tradle · hanwencheng · Sep 3, 2019 · Oct 5, 2019
diff --git a/index.js b/index.js
@@ -3,8 +3,8 @@
 import { NativeModules, Platform } from 'react-native'
 import { Buffer } from 'buffer'
 import hasher from 'hash.js'
-const { RNECC } = NativeModules
-const preHash = RNECC.preHash !== false
+const { RNECC } = NativeModules;
+const preHash = RNECC.preHash && RNECC.preHash !== false
 const isAndroid = Platform.OS === 'android'
 const encoding = 'base64'
 const curves = {
@@ -34,7 +34,9 @@ module.exports = {
   verify,
   lookupKey,
   hasKey,
-  keyFromPublic
+  keyFromPublic,
+  encrypt,
+  decrypt
 }
 
 function setServiceID (id) {
@@ -140,6 +142,51 @@ function verify ({ pubKey, data, algorithm, sig }, cb) {
   RNECC.verify(normalizeOpts(opts), normalizeCallback(cb))
 }
 
+/**
+ * Decrypt a piece of cipher text
+ * @param pubKey {Buffer}  options.pubKey - pubKey corresponding to private key to decrypt the cipher text
+ * @param data   {Buffer}  options.data - cipher text to decrypt
+ * @param cb     {Function}       callback function
+ */
+function decrypt({pubKey, data}, cb) {
+  checkServiceID()
+  assert(Buffer.isBuffer(pubKey) || typeof pubKey === 'string')
+  assert(Buffer.isBuffer(data) || typeof data === 'string')
+
+  checkNotCompact(pubKey)
+
+  const opts = {
+    service: serviceID,
+    accessGroup: accessGroup,
+    pub: pubKey,
+    data,
+  }
+
+  assert(typeof cb === 'function')
+
+  RNECC.decrypt(normalizeOpts(opts), normalizeCallback(cb))
+}
+
+/**
+ * Encrypt a piece of cipher text
+ * @param pubKey {Buffer}  options.pubKey - pubKey key to encrypt the clear text
+ * @param data   {Buffer}  options.data - clear text to encrypt
+ * @param cb     {Function}       callback function
+ */
+function encrypt({pubKey, data}, cb) {
+  checkNotCompact(pubKey)
+
+  assert(Buffer.isBuffer(data) || typeof data === 'string')
+  assert(typeof pubKey === 'string' || Buffer.isBuffer(pubKey))
+  assert(typeof cb === 'function')
+
+  const opts = {
+    pub: pubKey,
+    data,
+  };
+  RNECC.encrypt(normalizeOpts(opts), normalizeCallback(cb));
+}
+
 function normalizeOpts (opts) {
   ;['data', 'hash', 'pub', 'sig'].forEach(prop => {
     if (opts[prop]) opts[prop] = toString(opts[prop])

diff --git a/ios/RNECC.h b/ios/RNECC.h
@@ -18,4 +18,6 @@
 - (NSString *) uuidString;
 - (NSData *)sign:(nonnull NSDictionary*)options errMsg:(NSString **) errMsg;
 - (BOOL) verify:(NSString *)base64pub hash:(NSData *)hash sig:(NSData *)sig errMsg:(NSString **)errMsg;
+- (NSData *)encrypt: (nonnull NSDictionary*)options errMsg:(NSString **) errMsg;
+- (NSData *)decrypt: (nonnull NSDictionary*)options errMsg:(NSString **) errMsg;
 @end
diff --git a/ios/RNECC.m b/ios/RNECC.m
@@ -73,10 +73,10 @@ - (NSString *) generateECPair:(nonnull NSDictionary*) options
 
   // Should be the secret invalidated when passcode is removed? If not then use `kSecAttrAccessibleWhenUnlocked`.
   sacObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
-                                              kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
-//                                              kSecAccessControlTouchIDAny | kSecAccessControlPrivateKeyUsage,
-//                                              kSecAccessControlUserPresence,
-                                              kNilOptions,
+                                              kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
+                                              kSecAccessControlUserPresence | kSecAccessControlPrivateKeyUsage,
+                                              //                                              kSecAccessControlTouchIDAny | kSecAccessControlPrivateKeyUsage,
+                                              //                                              kSecAccessControlUserPresence,
                                               &sacErr);
 
   if (sacErr) {
@@ -124,7 +124,7 @@ - (NSString *) generateECPair:(nonnull NSDictionary*) options
     [parameters setObject:accessGroup forKey:(__bridge id)kSecAttrAccessGroup];
   }
 
-  if (sizeInBits == @256 && !isSimulator && floor(NSFoundationVersionNumber) > NSFoundationVersionNumber_iOS_8_0) {
+  if ([sizeInBits isEqualToNumber: @256] && !isSimulator && floor(NSFoundationVersionNumber) > NSFoundationVersionNumber_iOS_8_0) {
     NSOperatingSystemVersion os = [[NSProcessInfo processInfo] operatingSystemVersion];
     if (os.majorVersion >= 9) {
       [parameters setObject:(__bridge id)kSecAttrTokenIDSecureEnclave forKey:(__bridge id)kSecAttrTokenID];
@@ -206,6 +206,125 @@ - (NSString *) generateECPair:(nonnull NSDictionary*) options
   });
 }
 
