84 lines
2.2 KiB
Go
84 lines
2.2 KiB
Go
|
|
/*
|
||
|
|
* Copyright (c) 2026 Kaiy Ragur
|
||
|
|
*
|
||
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
||
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||
|
|
*/
|
||
|
|
package account
|
||
|
|
|
||
|
|
import (
|
||
|
|
"crypto/ed25519"
|
||
|
|
"fmt"
|
||
|
|
"io"
|
||
|
|
|
||
|
|
"github.com/neilalexander/yggmail/internal/storage/types"
|
||
|
|
"github.com/neilalexander/yggmail/internal/utils"
|
||
|
|
"github.com/neilalexander/yggmail/internal/utils/age"
|
||
|
|
"golang.org/x/crypto/bcrypt"
|
||
|
|
)
|
||
|
|
|
||
|
|
// Incapsulate all logic with cryptography by account
|
||
|
|
type Session struct {
|
||
|
|
account *types.Account
|
||
|
|
privKey ed25519.PrivateKey
|
||
|
|
}
|
||
|
|
|
||
|
|
// Constructor
|
||
|
|
func NewSession(a *types.Account, p ed25519.PrivateKey) *Session {
|
||
|
|
return &Session{
|
||
|
|
account: a,
|
||
|
|
privKey: p,
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func (s *Session) Username() string { return s.account.PublicKey }
|
||
|
|
func (s *Session) Publickey() ed25519.PublicKey { return s.privKey.Public().(ed25519.PublicKey) }
|
||
|
|
func (s *Session) GetAccount() *types.Account { return s.account }
|
||
|
|
|
||
|
|
func (s *Session) Sign(data []byte) (sign []byte, err error) {
|
||
|
|
sign = ed25519.Sign(s.privKey, data)
|
||
|
|
return sign, nil
|
||
|
|
}
|
||
|
|
|
||
|
|
func (s *Session) Decrypt(r io.Reader) (io.Reader, error) {
|
||
|
|
i, err := age.Identity(s.privKey)
|
||
|
|
if err != nil {
|
||
|
|
return nil, err
|
||
|
|
}
|
||
|
|
return age.DecryptArmor(r, i)
|
||
|
|
}
|
||
|
|
|
||
|
|
func (s *Session) Encrypt(w io.Writer, rcpt ...ed25519.PublicKey) (io.WriteCloser, error) {
|
||
|
|
r, err := age.Recipient(rcpt...)
|
||
|
|
if err != nil {
|
||
|
|
return nil, err
|
||
|
|
}
|
||
|
|
return age.EncryptArmor(w, r...)
|
||
|
|
}
|
||
|
|
|
||
|
|
func (s *Session) ChangePassword(p SecretProvider) (enSk string, passwdHash []byte, err error) {
|
||
|
|
sk := s.privKey
|
||
|
|
if len(sk) != ed25519.PrivateKeySize {
|
||
|
|
return "", nil, fmt.Errorf("session.ChangePassword:: PrivateKeySize != 32")
|
||
|
|
}
|
||
|
|
password, err := p()
|
||
|
|
if err != nil {
|
||
|
|
return "", nil, fmt.Errorf("session.ChangePassword: SecretProvider: %w", err)
|
||
|
|
}
|
||
|
|
enSk, err = utils.AESEncrypt(utils.EncodeString(sk), password)
|
||
|
|
if err != nil {
|
||
|
|
return "", nil, fmt.Errorf("session.ChangePassword: encrypt privateKey: %w", err)
|
||
|
|
}
|
||
|
|
|
||
|
|
passwdhash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||
|
|
if err != nil {
|
||
|
|
return "", nil, fmt.Errorf("session.ChangePassword:: hash password: %w", err)
|
||
|
|
}
|
||
|
|
|
||
|
|
// nulling sec-data
|
||
|
|
password = ""
|
||
|
|
|
||
|
|
return enSk, passwdhash, nil
|
||
|
|
}
|