From e7624382ae2c828da827f5935c26808298c8aa5e Mon Sep 17 00:00:00 2001
From: Dario <dario.rekowski@gmx.de>
Date: Mon, 8 Jun 2020 13:42:37 +0200
Subject: [PATCH] use KeyPairEd25519 and AuthenticatedEncryption in
 controller/User

---
 src/cpp/Crypto/AuthenticatedEncryption.cpp |  4 ++--
 src/cpp/Crypto/AuthenticatedEncryption.h   |  8 +++++---
 src/cpp/Crypto/IKeyPair.h                  |  2 +-
 src/cpp/Crypto/KeyPairEd25519.cpp          | 17 ++++++++++++++++-
 src/cpp/Crypto/KeyPairEd25519.h            |  7 ++++++-
 src/cpp/controller/User.cpp                |  4 ++++
 src/cpp/controller/User.h                  | 21 +++++++++++++++++++--
 7 files changed, 53 insertions(+), 10 deletions(-)

diff --git a/src/cpp/Crypto/AuthenticatedEncryption.cpp b/src/cpp/Crypto/AuthenticatedEncryption.cpp
index 87464f778..6bfd74ddb 100644
--- a/src/cpp/Crypto/AuthenticatedEncryption.cpp
+++ b/src/cpp/Crypto/AuthenticatedEncryption.cpp
@@ -68,7 +68,7 @@ AuthenticatedEncryption::ResultType AuthenticatedEncryption::createKey(const std
 	return AUTH_ENCRYPT_OK;
 }
 
-AuthenticatedEncryption::ResultType AuthenticatedEncryption::encrypt(const MemoryBin* message, MemoryBin** encryptedMessage)
+AuthenticatedEncryption::ResultType AuthenticatedEncryption::encrypt(const MemoryBin* message, MemoryBin** encryptedMessage) const
 {
 	assert(message && encryptedMessage);
 	std::shared_lock<std::shared_mutex> _lock(mWorkingMutex);
@@ -100,7 +100,7 @@ AuthenticatedEncryption::ResultType AuthenticatedEncryption::encrypt(const Memor
 	return AUTH_ENCRYPT_OK;
 }
 
-AuthenticatedEncryption::ResultType AuthenticatedEncryption::decrypt(const MemoryBin* encryptedMessage, MemoryBin** message)
+AuthenticatedEncryption::ResultType AuthenticatedEncryption::decrypt(const MemoryBin* encryptedMessage, MemoryBin** message) const
 {
 	assert(message && encryptedMessage);
 	std::shared_lock<std::shared_mutex> _lock(mWorkingMutex);
diff --git a/src/cpp/Crypto/AuthenticatedEncryption.h b/src/cpp/Crypto/AuthenticatedEncryption.h
index e11b0cc3f..10eca34ec 100644
--- a/src/cpp/Crypto/AuthenticatedEncryption.h
+++ b/src/cpp/Crypto/AuthenticatedEncryption.h
@@ -56,11 +56,11 @@ public:
 	//! \return AUTH_CREATE_ENCRYPTION_KEY_FAILED call strerror(errno) for more details 
 	ResultType createKey(const std::string& salt_parameter, const std::string& passwd);
 
-	ResultType encrypt(const MemoryBin* message, MemoryBin** encryptedMessage);
+	ResultType encrypt(const MemoryBin* message, MemoryBin** encryptedMessage) const;
 
-	ResultType decrypt(const MemoryBin* encryptedMessage, MemoryBin** message);
+	ResultType decrypt(const MemoryBin* encryptedMessage, MemoryBin** message) const;
 
-	const char* getErrorMessage(ResultType type);
+	static const char* getErrorMessage(ResultType type);
 
 protected:
 	// algorithms parameter
@@ -75,4 +75,6 @@ protected:
 	mutable std::shared_mutex mWorkingMutex;
 };
 
+
+
 #endif //__GRADIDO_LOGIN_SERVER_CRYPTO_AUTHENTICATED_ENCRYPTION_H
\ No newline at end of file
diff --git a/src/cpp/Crypto/IKeyPair.h b/src/cpp/Crypto/IKeyPair.h
index 584631326..2659b211a 100644
--- a/src/cpp/Crypto/IKeyPair.h
+++ b/src/cpp/Crypto/IKeyPair.h
@@ -17,7 +17,7 @@ class IKeyPair
 {
 public:
 	//! \return caller take ownership of return value
-	virtual MemoryBin* sign(const MemoryBin* message) = 0;
+	virtual MemoryBin* sign(const MemoryBin* message) const = 0 ;
 
