libsignal-protocol-javascript icon indicating copy to clipboard operation
libsignal-protocol-javascript copied to clipboard

Published 20 hours ago verified publisher icon signalapp

React Native support

Open tanx opened this issue 8 years ago • 15 comments

Hey, I'm currently investigating using the library in a react native app. The JavaScriptCore runtime on iOS does not surface the WebCrypto apis though, so I'd have to create react native plugins that shim WebCrypto using native crypto primitives. I'm curious if you'd be open to accepting a PR that integrates this use case. Thanks

tanx avatar Oct 16 '16 13:10 tanx

Using your ObjectiveC/Java libs for mobile would obviously also be an option, but since my business logic and UI are in JS, wrapping just the crypto primitives instead of the full protocol layer seems to make more sense.

tanx avatar Oct 16 '16 13:10 tanx

Neat. I have considered this, well, in part in that my hope was that I could add necessary algorithm support to - https://github.com/PeculiarVentures/node-webcrypto-liner which would enable building a signal implementation on it.

In native land, mabe https://github.com/PeculiarVentures/node-webcrypto-ossl could be of use?

rmhrisk avatar Oct 17 '16 20:10 rmhrisk

From looking at crypto.js only a few apis would need to be shimmed:

  1. crypto.getRandomValues using react-native-randombytes
  2. AES-CBC
  3. HMAC-SHA-256
  4. SHA-512

Since 2-4 are already async that should be pretty strait forward. Only 1. is currently a sync api and would have to be refactored, as calls through the react native bridge are all async.

Wrapping a native cipher suite e.g. openssl could work, but perhaps using iOS and Android platform apis would be cleaner.

tanx avatar Oct 17 '16 21:10 tanx

Any progress guys?

ohenepee avatar Jul 13 '17 09:07 ohenepee

Pinging back as well. I'm also trying to integrate with React Native. Thanks!

jjzazuet avatar Nov 15 '17 14:11 jjzazuet

+1

JoschaP avatar Dec 05 '17 06:12 JoschaP

It turns out there is already a way to surface the native webcrypto apis to JavaScriptCore using a bridge to the WebKit WebView https://github.com/saulshanabrook/react-native-webview-crypto

Perhaps give this a try and see if all api requirments are met.

tanx avatar Dec 05 '17 06:12 tanx

@tanx the last time I tried that, I only got as far as exposing the crypto.subtle object (and its corresponding methods) on iOS 11, since at the time (a couple months I think) Chrome on Android did not expose the WebCrypto API, thus getting undefined.

The way I did it was by proxying WebCrypto API calls to a hidden WebView, passing arguments through the React Native Javascript bridge using the postMessage function.

If this table is to be believed, both iOS and Android may now return implementation objects. Since this approach didn't work for me, I'm exploring the idea to replace the high level crypto calls with react-native-sodium instead.

Hope this helps.

jjzazuet avatar Dec 09 '17 20:12 jjzazuet

@jjzazuet Proxying calls to a WebView is clever! It definitely maximizes WebCrypto API compatibility.

As an alternative, mostly JS solution, I published isomorphic-webcrypto, which uses the Microsoft Research library for WebCrypto support in React Native. There are a few caveats for React Native:

  1. It can't generate RSA keys or ECDSA with SHA-512
  2. React Native doesn't expose a secure way to get entropy, so you'll have to wait for the crypto.ensureSecure callback to complete before calling crypto.getRandomValues()
  3. I haven't tested the encryption flows, only the signing ones, so there may be issues I'm unaware of

This could be a place to start if someone wanted to build out a POC.

kevlened avatar Feb 05 '18 16:02 kevlened

OK, think I might have found a way to support this (and a bunch of other cool stuff on RN) via NodeJS-Mobile. This runs node on a bg process on both Android and iOS via Chakra core. Seemingly supporting most / all node.

Thoughts?

shouse avatar Sep 05 '18 15:09 shouse

create react native plugins that shim WebCrypto using native crypto primitives.

@tanx Did you get around to making that change? I'm in a similar position.

quixote911 avatar Oct 09 '19 10:10 quixote911

Any progress or solution for this?

OmarBasem avatar Mar 26 '20 07:03 OmarBasem

+1

johnsBeharry avatar Nov 02 '20 08:11 johnsBeharry

Two libraries we produced since this bug was opened: https://www.npmjs.com/package/2key-ratchet https://www.npmjs.com/package/@peculiar/webcrypto

Summary of how 2key-ratchet differs from the standard signal protocol is here https://github.com/PeculiarVentures/2key-ratchet/blob/master/DIFFERENCES.md

rmhrisk avatar Nov 02 '20 16:11 rmhrisk

I was able to get this thing working in React Native. This is what I did:

  1. Forked https://github.com/elsehow/signal-protocol/
  2. Changed node_pollyfills.js to use
var crypto = require('isomorphic-webcrypto');

module.exports = {
  crypto: crypto,
};
  1. Changed crypto.js to use
var crypto = require('./node_polyfills.js').crypto;
  1. Changed curve25519_concat.js by removing all of the conditional environment set up and just having it use the web set up.

There were other miscellaneous changes I had to make but these were the most important ones. https://github.com/AidenRourke/signal-protocol

AidenRourke avatar Mar 29 '21 11:03 AidenRourke