npm - @trustchex/react-native-sdk - Versions diffs - 1.381.0 → 1.464.0 - Mend

@trustchex/react-native-sdk 1.381.0 → 1.464.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (204) hide show

package/src/Shared/EIDReader/protocol/paceResult.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import type { AccessKeySpec } from '../accessKeySpec';
+import type { SecureMessagingWrapper } from '../secureMessagingWrapper';
+import type { MappingType } from '../paceInfo';
+/**
+ * Result of PACE protocol execution.
+ */
+export class PACEResult {
+  private paceKey: AccessKeySpec;
+  private mappingType: MappingType;
+  private agreementAlg: string;
+  private cipherAlg: string;
+  private digestAlg: string;
+  private keyLength: number;
+  private wrapper: SecureMessagingWrapper;
+  constructor(
+    paceKey: AccessKeySpec,
+    mappingType: MappingType,
+    agreementAlg: string,
+    cipherAlg: string,
+    digestAlg: string,
+    keyLength: number,
+    wrapper: SecureMessagingWrapper
+  ) {
+    this.paceKey = paceKey;
+    this.mappingType = mappingType;
+    this.agreementAlg = agreementAlg;
+    this.cipherAlg = cipherAlg;
+    this.digestAlg = digestAlg;
+    this.keyLength = keyLength;
+    this.wrapper = wrapper;
+  }
+  public getPACEKey(): AccessKeySpec {
+    return this.paceKey;
+  }
+  public getMappingType(): MappingType {
+    return this.mappingType;
+  }
+  public getAgreementAlg(): string {
+    return this.agreementAlg;
+  }
+  public getCipherAlg(): string {
+    return this.cipherAlg;
+  }
+  public getDigestAlg(): string {
+    return this.digestAlg;
+  }
+  public getKeyLength(): number {
+    return this.keyLength;
+  }
+  public getWrapper(): SecureMessagingWrapper {
+    return this.wrapper;
+  }
+}

package/src/Shared/EIDReader/secureMessagingWrapper.ts CHANGED Viewed

@@ -87,7 +87,7 @@ export abstract class SecureMessagingWrapper implements APDUWrapper {
       dataOutputStream.push(...paddedData);
       let cc2 = Uint8Array.from(
         Buffer.from(
-          cryptoUtils.computeMac(
+          this.computeMAC(
             Buffer.from(dataOutputStream).toString('hex'),
             this.ksMac
           ),
@@ -116,6 +116,30 @@ export abstract class SecureMessagingWrapper implements APDUWrapper {
   protected abstract getEncodedSendSequenceCounter(): Uint8Array;
+  /**
+   * Encrypt data using the session encryption key.
+   * Subclasses override for AES vs 3DES.
+   */
+  protected encrypt(dataHex: string, keyHex: string): string {
+    return cryptoUtils.encryptWith3DES(dataHex, keyHex);
+  }
+  /**
+   * Decrypt data using the session encryption key.
+   * Subclasses override for AES vs 3DES.
+   */
+  protected decrypt(dataHex: string, keyHex: string): string {
+    return cryptoUtils.decryptWith3DES(dataHex, keyHex);
+  }
+  /**
+   * Compute MAC over data using the session MAC key.
+   * Subclasses override for AES-CMAC vs 3DES MAC.
+   */
+  protected computeMAC(dataHex: string, keyHex: string): string {
+    return cryptoUtils.computeMac(dataHex, keyHex);
+  }
   private wrapCommandAPDU(commandAPDU: CommandAPDU): CommandAPDU {
     const cla = commandAPDU.getCLA();
     const ins = commandAPDU.getINS();
@@ -149,10 +173,7 @@ export abstract class SecureMessagingWrapper implements APDUWrapper {
         this.getPadLength()
       );
       const ciphertext = Buffer.from(
-        cryptoUtils.encryptWith3DES(
-          Buffer.from(data).toString('hex'),
-          this.ksEnc
-        ),
+        this.encrypt(Buffer.from(data).toString('hex'), this.ksEnc),
         'hex'
       );
       output.push(hasDO85 ? 0x85 : 0x87);
@@ -180,7 +201,7 @@ export abstract class SecureMessagingWrapper implements APDUWrapper {
     );
     const cc = Buffer.from(
-      cryptoUtils.computeMac(Buffer.from(n).toString('hex'), this.ksMac),
+      this.computeMAC(Buffer.from(n).toString('hex'), this.ksMac),
       'hex'
     );
     let ccLength = cc.length;
@@ -329,10 +350,7 @@ export abstract class SecureMessagingWrapper implements APDUWrapper {
     inputStream.readFully(ciphertext);
     const paddedData = Array.from(
       Buffer.from(
-        cryptoUtils.decryptWith3DES(
-          Buffer.from(ciphertext).toString('hex'),
-          this.ksEnc
-        ),
+        this.decrypt(Buffer.from(ciphertext).toString('hex'), this.ksEnc),
         'hex'
       )
     );

