react-native-security-suite 0.1.2 → 0.3.0

package/LICENSE

@@ -1,7 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Mohammad Navabi
-
+Copyright (c) 2023 Mohammad Navabi
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights

package/README.md

@@ -1,9 +1,15 @@
 # react-native-security-suite
 
-Security suite for detection android root and ios jailbreak devices
+Security solutions for Android and iOS
+A native implementation encryption/decryption
+Root/Jailbreak detection
 
 ## Installation
 
+```sh
+yarn add react-native-security-suite
+```
+
 ```sh
 npm install react-native-security-suite
 ```
@@ -11,11 +17,42 @@ npm install react-native-security-suite
 ## Usage
 
 ```js
-import { deviceHasSecurityRisk } from 'react-native-security-suite';
+import {
+  getPublicKey,
+  getSharedKey,
+  encryptBySharedKey,
+  decryptBySharedKey,
+  encrypt,
+  decrypt,
+  deviceHasSecurityRisk,
+} from 'react-native-security-suite';
 
 // ...
+const publicKey = await getPublicKey();
+console.log('Public key: ', publicKey);
+/*
+ * Sending the publicKey to the server and receiving the SERVER_PUBLIC_KEY
+ * Using the SERVER_PUBLIC_KEY to generate sharedKey
+ */
+const sharedKey = await getSharedKey('SERVER_PUBLIC_KEY');
+console.log('Shared key: ', sharedKey);
+// Encrypt/Decrypt by sharedKey
+const hardEncrypted = await encryptBySharedKey('STR_FOR_ENCRYPT');
+console.log('Encrypted result: ', hardEncrypted);
+const hardDecrypted = await decryptBySharedKey('STR_FOR_DECRYPT');
+console.log('Decrypted result: ', hardDecrypted);
+
+// ------- OR --------
+
+// Soft Encrypt/Decrypt without sharedKey
+const softEncrypted = await encrypt('STR_FOR_ENCRYPT');
+console.log('Encrypted result: ', softEncrypted);
+const softDecrypted = await decrypt('STR_FOR_DECRYPT');
+console.log('Decrypted result: ', softDecrypted);
 
-const result = await deviceHasSecurityRisk();
+// Root/Jailbreak detection
+const isRiskyDevice = await deviceHasSecurityRisk();
+console.log('Root/Jailbreak detection result: ', isRiskyDevice);
 ```
 
 ## Contributing

package/android/build.gradle

@@ -1,60 +1,102 @@
 buildscript {
-    if (project == rootProject) {
-        repositories {
-            google()
-            mavenCentral()
-            jcenter()
-        }
-
-        dependencies {
-            classpath 'com.android.tools.build:gradle:3.5.3'
-        }
-    }
+  repositories {
+    google()
+    mavenCentral()
+  }
+
+  dependencies {
+    classpath "com.android.tools.build:gradle:7.2.1"
+  }
 }
 
-apply plugin: 'com.android.library'
+def isNewArchitectureEnabled() {
+  return rootProject.hasProperty("newArchEnabled") && rootProject.getProperty("newArchEnabled") == "true"
+}
+
+apply plugin: "com.android.library"
+
+
+def appProject = rootProject.allprojects.find { it.plugins.hasPlugin('com.android.application') }
 
-def safeExtGet(prop, fallback) {
-    rootProject.ext.has(prop) ? rootProject.ext.get(prop) : fallback
+if (isNewArchitectureEnabled()) {
+  apply plugin: "com.facebook.react"
 }
 
-android {
-    compileSdkVersion safeExtGet('SecuritySuite_compileSdkVersion', 31)
-    defaultConfig {
-        minSdkVersion safeExtGet('SecuritySuite_minSdkVersion', 21)
-        targetSdkVersion safeExtGet('SecuritySuite_targetSdkVersion', 31)
-        versionCode 1
-        versionName "1.0"
+def getExtOrDefault(name) {
+  return rootProject.ext.has(name) ? rootProject.ext.get(name) : project.properties["SecuritySuite_" + name]
+}
 
-    }
+def getExtOrIntegerDefault(name) {
+  return rootProject.ext.has(name) ? rootProject.ext.get(name) : (project.properties["SecuritySuite_" + name]).toInteger()
+}
 
