[NEW] E2E Encryption push (Android) (#2481)
* poc push encryption android * eof * format code * react-native-simple-crypto update * prevent find sub twice * remove storage and use ejson storage * invalidate yarn cache * Bump crypto and fix db path * Fix google-services path Co-authored-by: Diego Mello <diegolmello@gmail.com>
This commit is contained in:
parent
8643f17fc0
commit
0195506549
|
@ -170,7 +170,7 @@ jobs:
|
|||
if [[ $KEYSTORE ]]; then
|
||||
echo $GOOGLE_SERVICES_ANDROID | base64 --decode > google-services.json
|
||||
fi
|
||||
working_directory: android/app
|
||||
working_directory: android/app/src/play
|
||||
|
||||
- run:
|
||||
name: Config variables
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package chat.rocket.reactnative;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import androidx.annotation.Nullable;
|
||||
|
||||
public class Callback {
|
||||
|
|
|
@ -14,12 +14,14 @@ import android.graphics.drawable.Icon;
|
|||
import android.os.Build;
|
||||
import android.os.Bundle;
|
||||
import android.app.Person;
|
||||
|
||||
import androidx.annotation.Nullable;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.bumptech.glide.Glide;
|
||||
import com.bumptech.glide.load.resource.bitmap.RoundedCorners;
|
||||
import com.bumptech.glide.request.RequestOptions;
|
||||
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import java.lang.InterruptedException;
|
||||
|
||||
|
@ -84,6 +86,15 @@ public class CustomPushNotification extends PushNotification {
|
|||
boolean hasSender = loadedEjson.sender != null;
|
||||
String title = bundle.getString("title");
|
||||
|
||||
// If it has a encrypted message
|
||||
if (loadedEjson.msg != null) {
|
||||
// Override message with the decrypted content
|
||||
String decrypted = Encryption.shared.decryptMessage(loadedEjson, reactApplicationContext);
|
||||
if (decrypted != null) {
|
||||
bundle.putString("message", decrypted);
|
||||
}
|
||||
}
|
||||
|
||||
bundle.putLong("time", new Date().getTime());
|
||||
bundle.putString("username", hasSender ? loadedEjson.sender.username : title);
|
||||
bundle.putString("senderId", hasSender ? loadedEjson.sender._id : "1");
|
||||
|
@ -279,9 +290,14 @@ public class CustomPushNotification extends PushNotification {
|
|||
} else {
|
||||
Bitmap avatar = getAvatar(avatarUri);
|
||||
|
||||
String name = username;
|
||||
if (ejson.senderName != null) {
|
||||
name = ejson.senderName;
|
||||
}
|
||||
|
||||
Person.Builder sender = new Person.Builder()
|
||||
.setKey(senderId)
|
||||
.setName(username);
|
||||
.setName(name);
|
||||
|
||||
if (avatar != null) {
|
||||
sender.setIcon(Icon.createWithBitmap(avatar));
|
||||
|
|
|
@ -31,6 +31,8 @@ public class Ejson {
|
|||
Sender sender;
|
||||
String messageId;
|
||||
String notificationType;
|
||||
String senderName;
|
||||
String msg;
|
||||
|
||||
private MMKV mmkv;
|
||||
|
||||
|
@ -82,6 +84,14 @@ public class Ejson {
|
|||
return "";
|
||||
}
|
||||
|
||||
public String privateKey() {
|
||||
String serverURL = serverURL();
|
||||
if (mmkv != null && serverURL != null) {
|
||||
return mmkv.decodeString(serverURL.concat("-RC_E2E_PRIVATE_KEY"));
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public String serverURL() {
