aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/helpers/peertube-crypto.ts
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-10-19 11:41:19 +0200
committerChocobozzz <me@florianbigard.com>2018-10-19 12:59:52 +0200
commitf7509cbec875ec4ee3201cce08839f2a02676c1c (patch)
tree5dbfcff41a175aa7d4b7d396ca90fe26049d0164 /server/helpers/peertube-crypto.ts
parent333210d862fdba4bb114b756d4f964789f480196 (diff)
downloadPeerTube-f7509cbec875ec4ee3201cce08839f2a02676c1c.tar.gz
PeerTube-f7509cbec875ec4ee3201cce08839f2a02676c1c.tar.zst
PeerTube-f7509cbec875ec4ee3201cce08839f2a02676c1c.zip
Add HTTP signature check before linked signature
It's faster, and will allow us to use RSA signature 2018 (with upstream jsonld-signature module) without too much incompatibilities in the peertube federation
Diffstat (limited to 'server/helpers/peertube-crypto.ts')
-rw-r--r--server/helpers/peertube-crypto.ts70
1 files changed, 47 insertions, 23 deletions
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 5c182961d..cb5f27240 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -1,9 +1,12 @@
1import { BCRYPT_SALT_SIZE, PRIVATE_RSA_KEY_SIZE } from '../initializers' 1import { Request } from 'express'
2import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers'
2import { ActorModel } from '../models/activitypub/actor' 3import { ActorModel } from '../models/activitypub/actor'
3import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils' 4import { bcryptComparePromise, bcryptGenSaltPromise, bcryptHashPromise, createPrivateKey, getPublicKey } from './core-utils'
4import { jsig } from './custom-jsonld-signature' 5import { jsig } from './custom-jsonld-signature'
5import { logger } from './logger' 6import { logger } from './logger'
6 7
8const httpSignature = require('http-signature')
9
7async function createPrivateAndPublicKeys () { 10async function createPrivateAndPublicKeys () {
8 logger.info('Generating a RSA key...') 11 logger.info('Generating a RSA key...')
9 12
@@ -13,18 +16,42 @@ async function createPrivateAndPublicKeys () {
13 return { privateKey: key, publicKey } 16 return { privateKey: key, publicKey }
14} 17}
15 18
16function isSignatureVerified (fromActor: ActorModel, signedDocument: object) { 19// User password checks
20
21function comparePassword (plainPassword: string, hashPassword: string) {
22 return bcryptComparePromise(plainPassword, hashPassword)
23}
24
25async function cryptPassword (password: string) {
26 const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
27
28 return bcryptHashPromise(password, salt)
29}
30
31// HTTP Signature
32
33function isHTTPSignatureVerified (httpSignatureParsed: any, actor: ActorModel) {
34 return httpSignature.verifySignature(httpSignatureParsed, actor.publicKey) === true
35}
36
37function parseHTTPSignature (req: Request) {
38 return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME })
39}
40
41// JSONLD
42
43function isJsonLDSignatureVerified (fromActor: ActorModel, signedDocument: any) {
17 const publicKeyObject = { 44 const publicKeyObject = {
18 '@context': jsig.SECURITY_CONTEXT_URL, 45 '@context': jsig.SECURITY_CONTEXT_URL,
19 '@id': fromActor.url, 46 id: fromActor.url,
20 '@type': 'CryptographicKey', 47 type: 'CryptographicKey',
21 owner: fromActor.url, 48 owner: fromActor.url,
22 publicKeyPem: fromActor.publicKey 49 publicKeyPem: fromActor.publicKey
23 } 50 }
24 51
25 const publicKeyOwnerObject = { 52 const publicKeyOwnerObject = {
26 '@context': jsig.SECURITY_CONTEXT_URL, 53 '@context': jsig.SECURITY_CONTEXT_URL,
27 '@id': fromActor.url, 54 id: fromActor.url,
28 publicKey: [ publicKeyObject ] 55 publicKey: [ publicKeyObject ]
29 } 56 }
30 57
@@ -33,14 +60,19 @@ function isSignatureVerified (fromActor: ActorModel, signedDocument: object) {
33 publicKeyOwner: publicKeyOwnerObject 60 publicKeyOwner: publicKeyOwnerObject
34 } 61 }
35 62
36 return jsig.promises.verify(signedDocument, options) 63 return jsig.promises
37 .catch(err => { 64 .verify(signedDocument, options)
38 logger.error('Cannot check signature.', { err }) 65 .then((result: { verified: boolean }) => {
39 return false 66 logger.info('coucou', result)
40 }) 67 return result.verified
68 })
69 .catch(err => {
70 logger.error('Cannot check signature.', { err })
71 return false
72 })
41} 73}
42 74
43function signObject (byActor: ActorModel, data: any) { 75function signJsonLDObject (byActor: ActorModel, data: any) {
44 const options = { 76 const options = {
45 privateKeyPem: byActor.privateKey, 77 privateKeyPem: byActor.privateKey,
46 creator: byActor.url, 78 creator: byActor.url,
@@ -50,22 +82,14 @@ function signObject (byActor: ActorModel, data: any) {
50 return jsig.promises.sign(data, options) 82 return jsig.promises.sign(data, options)
51} 83}
52 84
53function comparePassword (plainPassword: string, hashPassword: string) {
54 return bcryptComparePromise(plainPassword, hashPassword)
55}
56
57async function cryptPassword (password: string) {
58 const salt = await bcryptGenSaltPromise(BCRYPT_SALT_SIZE)
59
60 return bcryptHashPromise(password, salt)
61}
62
63// --------------------------------------------------------------------------- 85// ---------------------------------------------------------------------------
64 86
65export { 87export {
66 isSignatureVerified, 88 parseHTTPSignature,
89 isHTTPSignatureVerified,
90 isJsonLDSignatureVerified,
67 comparePassword, 91 comparePassword,
68 createPrivateAndPublicKeys, 92 createPrivateAndPublicKeys,
69 cryptPassword, 93 cryptPassword,
70 signObject 94 signJsonLDObject
71} 95}