 
 };
diff --git a/src/cpp/Crypto/KeyPairEd25519.cpp b/src/cpp/Crypto/KeyPairEd25519.cpp
index 7b5d0541a..daf413c08 100644
--- a/src/cpp/Crypto/KeyPairEd25519.cpp
+++ b/src/cpp/Crypto/KeyPairEd25519.cpp
@@ -105,7 +105,7 @@ KeyPairEd25519* KeyPairEd25519::create(const Passphrase* passphrase)
 	// using 
 }
 
-MemoryBin* KeyPairEd25519::sign(const MemoryBin* message)
+MemoryBin* KeyPairEd25519::sign(const MemoryBin* message) const
 {
 	
 	if (!message || !message->size()) return nullptr;
@@ -146,4 +146,19 @@ MemoryBin* KeyPairEd25519::sign(const MemoryBin* message)
 
 	return signBinBuffer;
 
+}
+
+MemoryBin* KeyPairEd25519::getCryptedPrivKey(const AuthenticatedEncryption* password) const
+{
+	if (!password) return nullptr;
+	if (!mSodiumSecret) return nullptr;
+
+	MemoryBin* encryptedKey = nullptr;
+	if (AuthenticatedEncryption::AUTH_ENCRYPT_OK == password->encrypt(mSodiumSecret, &encryptedKey)) {
+		return encryptedKey;
+	}
+	else {
+		return nullptr;
+	}
+
 }
\ No newline at end of file
diff --git a/src/cpp/Crypto/KeyPairEd25519.h b/src/cpp/Crypto/KeyPairEd25519.h
index 9efe2e046..9b89d14db 100644
--- a/src/cpp/Crypto/KeyPairEd25519.h
+++ b/src/cpp/Crypto/KeyPairEd25519.h
@@ -12,6 +12,7 @@
 */
 
 #include "sodium.h"
+#include "AuthenticatedEncryption.h"
 
 class Passphrase;
 
@@ -30,7 +31,7 @@ public:
 	static KeyPairEd25519* create(const Passphrase* passphrase);
 
 	//! \return caller take ownership of return value
-	MemoryBin* sign(const MemoryBin* message);
+	MemoryBin* sign(const MemoryBin* message) const;
 
 	inline const unsigned char* getPublicKey() const { return mSodiumPublic; }
 
@@ -43,7 +44,11 @@ public:
 
 	inline bool hasPrivateKey() const { return mSodiumSecret != nullptr; }
 
+	//! \brief only way to get a private key.. encrypted
+	MemoryBin* getCryptedPrivKey(const AuthenticatedEncryption* password) const;
+
 protected:	
+	
 	KeyPairEd25519();
 
 
diff --git a/src/cpp/controller/User.cpp b/src/cpp/controller/User.cpp
index 0a9473d9d..ddcbc9477 100644
--- a/src/cpp/controller/User.cpp
+++ b/src/cpp/controller/User.cpp
@@ -6,12 +6,16 @@
 
 namespace controller {
 	User::User(model::table::User* dbModel)
+		: mPassword(nullptr)
 	{
 		mDBModel = dbModel;
 	}
 
 	User::~User()
 	{
+		if (mPassword) {
+			delete mPassword;
+		}
 	}
 
 
diff --git a/src/cpp/controller/User.h b/src/cpp/controller/User.h
index fdfbddf57..929329157 100644
--- a/src/cpp/controller/User.h
+++ b/src/cpp/controller/User.h
@@ -2,7 +2,9 @@
 #define GRADIDO_LOGIN_SERVER_CONTROLLER_USER_INCLUDE
 
 #include "../model/table/User.h"
+#include "../Crypto/AuthenticatedEncryption.h"
 
+#include <shared_mutex>
 
 #include "TableControllerBase.h"
 
@@ -34,17 +36,32 @@ namespace controller {
 		inline Poco::AutoPtr<model::table::User> getModel() { return _getModel<model::table::User>(); }
 		inline const model::table::User* getModel() const { return _getModel<model::table::User>(); }
 
-
 		std::string getEmailWithNames();
 		const std::string& getPublicHex();
-		
 
+		
+		// ***********************************************************************************
+		// password related
+		//! \brief 
+		//! \param passwd take owner ship 
+		inline void setPassword(AuthenticatedEncryption* passwd) { 
+			std::unique_lock<std::shared_mutex> _lock(mSharedMutex);
+			if (mPassword) delete passwd;
+			mPassword = passwd; 
+		}
+
+		inline const AuthenticatedEncryption* getPassword() {
+			std::shared_lock<std::shared_mutex> _lock(mSharedMutex);
+			return mPassword;
+		}
 	protected:
 		User(model::table::User* dbModel);
 		
 		std::string mPublicHex;
 
+		AuthenticatedEncryption* mPassword;
 
+		mutable std::shared_mutex mSharedMutex;
 	};
 }