|
||||
String url = this.host;
|
||||
if (url != null && url.endsWith("/")) {
|
||||
|
|
|
@ -0,0 +1,210 @@
|
|||
package chat.rocket.reactnative;
|
||||
|
||||
import android.util.Log;
|
||||
import android.util.Base64;
|
||||
import android.database.Cursor;
|
||||
|
||||
import com.pedrouid.crypto.RSA;
|
||||
import com.pedrouid.crypto.RCTAes;
|
||||
import com.pedrouid.crypto.RCTRsaUtils;
|
||||
import com.pedrouid.crypto.Util;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
|
||||
import com.facebook.react.bridge.Promise;
|
||||
import com.facebook.react.bridge.Arguments;
|
||||
import com.facebook.react.bridge.ReactMethod;
|
||||
import com.facebook.react.bridge.ReadableMap;
|
||||
import com.facebook.react.bridge.WritableMap;
|
||||
import com.facebook.react.bridge.ReactApplicationContext;
|
||||
import com.facebook.react.bridge.ReactContextBaseJavaModule;
|
||||
|
||||
import com.nozbe.watermelondb.Database;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.security.SecureRandom;
|
||||
|
||||
class Message {
|
||||
String _id;
|
||||
String userId;
|
||||
String text;
|
||||
|
||||
Message(String id, String userId, String text) {
|
||||
this._id = id;
|
||||
this.userId = userId;
|
||||
this.text = text;
|
||||
}
|
||||
}
|
||||
|
||||
class PrivateKey {
|
||||
String d;
|
||||
String dp;
|
||||
String dq;
|
||||
String e;
|
||||
String n;
|
||||
String p;
|
||||
String q;
|
||||
String qi;
|
||||
}
|
||||
|
||||
class RoomKey {
|
||||
String k;
|
||||
}
|
||||
|
||||
class Room {
|
||||
String e2eKey;
|
||||
Boolean encrypted;
|
||||
|
||||
Room(String e2eKey, Boolean encrypted) {
|
||||
this.e2eKey = e2eKey;
|
||||
this.encrypted = encrypted;
|
||||
}
|
||||
}
|
||||
|
||||
class Encryption {
|
||||
private Gson gson = new Gson();
|
||||
private String E2ERoomKey;
|
||||
private String keyId;
|
||||
|
||||
public static Encryption shared = new Encryption();
|
||||
private ReactApplicationContext reactContext;
|
||||
|
||||
public Room readRoom(final Ejson ejson) {
|
||||
Database database = new Database(ejson.serverURL().replace("https://", "") + "-experimental.db", reactContext);
|
||||
String[] query = {ejson.rid};
|
||||
Cursor cursor = database.rawQuery("select * from subscriptions where id == ? limit 1", query);
|
||||
|
||||
// Room not found
|
||||
if (cursor.getCount() == 0) {
|
||||
return null;
|
||||
}
|
||||
|
||||
cursor.moveToFirst();
|
||||
String e2eKey = cursor.getString(cursor.getColumnIndex("e2e_key"));
|
||||
Boolean encrypted = cursor.getInt(cursor.getColumnIndex("encrypted")) > 0;
|
||||
cursor.close();
|
||||
|
||||
return new Room(e2eKey, encrypted);
|
||||
}
|
||||
|
||||
public String readUserKey(final Ejson ejson) throws Exception {
|
||||
String privateKey = ejson.privateKey();
|
||||
if (privateKey == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
PrivateKey privKey = gson.fromJson(privateKey, PrivateKey.class);
|
||||
|
||||
WritableMap jwk = Arguments.createMap();
|
||||
jwk.putString("n", privKey.n);
|
||||
jwk.putString("e", privKey.e);
|
||||
jwk.putString("d", privKey.d);
|
||||
jwk.putString("p", privKey.p);
|
||||
jwk.putString("q", privKey.q);
|
||||
jwk.putString("dp", privKey.dp);
