PBKDF2: Always use base64 in native code

Author: cjthompson

android/src/main/java/com/pedrouid/crypto/RCTAes.java

@@ -96,24 +96,13 @@ public void randomKey(Integer length, Promise promise) {
             byte[] key = new byte[length];
             SecureRandom rand = new SecureRandom();
             rand.nextBytes(key);
-            String keyHex = bytesToHex(key);
+            String keyHex = Util.bytesToHex(key);
             promise.resolve(keyHex);
         } catch (Exception e) {
             promise.reject("-1", e.getMessage());
         }
     }
 
-    public static String bytesToHex(byte[] bytes) {
-        final char[] hexArray = "0123456789abcdef".toCharArray();
-        char[] hexChars = new char[bytes.length * 2];
-        for ( int j = 0; j < bytes.length; j++ ) {
-            int v = bytes[j] & 0xFF;
-            hexChars[j * 2] = hexArray[v >>> 4];
-            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
-        }
-        return new String(hexChars);
-    }
-
     final static IvParameterSpec emptyIvSpec = new IvParameterSpec(new byte[] {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00});
 
     private static String encrypt(String textBase64, String hexKey, String hexIv) throws Exception {

android/src/main/java/com/pedrouid/crypto/RCTHmac.java

@@ -69,23 +69,12 @@ public void hmac256(String data, String pwd, Promise promise) {
         }
     }
 
-    public static String bytesToHex(byte[] bytes) {
-        final char[] hexArray = "0123456789abcdef".toCharArray();
-        char[] hexChars = new char[bytes.length * 2];
-        for ( int j = 0; j < bytes.length; j++ ) {
-            int v = bytes[j] & 0xFF;
-            hexChars[j * 2] = hexArray[v >>> 4];
-            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
-        }
-        return new String(hexChars);
-    }
-
     private static String hmac256(String text, String key) throws NoSuchAlgorithmException, InvalidKeyException  {
         byte[] contentData = Hex.decode(text);
         byte[] akHexData = Hex.decode(key);
         Mac sha256_HMAC = Mac.getInstance(HMAC_SHA_256);
         SecretKey secret_key = new SecretKeySpec(akHexData, HMAC_SHA_256);
         sha256_HMAC.init(secret_key);
-        return bytesToHex(sha256_HMAC.doFinal(contentData));
+        return Util.bytesToHex(sha256_HMAC.doFinal(contentData));
     }
 }

android/src/main/java/com/pedrouid/crypto/RCTPbkdf2.java

@@ -1,50 +1,25 @@
 package com.pedrouid.crypto;
 
-import android.widget.Toast;
-
-import java.io.IOException;
-import java.security.SecureRandom;
-import java.util.HashMap;
-import java.util.Map;
-
-import java.util.UUID;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.InvalidKeySpecException;
-import java.security.InvalidKeyException;
-
-import java.nio.charset.StandardCharsets;
+import android.util.Base64;
 
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.Mac;
+import com.facebook.react.bridge.Promise;
+import com.facebook.react.bridge.ReactApplicationContext;
+import com.facebook.react.bridge.ReactContextBaseJavaModule;
+import com.facebook.react.bridge.ReactMethod;
 
 import org.spongycastle.crypto.ExtendedDigest;
+import org.spongycastle.crypto.PBEParametersGenerator;
 import org.spongycastle.crypto.digests.SHA1Digest;
 import org.spongycastle.crypto.digests.SHA224Digest;
 import org.spongycastle.crypto.digests.SHA256Digest;
 import org.spongycastle.crypto.digests.SHA384Digest;
-import org.spongycastle.crypto.digests.SHA384Digest;
 import org.spongycastle.crypto.digests.SHA512Digest;
 import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
-import org.spongycastle.crypto.PBEParametersGenerator;
 import org.spongycastle.crypto.params.KeyParameter;
-import org.spongycastle.util.encoders.Hex;
 