package/src/Shared/EIDReader/smartcards/commandAPDU.ts CHANGED Viewed

@@ -18,7 +18,8 @@ export class CommandAPDU {
     ne?: number
   ) {
     this.nc = dataLength || 0;
-    this.ne = ne || 0;
+    // Java JMRTD uses -1 to mean "no Le field" (ne=0). Guard against negatives.
+    this.ne = ne == null || ne < 0 ? 0 : ne;
     this.apdu = this.buildAPDU(
       cla,
       ins,

package/src/Shared/EIDReader/tlv/tlv.helpers.ts CHANGED Viewed

@@ -88,7 +88,7 @@ export class TLVHelpers extends ASN1Constants {
   private static log(n: number, base: number): number {
     let result = 0;
     while (n > 0) {
-      n = n / base;
+      n = Math.floor(n / base);
       result++;
     }
     return result;

package/src/Shared/EIDReader/tlv/tlv.utils.ts CHANGED Viewed

@@ -6,7 +6,6 @@ import { Buffer } from 'buffer';
 import { TLVHelpers } from './tlv.helpers';
 class TLVUtil extends TLVHelpers {
   public static wrapDO(tag: number, data: number[]): Uint8Array {
     if (data == null) {
       throw new Error('Data to wrap is null');
@@ -49,7 +48,7 @@ class TLVUtil extends TLVHelpers {
       const actualTag = await tlvInputStream.readTag();
       if (actualTag !== expectedTag) {
         throw new Error(
-          `Expected tag ${expectedTag.toString(16)}, found tag ${actualTag.toString(16)}`
+          `Expected TLV tag 0x${expectedTag.toString(16)}, found 0x${actualTag.toString(16)} in data: ${Buffer.from(wrappedData.slice(0, 16)).toString('hex')}`
         );
       }
@@ -61,8 +60,13 @@ class TLVUtil extends TLVHelpers {
       }
       return result;
     } catch (ioe) {
-      // Never happens.
-      throw new Error('Error reading from stream');
+      // Re-throw original error with context rather than masking it
+      if (ioe instanceof Error && ioe.message.includes('Expected TLV tag')) {
+        throw ioe;
+      }
+      throw new Error(
+        `TLV unwrap error (expected tag 0x${expectedTag.toString(16)}): ${ioe instanceof Error ? ioe.message : String(ioe)}`
+      );
     } finally {
       try {
         tlvInputStream.close();
@@ -72,7 +76,6 @@ class TLVUtil extends TLVHelpers {
       }
     }
   }
 }
 export default TLVUtil;