|
||||
jwk.putString("dq", privKey.dq);
|
||||
jwk.putString("qi", privKey.qi);
|
||||
|
||||
return new RCTRsaUtils().jwkToPrivatePkcs1(jwk);
|
||||
}
|
||||
|
||||
public String decryptRoomKey(final String e2eKey, final Ejson ejson) throws Exception {
|
||||
String key = e2eKey.substring(12, e2eKey.length());
|
||||
keyId = e2eKey.substring(0, 12);
|
||||
|
||||
String userKey = readUserKey(ejson);
|
||||
if (userKey == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
RSA rsa = new RSA();
|
||||
rsa.setPrivateKey(userKey);
|
||||
String decrypted = rsa.decrypt(key);
|
||||
|
||||
RoomKey roomKey = gson.fromJson(decrypted, RoomKey.class);
|
||||
byte[] decoded = Base64.decode(roomKey.k, Base64.NO_PADDING | Base64.NO_WRAP | Base64.URL_SAFE);
|
||||
|
||||
return Util.bytesToHex(decoded);
|
||||
}
|
||||
|
||||
public String decryptMessage(final Ejson ejson, final ReactApplicationContext reactContext) {
|
||||
try {
|
||||
this.reactContext = reactContext;
|
||||
|
||||
Room room = readRoom(ejson);
|
||||
if (room == null || room.e2eKey == null) {
|
||||
return null;
|
||||
}
|
||||
String e2eKey = decryptRoomKey(room.e2eKey, ejson);
|
||||
if (e2eKey == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
String message = ejson.msg;
|
||||
String msg = message.substring(12, message.length());
|
||||
byte[] msgData = Base64.decode(msg, Base64.NO_WRAP);
|
||||
|
||||
String b64 = Base64.encodeToString(Arrays.copyOfRange(msgData, 16, msgData.length), Base64.DEFAULT);
|
||||
|
||||
String decrypted = RCTAes.decrypt(b64, e2eKey, Util.bytesToHex(Arrays.copyOfRange(msgData, 0, 16)));
|
||||
byte[] data = Base64.decode(decrypted, Base64.NO_WRAP);
|
||||
Message m = gson.fromJson(new String(data, "UTF-8"), Message.class);
|
||||
|
||||
return m.text;
|
||||
} catch (Exception e) {
|
||||
Log.d("[ROCKETCHAT][ENCRYPTION]", Log.getStackTraceString(e));
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public String encryptMessage(final String message, final String id, final Ejson ejson) {
|
||||
try {
|
||||
Room room = readRoom(ejson);
|
||||
if (room == null || !room.encrypted || room.e2eKey == null) {
|
||||
return message;
|
||||
}
|
||||
|
||||
String e2eKey = decryptRoomKey(room.e2eKey, ejson);
|
||||
if (e2eKey == null) {
|
||||
return message;
|
||||
}
|
||||
|
||||
Message m = new Message(id, ejson.userId(), message);
|
||||
String cypher = gson.toJson(m);
|
||||
|
||||
SecureRandom random = new SecureRandom();
|
||||
byte[] bytes = new byte[16];
|
||||
random.nextBytes(bytes);
|
||||
|
||||
String encrypted = RCTAes.encrypt(Base64.encodeToString(cypher.getBytes("UTF-8"), Base64.NO_WRAP), e2eKey, Util.bytesToHex(bytes));
|
||||
byte[] data = Base64.decode(encrypted, Base64.NO_WRAP);
|
||||
|
||||
return keyId + Base64.encodeToString(concat(bytes, data), Base64.NO_WRAP);
|
||||
} catch (Exception e) {
|
||||
Log.d("[ROCKETCHAT][ENCRYPTION]", Log.getStackTraceString(e));
|
||||
}
|
||||
|
||||
return message;
|
||||
}
|
||||
|
||||
static byte[] concat(byte[]... arrays) {
|
||||
// Determine the length of the result array
|
||||
int totalLength = 0;
|
||||
for (int i = 0; i < arrays.length; i++) {
|
||||
totalLength += arrays[i].length;
