From a058db2102302aa42e6ffe6289707a830fe77c14 Mon Sep 17 00:00:00 2001
From: 0xdcarns <dillon.carns@gmail.com>
Date: Sat, 29 Jan 2022 00:11:11 -0500
Subject: [PATCH] chunked

---
 mq/util.go                          | 12 +++---
 netclient/functions/daemon.go       |  8 ++--
 netclient/ncutils/netclientutils.go | 60 ++++++++++++++++++++++++++---
 3 files changed, 65 insertions(+), 15 deletions(-)

diff --git a/mq/util.go b/mq/util.go
index eb8790e2..224805ca 100644
--- a/mq/util.go
+++ b/mq/util.go
@@ -1,6 +1,8 @@
 package mq
 
 import (
+	"fmt"
+
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/netclient/ncutils"
@@ -12,7 +14,7 @@ func decryptMsg(nodeid string, msg []byte) ([]byte, error) {
 	if trafficErr != nil {
 		return nil, trafficErr
 	}
-	return ncutils.DecryptWithPrivateKey(msg, &trafficKey), nil
+	return ncutils.DestructMessage(string(msg), &trafficKey), nil
 }
 
 func encrypt(nodeid string, dest string, msg []byte) ([]byte, error) {
@@ -20,11 +22,11 @@ func encrypt(nodeid string, dest string, msg []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	encrypted, encryptErr := ncutils.EncryptWithPublicKey(msg, &node.TrafficKeys.Mine)
-	if encryptErr != nil {
-		return nil, encryptErr
+	encrypted := ncutils.BuildMessage(msg, &node.TrafficKeys.Mine)
+	if encrypted == "" {
+		return nil, fmt.Errorf("could not encrypt message")
 	}
-	return encrypted, nil
+	return []byte(encrypted), nil
 }
 
 func publish(nodeid string, dest string, msg []byte) error {
diff --git a/netclient/functions/daemon.go b/netclient/functions/daemon.go
index b122dbb9..da2d2f7a 100644
--- a/netclient/functions/daemon.go
+++ b/netclient/functions/daemon.go
@@ -371,9 +371,9 @@ func Hello(cfg *config.ClientConfig, network string) {
 func publish(cfg *config.ClientConfig, dest string, msg []byte) error {
 	client := SetupMQTT(cfg)
 	defer client.Disconnect(250)
-	encrypted, encryptErr := ncutils.EncryptWithPublicKey(msg, &cfg.Node.TrafficKeys.Server)
-	if encryptErr != nil {
-		return encryptErr
+	encrypted := ncutils.BuildMessage(msg, &cfg.Node.TrafficKeys.Server)
+	if encrypted == "" {
+		return fmt.Errorf("could not encrypt message")
 	}
 	if token := client.Publish(dest, 0, false, encrypted); token.Wait() && token.Error() != nil {
 		return token.Error()
@@ -394,7 +394,7 @@ func decryptMsg(cfg *config.ClientConfig, msg []byte) ([]byte, error) {
 	if err := json.Unmarshal([]byte(diskKey), &trafficKey); err != nil {
 		return nil, err
 	}
-	return ncutils.DecryptWithPrivateKey(msg, &trafficKey), nil
+	return ncutils.DestructMessage(string(msg), &trafficKey), nil
 }
 
 func shouldResub(currentServers, newServers []models.ServerAddr) bool {
diff --git a/netclient/ncutils/netclientutils.go b/netclient/ncutils/netclientutils.go
index 7852d1dd..489f00e4 100644
--- a/netclient/ncutils/netclientutils.go
+++ b/netclient/ncutils/netclientutils.go
@@ -550,23 +550,71 @@ func ServerAddrSliceContains(slice []models.ServerAddr, item models.ServerAddr)
 	return false
 }
 
-// EncryptWithPublicKey encrypts data with public key
-func EncryptWithPublicKey(msg []byte, pub *rsa.PublicKey) ([]byte, error) {
+// DestructMessage - reconstruct original message through chunks
+func DestructMessage(builtMsg string, priv *rsa.PrivateKey) []byte {
+	var chunks = strings.Split(builtMsg, ",")
+	var totalMessage = make([]byte, len(builtMsg))
+	for _, chunk := range chunks {
+		var bytes = decryptWithPrivateKey([]byte(chunk), priv)
+		if bytes == nil {
+			return nil
+		}
+		totalMessage = append(totalMessage, bytes...)
+	}
+	return totalMessage
+}
+
+// BuildMessage Build a message for publishing
+func BuildMessage(originalMessage []byte, pub *rsa.PublicKey) string {
+	chunks := getSliceChunks(originalMessage, 2048)
+	var message = ""
+	for i := 0; i < len(chunks); i++ {
+		var encryptedText, encryptErr = encryptWithPublicKey(chunks[i], pub)
+		if encryptErr != nil {
+			return ""
+		}
+
+		message += string(encryptedText)
+		if i < len(chunks)-1 {
+			message += ","
+		}
+	}
+	return message
+}
+
+func getSliceChunks(slice []byte, chunkSize int) [][]byte {
+	var chunks [][]byte
+	for i := 0; i < len(slice); i += chunkSize {
+		lastByte := i + chunkSize
+
+		if lastByte > len(slice) {
+			lastByte = len(slice)
+		}
+
+		chunks = append(chunks, slice[i:lastByte])
+	}
+
+	return chunks
+}
+
+// encryptWithPublicKey encrypts data with public key
+func encryptWithPublicKey(msg []byte, pub *rsa.PublicKey) ([]byte, error) {
 	if pub == nil {
 		return nil, errors.New("invalid public key when decrypting")
 	}
 	hash := sha512.New()
-	ciphertext, err := rsa.EncryptOAEP(hash, crand.Reader, pub, msg, nil)
+	ciphertext, err := rsa.EncryptOAEP(hash, crand.Reader, pub, msg, []byte(""))
 	if err != nil {
 		return nil, err
 	}
+
 	return ciphertext, nil
 }
 
-// DecryptWithPrivateKey decrypts data with private key
-func DecryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) []byte {
+// decryptWithPrivateKey decrypts data with private key
+func decryptWithPrivateKey(ciphertext []byte, priv *rsa.PrivateKey) []byte {
 	hash := sha512.New()
-	plaintext, err := rsa.DecryptOAEP(hash, crand.Reader, priv, ciphertext, nil)
+	plaintext, err := rsa.DecryptOAEP(hash, crand.Reader, priv, ciphertext, []byte(""))
 	if err != nil {
 		return nil
 	}