-    buildTypes {
-        release {
-            minifyEnabled false
-        }
-    }
-    lintOptions {
-        disable 'GradleCompatible'
+def supportsNamespace() {
+  def parsed = com.android.Version.ANDROID_GRADLE_PLUGIN_VERSION.tokenize('.')
+  def major = parsed[0].toInteger()
+  def minor = parsed[1].toInteger()
+
+  // Namespace support was added in 7.3.0
+  if (major == 7 && minor >= 3) {
+    return true
+  }
+
+  return major >= 8
+}
+
+android {
+  if (supportsNamespace()) {
+    namespace "com.securitysuite"
+  } else {
+    sourceSets {
+      main {
+        manifest.srcFile "src/main/AndroidManifestDeprecated.xml"
+      }
     }
-    compileOptions {
-        sourceCompatibility JavaVersion.VERSION_1_8
-        targetCompatibility JavaVersion.VERSION_1_8
+  }
+
+  compileSdkVersion getExtOrIntegerDefault("compileSdkVersion")
+
+  defaultConfig {
+    minSdkVersion getExtOrIntegerDefault("minSdkVersion")
+    targetSdkVersion getExtOrIntegerDefault("targetSdkVersion")
+    buildConfigField "boolean", "IS_NEW_ARCHITECTURE_ENABLED", isNewArchitectureEnabled().toString()
+  }
+  buildTypes {
+    release {
+      minifyEnabled false
     }
+  }
+
+  lintOptions {
+    disable "GradleCompatible"
+  }
+
+  compileOptions {
+    sourceCompatibility JavaVersion.VERSION_1_8
+    targetCompatibility JavaVersion.VERSION_1_8
+  }
+
 }
 
 repositories {
-    mavenLocal()
-    maven {
-        // All of React Native (JS, Obj-C sources, Android binaries) is installed from npm
-        url("$rootDir/../node_modules/react-native/android")
-    }
-    google()
-    mavenCentral()
-    jcenter()
+  mavenCentral()
+  google()
+  jcenter()
 }
 
+
 dependencies {
-    //noinspection GradleDynamicVersion
-    implementation "com.facebook.react:react-native:+"  // From node_modules
-    implementation "com.scottyab:rootbeer-lib:0.1.0"
+  // For < 0.71, this will be from the local maven repo
+  // For > 0.71, this will be replaced by `com.facebook.react:react-android:$version` by react gradle plugin
+  //noinspection GradleDynamicVersion
+  implementation "com.facebook.react:react-native:+"
+  implementation "com.scottyab:rootbeer-lib:0.1.0"
+}
+
+if (isNewArchitectureEnabled()) {
+  react {
+    jsRootDir = file("../src/")
+    libraryName = "SecuritySuite"
+    codegenJavaPackageName = "com.securitysuite"
+  }
 }

package/android/gradle.properties

@@ -0,0 +1,5 @@
+SecuritySuite_kotlinVersion=1.7.0
+SecuritySuite_minSdkVersion=21
+SecuritySuite_targetSdkVersion=31
+SecuritySuite_compileSdkVersion=31
+SecuritySuite_ndkversion=21.4.7075529

package/android/src/main/AndroidManifest.xml

@@ -1,4 +1,2 @@
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
-          package="com.reactnativesecuritysuite">
-
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">
 </manifest>

package/android/src/main/AndroidManifestDeprecated.xml

@@ -0,0 +1,3 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+          package="com.securitysuite">
+</manifest>

