Skip to content

Commit

Permalink
SRP6 for user auth (#38)
Browse files Browse the repository at this point in the history 
* SRP6 for user auth, implementation of TrinityCore/TrinityCore@3164b58
  • Loading branch information
@Treeston
Treeston committed Aug 3, 2020
1 parent 72e9507 commit fb2ab8f
Showing 1 changed file with 12 additions and 11 deletions.
23 changes: 12 additions & 11 deletions includes/user.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,12 +283,11 @@ public static function Auth($name, $pass)
if (!DB::isConnectable(DB_AUTH))
return AUTH_INTERNAL_ERR;

$wow = DB::Auth()->selectRow('SELECT a.id, a.sha_pass_hash, ab.active AS hasBan FROM account a LEFT JOIN account_banned ab ON ab.id = a.id AND active <> 0 WHERE username = ? LIMIT 1', $name);
$wow = DB::Auth()->selectRow('SELECT a.id, a.salt, a.verifier, ab.active AS hasBan FROM account a LEFT JOIN account_banned ab ON ab.id = a.id AND active <> 0 WHERE username = ? LIMIT 1', $name);
if (!$wow)
return AUTH_WRONGUSER;

self::$passHash = $wow['sha_pass_hash'];
if (!self::verifySHA1($name, $pass))
if (!self::verifySRP6($name, $pass, $wow['salt'], $wow['verifier']))
return AUTH_WRONGPASS;

if ($wow['hasBan'])
Expand Down Expand Up @@ -387,15 +386,17 @@ public static function verifyCrypt($pass, $hash = '')
return $_ === crypt($pass, $_);
}

// sha1 used by TC / MaNGOS
private static function hashSHA1($name, $pass)
private static function verifySRP6($user, $pass, $salt, $verifier)
{
return sha1(strtoupper($name).':'.strtoupper($pass));
}

private static function verifySHA1($name, $pass)
{
return strtoupper(self::$passHash) === strtoupper(self::hashSHA1($name, $pass));
$g = gmp_init(7);
$N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
$x = gmp_import(
sha1($salt . sha1(strtoupper($user . ':' . $pass), TRUE), TRUE),
1,
GMP_LSW_FIRST
);
$v = gmp_powm($g, $x, $N);
return ($verifier === str_pad(gmp_export($v, 1, GMP_LSW_FIRST), 32, chr(0), STR_PAD_RIGHT));
}

public static function isValidName($name, &$errCode = 0)
Expand Down

0 comments on commit fb2ab8f

Please sign in to comment.