]>
git.immae.eu Git - github/Chocobozzz/PeerTube.git/blob - server/helpers/peertube-crypto.js
3 const crypto
= require('crypto')
4 const fs
= require('fs')
5 const openssl
= require('openssl-wrapper')
6 const ursa
= require('ursa')
8 const constants
= require('../initializers/constants')
9 const logger
= require('./logger')
11 const algorithm
= 'aes-256-ctr'
13 const peertubeCrypto
= {
14 checkSignature: checkSignature
,
15 createCertsIfNotExist: createCertsIfNotExist
,
21 function checkSignature (publicKey
, rawData
, hexSignature
) {
22 const crt
= ursa
.createPublicKey(publicKey
)
23 const isValid
= crt
.hashAndVerify('sha256', new Buffer(rawData
).toString('hex'), hexSignature
, 'hex')
27 function createCertsIfNotExist (callback
) {
28 certsExist(function (exist
) {
33 createCerts(function (err
) {
39 function decrypt (key
, data
, callback
) {
40 fs
.readFile(constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem', function (err
, file
) {
41 if (err
) return callback(err
)
43 const myPrivateKey
= ursa
.createPrivateKey(file
)
44 const decryptedKey
= myPrivateKey
.decrypt(key
, 'hex', 'utf8')
45 const decryptedData
= symetricDecrypt(data
, decryptedKey
)
47 return callback(null, decryptedData
)
51 function encrypt (publicKey
, data
, callback
) {
52 const crt
= ursa
.createPublicKey(publicKey
)
54 symetricEncrypt(data
, function (err
, dataEncrypted
) {
55 if (err
) return callback(err
)
57 const key
= crt
.encrypt(dataEncrypted
.password
, 'utf8', 'hex')
59 data: dataEncrypted
.crypted
,
63 callback(null, encrypted
)
67 function sign (data
) {
68 const myKey
= ursa
.createPrivateKey(fs
.readFileSync(constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem'))
69 const signature
= myKey
.hashAndSign('sha256', data
, 'utf8', 'hex')
74 // ---------------------------------------------------------------------------
76 module
.exports
= peertubeCrypto
78 // ---------------------------------------------------------------------------
80 function certsExist (callback
) {
81 fs
.exists(constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem', function (exists
) {
82 return callback(exists
)
86 function createCerts (callback
) {
87 certsExist(function (exist
) {
89 const string
= 'Certs already exist.'
90 logger
.warning(string
)
91 return callback(new Error(string
))
94 logger
.info('Generating a RSA key...')
97 'out': constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem',
100 openssl
.exec('genrsa', options
, function (err
) {
102 logger
.error('Cannot create private key on this pod.')
105 logger
.info('RSA key generated.')
108 'in': constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.key.pem',
110 'out': constants
.CONFIG
.STORAGE
.CERT_DIR
+ 'peertube.pub'
112 logger
.info('Manage public key...')
113 openssl
.exec('rsa', options
, function (err
) {
115 logger
.error('Cannot create public key on this pod.')
119 logger
.info('Public key managed.')
120 return callback(null)
126 function generatePassword (callback
) {
127 crypto
.randomBytes(32, function (err
, buf
) {
128 if (err
) return callback(err
)
130 callback(null, buf
.toString('utf8'))
134 function symetricDecrypt (text
, password
) {
135 const decipher
= crypto
.createDecipher(algorithm
, password
)
136 let dec
= decipher
.update(text
, 'hex', 'utf8')
137 dec
+= decipher
.final('utf8')
141 function symetricEncrypt (text
, callback
) {
142 generatePassword(function (err
, password
) {
143 if (err
) return callback(err
)
145 const cipher
= crypto
.createCipher(algorithm
, password
)
146 let crypted
= cipher
.update(text
, 'utf8', 'hex')
147 crypted
+= cipher
.final('hex')
148 callback(null, { crypted: crypted
, password: password
})