expo-secure-store 12.7.0 β 12.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/android/build.gradle +2 -2
- package/android/src/main/java/expo/modules/securestore/SecureStoreModule.kt +1 -1
- package/android/src/main/java/expo/modules/securestore/encryptors/AESEncryptor.kt +1 -1
- package/android/src/main/java/expo/modules/securestore/encryptors/HybridAESEncryptor.kt +5 -2
- package/android/src/main/java/expo/modules/securestore/encryptors/KeyBasedEncryptor.kt +1 -1
- package/ios/SecureStoreModule.swift +54 -20
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -10,6 +10,17 @@
|
|
|
10
10
|
|
|
11
11
|
### π‘ Others
|
|
12
12
|
|
|
13
|
+
## 12.8.1 β 2023-12-19
|
|
14
|
+
|
|
15
|
+
_This version does not introduce any user-facing changes._
|
|
16
|
+
|
|
17
|
+
## 12.8.0 β 2023-12-12
|
|
18
|
+
|
|
19
|
+
### π New features
|
|
20
|
+
|
|
21
|
+
- [iOS] Added possibility to store values that require authentication and ones that don't under the same `keychainService`. ([#23841](https://github.com/expo/expo/pull/23841) by [@behenate](https://github.com/behenate))
|
|
22
|
+
- [iOS] Added synchronous functions for storing and retrieving values from the store. ([#23841](https://github.com/expo/expo/pull/23841) by [@behenate](https://github.com/behenate))
|
|
23
|
+
|
|
13
24
|
## 12.7.0 β 2023-11-14
|
|
14
25
|
|
|
15
26
|
### π Breaking changes
|
package/android/build.gradle
CHANGED
|
@@ -3,7 +3,7 @@ apply plugin: 'kotlin-android'
|
|
|
3
3
|
apply plugin: 'maven-publish'
|
|
4
4
|
|
|
5
5
|
group = 'host.exp.exponent'
|
|
6
|
-
version = '12.
|
|
6
|
+
version = '12.8.1'
|
|
7
7
|
|
|
8
8
|
def expoModulesCorePlugin = new File(project(":expo-modules-core").projectDir.absolutePath, "ExpoModulesCorePlugin.gradle")
|
|
9
9
|
if (expoModulesCorePlugin.exists()) {
|
|
@@ -94,7 +94,7 @@ android {
|
|
|
94
94
|
namespace "expo.modules.securestore"
|
|
95
95
|
defaultConfig {
|
|
96
96
|
versionCode 17
|
|
97
|
-
versionName '12.
|
|
97
|
+
versionName '12.8.1'
|
|
98
98
|
}
|
|
99
99
|
}
|
|
100
100
|
|
|
@@ -175,7 +175,7 @@ open class SecureStoreModule : Module() {
|
|
|
175
175
|
versions we store an asymmetric key pair and use hybrid encryption. We store the scheme we
|
|
176
176
|
use in the encrypted JSON item so that we know how to decode and decrypt it when reading
|
|
177
177
|
back a value.
|
|
178
|
-
|
|
178
|
+
*/
|
|
179
179
|
val secretKeyEntry: SecretKeyEntry = getKeyEntry(SecretKeyEntry::class.java, mAESEncryptor, options, options.requireAuthentication)
|
|
180
180
|
val encryptedItem = mAESEncryptor.createEncryptedItem(value, secretKeyEntry, options.requireAuthentication, options.authenticationPrompt, authenticationHelper)
|
|
181
181
|
encryptedItem.put(SCHEME_PROPERTY, AESEncryptor.NAME)
|
|
@@ -78,7 +78,7 @@ class AESEncryptor : KeyBasedEncryptor<KeyStore.SecretKeyEntry> {
|
|
|
78
78
|
keyStoreEntry: KeyStore.SecretKeyEntry,
|
|
79
79
|
requireAuthentication: Boolean,
|
|
80
80
|
authenticationPrompt: String,
|
|
81
|
-
authenticationHelper: AuthenticationHelper
|
|
81
|
+
authenticationHelper: AuthenticationHelper
|
|
82
82
|
): JSONObject {
|
|
83
83
|
val secretKey = keyStoreEntry.secretKey
|
|
84
84
|
val cipher = Cipher.getInstance(AES_CIPHER)
|
|
@@ -75,7 +75,8 @@ class HybridAESEncryptor(private var mContext: Context, private val mAESEncrypto
|
|
|
75
75
|
throw EncryptException(
|
|
76
76
|
"HybridAESEncryption should not be used on Android SDK >= 23. This shouldn't happen. " +
|
|
77
77
|
"If you see this message report an issue at https://github.com/expo/expo.",
|
|
78
|
-
"unknown",
|
|
78
|
+
"unknown",
|
|
79
|
+
"unknown"
|
|
79
80
|
)
|
|
80
81
|
}
|
|
81
82
|
|
|
@@ -94,7 +95,9 @@ class HybridAESEncryptor(private var mContext: Context, private val mAESEncrypto
|
|
|
94
95
|
cipher.init(Cipher.DECRYPT_MODE, keyStoreEntry.privateKey)
|
|
95
96
