diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-01-12 15:20:03 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-01-12 15:20:03 +0100 |
commit | 99fe265a5fc077cb66c322e7f3d191ff7110aea0 (patch) | |
tree | c9e04ccfcc5496d2300d7c26db5833e494b4cdad /server/helpers/peertube-crypto.js | |
parent | fcc5f77b95d330bfcb439c172b7fcc58f3162e4d (diff) | |
parent | 91cc839af88730ba55f84997c56b85ea100070a7 (diff) | |
download | PeerTube-99fe265a5fc077cb66c322e7f3d191ff7110aea0.tar.gz PeerTube-99fe265a5fc077cb66c322e7f3d191ff7110aea0.tar.zst PeerTube-99fe265a5fc077cb66c322e7f3d191ff7110aea0.zip |
Merge branch 'postgresql'
Diffstat (limited to 'server/helpers/peertube-crypto.js')
-rw-r--r-- | server/helpers/peertube-crypto.js | 65 |
1 files changed, 43 insertions, 22 deletions
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js index 2e07df00e..0f1e02ad6 100644 --- a/server/helpers/peertube-crypto.js +++ b/server/helpers/peertube-crypto.js | |||
@@ -1,16 +1,13 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const bcrypt = require('bcrypt') | ||
4 | const crypto = require('crypto') | 3 | const crypto = require('crypto') |
4 | const bcrypt = require('bcrypt') | ||
5 | const fs = require('fs') | 5 | const fs = require('fs') |
6 | const openssl = require('openssl-wrapper') | 6 | const openssl = require('openssl-wrapper') |
7 | const ursa = require('ursa') | ||
8 | 7 | ||
9 | const constants = require('../initializers/constants') | 8 | const constants = require('../initializers/constants') |
10 | const logger = require('./logger') | 9 | const logger = require('./logger') |
11 | 10 | ||
12 | const algorithm = 'aes-256-ctr' | ||
13 | |||
14 | const peertubeCrypto = { | 11 | const peertubeCrypto = { |
15 | checkSignature, | 12 | checkSignature, |
16 | comparePassword, | 13 | comparePassword, |
@@ -19,12 +16,51 @@ const peertubeCrypto = { | |||
19 | sign | 16 | sign |
20 | } | 17 | } |
21 | 18 | ||
22 | function checkSignature (publicKey, rawData, hexSignature) { | 19 | function checkSignature (publicKey, data, hexSignature) { |
23 | const crt = ursa.createPublicKey(publicKey) | 20 | const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM) |
24 | const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex') | 21 | |
22 | let dataString | ||
23 | if (typeof data === 'string') { | ||
24 | dataString = data | ||
25 | } else { | ||
26 | try { | ||
27 | dataString = JSON.stringify(data) | ||
28 | } catch (err) { | ||
29 | logger.error('Cannot check signature.', { error: err }) | ||
30 | return false | ||
31 | } | ||
32 | } | ||
33 | |||
34 | verify.update(dataString, 'utf8') | ||
35 | |||
36 | const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING) | ||
25 | return isValid | 37 | return isValid |
26 | } | 38 | } |
27 | 39 | ||
40 | function sign (data) { | ||
41 | const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM) | ||
42 | |||
43 | let dataString | ||
44 | if (typeof data === 'string') { | ||
45 | dataString = data | ||
46 | } else { | ||
47 | try { | ||
48 | dataString = JSON.stringify(data) | ||
49 | } catch (err) { | ||
50 | logger.error('Cannot sign data.', { error: err }) | ||
51 | return '' | ||
52 | } | ||
53 | } | ||
54 | |||
55 | sign.update(dataString, 'utf8') | ||
56 | |||
57 | // TODO: make async | ||
58 | const myKey = fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem') | ||
59 | const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING) | ||
60 | |||
61 | return signature | ||
62 | } | ||
63 | |||
28 | function comparePassword (plainPassword, hashPassword, callback) { | 64 | function comparePassword (plainPassword, hashPassword, callback) { |
29 | bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { | 65 | bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { |
30 | if (err) return callback(err) | 66 | if (err) return callback(err) |
@@ -55,13 +91,6 @@ function cryptPassword (password, callback) { | |||
55 | }) | 91 | }) |
56 | } | 92 | } |
57 | 93 | ||
58 | function sign (data) { | ||
59 | const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem')) | ||
60 | const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex') | ||
61 | |||
62 | return signature | ||
63 | } | ||
64 | |||
65 | // --------------------------------------------------------------------------- | 94 | // --------------------------------------------------------------------------- |
66 | 95 | ||
67 | module.exports = peertubeCrypto | 96 | module.exports = peertubeCrypto |
@@ -113,11 +142,3 @@ function createCerts (callback) { | |||
113 | }) | 142 | }) |
114 | }) | 143 | }) |
115 | } | 144 | } |
116 | |||
117 | function generatePassword (callback) { | ||
118 | crypto.randomBytes(32, function (err, buf) { | ||
119 | if (err) return callback(err) | ||
120 | |||
121 | callback(null, buf.toString('utf8')) | ||
122 | }) | ||
123 | } | ||