search

signalapp / libsignal-protocol-javascript

This library is no longer maintained. libsignal-protocol-javascript was an implementation of the Signal Protocol, written in JavaScript. It has been replaced by libsignal-client’s typesafe TypeScript API.
https://signal.org
GNU General Public License v3.0
1.96k stars 310 forks source link

React Native support #7

Open tanx opened 8 years ago

tanx commented 8 years ago

Hey, I'm currently investigating using the library in a react native app. The JavaScriptCore runtime on iOS does not surface the WebCrypto apis though, so I'd have to create react native plugins that shim WebCrypto using native crypto primitives. I'm curious if you'd be open to accepting a PR that integrates this use case. Thanks

tanx commented 8 years ago

Using your ObjectiveC/Java libs for mobile would obviously also be an option, but since my business logic and UI are in JS, wrapping just the crypto primitives instead of the full protocol layer seems to make more sense.

rmhrisk commented 8 years ago

Neat. I have considered this, well, in part in that my hope was that I could add necessary algorithm support to - https://github.com/PeculiarVentures/node-webcrypto-liner which would enable building a signal implementation on it.

In native land, mabe https://github.com/PeculiarVentures/node-webcrypto-ossl could be of use?

tanx commented 8 years ago

From looking at crypto.js only a few apis would need to be shimmed:

  1. crypto.getRandomValues using react-native-randombytes
  2. AES-CBC
  3. HMAC-SHA-256
  4. SHA-512

Since 2-4 are already async that should be pretty strait forward. Only 1. is currently a sync api and would have to be refactored, as calls through the react native bridge are all async.

Wrapping a native cipher suite e.g. openssl could work, but perhaps using iOS and Android platform apis would be cleaner.

ohenepee commented 7 years ago

Any progress guys?

jjzazuet commented 7 years ago

Pinging back as well. I'm also trying to integrate with React Native. Thanks!

JoschaP commented 6 years ago

+1

tanx commented 6 years ago

It turns out there is already a way to surface the native webcrypto apis to JavaScriptCore using a bridge to the WebKit WebView https://github.com/saulshanabrook/react-native-webview-crypto

Perhaps give this a try and see if all api requirments are met.

jjzazuet commented 6 years ago

@tanx the last time I tried that, I only got as far as exposing the crypto.subtle object (and its corresponding methods) on iOS 11, since at the time (a couple months I think) Chrome on Android did not expose the WebCrypto API, thus getting undefined.

The way I did it was by proxying WebCrypto API calls to a hidden WebView, passing arguments through the React Native Javascript bridge using the postMessage function.

If this table is to be believed, both iOS and Android may now return implementation objects. Since this approach didn't work for me, I'm exploring the idea to replace the high level crypto calls with react-native-sodium instead.

Hope this helps.

kevlened commented 6 years ago

@jjzazuet Proxying calls to a WebView is clever! It definitely maximizes WebCrypto API compatibility.

As an alternative, mostly JS solution, I published isomorphic-webcrypto, which uses the Microsoft Research library for WebCrypto support in React Native. There are a few caveats for React Native:

1) It can't generate RSA keys or ECDSA with SHA-512 2) React Native doesn't expose a secure way to get entropy, so you'll have to wait for the crypto.ensureSecure callback to complete before calling crypto.getRandomValues() 3) I haven't tested the encryption flows, only the signing ones, so there may be issues I'm unaware of

This could be a place to start if someone wanted to build out a POC.

shouse commented 6 years ago

OK, think I might have found a way to support this (and a bunch of other cool stuff on RN) via NodeJS-Mobile. This runs node on a bg process on both Android and iOS via Chakra core. Seemingly supporting most / all node.

Thoughts?

quixote911 commented 5 years ago

create react native plugins that shim WebCrypto using native crypto primitives.

@tanx Did you get around to making that change? I'm in a similar position.

OmarBasem commented 4 years ago

Any progress or solution for this?

johnsBeharry commented 4 years ago

+1

rmhrisk commented 4 years ago

Two libraries we produced since this bug was opened: https://www.npmjs.com/package/2key-ratchet https://www.npmjs.com/package/@peculiar/webcrypto

Summary of how 2key-ratchet differs from the standard signal protocol is here https://github.com/PeculiarVentures/2key-ratchet/blob/master/DIFFERENCES.md

AidenRourke commented 3 years ago

I was able to get this thing working in React Native. This is what I did:

  1. Forked https://github.com/elsehow/signal-protocol/
  2. Changed node_pollyfills.js to use 
    
var crypto = require('isomorphic-webcrypto');

module.exports = { crypto: crypto, };

3.  Changed `crypto.js` to use

var crypto = require('./node_polyfills.js').crypto;


4. Changed `curve25519_concat.js` by removing all of the conditional environment set up and just having it use the web set up.

There were other miscellaneous changes I had to make but these were the most important ones. 
https://github.com/AidenRourke/signal-protocol