|
val secretKeyBytes = cipher.doFinal(encryptedSecretKeyBytes)
|
|
96
97
|
// constant value will be copied
|
|
97
|
-
|
|
98
|
+
|
|
99
|
+
@SuppressLint("InlinedApi")
|
|
100
|
+
val secretKey: SecretKey = SecretKeySpec(secretKeyBytes, KeyProperties.KEY_ALGORITHM_AES)
|
|
98
101
|
|
|
99
102
|
// Decrypt the value with the symmetric key
|
|
100
103
|
val secretKeyEntry = KeyStore.SecretKeyEntry(secretKey)
|
|
@@ -25,7 +25,7 @@ interface KeyBasedEncryptor<E : KeyStore.Entry> {
|
|
|
25
25
|
keyStoreEntry: E,
|
|
26
26
|
requireAuthentication: Boolean,
|
|
27
27
|
authenticationPrompt: String,
|
|
28
|
-
authenticationHelper: AuthenticationHelper
|
|
28
|
+
authenticationHelper: AuthenticationHelper
|
|
29
29
|
): JSONObject
|
|
30
30
|
|
|
31
31
|
@Throws(GeneralSecurityException::class, JSONException::class)
|
|
@@ -17,20 +17,22 @@ public final class SecureStoreModule: Module {
|
|
|
17
17
|
])
|
|
18
18
|
|
|
19
19
|
AsyncFunction("getValueWithKeyAsync") { (key: String, options: SecureStoreOptions) -> String? in
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
}
|
|
20
|
+
return try get(with: key, options: options)
|
|
21
|
+
}
|
|
23
22
|
|
|
24
|
-
|
|
23
|
+
Function("getValueWithKeySync") { (key: String, options: SecureStoreOptions) -> String? in
|
|
24
|
+
return try get(with: key, options: options)
|
|
25
|
+
}
|
|
25
26
|
|
|
26
|
-
|
|
27
|
-
|
|
27
|
+
AsyncFunction("setValueWithKeyAsync") { (value: String, key: String, options: SecureStoreOptions) -> Bool in
|
|
28
|
+
guard let key = validate(for: key) else {
|
|
29
|
+
throw InvalidKeyException()
|
|
28
30
|
}
|
|
29
31
|
|
|
30
|
-
return
|
|
32
|
+
return try set(value: value, with: key, options: options)
|
|
31
33
|
}
|
|
32
34
|
|
|
33
|
-
|
|
35
|
+
Function("setValueWithKeySync") {(value: String, key: String, options: SecureStoreOptions) -> Bool in
|
|
34
36
|
guard let key = validate(for: key) else {
|
|
35
37
|
throw InvalidKeyException()
|
|
36
38
|
}
|
|
@@ -39,33 +41,61 @@ public final class SecureStoreModule: Module {
|
|
|
39
41
|
}
|
|
40
42
|
|
|
41
43
|
AsyncFunction("deleteValueWithKeyAsync") { (key: String, options: SecureStoreOptions) in
|
|
42
|
-
let
|
|
43
|
-
|
|
44
|
+
let noAuthSearchDictionary = query(with: key, options: options, requireAuthentication: false)
|
|
45
|
+
let authSearchDictionary = query(with: key, options: options, requireAuthentication: true)
|
|
46
|
+
let legacySearchDictionary = query(with: key, options: options)
|
|
47
|
+
|
|
48
|
+
SecItemDelete(legacySearchDictionary as CFDictionary)
|
|
49
|
+
SecItemDelete(authSearchDictionary as CFDictionary)
|
|
50
|
+
SecItemDelete(noAuthSearchDictionary as CFDictionary)
|
|
44
51
|
}
|
|
45
52
|
}
|
|
46
53
|
|
|
54
|
+
private func get(with key: String, options: SecureStoreOptions) throws -> String? {
|
|
55
|
+
guard let key = validate(for: key) else {
|
|
56
|
+
throw InvalidKeyException()
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
if let unauthenticatedItem = try searchKeyChain(with: key, options: options, requireAuthentication: false) {
|
|
60
|
+
return String(data: unauthenticatedItem, encoding: .utf8)
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
if let authenticatedItem = try searchKeyChain(with: key, options: options, requireAuthentication: true) {
|
|
64
|
+
return String(data: authenticatedItem, encoding: .utf8)
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
if let legacyItem = try searchKeyChain(with: key, options: options) {
|
|
68
|
+
return String(data: legacyItem, encoding: .utf8)
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
return nil
|
|
72
|
+
}
|
|
73
|
+
|
|
47
74
|
private func set(value: String, with key: String, options: SecureStoreOptions) throws -> Bool {
|
|
48
|
-
var
|
|
75
|
+
var setItemQuery = query(with: key, options: options, requireAuthentication: options.requireAuthentication)