-import android.util.Base64;
-
-import com.facebook.react.bridge.NativeModule;
-import com.facebook.react.bridge.ReactApplicationContext;
-import com.facebook.react.bridge.Promise;
-import com.facebook.react.bridge.ReactContext;
-import com.facebook.react.bridge.ReactContextBaseJavaModule;
-import com.facebook.react.bridge.ReactMethod;
-import com.facebook.react.bridge.Callback;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.Map;
 
 public class RCTPbkdf2 extends ReactContextBaseJavaModule {
 
@@ -58,27 +33,18 @@ public String getName() {
     }
 
     @ReactMethod
-    public void hash(String pwd, String saltBase64, Integer iterations, Integer keyLen, String hash, Promise promise) {
+    public void hash(String pwdBase64, String saltBase64, Integer iterations, Integer keyLen, String hash, Promise promise) {
         try {
-            String strs = pbkdf2(pwd, saltBase64, iterations, keyLen, hash);
-            promise.resolve(strs);
+            byte[] pwdBytes = Base64.decode(pwdBase64, Base64.DEFAULT);
+            byte[] saltBytes = Base64.decode(saltBase64, Base64.DEFAULT);
+            byte[] digest = pbkdf2(pwdBytes, saltBytes, iterations, keyLen, hash);
+            promise.resolve(Base64.encodeToString(digest, Base64.NO_WRAP));
         } catch (Exception e) {
             promise.reject("-1", e.getMessage());
         }
     }
 
-    public static String bytesToHex(byte[] bytes) {
-        final char[] hexArray = "0123456789abcdef".toCharArray();
-        char[] hexChars = new char[bytes.length * 2];
-        for ( int j = 0; j < bytes.length; j++ ) {
-            int v = bytes[j] & 0xFF;
-            hexChars[j * 2] = hexArray[v >>> 4];
-            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
-        }
-        return new String(hexChars);
-    }
-
-    private static String pbkdf2(String pwd, String salt, Integer iterations, Integer keyLen, String hash) throws NoSuchAlgorithmException, InvalidKeySpecException {
+    private static byte[] pbkdf2(byte[] pwd, byte[] salt, Integer iterations, Integer keyLen, String hash) throws NullPointerException, NoSuchAlgorithmException {
         Map<String, ExtendedDigest> algMap = new HashMap<String, ExtendedDigest>();
         algMap.put("SHA1", new SHA1Digest());
         algMap.put("SHA224", new SHA224Digest());
@@ -87,10 +53,12 @@ private static String pbkdf2(String pwd, String salt, Integer iterations, Intege
         algMap.put("SHA512", new SHA512Digest());
         ExtendedDigest alg = algMap.get(hash);
 
+        if (alg == null) {
+            throw new NoSuchAlgorithmException("Specified hash algorithm is not supported");
+        }
+
         PBEParametersGenerator gen = new PKCS5S2ParametersGenerator(alg);
-        byte[] saltBytes = Base64.decode(salt, Base64.DEFAULT);
-        gen.init(pwd.getBytes(StandardCharsets.UTF_8), saltBytes, iterations);
-        byte[] key = ((KeyParameter) gen.generateDerivedParameters(keyLen * 8)).getKey();
-        return bytesToHex(key);
+        gen.init(pwd, salt, iterations);
+        return ((KeyParameter) gen.generateDerivedParameters(keyLen * 8)).getKey();
     }
 }

android/src/main/java/com/pedrouid/crypto/Util.java

@@ -0,0 +1,14 @@
+package com.pedrouid.crypto;
+
+class Util {
+    static String bytesToHex(byte[] bytes) {
+        final char[] hexArray = "0123456789abcdef".toCharArray();
+        char[] hexChars = new char[bytes.length * 2];
+        for ( int j = 0; j < bytes.length; j++ ) {
+            int v = bytes[j] & 0xFF;
+            hexChars[j * 2] = hexArray[v >>> 4];
+            hexChars[j * 2 + 1] = hexArray[v & 0x0F];
+        }
+        return new String(hexChars);
+    }
+}

index.d.ts

@@ -38,11 +38,11 @@ declare module "react-native-simple-crypto" {
 
   export namespace PBKDF2 {
     export function hash(
-      password: string,
-      salt: ArrayBuffer,
+      password: string | ArrayBuffer,
+      salt: string | ArrayBuffer,
       iterations: number,
       keyLen: number,
-      hash: "SHA1" | "SHA224" | "SHA256" | "SHA384" | "SHA512"
+      algorithm: "SHA1" | "SHA224" | "SHA256" | "SHA384" | "SHA512"
     ): Promise<ArrayBuffer>;
   }
 

index.js

@@ -111,16 +111,27 @@ const HMAC = {
 };
 
