Implement 'passwordHash' and 'passwordVerify'

Author: jushar

Shared/mods/deathmatch/logic/Enums.cpp

@@ -46,6 +46,10 @@ IMPLEMENT_ENUM_BEGIN( EHashFunction::EHashFunctionType )
     ADD_ENUM ( EHashFunction::SHA512,          "sha512" )
 IMPLEMENT_ENUM_END( "hash-function" )
 
+IMPLEMENT_ENUM_CLASS_BEGIN(PasswordHashFunction)
+    ADD_ENUM(PasswordHashFunction::Bcrypt, "bcrypt")
+IMPLEMENT_ENUM_CLASS_END("password-hash-function")
+
 IMPLEMENT_ENUM_BEGIN( ePacketID )
     ADD_ENUM1( PACKET_ID_SERVER_JOIN )
     ADD_ENUM1( PACKET_ID_SERVER_JOIN_DATA )

Shared/mods/deathmatch/logic/Enums.h

@@ -64,4 +64,6 @@ enum eEulerRotationOrder
 DECLARE_ENUM( eEulerRotationOrder );
 
 DECLARE_ENUM( EHashFunction::EHashFunctionType );
+DECLARE_ENUM_CLASS(PasswordHashFunction);
+
 DECLARE_ENUM( ePacketID );

Shared/mods/deathmatch/logic/luadefs/CLuaCryptDefs.cpp

@@ -19,6 +19,8 @@ void CLuaCryptDefs::LoadFunctions ( void )
     CLuaCFunctions::AddFunction ( "teaDecode", TeaDecode );
     CLuaCFunctions::AddFunction ( "base64Encode", Base64encode );
     CLuaCFunctions::AddFunction ( "base64Decode", Base64decode );
+    CLuaCFunctions::AddFunction("passwordHash", PasswordHash);
+    CLuaCFunctions::AddFunction("passwordVerify", PasswordVerify);
 }
 
 int CLuaCryptDefs::Md5 ( lua_State* luaVM )
@@ -173,3 +175,78 @@ int CLuaCryptDefs::Base64decode ( lua_State* luaVM )
     lua_pushboolean ( luaVM, false );
     return 1;
 }
+
+int CLuaCryptDefs::PasswordHash(lua_State* luaVM)
+{
+//  string password_hash(string password, string algorithm, table options = {})
+    SString password;
+    PasswordHashFunction algorithm;
+    std::unordered_map<SString, SString> options;
+
+    CScriptArgReader argStream(luaVM);
+    argStream.ReadString(password);
+    argStream.ReadEnumString(algorithm);
+    argStream.ReadStringMap(options, true);
+
+    if (!argStream.HasErrors())
+    {
+        if (algorithm == PasswordHashFunction::Bcrypt)
+        {
+            // Set default value to 10
+            if (options["cost"].empty())
+                options["cost"] = "10";
+
+            std::stringstream ss(options["cost"]);
+            std::size_t cost;
+            ss >> cost;
+
+            if (!ss.fail())
+            {
+                SString hash = SharedUtil::BcryptHash(password, options["salt"], cost);
+                if (!hash.empty())
+                {
+                    lua_pushstring(luaVM, hash);
+                    return 1;
+                }
+                else
+                    m_pScriptDebugging->LogCustom(luaVM, "Invalid value for field 'salt'");
+            }
+            else
+                m_pScriptDebugging->LogWarning(luaVM, "Invalid value for field 'cost'");
+        }
+    }
+    else
+        m_pScriptDebugging->LogCustom(luaVM, argStream.GetFullErrorMessage());
+
+    lua_pushboolean(luaVM, false);
+    return 1;
+}
+
+int CLuaCryptDefs::PasswordVerify(lua_State* luaVM)
+{
+//  bool passwordVerify(string password, string hash)
+    SString password;
+    SString hash;
+
+    CScriptArgReader argStream(luaVM);
+    argStream.ReadString(password);
+    argStream.ReadString(hash);
+
+    if (!argStream.HasErrors())
+    {
+        if (hash.BeginsWith("$2y$"))
+        {
+            lua_pushboolean(luaVM, SharedUtil::BcryptVerify(password, hash));
+            return 1;
+        }
+        else
+        {
+            m_pScriptDebugging->LogWarning(luaVM, "Passed unknown hash");
+        }
+    }
+    else
+        m_pScriptDebugging->LogCustom(luaVM, argStream.GetFullErrorMessage());
+
+    lua_pushboolean(luaVM, false);
+    return 1;
+}

Shared/mods/deathmatch/logic/luadefs/CLuaCryptDefs.h

@@ -23,4 +23,6 @@ class CLuaCryptDefs : public CLuaDefs
     LUA_DECLARE ( TeaDecode );
     LUA_DECLARE ( Base64encode );
     LUA_DECLARE ( Base64decode );
+    LUA_DECLARE(PasswordHash);
+    LUA_DECLARE(PasswordVerify);
 };