|
||||
}
|
||||
|
||||
// create the result array
|
||||
byte[] result = new byte[totalLength];
|
||||
|
||||
// copy the source arrays into the result array
|
||||
int currentIndex = 0;
|
||||
for (int i = 0; i < arrays.length; i++) {
|
||||
System.arraycopy(arrays[i], 0, result, currentIndex, arrays[i].length);
|
||||
currentIndex += arrays[i].length;
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
|
@ -11,6 +11,7 @@ import okhttp3.Response;
|
|||
import okhttp3.Interceptor;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import com.facebook.react.bridge.ReactApplicationContext;
|
||||
|
|
|
@ -11,10 +11,12 @@ import android.content.res.Resources;
|
|||
import android.os.Build;
|
||||
import android.os.Bundle;
|
||||
import android.util.Log;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
|
@ -64,7 +66,7 @@ public class ReplyBroadcast extends BroadcastReceiver {
|
|||
final OkHttpClient client = new OkHttpClient();
|
||||
final MediaType JSON = MediaType.parse("application/json; charset=utf-8");
|
||||
|
||||
String json = buildMessage(rid, message.toString());
|
||||
String json = buildMessage(rid, message.toString(), ejson);
|
||||
|
||||
CustomPushNotification.clearMessages(notId);
|
||||
|
||||
|
@ -107,19 +109,26 @@ public class ReplyBroadcast extends BroadcastReceiver {
|
|||
return builder.toString();
|
||||
}
|
||||
|
||||
protected String buildMessage(String rid, String message) {
|
||||
protected String buildMessage(String rid, String message, Ejson ejson) {
|
||||
Gson gsonBuilder = new GsonBuilder().create();
|
||||
|
||||
String id = getMessageId();
|
||||
|
||||
String msg = Encryption.shared.encryptMessage(message, id, ejson);
|
||||
|
||||
Map msgMap = new HashMap();
|
||||
msgMap.put("_id", getMessageId());
|
||||
msgMap.put("_id", id);
|
||||
msgMap.put("rid", rid);
|
||||
msgMap.put("msg", message);
|
||||
msgMap.put("msg", msg);
|
||||
if (msg != message) {
|
||||
msgMap.put("t", "e2e");
|
||||
}
|
||||
msgMap.put("tmid", null);
|
||||
|
||||
Map msg = new HashMap();
|
||||
msg.put("message", msgMap);
|
||||
Map m = new HashMap();
|
||||
m.put("message", msgMap);
|
||||
|
||||
String json = gsonBuilder.toJson(msg);
|
||||
String json = gsonBuilder.toJson(m);
|
||||
|
||||
return json;
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
},
|
||||
"dependencies": {
|
||||
"@codler/react-native-keyboard-aware-scroll-view": "^1.0.1",
|
||||
"@nozbe/watermelondb": "^0.19.0",
|
||||
"@nozbe/watermelondb": "0.19.0",
|
||||
"@react-native-community/art": "^1.2.0",
|
||||
"@react-native-community/async-storage": "1.11.0",
|
||||
"@react-native-community/cameraroll": "4.0.0",
|
||||
|
@ -88,7 +88,7 @@
|
|||
"react-native-keycommands": "2.0.3",
|
||||
"react-native-localize": "1.4.0",
|
||||
"react-native-mime-types": "2.3.0",
|
||||
"react-native-mmkv-storage": "^0.3.5",
|
||||
"react-native-mmkv-storage": "0.3.5",
|
||||
"react-native-modal": "11.5.6",
|
||||
"react-native-navigation-bar-color": "2.0.1",
|
||||
"react-native-notifications": "2.1.7",
|
||||
|
|
|
@ -1,3 +1,25 @@
|
|||
diff --git a/node_modules/@nozbe/watermelondb/native/android/src/main/java/com/nozbe/watermelondb/Database.kt b/node_modules/@nozbe/watermelondb/native/android/src/main/java/com/nozbe/watermelondb/Database.kt
