Status
loginServerPasswordSet(AuthJson authJson,
DataSlice passwordAuth,
JsonPtr passwordKeySnrp,
JsonPtr passwordBox,
JsonPtr passwordAuthBox)
{
const auto url = ABC_SERVER_ROOT "/v2/login/password";
JsonSnrp passwordAuthSnrp;
ABC_CHECK(passwordAuthSnrp.snrpSet(usernameSnrp()));
JsonObject dataJson;
ABC_CHECK(dataJson.set("passwordAuth", base64Encode(passwordAuth)));
ABC_CHECK(dataJson.set("passwordAuthSnrp", passwordAuthSnrp));
ABC_CHECK(dataJson.set("passwordKeySnrp", passwordKeySnrp));
ABC_CHECK(dataJson.set("passwordBox", passwordBox));
ABC_CHECK(dataJson.set("passwordAuthBox", passwordAuthBox));
ABC_CHECK(authJson.set("data", dataJson));
HttpReply reply;
ABC_CHECK(AirbitzRequest().request(reply, url, "PUT", authJson.encode()));
ServerReplyJson replyJson;
ABC_CHECK(replyJson.decode(reply));
return Status();
}
Status
loginRecoverySet(Login &login,
const std::string &recoveryQuestions,
const std::string &recoveryAnswers)
{
std::string LRA = login.lobby.username() + recoveryAnswers;
// Load the packages:
CarePackage carePackage;
LoginPackage loginPackage;
ABC_CHECK(carePackage.load(login.paths.carePackagePath()));
ABC_CHECK(loginPackage.load(login.paths.loginPackagePath()));
// Load the old keys:
DataChunk authKey = login.authKey();
// Update scrypt parameters:
JsonSnrp snrp;
ABC_CHECK(snrp.create());
ABC_CHECK(carePackage.snrp3Set(snrp));
ABC_CHECK(snrp.create());
ABC_CHECK(carePackage.snrp4Set(snrp));
// Make questionKey (unlocks questions):
DataChunk questionKey;
ABC_CHECK(carePackage.snrp4().hash(questionKey, login.lobby.username()));
// Encrypt the questions:
JsonBox box;
ABC_CHECK(box.encrypt(recoveryQuestions, questionKey));
ABC_CHECK(carePackage.questionBoxSet(box));
// Make recoveryKey (unlocks dataKey):
DataChunk recoveryKey;
ABC_CHECK(carePackage.snrp3().hash(recoveryKey, LRA));
// Encrypt dataKey:
ABC_CHECK(box.encrypt(login.dataKey(), recoveryKey));
ABC_CHECK(loginPackage.recoveryBoxSet(box));
// Make recoveryAuthKey (unlocks the server):
DataChunk recoveryAuthKey;
ABC_CHECK(usernameSnrp().hash(recoveryAuthKey, LRA));
// Encrypt recoveryAuthKey (needed for atomic password updates):
ABC_CHECK(box.encrypt(recoveryAuthKey, login.dataKey()));
ABC_CHECK(loginPackage.ELRA1Set(box));
// Change the server login:
ABC_CHECK(loginServerChangePassword(login, authKey, recoveryAuthKey,
carePackage, loginPackage));
// Change the on-disk login:
ABC_CHECK(carePackage.save(login.paths.carePackagePath()));
ABC_CHECK(loginPackage.save(login.paths.loginPackagePath()));
return Status();
}
Status
loginRecoverySet(Login &login,
const std::string &recoveryQuestions,
const std::string &recoveryAnswers)
{
std::string LRA = login.store.username() + recoveryAnswers;
// Load the packages:
CarePackage carePackage;
LoginPackage loginPackage;
ABC_CHECK(carePackage.load(login.paths.carePackagePath()));
ABC_CHECK(loginPackage.load(login.paths.loginPackagePath()));
// Load the old keys:
DataChunk passwordAuth = login.passwordAuth();
