diff --git a/loginserver/encryption.cpp b/loginserver/encryption.cpp index 6450f7493..ed98eae5e 100644 --- a/loginserver/encryption.cpp +++ b/loginserver/encryption.cpp @@ -1,4 +1,5 @@ #include "encryption.h" + #ifdef EQEMU_USE_OPENSSL #include #include @@ -10,48 +11,54 @@ #include #include #endif + #include #include + #ifdef ENABLE_SECURITY + #include + #endif -std::string GetEncryptionByModeId(uint32 mode) { +std::string GetEncryptionByModeId(uint32 mode) +{ switch (mode) { - case EncryptionModeMD5: - return "MD5"; - case EncryptionModeMD5PassUser: - return "MD5PassUser"; - case EncryptionModeMD5UserPass: - return "MD5UserPass"; - case EncryptionModeMD5Triple: - return "MD5Triple"; - case EncryptionModeSHA: - return "SHA"; - case EncryptionModeSHAPassUser: - return "SHAPassUser"; - case EncryptionModeSHAUserPass: - return "SHAUserPass"; - case EncryptionModeSHATriple: - return "SHATriple"; - case EncryptionModeSHA512: - return "SHA512"; - case EncryptionModeSHA512PassUser: - return "SHA512PassUser"; - case EncryptionModeSHA512UserPass: - return "SHA512UserPass"; - case EncryptionModeSHA512Triple: - return "SHA512Triple"; - case EncryptionModeArgon2: - return "Argon2"; - case EncryptionModeSCrypt: - return "SCrypt"; - default: - return ""; + case EncryptionModeMD5: + return "MD5"; + case EncryptionModeMD5PassUser: + return "MD5PassUser"; + case EncryptionModeMD5UserPass: + return "MD5UserPass"; + case EncryptionModeMD5Triple: + return "MD5Triple"; + case EncryptionModeSHA: + return "SHA"; + case EncryptionModeSHAPassUser: + return "SHAPassUser"; + case EncryptionModeSHAUserPass: + return "SHAUserPass"; + case EncryptionModeSHATriple: + return "SHATriple"; + case EncryptionModeSHA512: + return "SHA512"; + case EncryptionModeSHA512PassUser: + return "SHA512PassUser"; + case EncryptionModeSHA512UserPass: + return "SHA512UserPass"; + case EncryptionModeSHA512Triple: + return "SHA512Triple"; + case EncryptionModeArgon2: + return "Argon2"; + case EncryptionModeSCrypt: + return "SCrypt"; + default: + return ""; } } -const char* eqcrypt_block(const char *buffer_in, size_t buffer_in_sz, char* buffer_out, bool enc) { +const char *eqcrypt_block(const char *buffer_in, size_t buffer_in_sz, char *buffer_out, bool enc) +{ #ifdef EQEMU_USE_MBEDTLS if (enc) { if (buffer_in_sz % 8 != 0) { @@ -118,10 +125,11 @@ const char* eqcrypt_block(const char *buffer_in, size_t buffer_in_sz, char* buff return buffer_out; } -std::string eqcrypt_md5(const std::string &msg) { +std::string eqcrypt_md5(const std::string &msg) +{ std::string ret; ret.reserve(32); - + #ifdef EQEMU_USE_MBEDTLS unsigned char digest[16]; char temp[4]; @@ -151,7 +159,8 @@ std::string eqcrypt_md5(const std::string &msg) { return ret; } -std::string eqcrypt_sha1(const std::string &msg) { +std::string eqcrypt_sha1(const std::string &msg) +{ std::string ret; ret.reserve(40); @@ -184,7 +193,8 @@ std::string eqcrypt_sha1(const std::string &msg) { return ret; } -std::string eqcrypt_sha512(const std::string &msg) { +std::string eqcrypt_sha512(const std::string &msg) +{ std::string ret; ret.reserve(128); @@ -219,87 +229,120 @@ std::string eqcrypt_sha512(const std::string &msg) { #ifdef ENABLE_SECURITY +/** + * @param msg + * @return + */ std::string eqcrypt_argon2(const std::string &msg) { + char buffer[crypto_pwhash_STRBYTES] = {0}; std::string ret; - ret.resize(crypto_pwhash_STRBYTES); - if (crypto_pwhash_str(&ret[0], &msg[0], msg.length(), crypto_pwhash_OPSLIMIT_SENSITIVE, crypto_pwhash_MEMLIMIT_SENSITIVE) != 0) { + if (crypto_pwhash_str( + &buffer[0], + &msg[0], + msg.length(), + crypto_pwhash_OPSLIMIT_INTERACTIVE, + crypto_pwhash_MEMLIMIT_INTERACTIVE + ) != 0) { return ""; } + ret = buffer; return ret; } +/** + * @param msg + * @return + */ std::string eqcrypt_scrypt(const std::string &msg) { + char buffer[crypto_pwhash_scryptsalsa208sha256_STRBYTES] = {0}; std::string ret; - ret.resize(crypto_pwhash_scryptsalsa208sha256_STRBYTES); - if (crypto_pwhash_scryptsalsa208sha256_str(&ret[0], &msg[0], msg.length(), - crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE, crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) != 0) { + if (crypto_pwhash_scryptsalsa208sha256_str( + &buffer[0], + &msg[0], + msg.length(), + crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE, + crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE + ) != 0) { return ""; } + ret = buffer; return ret; } #endif -std::string eqcrypt_hash(const std::string &username, const std::string &password, int mode) { - switch (mode) - { - case 1: - return eqcrypt_md5(password); - case 2: - return eqcrypt_md5(password + ":" + username); - case 3: - return eqcrypt_md5(username + ":" + password); - case 4: - return eqcrypt_md5(eqcrypt_md5(username) + eqcrypt_md5(password)); - case 5: - return eqcrypt_sha1(password); - case 6: - return eqcrypt_sha1(password + ":" + username); - case 7: - return eqcrypt_sha1(username + ":" + password); - case 8: - return eqcrypt_sha1(eqcrypt_sha1(username) + eqcrypt_sha1(password)); - case 9: - return eqcrypt_sha512(password); - case 10: - return eqcrypt_sha512(password + ":" + username); - case 11: - return eqcrypt_sha512(username + ":" + password); - case 12: - return eqcrypt_sha512(eqcrypt_sha512(username) + eqcrypt_sha512(password)); +/** + * @param username + * @param password + * @param mode + * @return + */ +std::string eqcrypt_hash(const std::string &username, const std::string &password, int mode) +{ + switch (mode) { + case EncryptionModeMD5: + return eqcrypt_md5(password); + case EncryptionModeMD5PassUser: + return eqcrypt_md5(password + ":" + username); + case EncryptionModeMD5UserPass: + return eqcrypt_md5(username + ":" + password); + case EncryptionModeMD5Triple: + return eqcrypt_md5(eqcrypt_md5(username) + eqcrypt_md5(password)); + case EncryptionModeSHA: + return eqcrypt_sha1(password); + case EncryptionModeSHAPassUser: + return eqcrypt_sha1(password + ":" + username); + case EncryptionModeSHAUserPass: + return eqcrypt_sha1(username + ":" + password); + case EncryptionModeSHATriple: + return eqcrypt_sha1(eqcrypt_sha1(username) + eqcrypt_sha1(password)); + case EncryptionModeSHA512: + return eqcrypt_sha512(password); + case EncryptionModeSHA512PassUser: + return eqcrypt_sha512(password + ":" + username); + case EncryptionModeSHA512UserPass: + return eqcrypt_sha512(username + ":" + password); + case EncryptionModeSHA512Triple: + return eqcrypt_sha512(eqcrypt_sha512(username) + eqcrypt_sha512(password)); #ifdef ENABLE_SECURITY - case 13: - return eqcrypt_argon2(password); - case 14: - return eqcrypt_scrypt(password); + case EncryptionModeArgon2: + return eqcrypt_argon2(password); + case EncryptionModeSCrypt: + return eqcrypt_scrypt(password); #endif - //todo bcrypt? pbkdf2? - default: - return ""; - break; + //todo bcrypt? pbkdf2? + default: + return ""; + break; } } -bool eqcrypt_verify_hash(const