package/src/Shared/EIDReader/utils/aesCrypto.utils.ts ADDED Viewed

@@ -0,0 +1,217 @@
+import CryptoJS from 'crypto-js';
+import { Buffer } from 'buffer';
+import 'react-native-get-random-values';
+/**
+ * AES cryptographic utilities for PACE protocol.
+ */
+/**
+ * Encrypt data using AES in CBC mode with zero IV.
+ */
+export const aesEncryptCBC = (
+  dataHex: string,
+  keyHex: string,
+  ivHex: string = '00000000000000000000000000000000'
+): string => {
+  const data = CryptoJS.enc.Hex.parse(dataHex);
+  const key = CryptoJS.enc.Hex.parse(keyHex);
+  const iv = CryptoJS.enc.Hex.parse(ivHex);
+  const encrypted = CryptoJS.AES.encrypt(data, key, {
+    mode: CryptoJS.mode.CBC,
+    padding: CryptoJS.pad.NoPadding,
+    iv,
+  });
+  return encrypted.ciphertext.toString(CryptoJS.enc.Hex);
+};
+/**
+ * Decrypt data using AES in CBC mode with zero IV.
+ */
+export const aesDecryptCBC = (
+  dataHex: string,
+  keyHex: string,
+  ivHex: string = '00000000000000000000000000000000'
+): string => {
+  const data = CryptoJS.enc.Hex.parse(dataHex);
+  const key = CryptoJS.enc.Hex.parse(keyHex);
+  const iv = CryptoJS.enc.Hex.parse(ivHex);
+  const cipherParams = CryptoJS.lib.CipherParams.create({
+    ciphertext: data,
+  });
+  const decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
+    mode: CryptoJS.mode.CBC,
+    padding: CryptoJS.pad.NoPadding,
+    iv,
+  });
+  return decrypted.toString(CryptoJS.enc.Hex);
+};
+/**
+ * Encrypt a single block with AES in ECB mode (for SSC encryption).
+ */
+export const aesEncryptECB = (dataHex: string, keyHex: string): string => {
+  const data = CryptoJS.enc.Hex.parse(dataHex);
+  const key = CryptoJS.enc.Hex.parse(keyHex);
+  const encrypted = CryptoJS.AES.encrypt(data, key, {
+    mode: CryptoJS.mode.ECB,
+    padding: CryptoJS.pad.NoPadding,
+  });
+  return encrypted.ciphertext.toString(CryptoJS.enc.Hex);
+};
+/**
+ * Compute AES CMAC (OMAC1) as defined in RFC 4493.
+ */
+export const aesCMAC = (dataHex: string, keyHex: string): string => {
+  const key = Buffer.from(keyHex, 'hex');
+  const data = Buffer.from(dataHex, 'hex');
+  const blockSize = 16;
+  // Step 1: Generate subkeys
+  const zeroBlock = '00000000000000000000000000000000';
+  const L = Buffer.from(aesEncryptECB(zeroBlock, keyHex), 'hex');
+  const K1 = generateSubkey(L);
+  const K2 = generateSubkey(K1);
+  // Step 2: Determine if we need to pad
+  const n = data.length === 0 ? 1 : Math.ceil(data.length / blockSize);
+  const lastBlockComplete = data.length > 0 && data.length % blockSize === 0;
+  // Step 3: Process last block
+  const lastBlock = Buffer.alloc(blockSize);
+  if (lastBlockComplete) {
+    const start = (n - 1) * blockSize;
+    for (let i = 0; i < blockSize; i++) {
+      lastBlock[i] = data[start + i] ^ K1[i];
+    }
+  } else {
+    // Pad with 10*
+    const start = (n - 1) * blockSize;
+    const remaining = data.length - start;
+    const padded = Buffer.alloc(blockSize);
+    for (let i = 0; i < remaining; i++) {
+      padded[i] = data[start + i];
+    }
