]>
git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/helpers/peertube-crypto.js
3 const bcrypt
= require('bcrypt')
4 const crypto
= require('crypto')
5 const fs
= require('fs')
6 const openssl
= require('openssl-wrapper')
7 const ursa
= require('ursa')
9 const constants
= require('../initializers/constants')
10 const logger
= require('./logger')
12 const algorithm
= 'aes-256-ctr'
14 const peertubeCrypto
= {
17 createCertsIfNotExist
,
24 function checkSignature (publicKey
, rawData
, hexSignature
) {
25 const crt
= ursa
.createPublicKey(publicKey
)
26 const isValid
= crt
.hashAndVerify('sha256', new Buffer(rawData
).toString('hex'), hexSignature
, 'hex')
30 function comparePassword (plainPassword
, hashPassword
, callback
) {
31 bcrypt
.compare(plainPassword
, hashPassword
, function (err
, isPasswordMatch
) {
32 if (err
) return callback(err
)
34 return callback(null, isPasswordMatch
)
38 function createCertsIfNotExist (callback
) {
39 certsExist(function (exist
) {
44 createCerts(function (err
) {
50 function cryptPassword (password
, callback
) {
51 bcrypt
.genSalt(constants
.BCRYPT_SALT_SIZE
, function (err
, salt
) {
52 if (err
) return callback(err
)
54 bcrypt
.hash(password
, salt
, function (err
, hash
) {
55 return callback(err
, hash
)
60 function decrypt (key
, data
, callback
) {
61 fs
.readFile(constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem', function (err
, file
) {
62 if (err
) return callback(err
)
64 const myPrivateKey
= ursa
.createPrivateKey(file
)
65 const decryptedKey
= myPrivateKey
.decrypt(key
, 'hex', 'utf8')
66 const decryptedData
= symetricDecrypt(data
, decryptedKey
)
68 return callback(null, decryptedData
)
72 function encrypt (publicKey
, data
, callback
) {
73 const crt
= ursa
.createPublicKey(publicKey
)
75 symetricEncrypt(data
, function (err
, dataEncrypted
) {
76 if (err
) return callback(err
)
78 const key
= crt
.encrypt(dataEncrypted
.password
, 'utf8', 'hex')
80 data: dataEncrypted
.crypted
,
84 callback(null, encrypted
)
88 function sign (data
) {
89 const myKey
= ursa
.createPrivateKey(fs
.readFileSync(constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem'))
90 const signature
= myKey
.hashAndSign('sha256', data
, 'utf8', 'hex')
95 // ---------------------------------------------------------------------------
97 module
.exports
= peertubeCrypto
99 // ---------------------------------------------------------------------------
101 function certsExist (callback
) {
102 fs
.exists(constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem', function (exists
) {
103 return callback(exists
)
107 function createCerts (callback
) {
108 certsExist(function (exist
) {
109 if (exist
=== true) {
110 const string
= 'Certs already exist.'
111 logger
.warning(string
)
112 return callback(new Error(string
))
115 logger
.info('Generating a RSA key...')
118 'out': constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem',
121 openssl
.exec('genrsa', options
, function (err
) {
123 logger
.error('Cannot create private key on this pod.')
126 logger
.info('RSA key generated.')
129 'in': constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem',
131 'out': constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.pub'
133 logger
.info('Manage public key...')
134 openssl
.exec('rsa', options
, function (err
) {
136 logger
.error('Cannot create public key on this pod.')
140 logger
.info('Public key managed.')
141 return callback(null)
147 function generatePassword (callback
) {
148 crypto
.randomBytes(32, function (err
, buf
) {
149 if (err
) return callback(err
)
151 callback(null, buf
.toString('utf8'))
155 function symetricDecrypt (text
, password
) {
156 const decipher
= crypto
.createDecipher(algorithm
, password
)
157 let dec
= decipher
.update(text
, 'hex', 'utf8')
158 dec
+= decipher
.final('utf8')
162 function symetricEncrypt (text
, callback
) {
163 generatePassword(function (err
, password
) {
164 if (err
) return callback(err
)
166 const cipher
= crypto
.createCipher(algorithm
, password
)
167 let crypted
= cipher
.update(text
, 'utf8', 'hex')
168 crypted
+= cipher
.final('hex')
169 callback(null, { crypted: crypted
, password: password
})