private void MakeFail(string strData, string testValue, int saltLength)
{
string strHash, strSalt;
SaltedHash sh = new SaltedHash(new SHA256Managed(), saltLength);
sh.GetHashAndSalt(strData, out strHash, out strSalt);
Assert.IsFalse(sh.VerifyHash(testValue, strHash, strSalt), "Should not verify");
}
private void HashAndVerify(int saltLength, int dataLength)
{
byte[] binData = new byte[dataLength];
byte[] binHash, binSalt;
string strData = string.Empty;
string strHash, strSalt;
for (int index = 0; index < dataLength; index++)
{
binData[index] = (byte)index;
strData += index.ToString().Last();
}
SaltedHash sh = new SaltedHash(new SHA256Managed(), saltLength);
sh.GetHashAndSalt(binData, out binHash, out binSalt);
Assert.IsTrue(sh.VerifyHash(binData, binHash, binSalt), "Verfiy failed");
sh.GetHashAndSalt(strData, out strHash, out strSalt);
Assert.IsTrue(sh.VerifyHash(strData, strHash, strSalt), "Verfiy failed");
}
/// <summary>
/// Checks if supplied password hash is correct for the specified account
/// </summary>
/// <param name="AccountName">The name of the account</param>
/// <param name="PasswordHash">The hashed password to check.</param>
/// <returns>True if the password was correct, false otherwise.</returns>
public static bool IsCorrectPassword(string AccountName, byte[] PasswordHash)
{
using (TSODataContext Context = new TSODataContext(DBConnectionManager.DBConnection))
{
SaltedHash SHash = new SaltedHash(new SHA512Managed(), AccountName.Length);
//WTF?! Acc isn't defined anywhere...
Account CorrectAccount = GetAccount(AccountName);
if (CorrectAccount != null)
{
if (SHash.VerifyHash(Encoding.ASCII.GetBytes(CorrectAccount.Password.ToUpper()), PasswordHash,
Encoding.ASCII.GetBytes(AccountName)))
{
return(true);
}
}
}
return(false);
}
/// <summary>
/// Callback-function for CheckAccount().
/// </summary>
private static void EndCheckAccount(IAsyncResult AR)
{
DatabaseAsyncObject AsyncObject = AR.AsyncState as DatabaseAsyncObject;
bool FoundAccountName = false;
using (MySqlDataReader Reader = AsyncObject.MySQLCmd.EndExecuteReader(AR))
{
while (Reader.Read())
{
if (((string)Reader[0]).ToUpper() == AsyncObject.AccountName.ToUpper())
{
FoundAccountName = true;
AsyncObject.Password = (string)Reader[1];
}
}
}
if (FoundAccountName == true)
{
//0x01 = InitLoginNotify
PacketStream P = new PacketStream(0x01, 2);
SaltedHash SHash = new SaltedHash(new SHA512Managed(), AsyncObject.AccountName.Length);
if (SHash.VerifyHash(Encoding.ASCII.GetBytes(AsyncObject.Password.ToUpper()), AsyncObject.Hash,
Encoding.ASCII.GetBytes(AsyncObject.AccountName)))
{
AsyncObject.Client.Username = AsyncObject.AccountName.ToUpper();
AsyncObject.Client.Password = AsyncObject.Password.ToUpper();
P.WriteByte(0x01);
P.WriteByte(0x01);
}
else //The client's password was wrong.
{
PacketStream RejectPacket = new PacketStream(0x02, 2);
RejectPacket.WriteByte(0x02);
RejectPacket.WriteByte(0x02);
AsyncObject.Client.Send(RejectPacket.ToArray());
Logger.LogInfo("Bad password - sent SLoginFailResponse!\r\n");
return;
}
AsyncObject.Client.Send(P.ToArray());
Logger.LogInfo("Sent InitLoginNotify!\r\n");
}
else
{
PacketStream P = new PacketStream(0x02, 2);
P.WriteByte(0x02);
P.WriteByte(0x01);
AsyncObject.Client.Send(P.ToArray());
Logger.LogInfo("Bad accountname - sent SLoginFailResponse!\r\n");
//AsyncObject.Client.Disconnect();
}
//If this setting is true, it means an account will be created
//if it doesn't exist.
if (GlobalSettings.Default.CreateAccountsOnLogin == true)
{
if (FoundAccountName == false)
{
//No idea if this call is gonna succeed, given it's called from a callback function...
CreateAccount(AsyncObject.AccountName, AsyncObject.Password);
}
}
}