+RCT_EXPORT_METHOD(encrypt:(nonnull NSDictionary *)options
+                  callback:(RCTResponseSenderBlock)callback) {
+  dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
+    NSString* errMsg;
+    NSData* cipherText = [self encrypt:options errMsg:&errMsg];
+    if (!cipherText) {
+      callback(@[rneccMakeError(errMsg)]);
+      return;
+    }
+
+    NSString* base64cipherText = [cipherText base64EncodedStringWithOptions:0];
+    callback(@[[NSNull null], base64cipherText]);
+  });
+}
+
+-(NSData *)encrypt:(nonnull NSDictionary *)options
+             errMsg:(NSString **) errMsg {
+  NSString* base64pub = [options valueForKey:@"pub"];
+  NSString* base64data = [options valueForKey:@"data"];
+
+  SecKeyRef publicKey = [self getPublicKeyRef:base64pub];
+  if (!publicKey) {
+    *errMsg = @"can't find public key";
+    return nil;
+  }
+
+  NSData *data = [[NSData alloc] initWithBase64EncodedString:base64data options:0];
+
+  SecKeyAlgorithm algorithm = kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM;
+  BOOL canEncrypt = SecKeyIsAlgorithmSupported(publicKey,
+                                               kSecKeyOperationTypeEncrypt,
+                                               algorithm);
+  if(!canEncrypt) {
+    *errMsg = @"can't encrypt";
+    return nil;
+  }
+  BOOL isSizeCorrect = ([data length] < (SecKeyGetBlockSize(publicKey)-130));
+  if(! isSizeCorrect) {
+    *errMsg = @"size is not correct";
+    return nil;
+  }
+
+   NSData* cipherText = nil;
+   CFErrorRef error = NULL;
+
+   cipherText = (NSData*)CFBridgingRelease(      // ARC takes ownership
+                                           SecKeyCreateEncryptedData(publicKey,
+                                                                     algorithm,
+                                                                     (__bridge CFDataRef)data,
+                                                                     &error));
+
+    CFRelease(publicKey);
+   if (!cipherText) {
+     NSError *err = CFBridgingRelease(error);  // ARC takes ownership
+     *errMsg = [err description];
+     return nil;
+   }
+  return cipherText;
+}
+
+RCT_EXPORT_METHOD(decrypt:(nonnull NSDictionary *)options
+                  callback:(RCTResponseSenderBlock)callback) {
+dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
+  NSString* errMsg;
+  NSData* clearText = [self decrypt:options errMsg:&errMsg];
+    if (!clearText) {
+      callback(@[rneccMakeError(errMsg)]);
+      return;
+    }
+
+    NSString* base64clearText = [clearText base64EncodedStringWithOptions:0];
+    callback(@[[NSNull null], base64clearText]);
+  });
+}
+
+-(NSData *)decrypt: (nonnull NSDictionary*)options
+       errMsg:(NSString **) errMsg {
+
+   NSString* base64pub = [options valueForKey:@"pub"];
+   NSString* base64cipherText = [options valueForKey:@"data"];
+  SecKeyRef publicKey = [self getPublicKeyRef:base64pub];
+
+  OSStatus status;
+  NSData *cipherText = [[NSData alloc] initWithBase64EncodedString:base64cipherText options:0];
+
+  SecKeyRef privateKey = [self getPrivateKeyRef:options status:&status];
+  if (!privateKey) {
+    *errMsg = keychainStatusToString(status);
+    return nil;
+  }
+
+  BOOL canDecrypt = SecKeyIsAlgorithmSupported(privateKey,
+                                              kSecKeyOperationTypeDecrypt,
+                                               kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM);
+  if(!canDecrypt) {
+    *errMsg = @"can't encrypt";
+    return nil;
+  }
+
+  NSData* clearText = nil;
+
+  CFErrorRef error = NULL;
+  clearText = (NSData*)CFBridgingRelease(       // ARC takes ownership
+                                         SecKeyCreateDecryptedData(privateKey,
+                                                                   kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM,
+                                                                   (__bridge CFDataRef)cipherText,
+                                                                   &error));
+      CFRelease(privateKey);
+      CFRelease(publicKey);
+  if (!clearText) {
+    NSError *err = CFBridgingRelease(error);  // ARC takes ownership
+     *errMsg = [err description];
+    return nil;
+  }
+  return clearText;
+}
+
+
+
 RCT_EXPORT_METHOD(sign:(nonnull NSDictionary *)options
                   //                  withAuthenticationPrompt:(NSString *)prompt
                   callback:(RCTResponseSenderBlock)callback) {

diff --git a/package.json b/package.json
@@ -28,5 +28,8 @@
   "dependencies": {
     "buffer": "^4.9.1",
     "hash.js": "^1.0.3"
+  },
+  "devDependencies": {
+    "react-native": "^0.60.5"
   }
 }