From 73922d2a857614d27ddb9dfa517687b8018e5d39 Mon Sep 17 00:00:00 2001 From: Treeston Date: Sun, 2 Aug 2020 22:52:21 +0200 Subject: Core/Authserver: Re-organize the `accounts` table (PR #25135) - no longer use sha_pass_hash for anything else core-side (.account, SOAP, RA) - salt/verifier/session_key are now binary - old s/v/sha_pass_hash fields kept around for backwards compatibility - sha_pass_hash is still updated (for now), s/v are not - sha_pass_hash is only read if s/v have been manually changed - SRP6 b now uses the full 32 bytes of randomness (instead of randomly only using 19) (cherry picked from commit 3164b58c7d170810b69378950c0891e5f5b8678b) --- src/common/Cryptography/Authentication/SRP6.cpp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'src/common/Cryptography/Authentication/SRP6.cpp') diff --git a/src/common/Cryptography/Authentication/SRP6.cpp b/src/common/Cryptography/Authentication/SRP6.cpp index c8b80d58f9b..4d96a28960d 100644 --- a/src/common/Cryptography/Authentication/SRP6.cpp +++ b/src/common/Cryptography/Authentication/SRP6.cpp @@ -24,7 +24,12 @@ using SHA1 = Trinity::Crypto::SHA1; using SRP6 = Trinity::Crypto::SRP6; -/*static*/ std::array const SRP6::g = { 7 }; +/*static*/ std::array const SRP6::g = []() +{ + std::array g_temp; + g_temp[0] = 7; + return g_temp; +}(); /*static*/ std::array const SRP6::N = HexStrToByteArray<32>("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7", true); /*static*/ BigNumber const SRP6::_g(SRP6::g); /*static*/ BigNumber const SRP6::_N(N); @@ -54,7 +59,7 @@ using SRP6 = Trinity::Crypto::SRP6; // merge this into CalculateVerifier once the sha_pass hack finally gets nuked from orbit /*static*/ SRP6::Verifier SRP6::CalculateVerifierFromHash(SHA1::Digest const& hash, SRP6::Salt const& salt) { - return _g.ModExp(SHA1::GetDigestOf(salt, hash), _N).ToByteArray<32>(false); + return _g.ModExp(SHA1::GetDigestOf(salt, hash), _N).ToByteArray<32>(); } /*static*/ SessionKey SRP6::SHA1Interleave(SRP6::EphemeralKey const& S) @@ -88,7 +93,7 @@ using SRP6 = Trinity::Crypto::SRP6; } SRP6::SRP6(std::string const& username, Salt const& salt, Verifier const& verifier) - : _I(SHA1::GetDigestOf(username)), _b(Crypto::GetRandomBytes<19>()), _v(verifier, false), s(salt), B(_B(_b, _v)) {} + : _I(SHA1::GetDigestOf(username)), _b(Crypto::GetRandomBytes<32>()), _v(verifier), s(salt), B(_B(_b, _v)) {} Optional SRP6::VerifyChallengeResponse(EphemeralKey const& A, SHA1::Digest const& clientM) { -- cgit v1.2.3