ryzom/common/src/game_share/security_check.cpp

   1 // Ryzom - MMORPG Framework <http://dev.ryzom.com/projects/ryzom/>
   2 // Copyright (C) 2010  Winch Gate Property Limited
   3 //
   4 // This source file has been modified by the following contributors:
   5 // Copyright (C) 2013  Jan BOON (Kaetemi) <jan.boon@kaetemi.be>
   6 //
   7 // This program is free software: you can redistribute it and/or modify
   8 // it under the terms of the GNU Affero General Public License as
   9 // published by the Free Software Foundation, either version 3 of the
  10 // License, or (at your option) any later version.
  11 //
  12 // This program is distributed in the hope that it will be useful,
  13 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 // GNU Affero General Public License for more details.
  16 //
  17 // You should have received a copy of the GNU Affero General Public License
  18 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19
  20 #include "stdpch.h"
  21
  22 #include "security_check.h"
  23
  24 using namespace NLMISC;
  25 using namespace NLNET;
  26
  27
  28 //
  29 CSecurityCheckForFastDisconnection::CSecurityCheckForFastDisconnection()
  30 {
  31         memset(&Block, 0, sizeof(Block)); // ensure encode() will work the same of different builds
  32 }
  33
  34 //
  35 void CSecurityCheckForFastDisconnection::receiveSecurityCode(NLMISC::IStream& msgin)
  36 {
  37         msgin.serial(Block.SessionId);
  38         SecurityCode.serial(msgin);
  39 }
  40
  41 //
  42 void CSecurityCheckForFastDisconnection::forwardSecurityCode(NLMISC::IStream& msgout, TSessionId sessionId, CSecurityCode& securityCode)
  43 {
  44         msgout.serial(sessionId);
  45         securityCode.serial(msgout);
  46 }
  47
  48 //
  49 CSecurityCode CSecurityCheckForFastDisconnection::encode(const char *passPhrase)
  50 {
  51         if (!passPhrase)
  52                 throw Exception("Null passPhrase");
  53         strncpy(Block.PassPhrase, passPhrase, 10);
  54         CHashKeyMD5 md5 = getMD5((uint8*)&Block, sizeof(Block));
  55         CSecurityCode sc; // parts from NLMISC::CHashKeyMD5 (would CRC16 be better?)
  56         sc.Data[0] = md5.Data[0];
  57         sc.Data[1] = md5.Data[15];
  58         return sc;
  59 }
  60
  61 //
  62 void CSecurityCheckForFastDisconnection::check(const char *passPhrase)
  63 {
  64         if (SecurityCode != encode(passPhrase))
  65                 throw Exception("Check not passed");
  66 }
  67
  68
  69 /*
  70         // The following code helps ensure a sub portion of the md5 produces a wide range of different data
  71         for (uint i=1; i!=10000; ++i)
  72         {
  73                 CSecurityCheckForFastDisconnection securityCheck;
  74                 securityCheck.setSessionId(i);
  75                 securityCheck.setCookie(cookie);
  76                 CHashKeyMD5 md5 = securityCheck.encode(""); // replace by pwd
  77                 uint8 Data[2];
  78                 Data[0] = md5.Data[0];
  79                 Data[1] = md5.Data[15];
  80                 InfoLog->displayNL("%u\t%u", i, Data[0] + (Data[1] << 8));
  81         }
  82         for (uint i=1; i!=100; ++i)
  83         {
  84                 CLoginCookie ck2;
  85                 ck2.set(cookie.getUserAddr(), cookie.generateKey(), cookie.getUserId());
  86                 CSecurityCheckForFastDisconnection securityCheck;
  87                 securityCheck.setSessionId(sessionId);
  88                 securityCheck.setCookie(ck2);
  89                 CHashKeyMD5 md5 = securityCheck.encode(""); // replace by pwd
  90                 uint8 Data[2];
  91                 Data[0] = md5.Data[0];
  92                 Data[1] = md5.Data[15];
  93                 InfoLog->displayNL("%u\t%u", i, Data[0] + (Data[1] << 8));
  94         }
  95 */
  96
  97
  98