords/20200517/StreetPassRecord_Xiaomi_MI 9_2020-05-17_22-04-02.json

processUploadedData
processUploadedData: File is not streetPassRecords, ignore.

What is missing here in the file format to go through all the Steps in processUploadedData ?

when see the logs view functions:

When I called
getUploadToken
which in turn calls await admin.firestore().collection('codes').doc('uploadCode').set({uploadCode: payloadData.toString('base64')});
I received the folowing error
Unhandled error { Error: 7 PERMISSION_DENIED: Missing or insufficient permissions.

The database is in native mode

I tried several database rules, but did not succeed to overcome this issue.
Below is one of the database rules

rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;

Did someone come through this issue and solve the problem ?

hello team,

I have used your codebase. but I'm a bit confused in the get upload token part. please help me with that.

How are the service endpoints exposed? Is there one endpoint which is called via an encrypted transport, with the envelope containing the target function/service? Or is it REST-style where the function name is exposed via the endpoint?

checking the log on the getUploadToken i am getting this error message :
Unhandled error Error [ERR_CRYPTO_INVALID_STATE]: Invalid state for operation getAuthTag

anyone can help please???

I'm refering to this:
Download the json credential file and set the path to GOOGLE_APPLICATION_CREDENTIALS environment variable

Couldn't find it anywhere. I already downloaded the JSON file and I'mnot sure where to put it and where to set the GOOGLE_APPLICATION_CREDENTIALS variable.

Building on Android

Help appreciated.

config.ts
#encryption
✓ should have a valid default algorithm
#encryption
getEncryptionSecret: Getting encryption key:
1) should succeed in getting encryption key
#upload
✓ should have valid buckets (984ms)
#upload
✓ should use a good pin generator

3 passing (3s)
1 failing

1. config.ts
   #encryption
   should succeed in getting encryption key:
   Error: Timeout of 2000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (config.test.ts)

getEncryptionKeyTest { Error: 3 INVALID_ARGUMENT: Resource ID [projects/12312323131/secrets/B/ASDMALDSACNAKSCNASCNKASC/UI=/versions/1] is not in a valid format.
at Object.callErrorFromStatus (opentrace-cloud-functions/functions/node_modules/@grpc/grpc-js/src/call.ts:79:24)
at Http2CallStream.call.on (opentrace-cloud-functions/functions/node_modules/@grpc/grpc-js/src/client.ts:155:18)
at Http2CallStream.emit (events.js:203:15)
at process.nextTick (opentrace-cloud-functions/functions/node_modules/@grpc/grpc-js/src/call-stream.ts:186:14)
at process._tickCallback (internal/process/next_tick.js:61:11)
code: 3,
details:
'Resource ID [projects/12312323131/secrets/B/ASDMALDSACNAKSCNASCNKASC/UI=/versions/1] is not in a valid format.',
metadata:
Metadata {
internalRepr: Map { 'grpc-server-stats-bin' => [Array] },
options: {} },
note:
'Exception occurred in retry method that was not classified as transient' }
npm ERR! Test failed. See above for more details.

The current implementation does not follow NIST Special Publication 800-38D, in particular Section 8.2 IV Constructions and 8.3 Constraints on the Number of Invocations regarding the secret key.

To mitigate 8.2: IVs can be converted to deterministic construction per 8.2.1.
To mitigate 8.3: Temporary IDs should use an ephemeral key derived from the secret key and uid values, so that the same key is not used for more than 2^32 operations.

The current implementation may permit an adversary to fabricate IDs or Upload Tokens, if they collect duplicated IVs or more than 2^32 encryption operations are performed against the same key.

As I understood from the flow of the system, the pin that is generated from getHandshakePin function is also used in getUploadToken to validate whether user has a right to upload his history data.

I am curious about this flow. If it's the case that the same pin taken from then getHandshakePin process used as a token via getUploadToken, is't it a bad approach to save that pin in local storage of the device. And why backend should send that pin to the user at getHandshakePin process?

Or if we look from different prespective, let's say we do not use the same pin generated from getHandshakePin to store it as an UploadToken using storeUploadCodes function, so that we will use different tokens generated by Health Authorities instead of those pins. Then, why we need that pin from getHandshakePin?

I understand that maybe I am not understanding the flow fully, so I ask for an advice to shed the light in this situation.

Thanks!

Hi, with the uploaded data on Bucket storage, how do we know the phone number(or any info) that connected with our device?
Please find my uploaded data here.

And what will we do with this function : processUploadedData
Currently it's not implemented yet.

Please. How can I fix:
Error: 9 FAILED_PRECONDITION: The Cloud Firestore API is not available for Datastore Mode projects.

@mchmielarski
I called await storeUploadCodes(['1234']); inside getUploadToken.ts class in the getUploadToken to set the PIN and it seems to work fine. I was able to upload data from the App using the PIN 1234

hi sorry, it tried this but does not seems to work. can someone provide some explanation of where and how to put this in the getUploadToken

Originally posted by @rez20004 in #6 (comment)

Hi guys,
I got everything working, now I would like to know, how to I simulate a active case, for example, I have installed this on two Android phones close by, so I want the other phone to act a a user who is positive and upload data.

Trigger the upload code.

Any Documentation for that.
Thanks,
Jongi

I got this error, after uploading, a simulation for a Positive case. I tried tracing the code and it somewhere at the decryptTempID method that is having an issue. Can you help explain how the process or algorithm on this?

Thanks.

Android Error:
[TempID] Error getting Temporary IDs

Cloud Function error is below.

I follow all the mentioned steps. But it seems there is some issue while getting encryption key from GCP in code.

Note: I am using "aes-256-gcm" encryption that I already set in the config.js file. DO we need to add this encryption type somewhere else too? Or how I can get rid of this error.

OS: Ubuntu 18.04
Node: v10.20.1
Npm: 6.14.4
Firebase-tools: [email protected]

I'm trying to npm --prefix function test but only 2 tests succeed and 2 fails. Below are the errors:

1) config.ts
      #encryption
        should succeed in getting encryption key:
    Error: Timeout of 2000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (C:\DEVELOPMENT\Cloud\functions\test\opentrace\config.test.ts)
     at listOnTimeout (internal/timers.js:549:17)
     at processTimers (internal/timers.js:492:7)

 2) config.ts
      #upload
        should have valid buckets:
    Error: Timeout of 2000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (C:\DEVELOPMENT\Cloud\functions\test\opentrace\config.test.ts)
     at listOnTimeout (internal/timers.js:549:17)
     at processTimers (internal/timers.js:492:7)

I'm certain that the buckets are valid and the authorization are also given to the user. I'm on Windows.

Please assist.

Thanks

Hi,
It says in Open Trace app, that contact tracer will give the code that should match the verification code shown in the user's Phone(who tested positive). It is not mentioned how the contact tracer will get this code?

Could anyone explain this?

Thank you for open sourcing the project, been looking to develop something similar to traceTogether for my country.

My question, can this cloud-functions with React Native give me ability to offer same functionality as the traceTogether app?

#upload
1) should have valid buckets
#upload
✓ should use a good pin generator

3 passing (3s)
1 failing

1. config.ts
   #upload
   should have valid buckets:
   Error: Timeout of 2000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/Users/lover/Downloads/opentrace-cloud-functions/functions/test/opentrace/config.test.ts)
   at listOnTimeout (internal/timers.js:531:17)
   at processTimers (internal/timers.js:475:7)