From 2473f450c34ce6dc49ce8a3248f62bbf2e8bc532 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 3 Nov 2021 00:51:55 +0100
Subject: [PATCH] - require sodium because else problems occur - fix key
 generation

---
 backend/src/graphql/resolver/UserResolver.ts | 79 +++++++++++++++-----
 1 file changed, 60 insertions(+), 19 deletions(-)

diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index c883cbb39..1ff60d769 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -3,16 +3,17 @@
 
 import fs from 'fs'
 import { Resolver, Query, Args, Arg, Authorized, Ctx, UseMiddleware, Mutation } from 'type-graphql'
-import {
-  /* eslint-disable camelcase */
-  randombytes_random,
-  crypto_hash_sha512_instance,
-  crypto_hash_sha512_BYTES,
-  crypto_sign_seed_keypair,
-  crypto_sign_PUBLICKEYBYTES,
-  crypto_sign_SECRETKEYBYTES,
-  /* eslint-enable camelcase */
-} from 'sodium-native'
+// import {
+//  /* eslint-disable camelcase */
+//  randombytes_random,
+//  crypto_hash_sha512_instance,
+//  crypto_hash_sha512_BYTES,
+//  crypto_sign_seed_keypair,
+//  crypto_sign_PUBLICKEYBYTES,
+//  crypto_sign_SECRETKEYBYTES,
+//  /* eslint-enable camelcase */
+// } from 'sodium-native'
+
 import { getCustomRepository } from 'typeorm'
 import CONFIG from '../../config'
 import { LoginViaVerificationCode } from '../model/LoginViaVerificationCode'
@@ -41,6 +42,9 @@ import { LoginUser } from '@entity/LoginUser'
 import { LoginUserBackup } from '@entity/LoginUserBackup'
 import { bigintToBuf } from 'bigint-conversion'
 
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const sodium = require('sodium-native')
+
 // We will reuse this for changePassword
 const isPassword = (password: string): boolean => {
   if (!password.match(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9 \\t\\n\\r]).{8,}$/)) {
@@ -79,11 +83,42 @@ const WORDS = fs.readFileSync('src/config/mnemonic.english.txt').toString().spli
 const PassphraseGenerate = (): string[] => {
   const result = []
   for (let i = 0; i < PHRASE_WORD_COUNT; i++) {
-    result.push(WORDS[randombytes_random() % 2048])
+    result.push(WORDS[sodium.randombytes_random() % 2048])
   }
   return result
 }
 
+/*
+  return [
+    'avoid',
+    'security',
+    'heavy',
+    'mercy',
+    'exit',
+    'avocado',
+    'actress',
+    'apple',
+    'crowd',
+    'drop',
+    'rib',
+    'photo',
+    'valley',
+    'test',
+    'board',
+    'evidence',
+    'blast',
+    'pencil',
+    'frost',
+    'frame',
+    'come',
+    'vanish',
+    'very',
+    'inner',
+  ]
+*/
+// pub:  0xdd1b7bb
+// priv: 0xbcadd66
+
 const KeyPairEd25519Create = (passphrase: string[]): Buffer[] => {
   if (!passphrase.length || passphrase.length < PHRASE_WORD_COUNT) {
     throw new Error('passphrase empty or to short')
@@ -98,23 +133,29 @@ const KeyPairEd25519Create = (passphrase: string[]): Buffer[] => {
   // if (!wordIndicies || (!wordIndicies[0] && !wordIndicies[1] && !wordIndicies[2] && !wordIndicies[3])) {
   //	return null;
   // }
+  const state = Buffer.alloc(sodium.crypto_hash_sha512_STATEBYTES)
 
-  const hash = crypto_hash_sha512_instance()
+  // sodium.crypto_hash_sha256_init(state /* , [key], outlen */)
+  sodium.crypto_hash_sha512_init(state)
 
   // To prevent breaking existing passphrase-hash combinations word indices will be put into 64 Bit Variable to mimic first implementation of algorithms
   for (let i = 0; i < PHRASE_WORD_COUNT; i++) {
     const value = BigInt(wordIndicies[i])
-    hash.update(Buffer.from(bigintToBuf(value)))
+    sodium.crypto_hash_sha512_update(state, Buffer.from(bigintToBuf(value))) // hash.update(Buffer.from(bigintToBuf(value)))
   }
   const clearPassphrase = passphrase.join(' ')
-  hash.update(Buffer.from(clearPassphrase))
-  const outputHashBuffer = Buffer.alloc(crypto_hash_sha512_BYTES)
-  hash.final(outputHashBuffer)
+  sodium.crypto_hash_sha512_update(state, Buffer.from(clearPassphrase)) // hash.update(Buffer.from(clearPassphrase))
+  const outputHashBuffer = Buffer.alloc(sodium.crypto_hash_sha512_BYTES)
+  sodium.crypto_hash_sha512_final(state, outputHashBuffer) // hash.final(outputHashBuffer)
 
-  const pubKey = Buffer.alloc(crypto_sign_PUBLICKEYBYTES)
-  const privKey = Buffer.alloc(crypto_sign_SECRETKEYBYTES)
+  const pubKey = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES)
+  const privKey = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES)
 
-  crypto_sign_seed_keypair(pubKey, privKey, outputHashBuffer)
+  sodium.crypto_sign_seed_keypair(
+    pubKey,
+    privKey,
+    outputHashBuffer.slice(sodium.crypto_sign_SEEDBYTES),
+  )
 
   return [pubKey, privKey]
 }