/// <summary>
/// Changes the password.
/// </summary>
/// <returns>
/// The new identity to be stored
/// </returns>
/// <param name='oldPassword'>
/// Old password.
/// </param>
/// <param name='oldSalt'>
/// Old salt.
/// </param>
/// <param name='newPassword'>
/// New password.
/// </param>
/// <param name='masterIdentityKey'>
/// Master identity key.
/// </param>
public SqrlIdentity ChangePassword(string oldPassword, byte[] oldSalt, string newPassword, byte[] masterIdentityKey)
{
var identity = new SqrlIdentity();
var rngCsp = new RNGCryptoServiceProvider();
// calculate the master key
var oldPasswordKey = _pbkdfHandler.GeneratePasswordKey(oldPassword, oldSalt);
var masterKey = Xor(oldPasswordKey, masterIdentityKey);
// generate new salt
identity.Salt = new byte[8];
rngCsp.GetBytes(identity.Salt);
// generate the new password key
var newPasswordKey = _pbkdfHandler.GeneratePasswordKey(newPassword, identity.Salt);
// get the partial hash for password verification
identity.PartialPasswordHash = _pbkdfHandler.GetPartialHashFromPasswordKey(newPasswordKey);
// XOR the master key and the new password key to get the master identity key
identity.MasterIdentityKey = Xor(newPasswordKey, masterKey);
Array.Clear(masterKey, 0, masterKey.Length);
Array.Clear(oldPasswordKey, 0, oldPasswordKey.Length);
Array.Clear(newPasswordKey, 0, newPasswordKey.Length);
return(identity);
}
/// <summary>
/// Creates an identity for use with SQRL.
/// </summary>
/// <returns>
/// All the data needed to define an identity.
/// </returns>
/// <param name='password'>
/// The password.
/// </param>
/// <param name='entropy'>
/// Random data from some non-deterministic source that allows for more secure master key generation.
/// </param>
public SqrlIdentity CreateIdentity(string password, byte[] entropy)
{
var identity = new SqrlIdentity();
identity.Salt = new byte[8];
var masterKey = new byte[32];
var rngCsp = new RNGCryptoServiceProvider();
var sha256 = SHA256Managed.Create();
rngCsp.GetBytes(identity.Salt);
rngCsp.GetBytes(masterKey);
// XOR the generated master key with the entropy (making any potential backdoors in the implementation of RNGCryptoServiceProvider irrelevent)
masterKey = Xor(masterKey, sha256.ComputeHash(entropy));
// call the SCrypt PBKDF to create the password key
var passwordKey = _pbkdfHandler.GeneratePasswordKey(password, identity.Salt);
// get the partial hash for password verification
identity.PartialPasswordHash = _pbkdfHandler.GetPartialHashFromPasswordKey(passwordKey);
// XOR the master key and the password key to get the master identity key
identity.MasterIdentityKey = Xor(passwordKey, masterKey);
Array.Clear(masterKey, 0, masterKey.Length);
Array.Clear(passwordKey, 0, passwordKey.Length);
return(identity);
}
public PasswordDialog(SqrlIdentity identity)
{
this.Build();
Identity = identity;
this.Title = string.Format("Enter Password for {0}", identity.Name);
}
private SqrlIdentity CreateNewIdentity()
{
SqrlIdentity identity = null;
var dlg = new CreateIdentityDialog();
var response = (ResponseType)dlg.Run();
if (response == ResponseType.Ok)
{
identity = _sqrlClient.CreateIdentity(dlg.Password, Encoding.UTF8.GetBytes(DateTime.Now.ToLongDateString()));
identity.Name = dlg.IdentityName;
}
dlg.Destroy();
return(identity);
}
/// <summary>
/// Verifies the password.
/// </summary>
/// <returns>
/// True if the password is correct.
/// </returns>
/// <param name='password'>
/// The password.
/// </param>
/// <param name='identity'>
/// The identity to verify against.
/// </param>
public bool VerifyPassword(string password, SqrlIdentity identity)
{
return(_pbkdfHandler.VerifyPassword(password, identity.Salt, identity.PartialPasswordHash));
}
/// <summary>
/// Gets the sqrl data for login.
/// </summary>
/// <returns>
/// The sqrl data for login.
/// </returns>
/// <param name='identity'>
/// The identity.
/// </param>
/// <param name='password'>
/// The password.
/// </param>
/// <param name='url'>
/// The URL.
/// </param>
public SqrlData GetSqrlDataForLogin(SqrlIdentity identity, string password, string url)
{
return(GetSqrlDataForLogin(identity.MasterIdentityKey, password, identity.Salt, url));
}
