server/helpers/peertube-crypto.ts

   1 import { compare, genSalt, hash } from 'bcrypt'
   2 import { createCipheriv, createDecipheriv, createSign, createVerify } from 'crypto'
   3 import { Request } from 'express'
   4 import { cloneDeep } from 'lodash'
   5 import { sha256 } from '@shared/extra-utils'
   6 import { BCRYPT_SALT_SIZE, ENCRYPTION, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants'
   7 import { MActor } from '../types/models'
   8 import { generateRSAKeyPairPromise, promisify1, promisify2, randomBytesPromise, scryptPromise } from './core-utils'
   9 import { jsonld } from './custom-jsonld-signature'
  10 import { logger } from './logger'
  11
  12 const bcryptComparePromise = promisify2<any, string, boolean>(compare)
  13 const bcryptGenSaltPromise = promisify1<number, string>(genSalt)
  14 const bcryptHashPromise = promisify2<any, string | number, string>(hash)
  15
  16 const httpSignature = require('@peertube/http-signature')
  17
  18 function createPrivateAndPublicKeys () {
  19   logger.info('Generating a RSA key...')
  20
  21   return generateRSAKeyPairPromise(PRIVATE_RSA_KEY_SIZE)
  22 }
  23
  24 // ---------------------------------------------------------------------------
  25 // User password checks
  26 // ---------------------------------------------------------------------------
  27
  28 function comparePassword (plainPassword: string, hashPassword: string) {
  29   if (!plainPassword) return Promise.resolve(false)
  30
  31   return bcryptComparePromise(plainPassword, hashPassword)
  32 }
  33
  34 async function cryptPassword (password: string) {
  35   const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
  36
  37   return bcryptHashPromise(password, salt)
  38 }
  39
  40 // ---------------------------------------------------------------------------
  41 // HTTP Signature
  42 // ---------------------------------------------------------------------------
  43
  44 function isHTTPSignatureDigestValid (rawBody: Buffer, req: Request): boolean {
  45   if (req.headers[HTTP_SIGNATURE.HEADER_NAME] && req.headers['digest']) {
  46     return buildDigest(rawBody.toString()) === req.headers['digest']
  47   }
  48
  49   return true
  50 }
  51
  52 function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): boolean {
  53   return httpSignature.verifySignature(httpSignatureParsed, actor.publicKey) === true
  54 }
  55
  56 function parseHTTPSignature (req: Request, clockSkew?: number) {
  57   const requiredHeaders = req.method === 'POST'
  58     ? [ '(request-target)', 'host', 'digest' ]
  59     : [ '(request-target)', 'host' ]
  60
  61   const parsed = httpSignature.parse(req, { clockSkew, headers: requiredHeaders })
  62
  63   const parsedHeaders = parsed.params.headers
  64   if (!parsedHeaders.includes('date') && !parsedHeaders.includes('(created)')) {
  65     throw new Error(`date or (created) must be included in signature`)
  66   }
  67
  68   return parsed
  69 }
  70
  71 // ---------------------------------------------------------------------------
  72 // JSONLD
  73 // ---------------------------------------------------------------------------
  74
  75 function isJsonLDSignatureVerified (fromActor: MActor, signedDocument: any): Promise<boolean> {
  76   if (signedDocument.signature.type === 'RsaSignature2017') {
  77     return isJsonLDRSA2017Verified(fromActor, signedDocument)
  78   }
  79
  80   logger.warn('Unknown JSON LD signature %s.', signedDocument.signature.type, signedDocument)
  81
  82   return Promise.resolve(false)
  83 }
  84
  85 // Backward compatibility with "other" implementations
  86 async function isJsonLDRSA2017Verified (fromActor: MActor, signedDocument: any) {
  87   const [ documentHash, optionsHash ] = await Promise.all([
  88     createDocWithoutSignatureHash(signedDocument),
