@capgo/capacitor-updater 6.1.16 → 6.1.17

package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdaterPlugin.java

@@ -56,7 +56,7 @@ public class CapacitorUpdaterPlugin extends Plugin {
   private static final String channelUrlDefault =
     "https://api.capgo.app/channel_self";
 
-  private final String PLUGIN_VERSION = "6.1.16";
+  private final String PLUGIN_VERSION = "6.1.17";
   private static final String DELAY_CONDITION_PREFERENCES = "";
 
   private SharedPreferences.Editor editor;

package/android/src/main/java/ee/forgr/capacitor_updater/CryptoCipherV2.java

@@ -0,0 +1,189 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+package ee.forgr.capacitor_updater;
+
+/**
+ * Created by Awesometic
+ * It's encrypt returns Base64 encoded, and also decrypt for Base64 encoded cipher
+ * references: http://stackoverflow.com/questions/12471999/rsa-encryption-decryption-in-android
+ */
+import android.util.Base64;
+import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PSource;
+import javax.crypto.spec.SecretKeySpec;
+
+public class CryptoCipherV2 {
+
+  public static byte[] decryptRSA(byte[] source, PublicKey publicKey)
+    throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
+    cipher.init(Cipher.DECRYPT_MODE, publicKey);
+    byte[] decryptedBytes = cipher.doFinal(source);
+    return decryptedBytes;
+  }
+
+  public static byte[] decryptAES(byte[] cipherText, SecretKey key, byte[] iv) {
+    try {
+      IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
+      Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+      SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "AES");
+      cipher.init(Cipher.DECRYPT_MODE, keySpec, ivParameterSpec);
+      return cipher.doFinal(cipherText);
+    } catch (Exception e) {
+      e.printStackTrace();
+    }
+    return null;
+  }
+
+  public static SecretKey byteToSessionKey(byte[] sessionKey) {
+    // rebuild key using SecretKeySpec
+    return new SecretKeySpec(sessionKey, 0, sessionKey.length, "AES");
+  }
+
+  private static PublicKey readX509PublicKey(byte[] x509Bytes)
+    throws GeneralSecurityException {
+    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(x509Bytes);
+    try {
+      return keyFactory.generatePublic(keySpec);
+    } catch (InvalidKeySpecException e) {
+      throw new IllegalArgumentException("Unexpected key format!", e);
+    }
+  }
+
+  public static PublicKey stringToPublicKey(String public_key)
+    throws GeneralSecurityException {
+    // Base64 decode the result
+
+    String pkcs1Pem = public_key.toString();
+    pkcs1Pem = pkcs1Pem.replace("-----BEGIN RSA PUBLIC KEY-----", "");
+    pkcs1Pem = pkcs1Pem.replace("-----END RSA PUBLIC KEY-----", "");
+    pkcs1Pem = pkcs1Pem.replace("\\n", "");
+    pkcs1Pem = pkcs1Pem.replace(" ", "");
+
+    byte[] pkcs1EncodedBytes = Base64.decode(pkcs1Pem, Base64.DEFAULT);
+
+    // extract the public key
+    return readPkcs1PublicKey(pkcs1EncodedBytes);
+  }
+
+  // since the public key is in pkcs1 format, we have to convert it to x509 format similar
