Status loginServerPasswordSet(AuthJson authJson, DataSlice passwordAuth, JsonPtr passwordKeySnrp, JsonPtr passwordBox, JsonPtr passwordAuthBox) { const auto url = ABC_SERVER_ROOT "/v2/login/password"; JsonSnrp passwordAuthSnrp; ABC_CHECK(passwordAuthSnrp.snrpSet(usernameSnrp())); JsonObject dataJson; ABC_CHECK(dataJson.set("passwordAuth", base64Encode(passwordAuth))); ABC_CHECK(dataJson.set("passwordAuthSnrp", passwordAuthSnrp)); ABC_CHECK(dataJson.set("passwordKeySnrp", passwordKeySnrp)); ABC_CHECK(dataJson.set("passwordBox", passwordBox)); ABC_CHECK(dataJson.set("passwordAuthBox", passwordAuthBox)); ABC_CHECK(authJson.set("data", dataJson)); HttpReply reply; ABC_CHECK(AirbitzRequest().request(reply, url, "PUT", authJson.encode())); ServerReplyJson replyJson; ABC_CHECK(replyJson.decode(reply)); return Status(); }
Status loginRecoverySet(Login &login, const std::string &recoveryQuestions, const std::string &recoveryAnswers) { std::string LRA = login.lobby.username() + recoveryAnswers; // Load the packages: CarePackage carePackage; LoginPackage loginPackage; ABC_CHECK(carePackage.load(login.paths.carePackagePath())); ABC_CHECK(loginPackage.load(login.paths.loginPackagePath())); // Load the old keys: DataChunk authKey = login.authKey(); // Update scrypt parameters: JsonSnrp snrp; ABC_CHECK(snrp.create()); ABC_CHECK(carePackage.snrp3Set(snrp)); ABC_CHECK(snrp.create()); ABC_CHECK(carePackage.snrp4Set(snrp)); // Make questionKey (unlocks questions): DataChunk questionKey; ABC_CHECK(carePackage.snrp4().hash(questionKey, login.lobby.username())); // Encrypt the questions: JsonBox box; ABC_CHECK(box.encrypt(recoveryQuestions, questionKey)); ABC_CHECK(carePackage.questionBoxSet(box)); // Make recoveryKey (unlocks dataKey): DataChunk recoveryKey; ABC_CHECK(carePackage.snrp3().hash(recoveryKey, LRA)); // Encrypt dataKey: ABC_CHECK(box.encrypt(login.dataKey(), recoveryKey)); ABC_CHECK(loginPackage.recoveryBoxSet(box)); // Make recoveryAuthKey (unlocks the server): DataChunk recoveryAuthKey; ABC_CHECK(usernameSnrp().hash(recoveryAuthKey, LRA)); // Encrypt recoveryAuthKey (needed for atomic password updates): ABC_CHECK(box.encrypt(recoveryAuthKey, login.dataKey())); ABC_CHECK(loginPackage.ELRA1Set(box)); // Change the server login: ABC_CHECK(loginServerChangePassword(login, authKey, recoveryAuthKey, carePackage, loginPackage)); // Change the on-disk login: ABC_CHECK(carePackage.save(login.paths.carePackagePath())); ABC_CHECK(loginPackage.save(login.paths.loginPackagePath())); return Status(); }
Status loginRecoverySet(Login &login, const std::string &recoveryQuestions, const std::string &recoveryAnswers) { std::string LRA = login.store.username() + recoveryAnswers; // Load the packages: CarePackage carePackage; LoginPackage loginPackage; ABC_CHECK(carePackage.load(login.paths.carePackagePath())); ABC_CHECK(loginPackage.load(login.paths.loginPackagePath())); // Load the old keys: DataChunk passwordAuth = login.passwordAuth(); // Update scrypt parameters: JsonSnrp snrp; ABC_CHECK(snrp.create()); ABC_CHECK(carePackage.recoveryKeySnrpSet(snrp)); ABC_CHECK(snrp.create()); ABC_CHECK(carePackage.questionKeySnrpSet(snrp)); // Make questionKey (unlocks questions): DataChunk questionKey; ABC_CHECK(carePackage.questionKeySnrp().hash(questionKey, login.store.username())); // Encrypt the questions: JsonBox questionBox; ABC_CHECK(questionBox.encrypt(recoveryQuestions, questionKey)); ABC_CHECK(carePackage.questionBoxSet(questionBox)); // Make recoveryKey (unlocks dataKey): DataChunk recoveryKey; ABC_CHECK(carePackage.recoveryKeySnrp().hash(recoveryKey, LRA)); // Encrypt dataKey: JsonBox recoveryBox; ABC_CHECK(recoveryBox.encrypt(login.dataKey(), recoveryKey)); ABC_CHECK(loginPackage.recoveryBoxSet(recoveryBox)); // Make recoveryAuth (unlocks the server): DataChunk recoveryAuth; ABC_CHECK(usernameSnrp().hash(recoveryAuth, LRA)); // Change the server login: ABC_CHECK(loginServerChangePassword(login, passwordAuth, recoveryAuth, carePackage, loginPackage)); // Change the on-disk login: ABC_CHECK(carePackage.save(login.paths.carePackagePath())); ABC_CHECK(loginPackage.save(login.paths.loginPackagePath())); return Status(); }
Status Login::createNew(const char *password) { LoginPackage loginPackage; JsonSnrp snrp; // Set up care package: CarePackage carePackage; ABC_CHECK(snrp.create()); ABC_CHECK(carePackage.passwordKeySnrpSet(snrp)); // Set up syncKey: DataChunk syncKey; JsonBox syncKeyBox; ABC_CHECK(randomData(syncKey, SYNC_KEY_LENGTH)); ABC_CHECK(syncKeyBox.encrypt(syncKey, dataKey_)); ABC_CHECK(loginPackage.syncKeyBoxSet(syncKeyBox)); // Set up passwordAuth (LP1): if (password) { std::string LP = store.username() + password; // Generate passwordAuth: ABC_CHECK(usernameSnrp().hash(passwordAuth_, LP)); // We have a password, so use it to encrypt dataKey: DataChunk passwordKey; JsonBox passwordBox; ABC_CHECK(carePackage.passwordKeySnrp().hash(passwordKey, LP)); ABC_CHECK(passwordBox.encrypt(dataKey_, passwordKey)); ABC_CHECK(loginPackage.passwordBoxSet(passwordBox)); } else { // Generate passwordAuth: ABC_CHECK(randomData(passwordAuth_, scryptDefaultSize)); } JsonBox passwordAuthBox; ABC_CHECK(passwordAuthBox.encrypt(passwordAuth_, dataKey_)); ABC_CHECK(loginPackage.passwordAuthBoxSet(passwordAuthBox)); // Create the account and repo on server: ABC_CHECK(loginServerCreate(store, passwordAuth_, carePackage, loginPackage, base16Encode(syncKey))); // Set up the on-disk login: ABC_CHECK(store.paths(paths, true)); ABC_CHECK(carePackage.save(paths.carePackagePath())); ABC_CHECK(loginPackage.save(paths.loginPackagePath())); ABC_CHECK(rootKeyUpgrade()); // Save the bare minimum needed to access the Airbitz account: LoginStashJson stashJson; ABC_CHECK(stashJson.loginIdSet(base64Encode(store.userId()))); ABC_CHECK(stashJson.syncKeyBoxSet(syncKeyBox)); stashJson.save(paths.stashPath()); // Latch the account: ABC_CHECK(loginServerActivate(*this)); return Status(); }