aes256 and bugfix

luleigreat · luleigreat · commit 612b4ae3663d · 2018-04-27T16:40:23.000+08:00
diff --git a/lib/crypto.js b/lib/crypto.js
@@ -186,12 +186,12 @@ function bytesToBits(bytes) {
     return out;
 }
 
-function paddingPass(password){
-    if(password.length < 16){
+function paddingPass(password,keyLen){
+    if(password.length < keyLen){
         var pass = new Buffer(password);
-        var retByte = new Buffer(16);
-        var byteToPad = 16 - password.length;
-        for(var i=0; i<16; i++){
+        var retByte = new Buffer(keyLen);
+        var byteToPad = keyLen - password.length;
+        for(var i=0; i<keyLen; i++){
             if(i<pass.length)
                 retByte[i] = pass[i];
             else
@@ -209,10 +209,10 @@ function paddingPass(password){
  * @returns string 加密后的十六进制格式
  */
 var aesEncrypt = function(secret, plaintext) {
-    var secretPadded = paddingPass(secret);
+    var secretPadded = paddingPass(secret,AESKeyLength);
     var aesKey = new Buffer(secretPadded, 'utf8');
     var iv = aesKey.slice(0, IVLength);
-    var cipher = crypto.createCipheriv('aes-128-cbc', aesKey, iv);
+    var cipher = crypto.createCipheriv('aes-256-cbc', aesKey, iv);
     var plainBuf = new Buffer(plaintext, 'utf8');
     var encryptedBytes = cipher.update(plainBuf);
     encryptedBytes = Buffer.concat([encryptedBytes, cipher.final()]);
@@ -226,11 +226,11 @@ var aesEncrypt = function(secret, plaintext) {
  * @returns string 解密后的明文
  */
 var aesDecrypt = function(secret, encryptedHex) {
-    var secretPadded = paddingPass(secret);
+    var secretPadded = paddingPass(secret,AESKeyLength);
     var aesKey = new Buffer(secretPadded, 'utf8');
     var iv = aesKey.slice(0, IVLength);
     var encryptedBuf = new Buffer(encryptedHex, 'hex');
-    var cipher = crypto.createDecipheriv('aes-128-cbc', aesKey, iv);
+    var cipher = crypto.createDecipheriv('aes-256-cbc', aesKey, iv);
     var decryptedBytes = cipher.update(encryptedBuf);
     decryptedBytes = Buffer.concat([decryptedBytes, cipher.final()]);
     
@@ -298,7 +298,7 @@ var encryptText = function(plainText,listPublic){
         throw new ("PublicKey list is empty");
     }
     //AES encrypt
-    var password = crypto.randomBytes(AESBlockLength);
+    var password = crypto.randomBytes(AESKeyLength);
     var aesCipher = aesEncrypt(password,plainText);
 
     //
diff --git a/proto/MultiEncrypt.proto b/proto/MultiEncrypt.proto
@@ -0,0 +1,16 @@
+//syntax = "proto3"; 
+
+message MultiEncrypt {  
+    message HashToken{
+		required bytes public_hash = 1;
+		required bytes token = 2;
+	}
+    //DH 随机产生的公钥
+    required bytes public_other = 1;  
+    
+    //公钥哈希与Token数组
+    repeated HashToken hash_token_pair = 2;  
+	
+	//字符串的密文
+	required bytes cipher = 3;
+}
diff --git a/src/index.js b/src/index.js
@@ -361,7 +361,11 @@ ChainsqlAPI.prototype.renameTable = function(oldName, newName) {
   }
 }
 ChainsqlAPI.prototype.grant = function(name, user, flags, publicKey) {
-  if (!(name && user && flags)) throw new Error('args is not enough')
+	if (!(name && user && flags)) throw new Error('args is not enough')
+	if (!util.checkUserMatchPublicKey(user,publicKey)){
+		throw new Error('Publickey does not match User')
+	}
+
   let that = this;
   if (that.transaction) {
     this.cache.push({
diff --git a/src/table.js b/src/table.js
@@ -33,7 +33,7 @@ Table.prototype.insert = function(raw, field) {
     this.query.push(raw);
   }
   if (JSON.stringify(raw).length > 512000) {
-    throw new Error('Insert too much value,the total value of inserted must not over 1024KB')
+    throw new Error('Insert too much value,the total value of inserted must not over 512KB')
   }
   this.exec = 'r_insert';
   if (this.transaction) {
@@ -177,6 +177,8 @@ function hasExtraCond(item) {
 }
 