|
|
49
76
|
|
|
50
77
|
let valueData = value.data(using: .utf8)
|
|
51
|
-
|
|
78
|
+
setItemQuery[kSecValueData as String] = valueData
|
|
52
79
|
|
|
53
80
|
let accessibility = attributeWith(options: options)
|
|
54
81
|
|
|
55
82
|
if !options.requireAuthentication {
|
|
56
|
-
|
|
83
|
+
setItemQuery[kSecAttrAccessible as String] = accessibility
|
|
57
84
|
} else {
|
|
58
85
|
guard let _ = Bundle.main.infoDictionary?["NSFaceIDUsageDescription"] as? String else {
|
|
59
86
|
throw MissingPlistKeyException()
|
|
60
87
|
}
|
|
61
88
|
let accessOptions = SecAccessControlCreateWithFlags(kCFAllocatorDefault, accessibility, SecAccessControlCreateFlags.biometryCurrentSet, nil)
|
|
62
|
-
|
|
89
|
+
setItemQuery[kSecAttrAccessControl as String] = accessOptions
|
|
63
90
|
}
|
|
64
91
|
|
|
65
|
-
let status = SecItemAdd(
|
|
92
|
+
let status = SecItemAdd(setItemQuery as CFDictionary, nil)
|
|
66
93
|
|
|
67
94
|
switch status {
|
|
68
95
|
case errSecSuccess:
|
|
96
|
+
// On success we want to remove the other key alias and legacy key (if they exist) to avoid conflicts during reads
|
|
97
|
+
SecItemDelete(query(with: key, options: options) as CFDictionary)
|
|
98
|
+
SecItemDelete(query(with: key, options: options, requireAuthentication: !options.requireAuthentication) as CFDictionary)
|
|
69
99
|
return true
|
|
70
100
|
case errSecDuplicateItem:
|
|
71
101
|
return try update(value: value, with: key, options: options)
|
|
@@ -75,7 +105,7 @@ public final class SecureStoreModule: Module {
|
|
|
75
105
|
}
|
|
76
106
|
|
|
77
107
|
private func update(value: String, with key: String, options: SecureStoreOptions) throws -> Bool {
|
|
78
|
-
var query = query(with: key, options: options)
|
|
108
|
+
var query = query(with: key, options: options, requireAuthentication: options.requireAuthentication)
|
|
79
109
|
|
|
80
110
|
let valueData = value.data(using: .utf8)
|
|
81
111
|
let updateDictionary = [kSecValueData as String: valueData]
|
|
@@ -93,8 +123,8 @@ public final class SecureStoreModule: Module {
|
|
|
93
123
|
}
|
|
94
124
|
}
|
|
95
125
|
|
|
96
|
-
private func searchKeyChain(with key: String, options: SecureStoreOptions) throws -> Data? {
|
|
97
|
-
var query = query(with: key, options: options)
|
|
126
|
+
private func searchKeyChain(with key: String, options: SecureStoreOptions, requireAuthentication: Bool? = nil) throws -> Data? {
|
|
127
|
+
var query = query(with: key, options: options, requireAuthentication: requireAuthentication)
|
|
98
128
|
|
|
99
129
|
query[kSecMatchLimit as String] = kSecMatchLimitOne
|
|
100
130
|
query[kSecReturnData as String] = kCFBooleanTrue
|
|
@@ -119,8 +149,12 @@ public final class SecureStoreModule: Module {
|
|
|
119
149
|
}
|
|
120
150
|
}
|
|
121
151
|
|
|
122
|
-
private func query(with key: String, options: SecureStoreOptions) -> [String: Any] {
|
|
123
|
-
|
|
152
|
+
private func query(with key: String, options: SecureStoreOptions, requireAuthentication: Bool? = nil) -> [String: Any] {
|
|
153
|
+
var service = options.keychainService ?? "app"
|
|
154
|
+
if let requireAuthentication {
|
|
155
|
+
service.append(":\(requireAuthentication ? "auth" : "no-auth")")
|
|
156
|
+
}
|
|
157
|
+
|
|
124
158
|
let encodedKey = Data(key.utf8)
|
|
125
159
|
|
|
126
160
|
return [
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "expo-secure-store",
|
|
3
|
-
"version": "12.
|
|
3
|
+
"version": "12.8.1",
|
|
4
4
|
"description": "Provides a way to encrypt and securely store keyβvalue pairs locally on the device.",
|
|
5
5
|
"main": "build/SecureStore.js",
|
|
6
6
|
"types": "build/SecureStore.d.ts",
|
|
@@ -42,5 +42,5 @@
|
|
|
42
42
|
"peerDependencies": {
|
|
43
43
|
"expo": "*"
|
|
44
44
|
},
|
|
45
|
-
"gitHead": "
|
|
45
|
+
"gitHead": "43f1b4f8a5a9bca649e4e7ca6e4155482a162431"
|
|
46
46
|
}
|