Status
loginRecoverySet(Login &login,
const std::string &recoveryQuestions,
const std::string &recoveryAnswers)
{
std::string LRA = login.lobby.username() + recoveryAnswers;
// Load the packages:
CarePackage carePackage;
LoginPackage loginPackage;
ABC_CHECK(carePackage.load(login.paths.carePackagePath()));
ABC_CHECK(loginPackage.load(login.paths.loginPackagePath()));
// Load the old keys:
DataChunk authKey = login.authKey();
// Update scrypt parameters:
JsonSnrp snrp;
ABC_CHECK(snrp.create());
ABC_CHECK(carePackage.snrp3Set(snrp));
ABC_CHECK(snrp.create());
ABC_CHECK(carePackage.snrp4Set(snrp));
// Make questionKey (unlocks questions):
DataChunk questionKey;
ABC_CHECK(carePackage.snrp4().hash(questionKey, login.lobby.username()));
// Encrypt the questions:
JsonBox box;
ABC_CHECK(box.encrypt(recoveryQuestions, questionKey));
ABC_CHECK(carePackage.questionBoxSet(box));
// Make recoveryKey (unlocks dataKey):
DataChunk recoveryKey;
ABC_CHECK(carePackage.snrp3().hash(recoveryKey, LRA));
// Encrypt dataKey:
ABC_CHECK(box.encrypt(login.dataKey(), recoveryKey));
ABC_CHECK(loginPackage.recoveryBoxSet(box));
// Make recoveryAuthKey (unlocks the server):
DataChunk recoveryAuthKey;
ABC_CHECK(usernameSnrp().hash(recoveryAuthKey, LRA));
// Encrypt recoveryAuthKey (needed for atomic password updates):
ABC_CHECK(box.encrypt(recoveryAuthKey, login.dataKey()));
ABC_CHECK(loginPackage.ELRA1Set(box));
// Change the server login:
ABC_CHECK(loginServerChangePassword(login, authKey, recoveryAuthKey,
carePackage, loginPackage));
// Change the on-disk login:
ABC_CHECK(carePackage.save(login.paths.carePackagePath()));
ABC_CHECK(loginPackage.save(login.paths.loginPackagePath()));
return Status();
}
