aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/helpers/peertube-crypto.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/helpers/peertube-crypto.js')
-rw-r--r--server/helpers/peertube-crypto.js65
1 files changed, 43 insertions, 22 deletions
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js
index 2e07df00e..0f1e02ad6 100644
--- a/server/helpers/peertube-crypto.js
+++ b/server/helpers/peertube-crypto.js
@@ -1,16 +1,13 @@
1'use strict' 1'use strict'
2 2
3const bcrypt = require('bcrypt')
4const crypto = require('crypto') 3const crypto = require('crypto')
4const bcrypt = require('bcrypt')
5const fs = require('fs') 5const fs = require('fs')
6const openssl = require('openssl-wrapper') 6const openssl = require('openssl-wrapper')
7const ursa = require('ursa')
8 7
9const constants = require('../initializers/constants') 8const constants = require('../initializers/constants')
10const logger = require('./logger') 9const logger = require('./logger')
11 10
12const algorithm = 'aes-256-ctr'
13
14const peertubeCrypto = { 11const peertubeCrypto = {
15 checkSignature, 12 checkSignature,
16 comparePassword, 13 comparePassword,
@@ -19,12 +16,51 @@ const peertubeCrypto = {
19 sign 16 sign
20} 17}
21 18
22function checkSignature (publicKey, rawData, hexSignature) { 19function checkSignature (publicKey, data, hexSignature) {
23 const crt = ursa.createPublicKey(publicKey) 20 const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM)
24 const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex') 21
22 let dataString
23 if (typeof data === 'string') {
24 dataString = data
25 } else {
26 try {
27 dataString = JSON.stringify(data)
28 } catch (err) {
29 logger.error('Cannot check signature.', { error: err })
30 return false
31 }
32 }
33
34 verify.update(dataString, 'utf8')
35
36 const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING)
25 return isValid 37 return isValid
26} 38}
27 39
40function sign (data) {
41 const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM)
42
43 let dataString
44 if (typeof data === 'string') {
45 dataString = data
46 } else {
47 try {
48 dataString = JSON.stringify(data)
49 } catch (err) {
50 logger.error('Cannot sign data.', { error: err })
51 return ''
52 }
53 }
54
55 sign.update(dataString, 'utf8')
56
57 // TODO: make async
58 const myKey = fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem')
59 const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING)
60
61 return signature
62}
63
28function comparePassword (plainPassword, hashPassword, callback) { 64function comparePassword (plainPassword, hashPassword, callback) {
29 bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { 65 bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
30 if (err) return callback(err) 66 if (err) return callback(err)
@@ -55,13 +91,6 @@ function cryptPassword (password, callback) {
55 }) 91 })
56} 92}
57 93
58function sign (data) {
59 const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
60 const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
61
62 return signature
63}
64
65// --------------------------------------------------------------------------- 94// ---------------------------------------------------------------------------
66 95
67module.exports = peertubeCrypto 96module.exports = peertubeCrypto
@@ -113,11 +142,3 @@ function createCerts (callback) {
113 }) 142 })
114 }) 143 })
115} 144}
116
117function generatePassword (callback) {
118 crypto.randomBytes(32, function (err, buf) {
119 if (err) return callback(err)
120
121 callback(null, buf.toString('utf8'))
122 })
123}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-08 09:52:24 +0000