New encryption/decryption mechanism

src/routes.js

@@ -17,6 +17,7 @@ const Big = require('big.js').default
 const { evolve } = require('ramda')
 const path = require('path')
 const cors = require('cors')
+const ECCrypto = require('eccrypto')
 
 const getListPage = require('../utils/paginate')
 const auth = require('../services/auth/auth')
@@ -46,7 +47,7 @@ module.exports = async (
   _app,
   config,
   mySocketsEvents,
-  { serverPort, CA, CA_KEY, useTLS }
+  { serverPort, useTLS, CA, CA_KEY, runPrivateKey, runPublicKey }
 ) => {
   /**
    * @typedef {import('express').Application} Application
@@ -100,7 +101,8 @@ module.exports = async (
         const APIStatus = {
           message: APIHealth.data,
           responseTime: APIHealth.headers['x-response-time'],
-          success: true
+          success: true,
+          encryptionPublicKey: runPublicKey.toString('base64')
         }
         return {
           LNDStatus,
@@ -112,7 +114,8 @@ module.exports = async (
         const APIStatus = {
           message: err?.response?.data,
           responseTime: err?.response?.headers['x-response-time'],
-          success: false
+          success: false,
+          encryptionPublicKey: runPublicKey.toString('base64')
         }
         logger.warn('Failed to retrieve API status', APIStatus)
         return {
@@ -270,13 +273,15 @@ module.exports = async (
 
         logger.info('Decrypting ECC message...')
 
-        const decryptedMessage = await ECC.decryptMessage({
+        const asBuffers = await ECC.convertToEncryptedMessage(req.body)
-          deviceId,
+
-          encryptedMessage: req.body
+        const decryptedMessage = await ECCrypto.decrypt(
-        })
+          runPrivateKey,
+          asBuffers
+        )
 
         // eslint-disable-next-line
-        req.body = JSON.parse(decryptedMessage)
+        req.body = JSON.parse(decryptedMessage.toString('utf8'))
 
         return next()
       } catch (err) {

src/server.js

@@ -2,6 +2,20 @@
  * @prettier
  */
 // @ts-check
+
+const ECCrypto = require('eccrypto')
+
+const ECC = require('../utils/ECC')
+
+/**
+ * This API run's private key.
+ */
+const runPrivateKey = ECCrypto.generatePrivate()
+/**
+ * This API run's public key.
+ */
+const runPublicKey = ECCrypto.getPublic(runPrivateKey)
+
 process.on('uncaughtException', e => {
   console.log('something bad happened!')
   console.log(e)
@@ -21,7 +35,6 @@ const server = program => {
   const { Logger: CommonLogger } = require('shock-common')
   const binaryParser = require('socket.io-msgpack-parser')
 
-  const ECC = require('../utils/ECC')
   const LightningServices = require('../utils/lightningServices')
   const app = Express()
 
@@ -117,20 +130,19 @@ const server = program => {
         // TODO
       }
 
-      const authorized = ECC.isAuthorizedDevice({
+      const authorized = ECC.devicePublicKeys.has(deviceId)
-        deviceId
-      })
 
       // Using classic promises syntax to avoid
       // modifying res.send's return type
       if (authorized && process.env.SHOCK_ENCRYPTION_ECC !== 'false') {
-        ECC.encryptMessage({
+        const devicePub = Buffer.from(ECC.devicePublicKeys.get(deviceId))
-          deviceId,
+
-          message: args[0]
+        ECCrypto.encrypt(devicePub, Buffer.from(args[0], 'utf-8')).then(
-        }).then(encryptedMessage => {
+          encryptedMessage => {
             args[0] = JSON.stringify(encryptedMessage)
             oldSend.apply(res, args)
-        })
+          }
+        )
       }
 
       if (!authorized || process.env.SHOCK_ENCRYPTION_ECC === 'false') {
@@ -337,7 +349,9 @@ const server = program => {
           serverPort,
           useTLS: program.useTLS,
           CA,
-          CA_KEY
+          CA_KEY,
+          runPrivateKey,
+          runPublicKey
         }
       )