+  // to what needs done with the private key converting to pkcs8 format
+  // so, the rest of the code below here is adapted from here https://stackoverflow.com/a/54246646
+  private static final int SEQUENCE_TAG = 0x30;
+  private static final int BIT_STRING_TAG = 0x03;
+  private static final byte[] NO_UNUSED_BITS = new byte[] { 0x00 };
+  private static final byte[] RSA_ALGORITHM_IDENTIFIER_SEQUENCE = {
+    (byte) 0x30,
+    (byte) 0x0d,
+    (byte) 0x06,
+    (byte) 0x09,
+    (byte) 0x2a,
+    (byte) 0x86,
+    (byte) 0x48,
+    (byte) 0x86,
+    (byte) 0xf7,
+    (byte) 0x0d,
+    (byte) 0x01,
+    (byte) 0x01,
+    (byte) 0x01,
+    (byte) 0x05,
+    (byte) 0x00,
+  };
+
+  private static PublicKey readPkcs1PublicKey(byte[] pkcs1Bytes)
+    throws NoSuchAlgorithmException, InvalidKeySpecException, GeneralSecurityException {
+    // convert the pkcs1 public key to an x509 favorable format
+    byte[] keyBitString = createDEREncoding(
+      BIT_STRING_TAG,
+      joinPublic(NO_UNUSED_BITS, pkcs1Bytes)
+    );
+    byte[] keyInfoValue = joinPublic(
+      RSA_ALGORITHM_IDENTIFIER_SEQUENCE,
+      keyBitString
+    );
+    byte[] keyInfoSequence = createDEREncoding(SEQUENCE_TAG, keyInfoValue);
+    return readX509PublicKey(keyInfoSequence);
+  }
+
+  private static byte[] joinPublic(byte[]... bas) {
+    int len = 0;
+    for (int i = 0; i < bas.length; i++) {
+      len += bas[i].length;
+    }
+
+    byte[] buf = new byte[len];
+    int off = 0;
+    for (int i = 0; i < bas.length; i++) {
+      System.arraycopy(bas[i], 0, buf, off, bas[i].length);
+      off += bas[i].length;
+    }
+
+    return buf;
+  }
+
+  private static byte[] createDEREncoding(int tag, byte[] value) {
+    if (tag < 0 || tag >= 0xFF) {
+      throw new IllegalArgumentException(
+        "Currently only single byte tags supported"
+      );
+    }
+
+    byte[] lengthEncoding = createDERLengthEncoding(value.length);
+
+    int size = 1 + lengthEncoding.length + value.length;
+    byte[] derEncodingBuf = new byte[size];
+
+    int off = 0;
+    derEncodingBuf[off++] = (byte) tag;
+    System.arraycopy(
+      lengthEncoding,
+      0,
+      derEncodingBuf,
+      off,
+      lengthEncoding.length
+    );
+    off += lengthEncoding.length;
+    System.arraycopy(value, 0, derEncodingBuf, off, value.length);
+
+    return derEncodingBuf;
+  }
+
+  private static byte[] createDERLengthEncoding(int size) {
+    if (size <= 0x7F) {
+      // single byte length encoding
+      return new byte[] { (byte) size };
+    } else if (size <= 0xFF) {
+      // double byte length encoding
+      return new byte[] { (byte) 0x81, (byte) size };
+    } else if (size <= 0xFFFF) {
+      // triple byte length encoding
+      return new byte[] {
+        (byte) 0x82,
+        (byte) (size >> Byte.SIZE),
+        (byte) size,
+      };
+    }
+
+    throw new IllegalArgumentException(
+      "size too large, only up to 64KiB length encoding supported: " + size
+    );
+  }
+}

