aboutsummaryrefslogtreecommitdiffhomepage
path: root/helpers/peertubeCrypto.js
diff options
context:
space:
mode:
Diffstat (limited to 'helpers/peertubeCrypto.js')
-rw-r--r--helpers/peertubeCrypto.js252
1 files changed, 125 insertions, 127 deletions
diff --git a/helpers/peertubeCrypto.js b/helpers/peertubeCrypto.js
index 9031f6ae5..29b9d79c9 100644
--- a/helpers/peertubeCrypto.js
+++ b/helpers/peertubeCrypto.js
@@ -1,149 +1,147 @@
1;(function () { 1'use strict'
2 'use strict' 2
3 3var config = require('config')
4 var config = require('config') 4var crypto = require('crypto')
5 var crypto = require('crypto') 5var fs = require('fs')
6 var fs = require('fs') 6var openssl = require('openssl-wrapper')
7 var openssl = require('openssl-wrapper') 7var path = require('path')
8 var path = require('path') 8var ursa = require('ursa')
9 var ursa = require('ursa') 9
10 10var logger = require('./logger')
11 var logger = require('./logger') 11
12 12var certDir = path.join(__dirname, '..', config.get('storage.certs'))
13 var certDir = path.join(__dirname, '..', config.get('storage.certs')) 13var algorithm = 'aes-256-ctr'
14 var algorithm = 'aes-256-ctr' 14
15 15var peertubeCrypto = {
16 var peertubeCrypto = { 16 checkSignature: checkSignature,
17 checkSignature: checkSignature, 17 createCertsIfNotExist: createCertsIfNotExist,
18 createCertsIfNotExist: createCertsIfNotExist, 18 decrypt: decrypt,
19 decrypt: decrypt, 19 encrypt: encrypt,
20 encrypt: encrypt, 20 getCertDir: getCertDir,
21 getCertDir: getCertDir, 21 sign: sign
22 sign: sign 22}
23 } 23
24 24function checkSignature (public_key, raw_data, hex_signature) {
25 function checkSignature (public_key, raw_data, hex_signature) { 25 var crt = ursa.createPublicKey(public_key)
26 var crt = ursa.createPublicKey(public_key) 26 var is_valid = crt.hashAndVerify('sha256', new Buffer(raw_data).toString('hex'), hex_signature, 'hex')
27 var is_valid = crt.hashAndVerify('sha256', new Buffer(raw_data).toString('hex'), hex_signature, 'hex') 27 return is_valid
28 return is_valid 28}
29 } 29
30 30function createCertsIfNotExist (callback) {
31 function createCertsIfNotExist (callback) { 31 certsExist(function (exist) {
32 certsExist(function (exist) { 32 if (exist === true) {
33 if (exist === true) { 33 return callback(null)
34 return callback(null) 34 }
35 } 35
36 36 createCerts(function (err) {
37 createCerts(function (err) { 37 return callback(err)
38 return callback(err)
39 })
40 }) 38 })
41 } 39 })
40}
42 41
43 function decrypt (key, data, callback) { 42function decrypt (key, data, callback) {
44 fs.readFile(getCertDir() + 'peertube.key.pem', function (err, file) { 43 fs.readFile(getCertDir() + 'peertube.key.pem', function (err, file) {
45 if (err) return callback(err) 44 if (err) return callback(err)
46 45
47 var my_private_key = ursa.createPrivateKey(file) 46 var my_private_key = ursa.createPrivateKey(file)
48 var decrypted_key = my_private_key.decrypt(key, 'hex', 'utf8') 47 var decrypted_key = my_private_key.decrypt(key, 'hex', 'utf8')
49 var decrypted_data = symetricDecrypt(data, decrypted_key) 48 var decrypted_data = symetricDecrypt(data, decrypted_key)
50 49
51 return callback(null, decrypted_data) 50 return callback(null, decrypted_data)
52 }) 51 })
53 } 52}
54 53
55 function encrypt (public_key, data, callback) { 54function encrypt (public_key, data, callback) {
56 var crt = ursa.createPublicKey(public_key) 55 var crt = ursa.createPublicKey(public_key)
57 56
58 symetricEncrypt(data, function (err, dataEncrypted) { 57 symetricEncrypt(data, function (err, dataEncrypted) {
59 if (err) return callback(err) 58 if (err) return callback(err)
60 59
61 var key = crt.encrypt(dataEncrypted.password, 'utf8', 'hex') 60 var key = crt.encrypt(dataEncrypted.password, 'utf8', 'hex')
62 var encrypted = { 61 var encrypted = {
63 data: dataEncrypted.crypted, 62 data: dataEncrypted.crypted,
64 key: key 63 key: key
65 } 64 }
66 65
67 callback(null, encrypted) 66 callback(null, encrypted)
68 }) 67 })
69 } 68}
70 69
71 function getCertDir () { 70function getCertDir () {
72 return certDir 71 return certDir
73 } 72}
74 73
75 function sign (data) { 74function sign (data) {
