feat(inji-214): [Dhivya|Tilak] use sdk hmac method to create hmac for vc key

machines/store.ts

@@ -21,7 +21,7 @@ import {
 import SecureKeystore from 'react-native-secure-keystore';
 import { Platform } from 'react-native';
 
-const ENCRYPTION_ID = 'c7c22a6c-9759-4605-ac88-46f4041d863d';
+export const ENCRYPTION_ID = 'c7c22a6c-9759-4605-ac88-46f4041d863d';
 const vcKeyRegExp = new RegExp(VC_ITEM_STORE_KEY_REGEX);
 
 const model = createModel(
@@ -595,14 +595,17 @@ export async function clear() {
   }
 }
 
-function encryptJson(encryptionKey: string, data: string): string {
+export function encryptJson(encryptionKey: string, data: string): string {
   if (isIOS()) {
     return CryptoJS.AES.encrypt(data, encryptionKey).toString();
   }
   return SecureKeystore.encryptData(ENCRYPTION_ID, data);
 }
 
-function decryptJson(encryptionKey: string, encryptedData: string): string {
+export function decryptJson(
+  encryptionKey: string,
+  encryptedData: string
+): string {
   try {
     if (isIOS()) {
       return CryptoJS.AES.decrypt(encryptedData, encryptionKey).toString(

package.json

@@ -76,6 +76,7 @@
     "react-native-safe-area-context": "3.3.2",
     "react-native-screens": "~3.10.1",
     "react-native-secure-key-store": "^2.0.10",
+    "react-native-secure-keystore": "file:.yalc/react-native-secure-keystore",
     "react-native-securerandom": "^1.0.0",
     "react-native-simple-markdown": "^1.1.0",
     "react-native-svg": "12.1.1",

shared/storage.ts

@@ -1,14 +1,14 @@
 import { MMKVLoader } from 'react-native-mmkv-storage';
-import { VC_ITEM_STORE_KEY_REGEX } from './constants';
+import { isIOS, VC_ITEM_STORE_KEY_REGEX } from './constants';
 import CryptoJS from 'crypto-js';
 import {
   DocumentDirectoryPath,
+  exists,
   mkdir,
   readFile,
+  stat,
   unlink,
   writeFile,
-  exists,
-  stat,
 } from 'react-native-fs';
 import getAllConfigurations from './commonprops/commonProps';
 import { Platform } from 'react-native';
@@ -16,11 +16,20 @@ import {
   getFreeDiskStorageOldSync,
   getFreeDiskStorageSync,
 } from 'react-native-device-info';
+import SecureKeystore from 'react-native-secure-keystore';
+import { decryptJson, ENCRYPTION_ID, encryptJson } from '../machines/store';
 
 const MMKV = new MMKVLoader().initialize();
 const vcKeyRegExp = new RegExp(VC_ITEM_STORE_KEY_REGEX);
 const vcDirectoryPath = `${DocumentDirectoryPath}/inji/VC`;
 
+function generateHmac(encryptionKey: string, data: string) {
+  if (isIOS()) {
+    return CryptoJS.HmacSHA256(encryptionKey, data).toString();
+  }
+  return SecureKeystore.encryptData(ENCRYPTION_ID, data);
+}
+
 class Storage {
   static isVCStorageInitialised = async (): Promise<boolean> => {
     try {
@@ -33,19 +42,15 @@ class Storage {
 
   static getItem = async (key: string, encryptionKey?: string) => {
     try {
-      if (vcKeyRegExp.exec(key)) {
-        const path = getFilePath(key);
-        const data = await readFile(path, 'utf8');
+      const isSavingVC = vcKeyRegExp.exec(key);
 
-        const encryptedHMACofCurrentVC = await MMKV.getItem(getVCKeyName(key));
-        const HMACofCurrentVC = CryptoJS.AES.decrypt(
-          encryptedHMACofCurrentVC,
-          encryptionKey
-        ).toString(CryptoJS.enc.Utf8);
+      if (isSavingVC) {
+        const data = await this.readVCFromFile(key);
+        const isCorrupted = await this.isCorruptedVC(key, encryptionKey, data);
 
-        const HMACofVC = CryptoJS.HmacSHA256(encryptionKey, data).toString();
-        return HMACofVC === HMACofCurrentVC ? data : null;
+        return isCorrupted ? null : data;
       }
+
       return await MMKV.getItem(key);
     } catch (error) {
       console.log('Error Occurred while retriving from Storage.', error);
@@ -53,24 +58,38 @@ class Storage {
     }
   };
 
+  private static async isCorruptedVC(
+    key: string,
+    encryptionKey: string,
+    data: string
+  ) {
+    const storedHMACofCurrentVC = await this.readHmacForVC(key, encryptionKey);
+    const HMACofVC = generateHmac(encryptionKey, data);
+    return HMACofVC !== storedHMACofCurrentVC;
+  }
+
+  private static async readHmacForVC(key: string, encryptionKey: string) {
+    const encryptedHMACofCurrentVC = await MMKV.getItem(getVCKeyName(key));
+    return decryptJson(encryptionKey, encryptedHMACofCurrentVC);
+  }
+
+  private static async readVCFromFile(key: string) {
+    const path = getFilePath(key);
+    return await readFile(path, 'utf8');
+  }
+
   static setItem = async (
     key: string,
     data: string,
     encryptionKey?: string
   ) => {
     try {
-      if (vcKeyRegExp.exec(key)) {
-        const HMACofVC = CryptoJS.HmacSHA256(encryptionKey, data).toString();
-        const encryptedHMACofVC = CryptoJS.AES.encrypt(
-          HMACofVC,
-          encryptionKey
-        ).toString();
-        await MMKV.setItem(getVCKeyName(key), encryptedHMACofVC);
-
-        await mkdir(vcDirectoryPath);
-        const path = getFilePath(key);
-        return await writeFile(path, data, 'utf8');
+      const isSavingVC = vcKeyRegExp.exec(key);
+      if (isSavingVC) {
+        await this.storeVcHmac(encryptionKey, data, key);
+        return await this.storeVC(key, data);
       }
+
       await MMKV.setItem(key, data);
     } catch (error) {
       console.log('Error Occurred while saving in Storage.', error);
@@ -78,6 +97,22 @@ class Storage {
     }
   };
 
+  private static async storeVC(key: string, data: string) {
+    await mkdir(vcDirectoryPath);
+    const path = getFilePath(key);
+    return await writeFile(path, data, 'utf8');
+  }
+
+  private static async storeVcHmac(
+    encryptionKey: string,
+    data: string,
+    key: string
+  ) {
+    const HMACofVC = generateHmac(encryptionKey, data);
+    const encryptedHMACofVC = encryptJson(encryptionKey, HMACofVC);
+    await MMKV.setItem(getVCKeyName(key), encryptedHMACofVC);
+  }
+
   static removeItem = async (key: string) => {
     if (vcKeyRegExp.exec(key)) {
       const path = getFilePath(key);