+    padded[remaining] = 0x80;
+    for (let i = 0; i < blockSize; i++) {
+      lastBlock[i] = padded[i] ^ K2[i];
+    }
+  }
+  // Step 4: CBC-MAC
+  let X = Buffer.alloc(blockSize);
+  for (let i = 0; i < n - 1; i++) {
+    const block = data.subarray(i * blockSize, (i + 1) * blockSize);
+    const Y = Buffer.alloc(blockSize);
+    for (let j = 0; j < blockSize; j++) {
+      Y[j] = X[j] ^ block[j];
+    }
+    X = Buffer.from(aesEncryptECB(Y.toString('hex'), keyHex), 'hex');
+  }
+  // Process last block
+  const Y = Buffer.alloc(blockSize);
+  for (let j = 0; j < blockSize; j++) {
+    Y[j] = X[j] ^ lastBlock[j];
+  }
+  const T = aesEncryptECB(Y.toString('hex'), keyHex);
+  return T;
+};
+function generateSubkey(input: Buffer): Buffer {
+  const blockSize = 16;
+  const Rb = Buffer.alloc(blockSize);
+  Rb[blockSize - 1] = 0x87;
+  // Left shift by 1
+  const output = Buffer.alloc(blockSize);
+  const msb = (input[0] & 0x80) !== 0;
+  for (let i = 0; i < blockSize - 1; i++) {
+    output[i] = ((input[i] << 1) | (input[i + 1] >> 7)) & 0xff;
+  }
+  output[blockSize - 1] = (input[blockSize - 1] << 1) & 0xff;
+  if (msb) {
+    for (let i = 0; i < blockSize; i++) {
+      output[i] ^= Rb[i];
+    }
+  }
+  return output;
+}
+/**
+ * Derive AES key from shared secret using KDF as per TR-SAC.
+ *
+ * @param sharedSecretHex the shared secret bytes as hex
+ * @param cipherAlg 'AES' or 'DESede'
+ * @param keyLength 128, 192, or 256
+ * @param mode 1 = ENC, 2 = MAC, 3 = PACE
+ */
+export const deriveKey = (
+  sharedSecretHex: string,
+  cipherAlg: string,
+  keyLength: number,
+  mode: number
+): string => {
+  const input = sharedSecretHex + '000000' + mode.toString(16).padStart(2, '0');
+  let hash: string;
+  if (cipherAlg === 'AES' && keyLength > 128) {
+    // Use SHA-256 for AES-192 and AES-256
+    hash = CryptoJS.SHA256(CryptoJS.enc.Hex.parse(input)).toString(
+      CryptoJS.enc.Hex
+    );
+  } else {
+    // Use SHA-1 for DESede and AES-128
+    hash = CryptoJS.SHA1(CryptoJS.enc.Hex.parse(input)).toString(
+      CryptoJS.enc.Hex
+    );
+  }
+  if (cipherAlg === 'DESede') {
+    // 3DES: 24-byte key (K1 || K2 || K1)
+    const ka = hash.substring(0, 16);
+    const kb = hash.substring(16, 32);
+    return ka + kb + ka;
+  } else {
+    // AES: return first keyLength/8 bytes
+    const keyBytes = keyLength / 4; // hex chars = keyLength / 8 * 2
+    return hash.substring(0, keyBytes);
+  }
+};
+/**
+ * Pad data using ISO 9797-1 method 2 with given block size.
+ */
+export const padISO9797 = (data: Buffer, blockSize: number = 16): Buffer => {
+  const n = data.length;
+  const padLength = blockSize - (n % blockSize);
+  const out = Buffer.alloc(n + padLength);
+  data.copy(out);
+  out[n] = 0x80;
+  return out;
+};
+/**
+ * Unpad ISO 9797-1 method 2.
+ */
+export const unpadISO9797 = (data: Buffer): Buffer => {
+  let i = data.length - 1;
+  while (i >= 0 && data[i] === 0x00) {
+    i--;
+  }
+  if (i >= 0 && data[i] === 0x80) {
+    return data.subarray(0, i);
+  }
+  return data;
+};

