server/helpers/peertube-crypto.js

   1 'use strict'
   2
   3 const crypto = require('crypto')
   4 const fs = require('fs')
   5 const openssl = require('openssl-wrapper')
   6 const ursa = require('ursa')
   7
   8 const constants = require('../initializers/constants')
   9 const logger = require('./logger')
  10
  11 const algorithm = 'aes-256-ctr'
  12
  13 const peertubeCrypto = {
  14   checkSignature: checkSignature,
  15   createCertsIfNotExist: createCertsIfNotExist,
  16   decrypt: decrypt,
  17   encrypt: encrypt,
  18   sign: sign
  19 }
  20
  21 function checkSignature (publicKey, rawData, hexSignature) {
  22   const crt = ursa.createPublicKey(publicKey)
  23   const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex')
  24   return isValid
  25 }
  26
  27 function createCertsIfNotExist (callback) {
  28   certsExist(function (exist) {
  29     if (exist === true) {
  30       return callback(null)
  31     }
  32
  33     createCerts(function (err) {
  34       return callback(err)
  35     })
  36   })
  37 }
  38
  39 function decrypt (key, data, callback) {
  40   fs.readFile(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (err, file) {
  41     if (err) return callback(err)
  42
  43     const myPrivateKey = ursa.createPrivateKey(file)
  44     const decryptedKey = myPrivateKey.decrypt(key, 'hex', 'utf8')
  45     const decryptedData = symetricDecrypt(data, decryptedKey)
  46
  47     return callback(null, decryptedData)
  48   })
  49 }
  50
  51 function encrypt (publicKey, data, callback) {
  52   const crt = ursa.createPublicKey(publicKey)
  53
  54   symetricEncrypt(data, function (err, dataEncrypted) {
  55     if (err) return callback(err)
  56
  57     const key = crt.encrypt(dataEncrypted.password, 'utf8', 'hex')
  58     const encrypted = {
  59       data: dataEncrypted.crypted,
  60       key: key
  61     }
  62
  63     callback(null, encrypted)
  64   })
  65 }
  66
  67 function sign (data) {
  68   const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
  69   const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
  70
  71   return signature
  72 }
  73
  74 // ---------------------------------------------------------------------------
  75
  76 module.exports = peertubeCrypto
  77
  78 // ---------------------------------------------------------------------------
  79
  80 function certsExist (callback) {
  81   fs.exists(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem', function (exists) {
  82     return callback(exists)
  83   })
  84 }
  85
  86 function createCerts (callback) {
  87   certsExist(function (exist) {
  88     if (exist === true) {
  89       const string = 'Certs already exist.'
  90       logger.warning(string)
  91       return callback(new Error(string))
  92     }
  93
  94     logger.info('Generating a RSA key...')
  95
  96     let options = {
  97       'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
  98       '2048': false
  99     }
 100     openssl.exec('genrsa', options, function (err) {
 101       if (err) {
 102         logger.error('Cannot create private key on this pod.')
 103         return callback(err)
 104       }
 105       logger.info('RSA key generated.')
 106
 107       options = {
 108         'in': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem',
 109         'pubout': true,
 110         'out': constants.CONFIG.STORAGE.CERT_DIR + 'peertube.pub'
 111       }
 112       logger.info('Manage public key...')
 113       openssl.exec('rsa', options, function (err) {
 114         if (err) {
 115           logger.error('Cannot create public key on this pod.')
 116           return callback(err)
 117         }
 118
 119         logger.info('Public key managed.')
 120         return callback(null)
 121       })
 122     })
 123   })
 124 }
 125
 126 function generatePassword (callback) {
 127   crypto.randomBytes(32, function (err, buf) {
 128     if (err) return callback(err)
 129
 130     callback(null, buf.toString('utf8'))
 131   })
 132 }
 133
 134 function symetricDecrypt (text, password) {
 135   const decipher = crypto.createDecipher(algorithm, password)
 136   let dec = decipher.update(text, 'hex', 'utf8')
 137   dec += decipher.final('utf8')
 138   return dec
 139 }
 140
 141 function symetricEncrypt (text, callback) {
 142   generatePassword(function (err, password) {
 143     if (err) return callback(err)
 144
 145     const cipher = crypto.createCipher(algorithm, password)
 146     let crypted = cipher.update(text, 'utf8', 'hex')
 147     crypted += cipher.final('hex')
 148     callback(null, { crypted: crypted, password: password })
 149   })
 150 }