]>
git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/helpers/peertube-crypto.js
3 const config
= require('config')
4 const crypto
= require('crypto')
5 const fs
= require('fs')
6 const openssl
= require('openssl-wrapper')
7 const path
= require('path')
8 const ursa
= require('ursa')
10 const logger
= require('./logger')
12 const certDir
= path
.join(__dirname
, '..', '..', config
.get('storage.certs'))
13 const algorithm
= 'aes-256-ctr'
15 const peertubeCrypto
= {
16 checkSignature: checkSignature
,
17 createCertsIfNotExist: createCertsIfNotExist
,
20 getCertDir: getCertDir
,
24 function checkSignature (publicKey
, rawData
, hexSignature
) {
25 const crt
= ursa
.createPublicKey(publicKey
)
26 const isValid
= crt
.hashAndVerify('sha256', new Buffer(rawData
).toString('hex'), hexSignature
, 'hex')
30 function createCertsIfNotExist (callback
) {
31 certsExist(function (exist
) {
36 createCerts(function (err
) {
42 function decrypt (key
, data
, callback
) {
43 fs
.readFile(getCertDir() + 'peertube.key.pem', function (err
, file
) {
44 if (err
) return callback(err
)
46 const myPrivateKey
= ursa
.createPrivateKey(file
)
47 const decryptedKey
= myPrivateKey
.decrypt(key
, 'hex', 'utf8')
48 const decryptedData
= symetricDecrypt(data
, decryptedKey
)
50 return callback(null, decryptedData
)
54 function encrypt (publicKey
, data
, callback
) {
55 const crt
= ursa
.createPublicKey(publicKey
)
57 symetricEncrypt(data
, function (err
, dataEncrypted
) {
58 if (err
) return callback(err
)
60 const key
= crt
.encrypt(dataEncrypted
.password
, 'utf8', 'hex')
62 data: dataEncrypted
.crypted
,
66 callback(null, encrypted
)
70 function getCertDir () {
74 function sign (data
) {
75 const myKey
= ursa
.createPrivateKey(fs
.readFileSync(certDir
+ 'peertube.key.pem'))
76 const signature
= myKey
.hashAndSign('sha256', data
, 'utf8', 'hex')
81 // ---------------------------------------------------------------------------
83 module
.exports
= peertubeCrypto
85 // ---------------------------------------------------------------------------
87 function certsExist (callback
) {
88 fs
.exists(certDir
+ 'peertube.key.pem', function (exists
) {
89 return callback(exists
)
93 function createCerts (callback
) {
94 certsExist(function (exist
) {
96 const string
= 'Certs already exist.'
97 logger
.warning(string
)
98 return callback(new Error(string
))
101 logger
.info('Generating a RSA key...')
102 openssl
.exec('genrsa', { 'out': certDir
+ 'peertube.key.pem', '2048': false }, function (err
) {
104 logger
.error('Cannot create private key on this pod.')
107 logger
.info('RSA key generated.')
109 logger
.info('Manage public key...')
110 openssl
.exec('rsa', { 'in': certDir
+ 'peertube.key.pem', 'pubout': true, 'out': certDir
+ 'peertube.pub' }, function (err
) {
112 logger
.error('Cannot create public key on this pod.')
116 logger
.info('Public key managed.')
117 return callback(null)
123 function generatePassword (callback
) {
124 crypto
.randomBytes(32, function (err
, buf
) {
125 if (err
) return callback(err
)
127 callback(null, buf
.toString('utf8'))
131 function symetricDecrypt (text
, password
) {
132 const decipher
= crypto
.createDecipher(algorithm
, password
)
133 let dec
= decipher
.update(text
, 'hex', 'utf8')
134 dec
+= decipher
.final('utf8')
138 function symetricEncrypt (text
, callback
) {
139 generatePassword(function (err
, password
) {
140 if (err
) return callback(err
)
142 const cipher
= crypto
.createCipher(algorithm
, password
)
143 let crypted
= cipher
.update(text
, 'utf8', 'hex')
144 crypted
+= cipher
.final('hex')
145 callback(null, { crypted: crypted
, password: password
})