package/android/src/main/java/com/securitysuite/SecuritySuiteModule.java

@@ -0,0 +1,202 @@
+package com.securitysuite;
+
+import com.facebook.react.bridge.Callback;
+import com.facebook.react.bridge.Promise;
+import com.facebook.react.bridge.ReactApplicationContext;
+import com.facebook.react.bridge.ReactContextBaseJavaModule;
+import com.facebook.react.bridge.ReactMethod;
+import com.facebook.react.module.annotations.ReactModule;
+import com.scottyab.rootbeer.RootBeer;
+
+import androidx.annotation.NonNull;
+
+import android.provider.Settings;
+import android.util.Base64;
+import android.util.Log;
+
+import java.nio.charset.Charset;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.X509EncodedKeySpec;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyAgreement;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+@ReactModule(name = SecuritySuiteModule.NAME)
+public class SecuritySuiteModule extends ReactContextBaseJavaModule {
+  public static final String NAME = "SecuritySuite";
+  private ReactApplicationContext context;
+
+  KeyPairGenerator kpg;
+  KeyPair kp;
+  PublicKey publicKey;
+  PublicKey serverPublicKey;
+  PrivateKey privateKey;
+  String sharedKey;
+  SecretKey secretKey;
+
+  public SecuritySuiteModule(ReactApplicationContext reactContext) {
+    super(reactContext);
+    context = reactContext;
+    generateKeyPair();
+  }
+
+  private void generateKeyPair() {
+    try {
+      kpg = KeyPairGenerator.getInstance("EC");
+      ECGenParameterSpec prime256v1ParamSpec = new ECGenParameterSpec("secp256r1");
+      kpg.initialize(prime256v1ParamSpec);
+      kp = kpg.genKeyPair();
+      publicKey = kp.getPublic();
+      privateKey = kp.getPrivate();
+    } catch (Exception e) {
+      Log.e("generateKeyPair Error: ", String.valueOf(e));
+    }
+  }
+
+  @ReactMethod
+  public void getPublicKey(Promise promise) {
+    String base64DEREncoded = Base64.encodeToString(publicKey.getEncoded(), Base64.DEFAULT);
+    promise.resolve(base64DEREncoded);
+  }
+
+  private static SecretKey agreeSecretKey(PrivateKey prk_self, PublicKey pbk_peer, boolean lastPhase) throws Exception {
+    SecretKey desSpec;
+    try {
+      KeyAgreement keyAgree = KeyAgreement.getInstance("ECDH");
+      keyAgree.init(prk_self);
+      keyAgree.doPhase(pbk_peer, true);
+      byte[] sec = keyAgree.generateSecret();
+      desSpec = new SecretKeySpec(sec, "AES");
+    } catch (NoSuchAlgorithmException e) {
+      throw new Exception();
+    } catch (InvalidKeyException e) {
+      throw new Exception();
+    }
+    return desSpec;
+  }
+
+  @ReactMethod
+  public void getSharedKey(String serverPK, Promise promise) {
+    try {
+      X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.decode(serverPK.getBytes(), Base64.DEFAULT));  // Change ASN1 to publicKey
+      KeyFactory keyFactory = KeyFactory.getInstance("EC");
+      serverPublicKey = keyFactory.generatePublic(keySpec);
+      secretKey = agreeSecretKey(kp.getPrivate(), serverPublicKey, true);
+      sharedKey = Base64.encodeToString(secretKey.getEncoded(), Base64.DEFAULT);
+      promise.resolve(sharedKey);
+    } catch (Exception e) {
+      Log.e("getSharedKey Error: ", String.valueOf(e));
+      promise.reject(String.valueOf(e));
+    }
+  }
+
+  @ReactMethod
+  public void encrypt(String input, Promise promise) {
+    try {
+      byte[] inputByte = input.getBytes();
+      Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+      byte[] decodedKey = Base64.decode(sharedKey, Base64.DEFAULT);
+      SecretKey secretKeySpec = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
+      cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
+      byte[] iv = cipher.getIV();
+      assert iv.length == 12;
+      byte[] cipherText = cipher.doFinal(inputByte);
+      if (cipherText.length != inputByte.length + 16)
+        throw new IllegalStateException();
+      byte[] output = new byte[12 + inputByte.length + 16];
+      System.arraycopy(iv, 0, output, 0, 12);
+      System.arraycopy(cipherText, 0, output, 12, cipherText.length);
+      promise.resolve(Base64.encodeToString(output, Base64.NO_WRAP));
+    } catch (Exception e) {
+      Log.e("encrypt Error: ", String.valueOf(e));
+      promise.reject(String.valueOf(e));
+    }
+  }
+
+  @ReactMethod
+  public void decrypt(String input, Promise promise) {
+    try {
+      byte[] inputBytes = Base64.decode(input.getBytes(), Base64.DEFAULT);
+      if (inputBytes.length < 12 + 16) throw new IllegalArgumentException();
+      Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+      GCMParameterSpec params = new GCMParameterSpec(128, inputBytes, 0, 12);
+      byte[] decodedKey = Base64.decode(sharedKey, Base64.DEFAULT);
+      SecretKey secretKeySpec = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
+      cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, params);
+      byte[] plaintext = cipher.doFinal(inputBytes, 12, inputBytes.length - 12);
+      String decrypted = new String(plaintext, Charset.forName("UTF-8"));
+      promise.resolve(decrypted);
+    } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | InvalidAlgorithmParameterException e) {
+      promise.reject(e);
+    }
+  }
+
+  @ReactMethod
+  public void getDeviceId(Callback callback) {
+    try {
+      String deviceId = getAndroidId();
+      callback.invoke(deviceId, null);
+    } catch (Exception e) {
+      callback.invoke(null, e);
+    }
+  }
+
+  @ReactMethod
+  public void storageEncrypt(String input, String secretKey, Boolean hardEncryption, Callback callback) {
+    try {
+      String key = getAndroidId();
+      if (secretKey != null) {
+        key = secretKey;
+      }
+      String encryptedMessage = StorageEncryption.encrypt(input, key, hardEncryption);
+      callback.invoke(encryptedMessage, null);
+    } catch (Exception e) {
+      callback.invoke(null, e);
+    }
+  }
+
+  @ReactMethod
+  public void storageDecrypt(String input, String secretKey, Boolean hardEncryption, Callback callback) {
+    try {
+      String key = getAndroidId();
+      if (secretKey != null) {
+        key = secretKey;
+      }
+      String decryptedMessage = StorageEncryption.decrypt(input, key);
+      callback.invoke(decryptedMessage, null);
+    } catch (Exception e) {
+      callback.invoke(null, e.getMessage());
+    }
+  }
+
+  private String getAndroidId() {
+    return Settings.Secure.getString(context.getContentResolver(),
+      Settings.Secure.ANDROID_ID);
+  }
+
+  @ReactMethod
+  public void deviceHasSecurityRisk(Promise promise) {
+    RootBeer rootBeer = new RootBeer(context);
+    promise.resolve(rootBeer.isRooted());
+  }
+
+  @Override
+  @NonNull
+  public String getName() {
+    return NAME;
+  }
+}

