Core/Accounts: Should fix random error about verifier length.
This commit is contained in:
@@ -1,8 +1,24 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Text;
|
||||
using System.Security.Cryptography;
|
||||
/*
|
||||
* Copyright (C) 2012-2020 CypherCore <http://github.com/CypherCore>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
using System;
|
||||
using System.Numerics;
|
||||
using System.Security.Cryptography;
|
||||
using System.Text;
|
||||
|
||||
namespace Framework.Cryptography
|
||||
{
|
||||
@@ -15,12 +31,12 @@ namespace Framework.Cryptography
|
||||
static SRP6()
|
||||
{
|
||||
_sha1 = new SHA1Managed();
|
||||
_g = new byte[] { 7 }.ToBigInteger();
|
||||
_N = new byte[]
|
||||
_g = new BigInteger(7);
|
||||
_N = new BigInteger(new byte[]
|
||||
{
|
||||
0x89, 0x4B, 0x64, 0x5E, 0x89, 0xE1, 0x53, 0x5B, 0xBD, 0xAD, 0x5B, 0x8B, 0x29, 0x06, 0x50, 0x53,
|
||||
0x08, 0x01, 0xB1, 0x8E, 0xBF, 0xBF, 0x5E, 0x8F, 0xAB, 0x3C, 0x82, 0x87, 0x2A, 0x3E, 0x9B, 0xB7,
|
||||
}.ToBigInteger(true);
|
||||
}, true, true);
|
||||
}
|
||||
|
||||
public static (byte[] Salt, byte[] Verifier) MakeRegistrationData(string username, string password)
|
||||
@@ -39,14 +55,14 @@ namespace Framework.Cryptography
|
||||
public static byte[] CalculateVerifier(string username, string password, byte[] salt)
|
||||
{
|
||||
// v = g ^ H(s || H(u || ':' || p)) mod N
|
||||
return CalculateVerifierFromHash(_sha1.ComputeHash(Encoding.ASCII.GetBytes(username.ToUpper() + ":" + password.ToUpper())), salt);
|
||||
return CalculateVerifierFromHash(_sha1.ComputeHash(Encoding.UTF8.GetBytes(username.ToUpperInvariant() + ":" + password.ToUpperInvariant())), salt);
|
||||
}
|
||||
|
||||
// merge this into CalculateVerifier once the sha_pass hack finally gets nuked from orbit
|
||||
public static byte[] CalculateVerifierFromHash(byte[] hash, byte[] salt)
|
||||
{
|
||||
// v = BigInteger.ModPow(gBN, x, BN);
|
||||
return BigInteger.ModPow(_g, _sha1.ComputeHash(salt.Combine(hash)).ToBigInteger(), _N).ToByteArray();
|
||||
return BigInteger.ModPow(_g, new BigInteger(_sha1.ComputeHash(salt.Combine(hash)), true), _N).ToByteArray();
|
||||
}
|
||||
|
||||
public static bool CheckLogin(string username, string password, byte[] salt, byte[] verifier)
|
||||
|
||||
@@ -128,30 +128,6 @@ namespace System
|
||||
return combined;
|
||||
}
|
||||
|
||||
public static BigInteger ToBigInteger<T>(this T value, bool isBigEndian = false)
|
||||
{
|
||||
BigInteger ret;
|
||||
|
||||
switch (typeof(T).Name)
|
||||
{
|
||||
case "Byte[]":
|
||||
var data = value as byte[];
|
||||
|
||||
if (isBigEndian)
|
||||
Array.Reverse(data);
|
||||
|
||||
ret = new BigInteger(data.Combine(new byte[] { 0 }));
|
||||
break;
|
||||
case "BigInteger":
|
||||
ret = (BigInteger)Convert.ChangeType(value, typeof(BigInteger));
|
||||
break;
|
||||
default:
|
||||
throw new NotSupportedException($"'{typeof(T).Name}' conversion to 'BigInteger' not supported.");
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
public static void Swap<T>(ref T left, ref T right)
|
||||
{
|
||||
T temp = left;
|
||||
|
||||
@@ -37,13 +37,13 @@ namespace Game
|
||||
public AccountOpResult CreateAccount(string username, string password, string email = "", uint bnetAccountId = 0, byte bnetIndex = 0)
|
||||
{
|
||||
if (username.Length > MaxAccountLength)
|
||||
return AccountOpResult.NameTooLong; // username's too long
|
||||
return AccountOpResult.NameTooLong;
|
||||
|
||||
if (password.Length > MaxAccountLength)
|
||||
return AccountOpResult.PassTooLong; // password's too long
|
||||
return AccountOpResult.PassTooLong;
|
||||
|
||||
if (GetId(username) != 0)
|
||||
return AccountOpResult.NameAlreadyExist; // username does already exist
|
||||
return AccountOpResult.NameAlreadyExist;
|
||||
|
||||
(byte[] salt, byte[] verifier) = SRP6.MakeRegistrationData(username, password);
|
||||
|
||||
@@ -68,7 +68,7 @@ namespace Game
|
||||
stmt = DB.Login.GetPreparedStatement(LoginStatements.INS_REALM_CHARACTERS_INIT);
|
||||
DB.Login.Execute(stmt);
|
||||
|
||||
return AccountOpResult.Ok; // everything's fine
|
||||
return AccountOpResult.Ok;
|
||||
}
|
||||
|
||||
public AccountOpResult DeleteAccount(uint accountId)
|
||||
|
||||
Reference in New Issue
Block a user