76 var myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem')) 75 var myKey = ursa.createPrivateKey(fs.readFileSync(certDir + 'peertube.key.pem'))
77 var signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex') 76 var signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
78 77
79 return signature 78 return signature
80 } 79}
81 80
82 // --------------------------------------------------------------------------- 81// ---------------------------------------------------------------------------
83 82
84 module.exports = peertubeCrypto 83module.exports = peertubeCrypto
85 84
86 // --------------------------------------------------------------------------- 85// ---------------------------------------------------------------------------
87 86
88 function certsExist (callback) { 87function certsExist (callback) {
89 fs.exists(certDir + 'peertube.key.pem', function (exists) { 88 fs.exists(certDir + 'peertube.key.pem', function (exists) {
90 return callback(exists) 89 return callback(exists)
91 }) 90 })
92 } 91}
93 92
94 function createCerts (callback) { 93function createCerts (callback) {
95 certsExist(function (exist) { 94 certsExist(function (exist) {
96 if (exist === true) { 95 if (exist === true) {
97 var string = 'Certs already exist.' 96 var string = 'Certs already exist.'
98 logger.warning(string) 97 logger.warning(string)
99 return callback(new Error(string)) 98 return callback(new Error(string))
99 }
100
101 logger.info('Generating a RSA key...')
102 openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) {
103 if (err) {
104 logger.error('Cannot create private key on this pod.')
105 return callback(err)
100 } 106 }
107 logger.info('RSA key generated.')
101 108
102 logger.info('Generating a RSA key...') 109 logger.info('Manage public key...')
103 openssl.exec('genrsa', { 'out': certDir + 'peertube.key.pem', '2048': false }, function (err) { 110 openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) {
104 if (err) { 111 if (err) {
105 logger.error('Cannot create private key on this pod.') 112 logger.error('Cannot create public key on this pod.')
106 return callback(err) 113 return callback(err)
107 } 114 }
108 logger.info('RSA key generated.')
109
110 logger.info('Manage public key...')
111 openssl.exec('rsa', { 'in': certDir + 'peertube.key.pem', 'pubout': true, 'out': certDir + 'peertube.pub' }, function (err) {
112 if (err) {
113 logger.error('Cannot create public key on this pod.')
114 return callback(err)
115 }
116
117 logger.info('Public key managed.')
118 return callback(null)
119 })
120 })
121 })
122 }
123 115
124 function generatePassword (callback) { 116 logger.info('Public key managed.')
125 crypto.randomBytes(32, function (err, buf) { 117 return callback(null)
126 if (err) return callback(err) 118 })
127
128 callback(null, buf.toString('utf8'))
129 })
130 }
131
132 function symetricDecrypt (text, password) {
133 var decipher = crypto.createDecipher(algorithm, password)
134 var dec = decipher.update(text, 'hex', 'utf8')
135 dec += decipher.final('utf8')
136 return dec
137 }
138
139 function symetricEncrypt (text, callback) {
140 generatePassword(function (err, password) {
141 if (err) return callback(err)
142
143 var cipher = crypto.createCipher(algorithm, password)
144 var crypted = cipher.update(text, 'utf8', 'hex')
145 crypted += cipher.final('hex')
146 callback(null, { crypted: crypted, password: password })
147 }) 119 })
148 } 120 })
149})() 121}
122
123function generatePassword (callback) {
124 crypto.randomBytes(32, function (err, buf) {
125 if (err) return callback(err)
126
127 callback(null, buf.toString('utf8'))
128 })
129}
130
131function symetricDecrypt (text, password) {
132 var decipher = crypto.createDecipher(algorithm, password)
133 var dec = decipher.update(text, 'hex', 'utf8')
134 dec += decipher.final('utf8')
135 return dec
136}
137
138function symetricEncrypt (text, callback) {
139 generatePassword(function (err, password) {
140 if (err) return callback(err)
141
142 var cipher = crypto.createCipher(algorithm, password)
143 var crypted = cipher.update(text, 'utf8', 'hex')
144 crypted += cipher.final('hex')
145 callback(null, { crypted: crypted, password: password })
146 })
147}