|
||||
index 2217222..5b2eb73 100644
|
||||
--- a/node_modules/@nozbe/watermelondb/native/android/src/main/java/com/nozbe/watermelondb/Database.kt
|
||||
+++ b/node_modules/@nozbe/watermelondb/native/android/src/main/java/com/nozbe/watermelondb/Database.kt
|
||||
@@ -5,7 +5,7 @@ import android.database.Cursor
|
||||
import android.database.sqlite.SQLiteDatabase
|
||||
import java.io.File
|
||||
|
||||
-class Database(private val name: String, private val context: Context) {
|
||||
+public class Database(private val name: String, private val context: Context) {
|
||||
|
||||
private val db: SQLiteDatabase by lazy {
|
||||
SQLiteDatabase.openOrCreateDatabase(
|
||||
@@ -41,7 +41,7 @@ class Database(private val name: String, private val context: Context) {
|
||||
|
||||
fun delete(query: SQL, args: QueryArgs) = db.execSQL(query, args)
|
||||
|
||||
- fun rawQuery(query: SQL, args: RawQueryArgs = emptyArray()): Cursor = db.rawQuery(query, args)
|
||||
+ public fun rawQuery(query: SQL, args: RawQueryArgs = emptyArray()): Cursor = db.rawQuery(query, args)
|
||||
|
||||
fun count(query: SQL, args: RawQueryArgs = emptyArray()): Int =
|
||||
rawQuery(query, args).use {
|
||||
diff --git a/node_modules/@nozbe/watermelondb/decorators/date/index.js b/node_modules/@nozbe/watermelondb/decorators/date/index.js
|
||||
index 65690af..ce71aa0 100644
|
||||
--- a/node_modules/@nozbe/watermelondb/decorators/date/index.js
|
||||
|
|
|
@ -1922,7 +1922,7 @@
|
|||
resolved "https://registry.yarnpkg.com/@nozbe/sqlite/-/sqlite-3.31.1.tgz#ffd394ad7c188c6b73f89fd6e1ccb849a1b96dba"
|
||||
integrity sha512-z5+GdcHZl9OQ1g0pnygORAnwCYUlYw/gQxdW/8rS0HxD2Gnn/k3DBQOvqQIH4Z3Z3KWVMbGUYhcH1v4SqTAdwg==
|
||||
|
||||
"@nozbe/watermelondb@^0.19.0":
|
||||
"@nozbe/watermelondb@0.19.0":
|
||||
version "0.19.0"
|
||||
resolved "https://registry.yarnpkg.com/@nozbe/watermelondb/-/watermelondb-0.19.0.tgz#70dae4bfca9dde8d61819a6092846e178a50e2f7"
|
||||
integrity sha512-x7sclLu/4RDmLzANIYQioKjWdmoIxgqYw7OJnS7UtWEtJGn28l5Z69SWojll/RM0X2KOEem0BIcjqM46CA53GA==
|
||||
|
@ -12848,7 +12848,7 @@ react-native-mime-types@2.3.0:
|
|||
dependencies:
|
||||
mime-db "~1.37.0"
|
||||
|
||||
react-native-mmkv-storage@^0.3.5:
|
||||
react-native-mmkv-storage@0.3.5:
|
||||
version "0.3.5"
|
||||
resolved "https://registry.yarnpkg.com/react-native-mmkv-storage/-/react-native-mmkv-storage-0.3.5.tgz#9c2f064c0efdaf960e9646c68dc6ae7f11640fa5"
|
||||
integrity sha512-xp0E55Qdi81k8CTeq3PUrXGwT2tMmfNfmYvZ7Emq9qWpvg3ko1/M6B1kXEXOgEou/hgqB503TGcsR/mpN5HSMA==
|
||||
|
@ -12958,8 +12958,8 @@ react-native-scrollable-tab-view@^1.0.0:
|
|||
react-timer-mixin "^0.13.3"
|
||||
|
||||
react-native-simple-crypto@RocketChat/react-native-simple-crypto:
|
||||
version "0.3.1"
|
||||
resolved "https://codeload.github.com/RocketChat/react-native-simple-crypto/tar.gz/b3deaf18e83cd4acc418fe65adb2d837164c2a20"
|
||||
version "0.4.0"
|
||||
resolved "https://codeload.github.com/RocketChat/react-native-simple-crypto/tar.gz/21d36ccc8c75771428239f9dcca19afe0c95e95f"
|
||||
dependencies:
|
||||
base64-js "^1.3.0"
|
||||
hex-lite "^1.5.0"
|
||||
|
|
Loading…
Reference in New Issue