std::string &username, const std::string &password, const std::string &pwhash, int mode) { - switch (mode) - { +/** + * @param username + * @param password + * @param pwhash + * @param mode + * @return + */ +bool eqcrypt_verify_hash(const std::string &username, const std::string &password, const std::string &pwhash, int mode) +{ + switch (mode) { #ifdef ENABLE_SECURITY - case 13: - return crypto_pwhash_str_verify(&pwhash[0], &password[0], password.length()) == 0; - case 14: - return crypto_pwhash_scryptsalsa208sha256_str_verify(&pwhash[0], &password[0], password.length()) == 0; + case 13: + return crypto_pwhash_str_verify(&pwhash[0], &password[0], password.length()) == 0; + case 14: + return crypto_pwhash_scryptsalsa208sha256_str_verify(&pwhash[0], &password[0], password.length()) == 0; #endif - default: - { - auto hash = eqcrypt_hash(username, password, mode); - return hash.compare(pwhash) == 0; - } + default: { + auto hash = eqcrypt_hash(username, password, mode); + return hash.compare(pwhash) == 0; + } } return false; diff --git a/loginserver/login_util/login.json b/loginserver/login_util/login.json index a436acf70..6fbd8f742 100644 --- a/loginserver/login_util/login.json +++ b/loginserver/login_util/login.json @@ -1,39 +1,37 @@ { "database": { - "host": "127.0.0.1", // database host - "port": "3306", // database port - "db": "peq", // database name - "user": "root", // database user - "password": "eqemu" // database password + "host": "127.0.0.1", + "port": "3306", + "db": "peq", + "user": "root", + "password": "eqemu" }, "account": { - // ideal for local LAN setups, if you want a login attempt to automatically create an account - // this will automatically create the account using the username and password if it doesn't exist "auto_create_accounts": true }, "worldservers": { - "unregistered_allowed": true, // allows worldservers to connect to your loginserver without server admin authentication - "reject_duplicate_servers": false // if enabled, rejects duplicate worldservers + "unregistered_allowed": true, + "reject_duplicate_servers": false }, "web_api": { - "enabled": true, // enable/disable embedded webserver api - "port": 6000 // the port you want the web api to serve on (recommended not to change) + "enabled": true, + "port": 6000 }, "security": { - "mode": 14, // encryption mode (dont touch) (14=scrypt) - "allow_password_login": true, // allows users to login via password, most cases, leave this on - "allow_token_login": true // allows token based login directly from launching game + "mode": 14, + "allow_password_login": true, + "allow_token_login": true }, "logging": { - "trace": false, // For debugging general packet messaging - "world_trace": false, // For debugging world to loginserver messaging - "dump_packets_in": false, // for debugging inbound packets - "dump_packets_out": false // for debugging outbound packets + "trace": false, + "world_trace": false, + "dump_packets_in": false, + "dump_packets_out": false }, "client_configuration": { - "titanium_port": 5998, // don't change - "titanium_opcodes": "login_opcodes.conf", // opcodes for the titanium era clients - "sod_port": 5999, // don't change - "sod_opcodes": "login_opcodes_sod.conf" // opcodes for sod and higher era clients + "titanium_port": 5998, + "titanium_opcodes": "login_opcodes.conf", + "sod_port": 5999, + "sod_opcodes": "login_opcodes_sod.conf" } -} \ No newline at end of file +}