/* * Copyright (c) 2026 Kaiy Ragur * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ package account import ( "crypto/ed25519" "fmt" "io" "github.com/neilalexander/yggmail/internal/storage/types" "github.com/neilalexander/yggmail/internal/utils" "github.com/neilalexander/yggmail/internal/utils/age" "golang.org/x/crypto/bcrypt" ) // Incapsulate all logic with cryptography by account type Session struct { account *types.Account privKey ed25519.PrivateKey } // Constructor func NewSession(a *types.Account, p ed25519.PrivateKey) *Session { return &Session{ account: a, privKey: p, } } func (s *Session) Username() string { return s.account.PublicKey } func (s *Session) Publickey() ed25519.PublicKey { return s.privKey.Public().(ed25519.PublicKey) } func (s *Session) GetAccount() *types.Account { return s.account } func (s *Session) Sign(data []byte) (sign []byte, err error) { sign = ed25519.Sign(s.privKey, data) return sign, nil } func (s *Session) Decrypt(r io.Reader) (io.Reader, error) { i, err := age.Identity(s.privKey) if err != nil { return nil, err } return age.DecryptArmor(r, i) } func (s *Session) Encrypt(w io.Writer, rcpt ...ed25519.PublicKey) (io.WriteCloser, error) { r, err := age.Recipient(rcpt...) if err != nil { return nil, err } return age.EncryptArmor(w, r...) } func (s *Session) ChangePassword(p SecretProvider) (enSk string, passwdHash []byte, err error) { sk := s.privKey if len(sk) != ed25519.PrivateKeySize { return "", nil, fmt.Errorf("session.ChangePassword:: PrivateKeySize != 32") } password, err := p() if err != nil { return "", nil, fmt.Errorf("session.ChangePassword: SecretProvider: %w", err) } enSk, err = utils.AESEncrypt(utils.EncodeString(sk), password) if err != nil { return "", nil, fmt.Errorf("session.ChangePassword: encrypt privateKey: %w", err) } passwdhash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { return "", nil, fmt.Errorf("session.ChangePassword:: hash password: %w", err) } // nulling sec-data password = "" return enSk, passwdhash, nil }