package/src/Shared/Libs/SignalingClient.ts ADDED Viewed

@@ -0,0 +1,189 @@
+import EventSource, { type EventSourceListener } from 'react-native-sse';
+export type SignalingMessageType =
+  | 'offer'
+  | 'answer'
+  | 'ice-candidate'
+  | 'command';
+export interface SignalingMessage {
+  id?: string;
+  type: SignalingMessageType;
+  payload: any;
+  createdAt?: string;
+}
+export type SignalingEventHandler = (message: SignalingMessage) => void;
+export type SessionEndedHandler = (state: string) => void;
+export class SignalingClient {
+  private eventSource: EventSource | null = null;
+  private sessionId: string;
+  private baseUrl: string;
+  private onMessage: SignalingEventHandler;
+  private onConnected?: () => void;
+  private onDisconnected?: () => void;
+  private onSessionEnded?: SessionEndedHandler;
+  private identificationId?: string;
+  constructor(
+    baseUrl: string,
+    sessionId: string,
+    onMessage: SignalingEventHandler,
+    identificationId?: string,
+    onSessionEnded?: SessionEndedHandler
+  ) {
+    this.baseUrl = baseUrl;
+    this.sessionId = sessionId;
+    this.onMessage = onMessage;
+    this.identificationId = identificationId;
+    this.onSessionEnded = onSessionEnded;
+  }
+  public connect(): void {
+    if (this.eventSource) {
+      this.eventSource.close();
+    }
+    const urlParams = new URLSearchParams();
+    if (this.identificationId) {
+      urlParams.append('identificationId', this.identificationId);
+    }
+    const url = `${this.baseUrl}/api/app/mobile/video-sessions/${this.sessionId}/signaling/stream?${urlParams.toString()}`;
+    console.log('[SignalingClient] Connecting to SSE:', url);
+    this.eventSource = new EventSource(url, {
+      pollingInterval: 0, // 0 means default/no polling if SSE is real
+    });
+    const listener: EventSourceListener = (event) => {
+      if (event.type === 'open') {
+        console.log('[SignalingClient] Connected');
+        this.onConnected?.();
+      } else if (event.type === 'error') {
+        console.error(
+          '[SignalingClient] Connection error:',
+          JSON.stringify(event, null, 2)
+        );
+        this.onDisconnected?.();
+      } else if (event.type === 'message') {
+        try {
+          const data = JSON.parse(event.data || '{}');
+          if (
+            ['offer', 'answer', 'ice-candidate', 'command'].includes(data.type)
+          ) {
+            this.onMessage({
+              id: data.id,
+              type: data.type as SignalingMessageType,
+              payload: data.payload,
+              createdAt: data.createdAt,
+            });
+          }
+        } catch (e) {
+          console.error('[SignalingClient] Error parsing message:', e);
+        }
+      }
+    };
+    const customEventListener = (event: any) => {
+      try {
+        const data = JSON.parse(event.data || '{}');
+        const eventType = event.type;
+        if (
+          ['offer', 'answer', 'ice-candidate', 'command'].includes(eventType)
+        ) {
+          this.onMessage({
+            id: data.id,
+            type: eventType as SignalingMessageType,
+            payload: data.payload,
+            createdAt: data.createdAt,
+          });
+        }
+      } catch (e) {
+        console.error('[SignalingClient] Error parsing custom event:', e);
+      }
+    };
+    // Ping handler - server sends pings to keep connection alive
+    const pingListener = (event: any) => {
+      console.log('[SignalingClient] Received ping');
+      // Just acknowledge by doing nothing, server-side heartbeat keeps connection alive
+    };
+    // Session-ended event listener
+    const sessionEndedListener = (event: any) => {
+      try {
+        const data = JSON.parse(event.data || '{}');
+        console.log('[SignalingClient] Session ended:', data.state);
+        if (this.onSessionEnded) {
+          this.onSessionEnded(data.state);
+        }
+      } catch (e) {
+        console.error(
+          '[SignalingClient] Error parsing session-ended event:',
+          e
+        );
+      }
+    };
+    this.eventSource.addEventListener('open', listener);
+    this.eventSource.addEventListener('message', listener);
+    this.eventSource.addEventListener('error', listener);
+    this.eventSource.addEventListener('ping' as any, pingListener);
+    this.eventSource.addEventListener('offer' as any, customEventListener);
+    this.eventSource.addEventListener('answer' as any, customEventListener);
+    this.eventSource.addEventListener(
+      'ice-candidate' as any,
+      customEventListener
+    );
+    this.eventSource.addEventListener('command' as any, customEventListener);
+    this.eventSource.addEventListener(
+      'session-ended' as any,
+      sessionEndedListener
+    );
+  }
+  public async send(type: SignalingMessageType, payload: any): Promise<void> {
+    const urlParams = new URLSearchParams();
+    if (this.identificationId) {
+      urlParams.append('identificationId', this.identificationId);
+    }
+    const url = `${this.baseUrl}/api/app/mobile/video-sessions/${this.sessionId}/signaling?${urlParams.toString()}`;
+    try {
+      const body = {
+        type,
+        data: payload,
+      };
+      const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(body),
+      });
+      if (!response.ok) {
+        throw new Error(
+          `Failed to send signaling message: ${response.statusText}`
+        );
+      }
+    } catch (error) {
+      console.error('[SignalingClient] Error sending message:', error);
+      throw error;
+    }
+  }
+  public disconnect(): void {
+    if (this.eventSource) {
+      this.eventSource.removeAllEventListeners();
+      this.eventSource.close();
+      this.eventSource = null;
+      this.onDisconnected?.();
+    }
+  }
+}

