From d4dd47a33416e6977f9f8e92297a95d5a7de39b8 Mon Sep 17 00:00:00 2001 From: Daniel Lugo Date: Mon, 17 Jan 2022 17:04:48 -0400 Subject: [PATCH] New encryption/decryption mechanism --- src/routes.js | 21 +++++++++++++-------- src/server.js | 38 ++++++++++++++++++++++++++------------ 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/src/routes.js b/src/routes.js index 22aa4254..d8cb7cb4 100644 --- a/src/routes.js +++ b/src/routes.js @@ -17,6 +17,7 @@ const Big = require('big.js').default const { evolve } = require('ramda') const path = require('path') const cors = require('cors') +const ECCrypto = require('eccrypto') const getListPage = require('../utils/paginate') const auth = require('../services/auth/auth') @@ -46,7 +47,7 @@ module.exports = async ( _app, config, mySocketsEvents, - { serverPort, CA, CA_KEY, useTLS } + { serverPort, useTLS, CA, CA_KEY, runPrivateKey, runPublicKey } ) => { /** * @typedef {import('express').Application} Application @@ -100,7 +101,8 @@ module.exports = async ( const APIStatus = { message: APIHealth.data, responseTime: APIHealth.headers['x-response-time'], - success: true + success: true, + encryptionPublicKey: runPublicKey.toString('base64') } return { LNDStatus, @@ -112,7 +114,8 @@ module.exports = async ( const APIStatus = { message: err?.response?.data, responseTime: err?.response?.headers['x-response-time'], - success: false + success: false, + encryptionPublicKey: runPublicKey.toString('base64') } logger.warn('Failed to retrieve API status', APIStatus) return { @@ -270,13 +273,15 @@ module.exports = async ( logger.info('Decrypting ECC message...') - const decryptedMessage = await ECC.decryptMessage({ - deviceId, - encryptedMessage: req.body - }) + const asBuffers = await ECC.convertToEncryptedMessage(req.body) + + const decryptedMessage = await ECCrypto.decrypt( + runPrivateKey, + asBuffers + ) // eslint-disable-next-line - req.body = JSON.parse(decryptedMessage) + req.body = JSON.parse(decryptedMessage.toString('utf8')) return next() } catch (err) { diff --git a/src/server.js b/src/server.js index e910ea26..ccd104fe 100644 --- a/src/server.js +++ b/src/server.js @@ -2,6 +2,20 @@ * @prettier */ // @ts-check + +const ECCrypto = require('eccrypto') + +const ECC = require('../utils/ECC') + +/** + * This API run's private key. + */ +const runPrivateKey = ECCrypto.generatePrivate() +/** + * This API run's public key. + */ +const runPublicKey = ECCrypto.getPublic(runPrivateKey) + process.on('uncaughtException', e => { console.log('something bad happened!') console.log(e) @@ -21,7 +35,6 @@ const server = program => { const { Logger: CommonLogger } = require('shock-common') const binaryParser = require('socket.io-msgpack-parser') - const ECC = require('../utils/ECC') const LightningServices = require('../utils/lightningServices') const app = Express() @@ -117,20 +130,19 @@ const server = program => { // TODO } - const authorized = ECC.isAuthorizedDevice({ - deviceId - }) + const authorized = ECC.devicePublicKeys.has(deviceId) // Using classic promises syntax to avoid // modifying res.send's return type if (authorized && process.env.SHOCK_ENCRYPTION_ECC !== 'false') { - ECC.encryptMessage({ - deviceId, - message: args[0] - }).then(encryptedMessage => { - args[0] = JSON.stringify(encryptedMessage) - oldSend.apply(res, args) - }) + const devicePub = Buffer.from(ECC.devicePublicKeys.get(deviceId)) + + ECCrypto.encrypt(devicePub, Buffer.from(args[0], 'utf-8')).then( + encryptedMessage => { + args[0] = JSON.stringify(encryptedMessage) + oldSend.apply(res, args) + } + ) } if (!authorized || process.env.SHOCK_ENCRYPTION_ECC === 'false') { @@ -337,7 +349,9 @@ const server = program => { serverPort, useTLS: program.useTLS, CA, - CA_KEY + CA_KEY, + runPrivateKey, + runPublicKey } )