package/ios/Plugin/CapacitorUpdaterPlugin.swift

@@ -16,7 +16,7 @@ import SwiftyRSA
 @objc(CapacitorUpdaterPlugin)
 public class CapacitorUpdaterPlugin: CAPPlugin {
     public var implementation = CapacitorUpdater()
-    private let PLUGIN_VERSION: String = "6.1.16"
+    private let PLUGIN_VERSION: String = "6.1.17"
     static let updateUrlDefault = "https://api.capgo.app/updates"
     static let statsUrlDefault = "https://api.capgo.app/stats"
     static let channelUrlDefault = "https://api.capgo.app/channel_self"

package/ios/Plugin/CryptoCipherV2.swift

@@ -0,0 +1,263 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+import Foundation
+import CommonCrypto
+
+///
+/// Constants
+///
+private enum CryptoCipherConstantsV2 {
+    static let rsaKeySizeInBits: NSNumber = 2048
+    static let aesAlgorithm: CCAlgorithm = CCAlgorithm(kCCAlgorithmAES)
+    static let aesOptions: CCOptions = CCOptions(kCCOptionPKCS7Padding)
+    static let rsaAlgorithm: SecKeyAlgorithm = .rsaEncryptionPKCS1
+}
+///
+/// The AES key. Contains both the initialization vector and secret key.
+///
+public struct AES128KeyV2 {
+    /// Initialization vector
+    private let iv: Data
+    private let aes128Key: Data
+    #if DEBUG
+    public var __debug_iv: Data { iv }
+    public var __debug_aes128Key: Data { aes128Key }
+    #endif
+    init(iv: Data, aes128Key: Data) {
+        self.iv = iv
+        self.aes128Key = aes128Key
+    }
+    ///
+    /// Takes the data and uses the private key to decrypt it. Will call `CCCrypt` in CommonCrypto
+    /// and provide it `ivData` for the initialization vector. Will use cipher block chaining (CBC) as
+    /// the mode of operation.
+    ///
+    /// Returns the decrypted data.
+    ///
+    public func decrypt(data: Data) -> Data? {
+        let encryptedData: UnsafePointer<UInt8> = (data as NSData).bytes.bindMemory(to: UInt8.self, capacity: data.count)
+        let encryptedDataLength: Int = data.count
+
+        if let result: NSMutableData = NSMutableData(length: encryptedDataLength) {
+            let keyData: UnsafePointer<UInt8> = (self.aes128Key as NSData).bytes.bindMemory(to: UInt8.self, capacity: self.aes128Key.count)
+            let keyLength: size_t = size_t(self.aes128Key.count)
+            let ivData: UnsafePointer<UInt8> = (iv as NSData).bytes.bindMemory(to: UInt8.self, capacity: self.iv.count)
+
+            let decryptedData: UnsafeMutablePointer<UInt8> = UnsafeMutablePointer<UInt8>(result.mutableBytes.assumingMemoryBound(to: UInt8.self))
+            let decryptedDataLength: size_t = size_t(result.length)
+
+            var decryptedLength: size_t = 0
+
+            let status: CCCryptorStatus = CCCrypt(CCOperation(kCCDecrypt), CryptoCipherConstants.aesAlgorithm, CryptoCipherConstants.aesOptions, keyData, keyLength, ivData, encryptedData, encryptedDataLength, decryptedData, decryptedDataLength, &decryptedLength)
+
+            if Int32(status) == Int32(kCCSuccess) {
+                result.length = Int(decryptedLength)
+                return result as Data
+            } else {
+                return nil
+            }
+        } else {
+            return nil
+        }
+    }
+}
+
+///
+/// The RSA keypair. Includes both private and public key.
+///
+public struct RSAKeyPairV2 {
+    private let privateKey: SecKey
+    private let publicKey: SecKey
+
+    #if DEBUG
+    public var __debug_privateKey: SecKey { self.privateKey }
+    public var __debug_publicKey: SecKey { self.publicKey }
+    #endif
+
+    fileprivate init(privateKey: SecKey, publicKey: SecKey) {
+        self.privateKey = privateKey
+        self.publicKey = publicKey
+    }
+
+    public func extractPublicKey() -> RSAPublicKey {
+        RSAPublicKey(publicKey: publicKey)
+    }
+
+    ///
+    /// Takes the data and uses the private key to decrypt it.
+    /// Returns the decrypted data.
+    ///
+    public func decrypt(data: Data) -> Data? {
+        var error: Unmanaged<CFError>?
+        if let decryptedData: CFData = SecKeyCreateDecryptedData(self.privateKey, CryptoCipherConstants.rsaAlgorithm, data as CFData, &error) {
+            if error != nil {
+                return nil
+            } else {
+                return decryptedData as Data
+            }
+        } else {
+            return nil
+        }
+    }
+}
+
+///
+/// The RSA public key.
+///
+public struct RSAPublicKeyV2 {
+    private let publicKey: SecKey
+
+    #if DEBUG
+    public var __debug_publicKey: SecKey { self.publicKey }
+    #endif
+
+    fileprivate init(publicKey: SecKey) {
+        self.publicKey = publicKey
+    }
+
+    ///
+    /// Takes the data and uses the public key to decrypt it.
+    /// Returns the decrypted data.
+    ///
+    public func decrypt(data: Data) -> Data? {
+        do {
+            guard let decryptedData = RSAPublicKey.decryptWithRSAKey(data, rsaKeyRef: self.publicKey, padding: SecPadding()) else {
+                throw CustomError.cannotDecryptSessionKey
+            }
+
+            return decryptedData
+        } catch {
+            print("Error decrypting data: \(error)")
+            return nil
+        }
+    }
+
+    ///