package/src/Shared/Libs/analytics.utils.ts CHANGED Viewed

@@ -289,6 +289,14 @@ const STEP_EVENT_MAP: Record<
     started: AnalyticsEventName.LIVENESS_CHECK_STARTED,
     completed: AnalyticsEventName.LIVENESS_CHECK_COMPLETED,
   },
+  verbal_consent: {
+    started: AnalyticsEventName.VERBAL_CONSENT_VIDEO_STARTED,
+    completed: AnalyticsEventName.VERBAL_CONSENT_VIDEO_COMPLETED,
+  },
+  video_call: {
+    started: AnalyticsEventName.VIDEO_CALL_STARTED,
+    completed: AnalyticsEventName.VIDEO_CALL_COMPLETED,
+  },
 };
 function getStepEventName(

package/src/Shared/Libs/contains.ts CHANGED Viewed

@@ -4,56 +4,3 @@ export interface Rect {
   width: number;
   height: number;
 }
-interface Contains {
-  outside: Rect;
-  inside: Rect;
-}
-export function contains({ outside, inside }: Contains) {
-  const outsideMaxX = outside.minX + outside.width;
-  const insideMaxX = inside.minX + inside.width;
-  const outsideMaxY = outside.minY + outside.height;
-  const insideMaxY = inside.minY + inside.height;
-  if (inside.minX < outside.minX) {
-    return false;
-  }
-  if (insideMaxX > outsideMaxX) {
-    return false;
-  }
-  if (inside.minY < outside.minY) {
-    return false;
-  }
-  if (insideMaxY > outsideMaxY) {
-    return false;
-  }
-  return true;
-}
-export function contains2({ outside, inside }: Contains) {
-  const outsideMaxX = outside.minX + outside.width;
-  const insideMaxX = inside.minX + inside.width;
-  const outsideMaxY = outside.minY + outside.height;
-  const insideMaxY = inside.minY + inside.height;
-  const xIntersect = Math.max(
-    0,
-    Math.min(insideMaxX, outsideMaxX) - Math.max(inside.minX, outside.minX)
-  );
-  const yIntersect = Math.max(
-    0,
-    Math.min(insideMaxY, outsideMaxY) - Math.max(inside.minY, outside.minY)
-  );
-  const intersectArea = xIntersect * yIntersect;
-  const insideArea = inside.width * inside.height;
-  const outsideArea = outside.width * outside.height;
-  const unionArea = insideArea + outsideArea - intersectArea;
-  return unionArea === outsideArea;
-}