use KeyPairEd25519 and AuthenticatedEncryption in controller/User

2025-12-13 07:45:54 +00:00 · 2020-06-08 13:42:37 +02:00 · 2020-06-08 13:42:37 +02:00 · e7624382ae
commit e7624382ae
parent d08ab28394
7 changed files with 53 additions and 10 deletions
--- a/src/cpp/Crypto/AuthenticatedEncryption.cpp
+++ b/src/cpp/Crypto/AuthenticatedEncryption.cpp
@ -68,7 +68,7 @@ AuthenticatedEncryption::ResultType AuthenticatedEncryption::createKey(const std
 	return AUTH_ENCRYPT_OK;
 }

-AuthenticatedEncryption::ResultType AuthenticatedEncryption::encrypt(const MemoryBin* message, MemoryBin** encryptedMessage)
+AuthenticatedEncryption::ResultType AuthenticatedEncryption::encrypt(const MemoryBin* message, MemoryBin** encryptedMessage) const
 {
 	assert(message && encryptedMessage);
 	std::shared_lock<std::shared_mutex> _lock(mWorkingMutex);
@ -100,7 +100,7 @@ AuthenticatedEncryption::ResultType AuthenticatedEncryption::encrypt(const Memor
 	return AUTH_ENCRYPT_OK;
 }

-AuthenticatedEncryption::ResultType AuthenticatedEncryption::decrypt(const MemoryBin* encryptedMessage, MemoryBin** message)
+AuthenticatedEncryption::ResultType AuthenticatedEncryption::decrypt(const MemoryBin* encryptedMessage, MemoryBin** message) const
 {
 	assert(message && encryptedMessage);
 	std::shared_lock<std::shared_mutex> _lock(mWorkingMutex);
--- a/src/cpp/Crypto/AuthenticatedEncryption.h
+++ b/src/cpp/Crypto/AuthenticatedEncryption.h
@ -56,11 +56,11 @@ public:
 	//! \return AUTH_CREATE_ENCRYPTION_KEY_FAILED call strerror(errno) for more details 
 	ResultType createKey(const std::string& salt_parameter, const std::string& passwd);

-	ResultType encrypt(const MemoryBin* message, MemoryBin** encryptedMessage);
+	ResultType encrypt(const MemoryBin* message, MemoryBin** encryptedMessage) const;

-	ResultType decrypt(const MemoryBin* encryptedMessage, MemoryBin** message);
+	ResultType decrypt(const MemoryBin* encryptedMessage, MemoryBin** message) const;

-	const char* getErrorMessage(ResultType type);
+	static const char* getErrorMessage(ResultType type);

 protected:
 	// algorithms parameter
@ -75,4 +75,6 @@ protected:
 	mutable std::shared_mutex mWorkingMutex;
 };

+
+
 #endif //__GRADIDO_LOGIN_SERVER_CRYPTO_AUTHENTICATED_ENCRYPTION_H
--- a/src/cpp/Crypto/IKeyPair.h
+++ b/src/cpp/Crypto/IKeyPair.h
@ -17,7 +17,7 @@ class IKeyPair
 {
 public:
 	//! \return caller take ownership of return value
-	virtual MemoryBin* sign(const MemoryBin* message) = 0;
+	virtual MemoryBin* sign(const MemoryBin* message) const = 0 ;


 };
--- a/src/cpp/Crypto/KeyPairEd25519.cpp
+++ b/src/cpp/Crypto/KeyPairEd25519.cpp
@ -105,7 +105,7 @@ KeyPairEd25519* KeyPairEd25519::create(const Passphrase* passphrase)
 	// using 
 }

-MemoryBin* KeyPairEd25519::sign(const MemoryBin* message)
+MemoryBin* KeyPairEd25519::sign(const MemoryBin* message) const
 {
 	
 	if (!message || !message->size()) return nullptr;
@ -147,3 +147,18 @@ MemoryBin* KeyPairEd25519::sign(const MemoryBin* message)
 	return signBinBuffer;

 }
+
+MemoryBin* KeyPairEd25519::getCryptedPrivKey(const AuthenticatedEncryption* password) const
+{
+	if (!password) return nullptr;
+	if (!mSodiumSecret) return nullptr;
+
+	MemoryBin* encryptedKey = nullptr;
+	if (AuthenticatedEncryption::AUTH_ENCRYPT_OK == password->encrypt(mSodiumSecret, &encryptedKey)) {
+		return encryptedKey;
+	}
+	else {
+		return nullptr;
+	}
+
+}
--- a/src/cpp/Crypto/KeyPairEd25519.h
+++ b/src/cpp/Crypto/KeyPairEd25519.h
@ -12,6 +12,7 @@
 */

 #include "sodium.h"
+#include "AuthenticatedEncryption.h"

 class Passphrase;

@ -30,7 +31,7 @@ public:
 	static KeyPairEd25519* create(const Passphrase* passphrase);

 	//! \return caller take ownership of return value
-	MemoryBin* sign(const MemoryBin* message);
+	MemoryBin* sign(const MemoryBin* message) const;

 	inline const unsigned char* getPublicKey() const { return mSodiumPublic; }

@ -43,7 +44,11 @@ public:

 	inline bool hasPrivateKey() const { return mSodiumSecret != nullptr; }

+	//! \brief only way to get a private key.. encrypted
+	MemoryBin* getCryptedPrivKey(const AuthenticatedEncryption* password) const;
+
 protected:	
+	
 	KeyPairEd25519();


--- a/src/cpp/controller/User.cpp
+++ b/src/cpp/controller/User.cpp
@ -6,12 +6,16 @@

 namespace controller {
 	User::User(model::table::User* dbModel)
+		: mPassword(nullptr)
 	{
 		mDBModel = dbModel;
 	}

 	User::~User()
 	{
+		if (mPassword) {
+			delete mPassword;
+		}
 	}


--- a/src/cpp/controller/User.h
+++ b/src/cpp/controller/User.h
@ -2,7 +2,9 @@
 #define GRADIDO_LOGIN_SERVER_CONTROLLER_USER_INCLUDE

 #include "../model/table/User.h"
+#include "../Crypto/AuthenticatedEncryption.h"

+#include <shared_mutex>

 #include "TableControllerBase.h"

@ -34,17 +36,32 @@ namespace controller {
 		inline Poco::AutoPtr<model::table::User> getModel() { return _getModel<model::table::User>(); }
 		inline const model::table::User* getModel() const { return _getModel<model::table::User>(); }

-
 		std::string getEmailWithNames();
 		const std::string& getPublicHex();

 		
+		// ***********************************************************************************
+		// password related
+		//! \brief 
+		//! \param passwd take owner ship 
+		inline void setPassword(AuthenticatedEncryption* passwd) { 
+			std::unique_lock<std::shared_mutex> _lock(mSharedMutex);
+			if (mPassword) delete passwd;
+			mPassword = passwd; 
+		}
+
+		inline const AuthenticatedEncryption* getPassword() {
+			std::shared_lock<std::shared_mutex> _lock(mSharedMutex);
+			return mPassword;
+		}
 	protected:
 		User(model::table::User* dbModel);
 		
 		std::string mPublicHex;

+		AuthenticatedEncryption* mPassword;

+		mutable std::shared_mutex mSharedMutex;
 	};
 }