 Table.prototype.limit = function(limit) {
+  if(typeof(limit) != 'number')
+    throw new Error('limit must be a number')
   if (this.exec !== 'r_get')
     throw new Error('Object can not hava function limit');
 
diff --git a/src/util.js b/src/util.js
@@ -6,7 +6,11 @@ const keypairs = require('chainsql-keypairs');
 const cryptoo = require('crypto');
 const crypto = require('../lib/crypto');
 const opType = require('./config').opType;
+const addressCodec = require('chainsql-address-codec');
+const elliptic = require('elliptic');
+const Secp256k1 = elliptic.ec('secp256k1');
 
+var AESKeyLength = 32;
 
 function getFee(api) {
   let cushion = api._feeCushion;
@@ -30,9 +34,9 @@ function generateToken(key, secret) {
   var secret = secret;
   var token;
   if (!secret) {
-    secret = cryptoo.randomBytes(8).toString('hex');
+    secret = cryptoo.randomBytes(AESKeyLength/2).toString('hex');
     var keypair = keypairs.deriveKeypair(key);
-    token = crypto.eciesEncrypt('3b2a3563a37cdf77', keypair.publicKey);
+    token = crypto.eciesEncrypt(secret, keypair.publicKey);
   } else {
     token = crypto.eciesEncrypt(secret, key);
   }
@@ -162,6 +166,40 @@ function isSqlStatementTx(type){
   }  
 }
 
+/**
+ * byte型转换十六进制
+ * @param b
+ * @returns {string}
+ * @constructor
+ */
+const Bytes2HexString = (b)=> {
+  let hexs = "";
+  for (let i = 0; i < b.length; i++) {
+      let hex = (b[i]).toString(16);
+      if (hex.length === 1) {
+          hexs += '0' + hex.toUpperCase();
+      }else {
+          hexs += hex.toUpperCase();
+      }
+  }
+  return hexs;
+}
+
+function checkUserMatchPublicKey(user,publicKey){
+  if(user && !publicKey){
+    return true;
+  }
+  var PUBLICKEY_LENGTH = 33;
+  var ACCOUNT_PUBLIC = 35;
+  if(publicKey.length != 2 * PUBLICKEY_LENGTH){
+    var decoded = addressCodec.decode(publicKey, ACCOUNT_PUBLIC);
+    var decodedPublic = decoded.slice(1,1+PUBLICKEY_LENGTH);
+    publicKey = Bytes2HexString(decodedPublic);
+  }
+  var address = keypairs.deriveAddress(publicKey)
+  return user == address;
+}
+
 module.exports = {
   getFee: getFee,
   getSequence: getSequence,
@@ -175,5 +213,6 @@ module.exports = {
   generateToken: generateToken,
   decodeToken: decodeToken,
   calcFee : calcFee,
-  isSqlStatementTx: isSqlStatementTx
+  isSqlStatementTx: isSqlStatementTx,
+  checkUserMatchPublicKey: checkUserMatchPublicKey
 }
diff --git a/test/server.js b/test/server.js
@@ -33,26 +33,26 @@ co(function*() {
 		// });
 		
 
-		var cipher = crypto.eciesEncrypt("hello","02F039E54B3A0D209D348F1B2C93BE3689F2A7595DDBFB1530499D03264B87A61F");
-		var keypair = keypairs.deriveKeypair("ssnqAfDUjc6Bkevd1Xmz5dJS5yHdz");
+		var cipher = crypto.eciesEncrypt("hello","03B7FBF1AC149B0D297B7407CAB9636792333B8D8B8A4036B2D4DE2E6D69D435B5");
+		var keypair = keypairs.deriveKeypair("xxHgHoRAHdGZxy5gWUdMeUK7hWrgr");
 		var plain = crypto.eciesDecrypt(cipher,keypair.privateKey);
 		console.log(plain);
 		
 		//字段级加密
 		console.log("multi encrypt test:");
-		var listPublic = ["aBP8JEiNXr3a9nnBFDNKKzAoGNezoXzsa1N8kQAoLU5F5HrQbFvs", "aBP8EvA6tSMzCRbfsLwiFj51vDjE4jPv9Wfkta6oNXEn8TovcxaT"];
+		var listPublic = ["cBP7JPfSVPgqGfGXVJVw168sJU5HhQfPbvDRZyriyKNeYjYLVL8M", "cBPaLRSCwtsJbz4Rq4K2NvoiDZWJyL2RnfdGv5CQ2UFWqyJ7ekHM"];
 		var cip = yield crypto.encryptText("test",listPublic);
 		console.log("cipher:" + cip);
-		var text = yield crypto.decryptText(cip,"snEqBjWd2NWZK3VgiosJbfwCiLPPZ");
+		var text = yield crypto.decryptText(cip,"xpvPjSRCtmQ3G99Pfu1VMDMd9ET3W");
 		console.log("plain text:" + text);
-		var text2 = yield crypto.decryptText(cip,"ssnqAfDUjc6Bkevd1Xmz5dJS5yHdz");
+		var text2 = yield crypto.decryptText(cip,"xnHAcvtn1eVLDskhxPKNrhTsYKqde");
 		console.log("plain text2:" + text2);
 		
 
 		console.log("AesPadding Test");
-		var aesCipher = crypto.aesEncrypt("123","test");
+		var aesCipher = crypto.aesEncrypt("abcdefg","hello,world");
 		console.log(aesCipher);
-		var aesDecrypted = crypto.aesDecrypt("123","EFBFBD01EFBFBDEFBFBD027CEFBFBD636C1C6522EFBFBD2FEFBFBDEFBFBD");
+		var aesDecrypted = crypto.aesDecrypt("abcdefg",aesCipher);
 		console.log(aesDecrypted);
 		
 

Original file line number	Diff line number	Diff line change
`@@ -361,7 +361,11 @@ ChainsqlAPI.prototype.renameTable = function(oldName, newName) {`
`361`	`361`	`}`
`362`	`362`	`}`
`363`	`363`	`ChainsqlAPI.prototype.grant = function(name, user, flags, publicKey) {`
`364`		`- if (!(name && user && flags)) throw new Error('args is not enough')`
	`364`	`+ if (!(name && user && flags)) throw new Error('args is not enough')`
	`365`	`+ if (!util.checkUserMatchPublicKey(user,publicKey)){`
	`366`	`+ throw new Error('Publickey does not match User')`
	`367`	`+ }`
	`368`	`+`
`365`	`369`	`let that = this;`
`366`	`370`	`if (that.transaction) {`
`367`	`371`	`this.cache.push({`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ Table.prototype.insert = function(raw, field) {`
`33`	`33`	`this.query.push(raw);`
`34`	`34`	`}`
`35`	`35`	`if (JSON.stringify(raw).length > 512000) {`
`36`		`- throw new Error('Insert too much value,the total value of inserted must not over 1024KB')`
	`36`	`+ throw new Error('Insert too much value,the total value of inserted must not over 512KB')`
`37`	`37`	`}`
`38`	`38`	`this.exec = 'r_insert';`
`39`	`39`	`if (this.transaction) {`
`@@ -177,6 +177,8 @@ function hasExtraCond(item) {`
`177`	`177`	`}`
`178`	`178`
`179`	`179`	`Table.prototype.limit = function(limit) {`
	`180`	`+ if(typeof(limit) != 'number')`
	`181`	`+ throw new Error('limit must be a number')`
`180`	`182`	`if (this.exec !== 'r_get')`
`181`	`183`	`throw new Error('Object can not hava function limit');`
`182`	`184`