  89     createSignatureHash(signedDocument.signature)
  90   ])
  91
  92   const toVerify = optionsHash + documentHash
  93
  94   const verify = createVerify('RSA-SHA256')
  95   verify.update(toVerify, 'utf8')
  96
  97   return verify.verify(fromActor.publicKey, signedDocument.signature.signatureValue, 'base64')
  98 }
  99
 100 async function signJsonLDObject <T> (byActor: MActor, data: T) {
 101   const signature = {
 102     type: 'RsaSignature2017',
 103     creator: byActor.url,
 104     created: new Date().toISOString()
 105   }
 106
 107   const [ documentHash, optionsHash ] = await Promise.all([
 108     createDocWithoutSignatureHash(data),
 109     createSignatureHash(signature)
 110   ])
 111
 112   const toSign = optionsHash + documentHash
 113
 114   const sign = createSign('RSA-SHA256')
 115   sign.update(toSign, 'utf8')
 116
 117   const signatureValue = sign.sign(byActor.privateKey, 'base64')
 118   Object.assign(signature, { signatureValue })
 119
 120   return Object.assign(data, { signature })
 121 }
 122
 123 // ---------------------------------------------------------------------------
 124
 125 function buildDigest (body: any) {
 126   const rawBody = typeof body === 'string' ? body : JSON.stringify(body)
 127
 128   return 'SHA-256=' + sha256(rawBody, 'base64')
 129 }
 130
 131 // ---------------------------------------------------------------------------
 132 // Encryption
 133 // ---------------------------------------------------------------------------
 134
 135 async function encrypt (str: string, secret: string) {
 136   const iv = await randomBytesPromise(ENCRYPTION.IV)
 137
 138   const key = await scryptPromise(secret, ENCRYPTION.SALT, 32)
 139   const cipher = createCipheriv(ENCRYPTION.ALGORITHM, key, iv)
 140
 141   let encrypted = iv.toString(ENCRYPTION.ENCODING) + ':'
 142   encrypted += cipher.update(str, 'utf8', ENCRYPTION.ENCODING)
 143   encrypted += cipher.final(ENCRYPTION.ENCODING)
 144
 145   return encrypted
 146 }
 147
 148 async function decrypt (encryptedArg: string, secret: string) {
 149   const [ ivStr, encryptedStr ] = encryptedArg.split(':')
 150
 151   const iv = Buffer.from(ivStr, 'hex')
 152   const key = await scryptPromise(secret, ENCRYPTION.SALT, 32)
 153
 154   const decipher = createDecipheriv(ENCRYPTION.ALGORITHM, key, iv)
 155
 156   return decipher.update(encryptedStr, ENCRYPTION.ENCODING, 'utf8') + decipher.final('utf8')
 157 }
 158
 159 // ---------------------------------------------------------------------------
 160
 161 export {
 162   isHTTPSignatureDigestValid,
 163   parseHTTPSignature,
 164   isHTTPSignatureVerified,
 165   buildDigest,
 166   isJsonLDSignatureVerified,
 167   comparePassword,
 168   createPrivateAndPublicKeys,
 169   cryptPassword,
 170   signJsonLDObject,
 171
 172   encrypt,
 173   decrypt
 174 }
 175
 176 // ---------------------------------------------------------------------------
 177
 178 function hashObject (obj: any): Promise<any> {
 179   return jsonld.promises.normalize(obj, {
 180     safe: false,
 181     algorithm: 'URDNA2015',
 182     format: 'application/n-quads'
 183   }).then(res => sha256(res))
 184 }
 185
 186 function createSignatureHash (signature: any) {
 187   const signatureCopy = cloneDeep(signature)
 188   Object.assign(signatureCopy, {
 189     '@context': [
 190       'https://w3id.org/security/v1',
 191       { RsaSignature2017: 'https://w3id.org/security#RsaSignature2017' }
 192     ]
 193   })
 194
 195   delete signatureCopy.type
 196   delete signatureCopy.id
 197   delete signatureCopy.signatureValue
 198
 199   return hashObject(signatureCopy)
 200 }
 201
 202 function createDocWithoutSignatureHash (doc: any) {
 203   const docWithoutSignature = cloneDeep(doc)
 204   delete docWithoutSignature.signature
 205
 206   return hashObject(docWithoutSignature)
 207 }