Merge pull request #490 from shocknet/bug/bad-mac-debug

Better Encryption logs for debugging

src/server.js

@@ -124,6 +124,12 @@ const server = program => {
     const deviceId = req.headers['encryption-device-id']
     const oldSend = res.send
 
+    console.log({
+      deviceId,
+      encryptionDisabled: process.env.SHOCK_ENCRYPTION_ECC === 'false',
+      unprotectedRoute: nonEncryptedRoutes.includes(req.path)
+    })
+
     if (
       nonEncryptedRoutes.includes(req.path) ||
       process.env.SHOCK_ENCRYPTION_ECC === 'false'
@@ -403,16 +409,18 @@ const server = program => {
         })
       }
 
-      if(process.env.ALLOW_UNLOCKED_LND === 'true'){
+      if (process.env.ALLOW_UNLOCKED_LND === 'true') {
-        const codes = await Storage.valuesWithKeyMatch(/^UnlockedAccessSecrets\//u) 
+        const codes = await Storage.valuesWithKeyMatch(
-        if(codes.length === 0){
+          /^UnlockedAccessSecrets\//u
+        )
+        if (codes.length === 0) {
           const code = ECC.generateRandomString(12)
           await Storage.setItem(`UnlockedAccessSecrets/${code}`, false)
           await Storage.setItem(`FirstAccessSecret`, code)
-          logger.info("the access code is:"+code)
+          logger.info('the access code is:' + code)
-        } else if(codes.length === 1 && codes[0] === false){
+        } else if (codes.length === 1 && codes[0] === false) {
-          const firstCode = await Storage.getItem("FirstAccessSecret")
+          const firstCode = await Storage.getItem('FirstAccessSecret')
-          logger.info("the access code is:"+firstCode)
+          logger.info('the access code is:' + firstCode)
         }
       }
       serverInstance.listen(serverPort, serverHost)

utils/ECC/crypto.js

@@ -8,6 +8,7 @@ const FieldError = require("../fieldError")
  * @prop {Buffer} iv
  * @prop {Buffer} mac
  * @prop {Buffer} ephemPublicKey
+ * @prop {any?} metadata
  */
 
 /**
@@ -16,6 +17,7 @@ const FieldError = require("../fieldError")
  * @prop {string} iv
  * @prop {string} mac
  * @prop {string} ephemPublicKey
+ * @prop {any?} metadata
  */
 
 const generateRandomString = (length = 16) =>
@@ -70,7 +72,8 @@ const convertToEncryptedMessageResponse = (encryptedMessage) => {
             ciphertext: convertBufferToBase64(encryptedMessage.ciphertext),
             iv: convertBufferToBase64(encryptedMessage.iv),
             mac: convertBufferToBase64(encryptedMessage.mac),
-            ephemPublicKey: convertBufferToBase64(encryptedMessage.ephemPublicKey)
+            ephemPublicKey: convertBufferToBase64(encryptedMessage.ephemPublicKey),
+            metadata: encryptedMessage.metadata
         };
     }
 
@@ -105,7 +108,8 @@ const convertToEncryptedMessage = (encryptedMessage) => {
             ciphertext: convertBase64ToBuffer(encryptedMessage.ciphertext),
             iv: convertBase64ToBuffer(encryptedMessage.iv),
             mac: convertBase64ToBuffer(encryptedMessage.mac),
-            ephemPublicKey: convertBase64ToBuffer(encryptedMessage.ephemPublicKey)
+            ephemPublicKey: convertBase64ToBuffer(encryptedMessage.ephemPublicKey),
+            metadata: encryptedMessage.metadata
         };
     }
     throw new FieldError({

utils/ECC/index.js

@@ -134,7 +134,11 @@ const encryptMessage = async ({ message = '', deviceId }) => {
     ciphertext: encryptedMessage.ciphertext,
     iv: encryptedMessage.iv,
     mac: encryptedMessage.mac,
-    ephemPublicKey: encryptedMessage.ephemPublicKey
+    ephemPublicKey: encryptedMessage.ephemPublicKey,
+    metadata: {
+      _deviceId: deviceId,
+      _publicKey: publicKey
+    }
   }
 
   return convertToEncryptedMessageResponse(encryptedMessageResponse)
@@ -143,7 +147,7 @@ const encryptMessage = async ({ message = '', deviceId }) => {
 /**
  * Decrypts the specified message using the API keypair
  * associated with the specified deviceId
- * @param {{ encryptedMessage: EncryptedMessage, deviceId: string }} arg0
+ * @param {{ encryptedMessage: import('./crypto').EncryptedMessageResponse, deviceId: string }} arg0
  */
 const decryptMessage = async ({ encryptedMessage, deviceId }) => {
   const keyPair = nodeKeyPairs.get(deviceId)