New encryption/decryption mechanism

2022-01-17 17:04:48 -04:00 · 2022-01-17 17:04:48 -04:00 · d4dd47a334
commit d4dd47a334
parent 71fbd69024
2 changed files with 39 additions and 20 deletions
--- a/src/routes.js
+++ b/src/routes.js
@ -17,6 +17,7 @@ const Big = require('big.js').default
 const { evolve } = require('ramda')
 const path = require('path')
 const cors = require('cors')
+const ECCrypto = require('eccrypto')

 const getListPage = require('../utils/paginate')
 const auth = require('../services/auth/auth')
@ -46,7 +47,7 @@ module.exports = async (
  _app,
  config,
  mySocketsEvents,
-  { serverPort, CA, CA_KEY, useTLS }
+  { serverPort, useTLS, CA, CA_KEY, runPrivateKey, runPublicKey }
 ) => {
  /**
   * @typedef {import('express').Application} Application
@ -100,7 +101,8 @@ module.exports = async (
        const APIStatus = {
          message: APIHealth.data,
          responseTime: APIHealth.headers['x-response-time'],
-          success: true
+          success: true,
+          encryptionPublicKey: runPublicKey.toString('base64')
        }
        return {
          LNDStatus,
@ -112,7 +114,8 @@ module.exports = async (
        const APIStatus = {
          message: err?.response?.data,
          responseTime: err?.response?.headers['x-response-time'],
-          success: false
+          success: false,
+          encryptionPublicKey: runPublicKey.toString('base64')
        }
        logger.warn('Failed to retrieve API status', APIStatus)
        return {
@ -270,13 +273,15 @@ module.exports = async (

        logger.info('Decrypting ECC message...')

-        const decryptedMessage = await ECC.decryptMessage({
-          deviceId,
-          encryptedMessage: req.body
-        })
+        const asBuffers = await ECC.convertToEncryptedMessage(req.body)
+
+        const decryptedMessage = await ECCrypto.decrypt(
+          runPrivateKey,
+          asBuffers
+        )

        // eslint-disable-next-line
-        req.body = JSON.parse(decryptedMessage)
+        req.body = JSON.parse(decryptedMessage.toString('utf8'))

        return next()
      } catch (err) {
--- a/src/server.js
+++ b/src/server.js
@ -2,6 +2,20 @@
 * @prettier
 */
 // @ts-check
+
+const ECCrypto = require('eccrypto')
+
+const ECC = require('../utils/ECC')
+
+/**
+ * This API run's private key.
+ */
+const runPrivateKey = ECCrypto.generatePrivate()
+/**
+ * This API run's public key.
+ */
+const runPublicKey = ECCrypto.getPublic(runPrivateKey)
+
 process.on('uncaughtException', e => {
  console.log('something bad happened!')
  console.log(e)
@ -21,7 +35,6 @@ const server = program => {
  const { Logger: CommonLogger } = require('shock-common')
  const binaryParser = require('socket.io-msgpack-parser')

-  const ECC = require('../utils/ECC')
  const LightningServices = require('../utils/lightningServices')
  const app = Express()

@ -117,20 +130,19 @@ const server = program => {
        // TODO
      }

-      const authorized = ECC.isAuthorizedDevice({
-        deviceId
-      })
+      const authorized = ECC.devicePublicKeys.has(deviceId)

      // Using classic promises syntax to avoid
      // modifying res.send's return type
      if (authorized && process.env.SHOCK_ENCRYPTION_ECC !== 'false') {
-        ECC.encryptMessage({
-          deviceId,
-          message: args[0]
-        }).then(encryptedMessage => {
+        const devicePub = Buffer.from(ECC.devicePublicKeys.get(deviceId))
+
+        ECCrypto.encrypt(devicePub, Buffer.from(args[0], 'utf-8')).then(
+          encryptedMessage => {
            args[0] = JSON.stringify(encryptedMessage)
            oldSend.apply(res, args)
-        })
+          }
+        )
      }

      if (!authorized || process.env.SHOCK_ENCRYPTION_ECC === 'false') {
@ -337,7 +349,9 @@ const server = program => {
          serverPort,
          useTLS: program.useTLS,
          CA,
-          CA_KEY
+          CA_KEY,
+          runPrivateKey,
+          runPublicKey
        }
      )