Skip to content
This repository has been archived by the owner on Aug 5, 2021. It is now read-only.

React Native support #7

Open
tanx opened this issue Oct 16, 2016 · 15 comments
Open

React Native support #7

tanx opened this issue Oct 16, 2016 · 15 comments

Comments

@tanx
Copy link

tanx commented Oct 16, 2016

Hey, I'm currently investigating using the library in a react native app. The JavaScriptCore runtime on iOS does not surface the WebCrypto apis though, so I'd have to create react native plugins that shim WebCrypto using native crypto primitives. I'm curious if you'd be open to accepting a PR that integrates this use case. Thanks
@tanx
Copy link
Author

tanx commented Oct 16, 2016

Using your ObjectiveC/Java libs for mobile would obviously also be an option, but since my business logic and UI are in JS, wrapping just the crypto primitives instead of the full protocol layer seems to make more sense.

@rmhrisk
Copy link

rmhrisk commented Oct 17, 2016

Neat. I have considered this, well, in part in that my hope was that I could add necessary algorithm support to - https://github.com/PeculiarVentures/node-webcrypto-liner which would enable building a signal implementation on it.

In native land, mabe https://github.com/PeculiarVentures/node-webcrypto-ossl could be of use?

@tanx
Copy link
Author

tanx commented Oct 17, 2016
edited
Loading

From looking at crypto.js only a few apis would need to be shimmed:

  1. crypto.getRandomValues using react-native-randombytes
  2. AES-CBC
  3. HMAC-SHA-256
  4. SHA-512

Since 2-4 are already async that should be pretty strait forward. Only 1. is currently a sync api and would have to be refactored, as calls through the react native bridge are all async.

Wrapping a native cipher suite e.g. openssl could work, but perhaps using iOS and Android platform apis would be cleaner.

@ohenepee
Copy link

Any progress guys?

@jjzazuet
Copy link

Pinging back as well. I'm also trying to integrate with React Native. Thanks!

@JoschaP
Copy link

JoschaP commented Dec 5, 2017

+1

@tanx
Copy link
Author

tanx commented Dec 5, 2017

It turns out there is already a way to surface the native webcrypto apis to JavaScriptCore using a bridge to the WebKit WebView https://github.com/saulshanabrook/react-native-webview-crypto

Perhaps give this a try and see if all api requirments are met.

@jjzazuet
Copy link

jjzazuet commented Dec 9, 2017

@tanx the last time I tried that, I only got as far as exposing the crypto.subtle object (and its corresponding methods) on iOS 11, since at the time (a couple months I think) Chrome on Android did not expose the WebCrypto API, thus getting undefined.

The way I did it was by proxying WebCrypto API calls to a hidden WebView, passing arguments through the React Native Javascript bridge using the postMessage function.

If this table is to be believed, both iOS and Android may now return implementation objects. Since this approach didn't work for me, I'm exploring the idea to replace the high level crypto calls with react-native-sodium instead.

Hope this helps.

@jjzazuet jjzazuet mentioned this issue Jan 28, 2018
Closed
@kevlened
Copy link

kevlened commented Feb 5, 2018

@jjzazuet Proxying calls to a WebView is clever! It definitely maximizes WebCrypto API compatibility.

As an alternative, mostly JS solution, I published isomorphic-webcrypto, which uses the Microsoft Research library for WebCrypto support in React Native. There are a few caveats for React Native:

  1. It can't generate RSA keys or ECDSA with SHA-512
  2. React Native doesn't expose a secure way to get entropy, so you'll have to wait for the crypto.ensureSecure callback to complete before calling crypto.getRandomValues()
  3. I haven't tested the encryption flows, only the signing ones, so there may be issues I'm unaware of

This could be a place to start if someone wanted to build out a POC.

@shouse
Copy link

shouse commented Sep 5, 2018

OK, think I might have found a way to support this (and a bunch of other cool stuff on RN) via NodeJS-Mobile. This runs node on a bg process on both Android and iOS via Chakra core. Seemingly supporting most / all node.

Thoughts?

@quixote911
Copy link

quixote911 commented Oct 9, 2019
edited
Loading

create react native plugins that shim WebCrypto using native crypto primitives.

@tanx Did you get around to making that change? I'm in a similar position.

@OmarBasem
Copy link

Any progress or solution for this?

@johnsBeharry
Copy link

+1

@rmhrisk
Copy link

rmhrisk commented Nov 2, 2020

Two libraries we produced since this bug was opened:
https://www.npmjs.com/package/2key-ratchet
https://www.npmjs.com/package/@peculiar/webcrypto

Summary of how 2key-ratchet differs from the standard signal protocol is here https://github.com/PeculiarVentures/2key-ratchet/blob/master/DIFFERENCES.md

@AidenRourke
Copy link

AidenRourke commented Mar 29, 2021
edited
Loading

I was able to get this thing working in React Native. This is what I did:

  1. Forked https://github.com/elsehow/signal-protocol/
  2. Changed node_pollyfills.js to use
var crypto = require('isomorphic-webcrypto');

module.exports = {
  crypto: crypto,
};
  1. Changed crypto.js to use
var crypto = require('./node_polyfills.js').crypto;
  1. Changed curve25519_concat.js by removing all of the conditional environment set up and just having it use the web set up.

There were other miscellaneous changes I had to make but these were the most important ones.
https://github.com/AidenRourke/signal-protocol

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests