Merge branch 'dev' of https://github.com/Rudra-Sankha-Sinhamahapatra/…

…tiplink into dev
pantha704 · Oct 5, 2024 · a260ff8 · a260ff8
2 parents 7aa0a5e + 8ebdcd8
commit a260ff8
Show file tree

Hide file tree

Showing 7 changed files with 196 additions and 34 deletions.
diff --git a/.env.sample b/.env.sample
@@ -11,9 +11,12 @@ ENCRYPTION_KEY = ''
 
 #AWS KMS
 AWS_CMK_ARN =
+AWS_SECRET_ACCESS_KEY = # IAM user access key (check for correct policies though)
+AWS_ACCESS_KEY_ID = # IAM user secret key (check for correct policies though)
 
 #GCP KMS
 PROJECT_ID = ''
 LOCATION_ID = ''
 KEY_RING_ID = ''
-KEY_ID = ''
+KEY_ID = ''
+GOOGLE_APPLICATION_CREDENTIALS = # <path_to_your_json_file> Look into Service accounts in GCP console for more info
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -37,10 +37,12 @@
     "@solana/web3.js": "^1.95.2",
     "@types/bs58": "^4.0.4",
     "@types/qrcode.react": "^1.0.5",
+    "aws-sdk": "^2.1691.0",
     "axios": "^1.7.7",
     "bs58": "^4.0.1",
     "class-variance-authority": "^0.7.0",
     "clsx": "^2.1.1",
+    "ed25519": "^0.0.5",
     "framer-motion": "^11.3.21",
     "lucide-react": "^0.419.0",
     "next": "14.2.5",

diff --git a/src/actions/pvtKeyEncryptMgmt.ts b/src/actions/pvtKeyEncryptMgmt.ts
@@ -9,25 +9,30 @@ import { splitSecret } from '@/services/keyShardingService'
 import { getServerSession } from 'next-auth'
 
 export async function pvtKeyEncryptionManager(privateKey: string) {
-  const session = await getServerSession(authOptions)
-  const userId = session?.user?.id
+  try {
+    const session = await getServerSession(authOptions)
+    const userId = session?.user?.id
 
-  const { aesShareString, awsShareString, gcpShareString } =
-    await splitSecret(privateKey)
+    const { aesShareString, awsShareString, gcpShareString } =
+      await splitSecret(privateKey)
 
-  const aesEncryptedShare = aesEncrypt(aesShareString)
-  const awsEncryptedShare = await awsEncrypt(awsShareString, {
-    purpose: 'tiplink',
-    country: 'India',
-  })
-  const gcpEncryptedShare = await gcpEncrypt(gcpShareString)
+    const aesEncryptedShare = aesEncrypt(aesShareString)
 
-  await prisma.user.update({
-    where: { id: userId },
-    data: {
-      aesShare: aesEncryptedShare,
-      awsShare: awsEncryptedShare,
-      gcpShare: gcpEncryptedShare,
-    },
-  })
+    const awsEncryptedShare = await awsEncrypt(awsShareString, {
+      purpose: 'tiplink',
+      country: 'India',
+    })
+    const gcpEncryptedShare = await gcpEncrypt(gcpShareString)
+
+    await prisma.user.update({
+      where: { id: userId },
+      data: {
+        aesShare: aesEncryptedShare,
+        awsShare: awsEncryptedShare,
+        gcpShare: gcpEncryptedShare,
+      },
+    })
+  } catch (error) {
+    throw new Error(`Failed to encrypt private key: ${error}`)
+  }
 }
diff --git a/src/services/aes-module.ts b/src/services/aes-module.ts
@@ -7,19 +7,20 @@ export function aesEncrypt(plainText: any) {
   if (!ENCRYPTION_KEY) {
     throw new Error('Encryption key is not set')
   }
-
-  const iv = crypto.randomBytes(IV_LENGTH)
-
-  const cipher = crypto.createCipheriv(
-    'aes-256-cbc',
-    Buffer.from(ENCRYPTION_KEY),
-    iv,
-  )
-
-  let encrypted = cipher.update(plainText, 'utf8', 'hex')
-  encrypted += cipher.final('hex')
-
-  return iv.toString('hex') + ':' + encrypted
+  try {
+    const encryptionKey32 = crypto.createHash('sha256').update(Buffer.from(ENCRYPTION_KEY, 'hex')).digest();
+    const iv = crypto.randomBytes(IV_LENGTH)
+    const cipher = crypto.createCipheriv(
+      'aes-256-ctr',
+      encryptionKey32,
+      iv
+    )
+    let encrypted = cipher.update(plainText, 'utf8', 'hex')
+    encrypted += cipher.final('hex')
+    return iv.toString('hex') + ':' + encrypted
+  } catch (error) {
+    throw new Error(`AES fails: ${error}`)
+  }
 }
 
 export function aesDecrypt(encryptedData: any) {

diff --git a/src/services/aws-kms-module.ts b/src/services/aws-kms-module.ts
@@ -5,6 +5,14 @@ import {
   KmsKeyringNode,
   buildClient,
 } from '@aws-crypto/client-node'
+import AWS from 'aws-sdk'
+
+const credentials = {
+  accessKeyId: process.env.AWS_ACCESS_KEY_ID!,
+  secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!
+}
+
+AWS.config.update({ credentials })
 
 const generatorKeyId = process.env.AWS_CMK_ARN
 if (!generatorKeyId) {

diff --git a/src/services/keyShardingService.ts b/src/services/keyShardingService.ts
@@ -1,16 +1,16 @@
+import base58 from 'bs58'
 import {
   split as shamirSplit,
   combine as shamirCombine,
 } from 'shamir-secret-sharing'
 
-import * as bs58 from 'bs58'
 
 export async function splitSecret(privateKey: string) {
   if (!privateKey) {
     throw new Error('Private key is undefined')
   }
   try {
-    const secretKeyUint8Array = new Uint8Array(bs58.decode(privateKey))
+    const secretKeyUint8Array = new Uint8Array(base58.decode(privateKey))
 
     const shares = await shamirSplit(secretKeyUint8Array, 3, 3)