package/android/src/main/java/com/securitysuite/SecuritySuitePackage.java

@@ -0,0 +1,28 @@
+package com.securitysuite;
+
+import androidx.annotation.NonNull;
+
+import com.facebook.react.ReactPackage;
+import com.facebook.react.bridge.NativeModule;
+import com.facebook.react.bridge.ReactApplicationContext;
+import com.facebook.react.uimanager.ViewManager;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class SecuritySuitePackage implements ReactPackage {
+  @NonNull
+  @Override
+  public List<NativeModule> createNativeModules(@NonNull ReactApplicationContext reactContext) {
+    List<NativeModule> modules = new ArrayList<>();
+    modules.add(new SecuritySuiteModule(reactContext));
+    return modules;
+  }
+
+  @NonNull
+  @Override
+  public List<ViewManager> createViewManagers(@NonNull ReactApplicationContext reactContext) {
+    return Collections.emptyList();
+  }
+}

package/android/src/main/java/com/securitysuite/StorageEncryption.java

@@ -0,0 +1,52 @@
+package com.securitysuite;
+
+import android.util.Base64;
+
+import java.security.SecureRandom;
+import java.util.Arrays;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+public class StorageEncryption {
+
+  public static String encrypt(String input, String encryptionKey, Boolean hardEncryption) {
+    try {
+      byte[] iv = new byte[16];
+      if (hardEncryption) {
+        new SecureRandom().nextBytes(iv);
+      }
+
+      Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+      cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptionKey.getBytes("utf-8"), "AES"), new IvParameterSpec(iv));
+      byte[] cipherText = cipher.doFinal(input.getBytes("utf-8"));
+      byte[] ivAndCipherText = getCombinedArray(iv, cipherText);
+      return Base64.encodeToString(ivAndCipherText, Base64.NO_WRAP);
+    } catch (Exception e) {
+      return null;
+    }
+  }
+
+  public static String decrypt(String encoded, String encryptionKey) {
+    try {
+      byte[] ivAndCipherText = Base64.decode(encoded, Base64.NO_WRAP);
+      byte[] iv = Arrays.copyOfRange(ivAndCipherText, 0, 16);
+      byte[] cipherText = Arrays.copyOfRange(ivAndCipherText, 16, ivAndCipherText.length);
+
+      Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+      cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(encryptionKey.getBytes("utf-8"), "AES"), new IvParameterSpec(iv));
+      return new String(cipher.doFinal(cipherText), "utf-8");
+    } catch (Exception e) {
+      return null;
+    }
+  }
+
+  private static byte[] getCombinedArray(byte[] one, byte[] two) {
+    byte[] combined = new byte[one.length + two.length];
+    for (int i = 0; i < combined.length; ++i) {
+      combined[i] = i < one.length ? one[i] : two[i - one.length];
+    }
+    return combined;
+  }
+}