aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/helpers/peertube-crypto.js
diff options
context:
space:
mode:
Diffstat (limited to 'server/helpers/peertube-crypto.js')
-rw-r--r--server/helpers/peertube-crypto.js54
1 files changed, 43 insertions, 11 deletions
diff --git a/server/helpers/peertube-crypto.js b/server/helpers/peertube-crypto.js
index 610cb16cd..0f1e02ad6 100644
--- a/server/helpers/peertube-crypto.js
+++ b/server/helpers/peertube-crypto.js
@@ -1,9 +1,9 @@
1'use strict' 1'use strict'
2 2
3const crypto = require('crypto')
3const bcrypt = require('bcrypt') 4const bcrypt = require('bcrypt')
4const fs = require('fs') 5const fs = require('fs')
5const openssl = require('openssl-wrapper') 6const openssl = require('openssl-wrapper')
6const ursa = require('ursa')
7 7
8const constants = require('../initializers/constants') 8const constants = require('../initializers/constants')
9const logger = require('./logger') 9const logger = require('./logger')
@@ -16,12 +16,51 @@ const peertubeCrypto = {
16 sign 16 sign
17} 17}
18 18
19function checkSignature (publicKey, rawData, hexSignature) { 19function checkSignature (publicKey, data, hexSignature) {
20 const crt = ursa.createPublicKey(publicKey) 20 const verify = crypto.createVerify(constants.SIGNATURE_ALGORITHM)
21 const isValid = crt.hashAndVerify('sha256', new Buffer(rawData).toString('hex'), hexSignature, 'hex') 21
22 let dataString
23 if (typeof data === 'string') {
24 dataString = data
25 } else {
26 try {
27 dataString = JSON.stringify(data)
28 } catch (err) {
29 logger.error('Cannot check signature.', { error: err })
30 return false
31 }
32 }
33
34 verify.update(dataString, 'utf8')
35
36 const isValid = verify.verify(publicKey, hexSignature, constants.SIGNATURE_ENCODING)
22 return isValid 37 return isValid
23} 38}
24 39
40function sign (data) {
41 const sign = crypto.createSign(constants.SIGNATURE_ALGORITHM)
42
43 let dataString
44 if (typeof data === 'string') {
45 dataString = data
46 } else {
47 try {
48 dataString = JSON.stringify(data)
49 } catch (err) {
50 logger.error('Cannot sign data.', { error: err })
51 return ''
52 }
53 }
54
55 sign.update(dataString, 'utf8')
56
57 // TODO: make async
58 const myKey = fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem')
59 const signature = sign.sign(myKey, constants.SIGNATURE_ENCODING)
60
61 return signature
62}
63
25function comparePassword (plainPassword, hashPassword, callback) { 64function comparePassword (plainPassword, hashPassword, callback) {
26 bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) { 65 bcrypt.compare(plainPassword, hashPassword, function (err, isPasswordMatch) {
27 if (err) return callback(err) 66 if (err) return callback(err)
@@ -52,13 +91,6 @@ function cryptPassword (password, callback) {
52 }) 91 })
53} 92}
54 93
55function sign (data) {
56 const myKey = ursa.createPrivateKey(fs.readFileSync(constants.CONFIG.STORAGE.CERT_DIR + 'peertube.key.pem'))
57 const signature = myKey.hashAndSign('sha256', data, 'utf8', 'hex')
58
59 return signature
60}
61
62// --------------------------------------------------------------------------- 94// ---------------------------------------------------------------------------
63 95
64module.exports = peertubeCrypto 96module.exports = peertubeCrypto