diff --git a/Source/Framework/Cryptography/SRP6.cs b/Source/Framework/Cryptography/SRP6.cs index 339bae5e3..c5aeafa04 100644 --- a/Source/Framework/Cryptography/SRP6.cs +++ b/Source/Framework/Cryptography/SRP6.cs @@ -1,8 +1,24 @@ -using System; -using System.Collections.Generic; -using System.Text; -using System.Security.Cryptography; +/* + * Copyright (C) 2012-2020 CypherCore + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +using System; using System.Numerics; +using System.Security.Cryptography; +using System.Text; namespace Framework.Cryptography { @@ -15,12 +31,12 @@ namespace Framework.Cryptography static SRP6() { _sha1 = new SHA1Managed(); - _g = new byte[] { 7 }.ToBigInteger(); - _N = new byte[] + _g = new BigInteger(7); + _N = new BigInteger(new byte[] { 0x89, 0x4B, 0x64, 0x5E, 0x89, 0xE1, 0x53, 0x5B, 0xBD, 0xAD, 0x5B, 0x8B, 0x29, 0x06, 0x50, 0x53, 0x08, 0x01, 0xB1, 0x8E, 0xBF, 0xBF, 0x5E, 0x8F, 0xAB, 0x3C, 0x82, 0x87, 0x2A, 0x3E, 0x9B, 0xB7, - }.ToBigInteger(true); + }, true, true); } public static (byte[] Salt, byte[] Verifier) MakeRegistrationData(string username, string password) @@ -39,14 +55,14 @@ namespace Framework.Cryptography public static byte[] CalculateVerifier(string username, string password, byte[] salt) { // v = g ^ H(s || H(u || ':' || p)) mod N - return CalculateVerifierFromHash(_sha1.ComputeHash(Encoding.ASCII.GetBytes(username.ToUpper() + ":" + password.ToUpper())), salt); + return CalculateVerifierFromHash(_sha1.ComputeHash(Encoding.UTF8.GetBytes(username.ToUpperInvariant() + ":" + password.ToUpperInvariant())), salt); } // merge this into CalculateVerifier once the sha_pass hack finally gets nuked from orbit public static byte[] CalculateVerifierFromHash(byte[] hash, byte[] salt) { // v = BigInteger.ModPow(gBN, x, BN); - return BigInteger.ModPow(_g, _sha1.ComputeHash(salt.Combine(hash)).ToBigInteger(), _N).ToByteArray(); + return BigInteger.ModPow(_g, new BigInteger(_sha1.ComputeHash(salt.Combine(hash)), true), _N).ToByteArray(); } public static bool CheckLogin(string username, string password, byte[] salt, byte[] verifier) diff --git a/Source/Framework/Util/Extensions.cs b/Source/Framework/Util/Extensions.cs index c3c4a1367..70e145a68 100644 --- a/Source/Framework/Util/Extensions.cs +++ b/Source/Framework/Util/Extensions.cs @@ -128,30 +128,6 @@ namespace System return combined; } - public static BigInteger ToBigInteger(this T value, bool isBigEndian = false) - { - BigInteger ret; - - switch (typeof(T).Name) - { - case "Byte[]": - var data = value as byte[]; - - if (isBigEndian) - Array.Reverse(data); - - ret = new BigInteger(data.Combine(new byte[] { 0 })); - break; - case "BigInteger": - ret = (BigInteger)Convert.ChangeType(value, typeof(BigInteger)); - break; - default: - throw new NotSupportedException($"'{typeof(T).Name}' conversion to 'BigInteger' not supported."); - } - - return ret; - } - public static void Swap(ref T left, ref T right) { T temp = left; diff --git a/Source/Game/Accounts/AccountManager.cs b/Source/Game/Accounts/AccountManager.cs index 2daecfa3e..f05794c0e 100644 --- a/Source/Game/Accounts/AccountManager.cs +++ b/Source/Game/Accounts/AccountManager.cs @@ -37,13 +37,13 @@ namespace Game public AccountOpResult CreateAccount(string username, string password, string email = "", uint bnetAccountId = 0, byte bnetIndex = 0) { if (username.Length > MaxAccountLength) - return AccountOpResult.NameTooLong; // username's too long + return AccountOpResult.NameTooLong; if (password.Length > MaxAccountLength) - return AccountOpResult.PassTooLong; // password's too long + return AccountOpResult.PassTooLong; if (GetId(username) != 0) - return AccountOpResult.NameAlreadyExist; // username does already exist + return AccountOpResult.NameAlreadyExist; (byte[] salt, byte[] verifier) = SRP6.MakeRegistrationData(username, password); @@ -68,7 +68,7 @@ namespace Game stmt = DB.Login.GetPreparedStatement(LoginStatements.INS_REALM_CHARACTERS_INIT); DB.Login.Execute(stmt); - return AccountOpResult.Ok; // everything's fine + return AccountOpResult.Ok; } public AccountOpResult DeleteAccount(uint accountId)