From 5d7cb63ede7c4bba93954c0586f589ad9748d5ea Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 12 Jul 2022 10:54:21 +0200
Subject: Add compat with openssl 3

---
 server/helpers/core-utils.ts                       | 56 +++++++++++++++++++---
 .../helpers/custom-validators/activitypub/actor.ts |  4 +-
 server/helpers/peertube-crypto.ts                  |  9 ++--
 3 files changed, 55 insertions(+), 14 deletions(-)

(limited to 'server/helpers')

diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts
index 4bbf0228d..c762f6a29 100644
--- a/server/helpers/core-utils.ts
+++ b/server/helpers/core-utils.ts
@@ -6,9 +6,8 @@
 */
 
 import { exec, ExecOptions } from 'child_process'
-import { randomBytes } from 'crypto'
+import { ED25519KeyPairOptions, generateKeyPair, randomBytes, RSAKeyPairOptions } from 'crypto'
 import { truncate } from 'lodash'
-import { createPrivateKey as createPrivateKey_1, getPublicKey as getPublicKey_1 } from 'pem'
 import { pipeline } from 'stream'
 import { URL } from 'url'
 import { promisify } from 'util'
@@ -242,6 +241,51 @@ function toEven (num: number) {
 
 // ---------------------------------------------------------------------------
 
+function generateRSAKeyPairPromise (size: number) {
+  return new Promise<{ publicKey: string, privateKey: string }>((res, rej) => {
+    const options: RSAKeyPairOptions<'pem', 'pem'> = {
+      modulusLength: size,
+      publicKeyEncoding: {
+        type: 'spki',
+        format: 'pem'
+      },
+      privateKeyEncoding: {
+        type: 'pkcs1',
+        format: 'pem'
+      }
+    }
+
+    generateKeyPair('rsa', options, (err, publicKey, privateKey) => {
+      if (err) return rej(err)
+
+      return res({ publicKey, privateKey })
+    })
+  })
+}
+
+function generateED25519KeyPairPromise () {
+  return new Promise<{ publicKey: string, privateKey: string }>((res, rej) => {
+    const options: ED25519KeyPairOptions<'pem', 'pem'> = {
+      publicKeyEncoding: {
+        type: 'spki',
+        format: 'pem'
+      },
+      privateKeyEncoding: {
+        type: 'pkcs8',
+        format: 'pem'
+      }
+    }
+
+    generateKeyPair('ed25519', options, (err, publicKey, privateKey) => {
+      if (err) return rej(err)
+
+      return res({ publicKey, privateKey })
+    })
+  })
+}
+
+// ---------------------------------------------------------------------------
+
 function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {
   return function promisified (): Promise<A> {
     return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {
@@ -268,8 +312,6 @@ function promisify2<T, U, A> (func: (arg1: T, arg2: U, cb: (err: any, result: A)
 }
 
 const randomBytesPromise = promisify1<number, Buffer>(randomBytes)
-const createPrivateKey = promisify1<number, { key: string }>(createPrivateKey_1)
-const getPublicKey = promisify1<string, { publicKey: string }>(getPublicKey_1)
 const execPromise2 = promisify2<string, any, string>(exec)
 const execPromise = promisify1<string, string>(exec)
 const pipelinePromise = promisify(pipeline)
@@ -298,8 +340,10 @@ export {
   promisify2,
 
   randomBytesPromise,
-  createPrivateKey,
-  getPublicKey,
+
+  generateRSAKeyPairPromise,
+  generateED25519KeyPairPromise,
+
   execPromise2,
   execPromise,
   pipelinePromise,
diff --git a/server/helpers/custom-validators/activitypub/actor.ts b/server/helpers/custom-validators/activitypub/actor.ts
index a4b152722..f43c35b23 100644
--- a/server/helpers/custom-validators/activitypub/actor.ts
+++ b/server/helpers/custom-validators/activitypub/actor.ts
@@ -41,9 +41,9 @@ function isActorPreferredUsernameValid (preferredUsername: string) {
 function isActorPrivateKeyValid (privateKey: string) {
   return exists(privateKey) &&
     typeof privateKey === 'string' &&
-    privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
+    (privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') || privateKey.startsWith('-----BEGIN PRIVATE KEY-----')) &&
     // Sometimes there is a \n at the end, so just assert the string contains the end mark
-    privateKey.includes('-----END RSA PRIVATE KEY-----') &&
+    (privateKey.includes('-----END RSA PRIVATE KEY-----') || privateKey.includes('-----END PRIVATE KEY-----')) &&
     validator.isLength(privateKey, CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY)
 }
 
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 1a7ee24a7..1d9cab2ce 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -5,7 +5,7 @@ import { cloneDeep } from 'lodash'
 import { sha256 } from '@shared/extra-utils'
 import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants'
 import { MActor } from '../types/models'
-import { createPrivateKey, getPublicKey, promisify1, promisify2 } from './core-utils'
+import { generateRSAKeyPairPromise, promisify1, promisify2 } from './core-utils'
 import { jsonld } from './custom-jsonld-signature'
 import { logger } from './logger'
 
@@ -15,13 +15,10 @@ const bcryptHashPromise = promisify2<any, string | number, string>(hash)
 
 const httpSignature = require('@peertube/http-signature')
 
-async function createPrivateAndPublicKeys () {
+function createPrivateAndPublicKeys () {
   logger.info('Generating a RSA key...')
 
-  const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
-  const { publicKey } = await getPublicKey(key)
-
-  return { privateKey: key, publicKey }
+  return generateRSAKeyPairPromise(PRIVATE_RSA_KEY_SIZE)
 }
 
 // User password checks
-- 
cgit v1.2.3