+    /// Allows you to export the RSA public key to a format (so you can send over the net).
+    ///
+    public func export() -> Data? {
+        return publicKey.exportToData()
+    }
+    //
+
+    ///
+    /// Allows you to load an RSA public key (i.e. one downloaded from the net).
+    ///
+    public static func load(rsaPublicKey: String) -> RSAPublicKey? {
+        var pubKey: String = rsaPublicKey
+        pubKey = pubKey.replacingOccurrences(of: "-----BEGIN RSA PUBLIC KEY-----", with: "")
+        pubKey = pubKey.replacingOccurrences(of: "-----END RSA PUBLIC KEY-----", with: "")
+        pubKey = pubKey.replacingOccurrences(of: "\\n+", with: "", options: .regularExpression)
+        pubKey = pubKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        do {
+            guard let rsaPublicKeyData: Data = Data(base64Encoded: String(pubKey)) else {
+                throw CustomError.cannotDecode
+            }
+
+            guard let publicKey: SecKey = .loadPublicFromData(rsaPublicKeyData) else {
+                throw CustomError.cannotDecode
+            }
+
+            return RSAPublicKey(publicKey: publicKey)
+        } catch {
+            print("Error load RSA: \(error)")
+            return nil
+        }
+    }
+
+    // code is copied from here: https://github.com/btnguyen2k/swiftutils/blob/88494f4c635b6c6d42ef0fb30a7d666acd38c4fa/SwiftUtils/RSAUtils.swift#L393
+    public static func decryptWithRSAKey(_ encryptedData: Data, rsaKeyRef: SecKey, padding: SecPadding) -> Data? {
+        let blockSize = SecKeyGetBlockSize(rsaKeyRef)
+        let dataSize = encryptedData.count / MemoryLayout<UInt8>.size
+
+        var encryptedDataAsArray = [UInt8](repeating: 0, count: dataSize)
+        (encryptedData as NSData).getBytes(&encryptedDataAsArray, length: dataSize)
+
+        var decryptedData = [UInt8](repeating: 0, count: 0)
+        var idx = 0
+        while idx < encryptedDataAsArray.count {
+            var idxEnd = idx + blockSize
+            if idxEnd > encryptedDataAsArray.count {
+                idxEnd = encryptedDataAsArray.count
+            }
+            var chunkData = [UInt8](repeating: 0, count: blockSize)
+            for i in idx..<idxEnd {
+                chunkData[i-idx] = encryptedDataAsArray[i]
+            }
+
+            var decryptedDataBuffer = [UInt8](repeating: 0, count: blockSize)
+            var decryptedDataLength = blockSize
+
+            let status = SecKeyDecrypt(rsaKeyRef, padding, chunkData, idxEnd-idx, &decryptedDataBuffer, &decryptedDataLength)
+            if status != noErr {
+                return nil
+            }
+            let finalData = removePadding(decryptedDataBuffer)
+            decryptedData += finalData
+
+            idx += blockSize
+        }
+
+        return Data(decryptedData)
+    }
+
+    // code is copied from here: https://github.com/btnguyen2k/swiftutils/blob/88494f4c635b6c6d42ef0fb30a7d666acd38c4fa/SwiftUtils/RSAUtils.swift#L429
+    private static func removePadding(_ data: [UInt8]) -> [UInt8] {
+        var idxFirstZero = -1
+        var idxNextZero = data.count
+        for i in 0..<data.count {
+            if data[i] == 0 {
+                if idxFirstZero < 0 {
+                    idxFirstZero = i
+                } else {
+                    idxNextZero = i
+                    break
+                }
+            }
+        }
+        if idxNextZero-idxFirstZero-1 == 0 {
+            idxNextZero = idxFirstZero
+            idxFirstZero = -1
+        }
+        var newData = [UInt8](repeating: 0, count: idxNextZero-idxFirstZero-1)
+        for i in idxFirstZero+1..<idxNextZero {
+            newData[i-idxFirstZero-1] = data[i]
+        }
+        return newData
+    }
+}
+
+fileprivate extension SecKeyV2 {
+    func exportToData() -> Data? {
+        var error: Unmanaged<CFError>?
+        if let cfData: CFData = SecKeyCopyExternalRepresentation(self, &error) {
+            if error != nil {
+                return nil
+            } else {
+                return cfData as Data
+            }
+        } else {
+            return nil
+        }
+    }
+    static func loadPublicFromData(_ data: Data) -> SecKey? {
+        let keyDict: [NSObject: NSObject] = [
+            kSecAttrKeyType: kSecAttrKeyTypeRSA,
+            kSecAttrKeyClass: kSecAttrKeyClassPublic,
+            kSecAttrKeySizeInBits: CryptoCipherConstants.rsaKeySizeInBits
+        ]
+        return SecKeyCreateWithData(data as NSData, keyDict as CFDictionary, nil)
+    }
+    static func loadPrivateFromData(_ data: Data) -> SecKey? {
+        let keyDict: [NSObject: NSObject] = [
+            kSecAttrKeyType: kSecAttrKeyTypeRSA,
+            kSecAttrKeyClass: kSecAttrKeyClassPrivate,
+            kSecAttrKeySizeInBits: CryptoCipherConstants.rsaKeySizeInBits
+        ]
+        return SecKeyCreateWithData(data as CFData, keyDict as CFDictionary, nil)
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@capgo/capacitor-updater",
-  "version": "6.1.16",
+  "version": "6.1.17",
   "license": "MPL-2.0",
   "description": "Live update for capacitor apps",
   "main": "dist/plugin.cjs.js",