diff options
Diffstat (limited to 'server/helpers/peertube-crypto.js')
-rw-r--r-- | server/helpers/peertube-crypto.js | 54 |
1 files changed, 43 insertions, 11 deletions
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js index 610cb16cd..0f1e02ad6 100644 --- a/server/helpers/peertube-crypto.js +++ b/server/helpers/peertube-crypto.js | |||
@@ -1,9 +1,9 @@ | |||
1 | 'use strict' | 1 | 'use strict' |
2 | 2 | ||
3 | const crypto = require('crypto') | ||
3 | const bcrypt = require('bcrypt') | 4 | const bcrypt = require('bcrypt') |
4 | const fs = require('fs') | 5 | const fs = require('fs') |
5 | const openssl = require('openssl-wrapper') | 6 | const openssl = require('openssl-wrapper') |
6 | const ursa = require('ursa') | ||
7 | 7 | ||
8 | const constants = require('../initializers/constants') | 8 | const constants = require('../initializers/constants') |
9 | const logger = require('./logger') | 9 | const logger = require('./logger') |
@@ -16,12 +16,51 @@ const peertubeCrypto = { | |||
16 | sign | 16 | sign |
17 | } | 17 | } |
18 | 18 | ||
19 | function checkSignature (publicKey, rawData, hexSignature) { | 19 | function checkSignature (publicKey, data, hexSignature) { |
20 | const crt = ursa.createPublicKey(publicKey) | 20 | const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM) |
21 | const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex') | 21 | |
22 | let dataString | ||
23 | if (typeof data === 'string') { | ||
24 | dataString = data | ||
25 | } else { | ||
26 | try { | ||
27 | dataString = JSON.stringify(data) | ||
28 | } catch (err) { | ||
29 | logger.error('Cannot check signature.', { error: err }) | ||
30 | return false | ||
31 | } | ||
32 | } | ||
33 | |||
34 | verify.update(dataString, 'utf8') | ||
35 | |||
36 | const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING) | ||
22 | return isValid | 37 | return isValid |
23 | } | 38 | } |
24 | 39 | ||
40 | function sign (data) { | ||
41 | const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM) | ||
42 | |||
43 | let dataString | ||
44 | if (typeof data === 'string') { | ||
45 | dataString = data | ||
46 | } else { | ||
47 | try { | ||
48 | dataString = JSON.stringify(data) | ||
49 | } catch (err) { | ||
50 | logger.error('Cannot sign data.', { error: err }) | ||
51 | return '' | ||
52 | } | ||
53 | } | ||
54 | |||
55 | sign.update(dataString, 'utf8') | ||
56 | |||
57 | // TODO: make async | ||
58 | const myKey = fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem') | ||
59 | const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING) | ||
60 | |||
61 | return signature | ||
62 | } | ||
63 | |||
25 | function comparePassword (plainPassword, hashPassword, callback) { | 64 | function comparePassword (plainPassword, hashPassword, callback) { |
26 | bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { | 65 | bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { |
27 | if (err) return callback(err) | 66 | if (err) return callback(err) |
@@ -52,13 +91,6 @@ function cryptPassword (password, callback) { | |||
52 | }) | 91 | }) |
53 | } | 92 | } |
54 | 93 | ||
55 | function sign (data) { | ||
56 | const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem')) | ||
57 | const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex') | ||
58 | |||
59 | return signature | ||
60 | } | ||
61 | |||
62 | // --------------------------------------------------------------------------- | 94 | // --------------------------------------------------------------------------- |
63 | 95 | ||
64 | module.exports = peertubeCrypto | 96 | module.exports = peertubeCrypto |