fix: add used nonce to data submission request

iris-connect · Mar 21, 2021 · 936fb10 · 936fb10
1 parent 7d01f33
commit 936fb10
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 12 deletions.
diff --git a/src/lib/Iris.ts b/src/lib/Iris.ts
@@ -17,8 +17,8 @@ const defaultOptions: IrisOptions = {
 };
 
 export default class Iris {
-  axiosInstance: AxiosInstance;
-  codeKeyMap: IrisCodeKeyMap;
+  private axiosInstance: AxiosInstance;
+  private codeKeyMap: IrisCodeKeyMap;
 
   constructor(options: Partial<IrisOptions>) {
     this.codeKeyMap = new Map();
@@ -52,12 +52,13 @@ export default class Iris {
       throw new Error("Code could not be found in key map. Did you perform 'getDataRequest' before?");
     }
     const keys = this.codeKeyMap.get(code);
-    const { dataToTransport, keyToTransport } = encryptData(keys.keyOfHealthDepartment, data);
+    const { dataToTransport, keyToTransport, nonce } = encryptData(keys.keyOfHealthDepartment, data);
     const response = await this.axiosInstance.post(`/data-submissions/${code}/contacts_events`, {
       checkCode: [ getNameCheckHash(user.firstName, user.lastName), getBirthDateCheckHash(user.birthDate) ].filter(c => !!c),
       secret: keyToTransport,
       keyReferenz: keys.keyReferenz,
       encryptedData: dataToTransport,
+      nonce 
     } as IrisContactsEventsSubmissionDTO);
     if (response.status !== 200) {
       console.error('IRIS Gateway responded the following data', response.data);

diff --git a/src/lib/crypto.ts b/src/lib/crypto.ts
@@ -1,17 +1,18 @@
 import * as crypto from 'crypto';
 
-export function encryptData(keyOfHealthDepartment: string, data): { dataToTransport: string; keyToTransport: string } {
-  const publicKey = crypto.createPublicKey(keyOfHealthDepartment);
-  const iv = crypto.randomBytes(16);
+export function encryptData(
+  keyOfHealthDepartment: string,
+  data,
+): { dataToTransport: string; keyToTransport: string; nonce: string } {
+  const nonce = crypto.randomBytes(16);
   const key = crypto.randomBytes(32);
-  const cipher = crypto.createCipheriv('aes-256', key, iv);
-  const encryptedData = Buffer.concat([cipher.update(JSON.stringify(data), 'utf8'), cipher.final()]);
-  const encryptedKey = crypto.publicEncrypt(
-    { key: publicKey, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING, oaepHash: 'sha3' },
-    key,
-  );
+  const cipher = crypto.createCipheriv('AES-256-CBC', key, nonce);
+  const dataString = JSON.stringify(data);
+  const encryptedData = Buffer.concat([cipher.update(dataString, 'utf8'), cipher.final()]);
+  const encryptedKey = crypto.publicEncrypt({ key: keyOfHealthDepartment }, key);
   return {
     dataToTransport: encryptedData.toString('base64'),
     keyToTransport: encryptedKey.toString('base64'),
+    nonce: nonce.toString('base64'),
   };
 }
diff --git a/src/types/dto/IrisContactsEventsSubmissionDTO.ts b/src/types/dto/IrisContactsEventsSubmissionDTO.ts
@@ -3,4 +3,5 @@ export default interface IrisContactsEventsSubmissionDTO {
     secret: string;
     keyReferenz: string;
     encryptedData: string;
+    nonce: string;
 }