// Update scrypt parameters:
JsonSnrp snrp;
ABC_CHECK(snrp.create());
ABC_CHECK(carePackage.recoveryKeySnrpSet(snrp));
ABC_CHECK(snrp.create());
ABC_CHECK(carePackage.questionKeySnrpSet(snrp));
// Make questionKey (unlocks questions):
DataChunk questionKey;
ABC_CHECK(carePackage.questionKeySnrp().hash(questionKey,
login.store.username()));
// Encrypt the questions:
JsonBox questionBox;
ABC_CHECK(questionBox.encrypt(recoveryQuestions, questionKey));
ABC_CHECK(carePackage.questionBoxSet(questionBox));
// Make recoveryKey (unlocks dataKey):
DataChunk recoveryKey;
ABC_CHECK(carePackage.recoveryKeySnrp().hash(recoveryKey, LRA));
// Encrypt dataKey:
JsonBox recoveryBox;
ABC_CHECK(recoveryBox.encrypt(login.dataKey(), recoveryKey));
ABC_CHECK(loginPackage.recoveryBoxSet(recoveryBox));
// Make recoveryAuth (unlocks the server):
DataChunk recoveryAuth;
ABC_CHECK(usernameSnrp().hash(recoveryAuth, LRA));
// Change the server login:
ABC_CHECK(loginServerChangePassword(login, passwordAuth, recoveryAuth,
carePackage, loginPackage));
// Change the on-disk login:
ABC_CHECK(carePackage.save(login.paths.carePackagePath()));
ABC_CHECK(loginPackage.save(login.paths.loginPackagePath()));
return Status();
}
Status
Login::createNew(const char *password)
{
LoginPackage loginPackage;
JsonSnrp snrp;
// Set up care package:
CarePackage carePackage;
ABC_CHECK(snrp.create());
ABC_CHECK(carePackage.passwordKeySnrpSet(snrp));
// Set up syncKey:
DataChunk syncKey;
JsonBox syncKeyBox;
ABC_CHECK(randomData(syncKey, SYNC_KEY_LENGTH));
ABC_CHECK(syncKeyBox.encrypt(syncKey, dataKey_));
ABC_CHECK(loginPackage.syncKeyBoxSet(syncKeyBox));
// Set up passwordAuth (LP1):
if (password)
{
std::string LP = store.username() + password;
// Generate passwordAuth:
ABC_CHECK(usernameSnrp().hash(passwordAuth_, LP));
// We have a password, so use it to encrypt dataKey:
DataChunk passwordKey;
JsonBox passwordBox;
ABC_CHECK(carePackage.passwordKeySnrp().hash(passwordKey, LP));
ABC_CHECK(passwordBox.encrypt(dataKey_, passwordKey));
ABC_CHECK(loginPackage.passwordBoxSet(passwordBox));
}
else
{
// Generate passwordAuth:
ABC_CHECK(randomData(passwordAuth_, scryptDefaultSize));
}
JsonBox passwordAuthBox;
ABC_CHECK(passwordAuthBox.encrypt(passwordAuth_, dataKey_));
ABC_CHECK(loginPackage.passwordAuthBoxSet(passwordAuthBox));
// Create the account and repo on server:
ABC_CHECK(loginServerCreate(store, passwordAuth_,
carePackage, loginPackage, base16Encode(syncKey)));
// Set up the on-disk login:
ABC_CHECK(store.paths(paths, true));
ABC_CHECK(carePackage.save(paths.carePackagePath()));
ABC_CHECK(loginPackage.save(paths.loginPackagePath()));
ABC_CHECK(rootKeyUpgrade());
// Save the bare minimum needed to access the Airbitz account:
LoginStashJson stashJson;
ABC_CHECK(stashJson.loginIdSet(base64Encode(store.userId())));
ABC_CHECK(stashJson.syncKeyBoxSet(syncKeyBox));
stashJson.save(paths.stashPath());
// Latch the account:
ABC_CHECK(loginServerActivate(*this));
return Status();
}