 const PBKDF2 = {
-  hash: async function (password, saltArrayBuffer, iterations, keyLength, hash) {
-    const saltBase64 = convertArrayBufferToBase64(saltArrayBuffer);
+  hash: async function (password, salt, iterations, keyLength, algorithm) {
+    let passwordToHash = password;
+    let saltToHash = salt;
+
+    if (typeof password === 'string') {
+      passwordToHash = convertUtf8ToArrayBuffer(password);
+    }
+
+    if (typeof salt === 'string') {
+      saltToHash = convertUtf8ToArrayBuffer(salt);
+    }
+
     const hashHex = await NativeModules.Pbkdf2.hash(
-      password,
-      saltBase64,
+      convertArrayBufferToBase64(passwordToHash),
+      convertArrayBufferToBase64(saltToHash),
       iterations,
       keyLength,
-      hash
+      algorithm
     );
-    return (convertHexToArrayBuffer(hashHex));
+
+    return convertBase64ToArrayBuffer(hashHex);
   }
 };
 

ios/RCTCrypto.xcodeproj/project.pbxproj

@@ -254,7 +254,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 9.0;
+				IPHONEOS_DEPLOYMENT_TARGET = 10.0;
 				MTL_ENABLE_DEBUG_INFO = YES;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = iphoneos;
@@ -300,7 +300,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 9.0;
+				IPHONEOS_DEPLOYMENT_TARGET = 10.0;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				SDKROOT = iphoneos;
 				VALIDATE_PRODUCT = YES;

ios/RCTCrypto/RCTPbkdf2.m

@@ -5,11 +5,15 @@ @implementation RCTPbkdf2
 
 RCT_EXPORT_MODULE()
 
-RCT_EXPORT_METHOD(hash:(NSString *)password saltBase64:(NSString *)saltBase64 iterations:(int)iterations keyLen:(int)keyLen hash:(NSString *)hash
+RCT_EXPORT_METHOD(hash:(NSString *)password
+                  salt:(NSString *)salt
+                  iterations:(int)iterations
+                  keyLen:(int)keyLen
+                  algorithm:(NSString *)algorithm
                   resolver:(RCTPromiseResolveBlock)resolve
                   rejecter:(RCTPromiseRejectBlock)reject) {
     NSError *error = nil;
-    NSString *data = [Pbkdf2 hash:password saltBase64:saltBase64 iterations:iterations keyLen:keyLen hash:hash];
+    NSString *data = [Pbkdf2 hash:password salt:salt iterations:iterations keyLen:keyLen algorithm:algorithm];
     if (data == nil) {
         reject(@"keygen_fail", @"Key generation failed", error);
     } else {

ios/RCTCrypto/lib/Pbkdf2.h

@@ -1,5 +1,5 @@
 #import <Foundation/Foundation.h>
 
 @interface Pbkdf2 : NSObject
-+ (NSString *) hash:(NSString *)password saltBase64: (NSString *)saltBase64 iterations: (int)iterations keyLen: (int)keyLen hash: (NSString *)hash;
++ (NSString *) hash:(NSString *)password salt: (NSString *)salt iterations: (int)iterations keyLen: (int)keyLen algorithm: (NSString *)algorithm;
 @end

ios/RCTCrypto/lib/Pbkdf2.m

@@ -7,10 +7,10 @@
 
 @implementation Pbkdf2
 
-+ (NSString *) hash:(NSString *)password saltBase64: (NSString *)saltBase64 iterations: (int)iterations keyLen: (int)keyLen hash: (NSString *)hash  {
++ (NSString *) hash:(NSString *)password salt: (NSString *)salt iterations: (int)iterations keyLen: (int)keyLen algorithm: (NSString *)algorithm  {
     // Data of String to generate Hash key(hexa decimal string).
-    NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding];
-    NSData *saltData = [[NSData alloc]initWithBase64EncodedString:saltBase64 options:0];
+    NSData *passwordData = [[NSData alloc]initWithBase64EncodedString:password options:0];
+    NSData *saltData = [[NSData alloc]initWithBase64EncodedString:salt options:0];
 
     // Hash key (hexa decimal) string data length.
     NSMutableData *hashKeyData = [NSMutableData dataWithLength:keyLen];
@@ -23,7 +23,7 @@ + (NSString *) hash:(NSString *)password saltBase64: (NSString *)saltBase64 iter
      @"SHA512" : [NSNumber numberWithInt:kCCPRFHmacAlgSHA512],
     };
 
-    int alg = [[algMap valueForKey:hash] intValue];
+    int alg = [[algMap valueForKey:algorithm] intValue];
 
     // Key Derivation using PBKDF2 algorithm.
     int status = CCKeyDerivationPBKDF(
@@ -42,7 +42,7 @@ + (NSString *) hash:(NSString *)password saltBase64: (NSString *)saltBase64 iter
         return @"";
     }
 
-    return [Shared toHex:hashKeyData];
+    return [hashKeyData base64EncodedStringWithOptions:0];
 }
 
 @end