Shared/sdk/SharedUtil.Hash.h

@@ -24,6 +24,11 @@ namespace EHashFunction
 }
 using EHashFunction::EHashFunctionType;
 
+enum class PasswordHashFunction
+{
+    Bcrypt
+};
+
 namespace SharedUtil
 {
     struct MD5
@@ -80,6 +85,9 @@ namespace SharedUtil
     unsigned int    HashString                  ( const char* szString );
     unsigned int    HashString                  ( const char* szString, unsigned int length );
 
+    SString         BcryptHash                  (const SString& password, SString salt = "", std::size_t cost = 10);
+    bool            BcryptVerify                (const SString& password, const SString& hash);
+
     SString         ConvertDataToHexString      ( const void* pData, uint uiLength );
     void            ConvertHexStringToData      ( const SString& strString, void* pOutData, uint uiLength );
     void            GenerateSha256              ( const void* pData, uint uiLength, uchar output[32] );

Shared/sdk/SharedUtil.Hash.hpp

@@ -12,6 +12,16 @@
 
 #include "sha1.hpp"
 #include "sha2.hpp"
+#include <random>
+#include <algorithm>
+
+namespace bcrypt
+{
+    extern "C"
+    {
+        #include <bcrypt/ow-crypt.h>
+    }
+}
 
 namespace SharedUtil
 {
@@ -479,6 +489,43 @@ namespace SharedUtil
         return c;
     }
 
+    constexpr const std::size_t HashBufferSize = 60 + 1;
+	SString BcryptHash(const SString& password, SString salt, std::size_t cost)
+	{
+        if (salt.empty())
+        {
+            std::random_device random;
+            std::mt19937 generator(random());
+
+            char saltBuffer[32];
+            std::generate_n(saltBuffer, sizeof(saltBuffer), generator);
+
+            char saltBase64Buffer[30];
+            bcrypt::crypt_gensalt_rn("$2y$", cost, saltBuffer, sizeof(saltBuffer), saltBase64Buffer, sizeof(saltBase64Buffer));
+            salt = SStringX(saltBase64Buffer);
+        }
+        else
+        {
+            salt = SString("$2y$%02u$%s", cost, salt.substr(0, 22).c_str());
+        }
+
+        if (salt.size() != 29)
+            return "";
+
+        char hashBuffer[HashBufferSize];
+        bcrypt::crypt_rn(password.c_str(), salt.c_str(), hashBuffer, sizeof(hashBuffer));
+
+        return SStringX(hashBuffer);
+	}
+
+	bool BcryptVerify(const SString& password, const SString& hash)
+	{
+        char checkedHashBuffer[HashBufferSize];
+        bcrypt::crypt_rn(password.c_str(), hash.c_str(), checkedHashBuffer, sizeof(checkedHashBuffer));
+
+        return strcmp(checkedHashBuffer, hash.c_str()) == 0;
+	}
+
 
     SString ConvertDataToHexString( const void* pData, uint uiLength )
     {

premake5.lua

@@ -31,6 +31,9 @@ workspace "MTASA"
 		"vendor",
 		"Shared/sdk", 
 	}
+	
+	 -- I know linking bcrypt here is ugly, but SharedUtil depends on it, thus it's required everywhere
+	links { "bcrypt" }
 
 	defines { 
 		"_CRT_SECURE_NO_WARNINGS",
@@ -134,6 +137,7 @@ workspace "MTASA"
 		include "Shared/XML"
 
 		group "Vendor"
+		include "vendor/bcrypt"
 		include "vendor/cryptopp"
 		include "vendor/ehs"
 		include "vendor/google-breakpad"

vendor/bcrypt/LINKS

@@ -0,0 +1,29 @@
+New versions of this package (crypt_blowfish):
+
+	http://www.openwall.com/crypt/
+
+A paper on the algorithm that explains its design decisions:
+
+	http://www.usenix.org/events/usenix99/provos.html
+
+Unix Seventh Edition Manual, Volume 2: the password scheme (1978):
+
+	http://plan9.bell-labs.com/7thEdMan/vol2/password
+
+The Openwall GNU/*/Linux (Owl) tcb suite implementing the alternative
+password shadowing scheme.  This includes a PAM module which
+supersedes pam_unix and uses the password hashing framework provided
+with crypt_blowfish when setting new passwords.
+
+	http://www.openwall.com/tcb/
+
+pam_passwdqc, a password strength checking and policy enforcement
+module for PAM-aware password changing programs:
+
+	http://www.openwall.com/passwdqc/
+
+John the Ripper password cracker:
+
+	http://www.openwall.com/john/
+
+$Owl: Owl/packages/glibc/crypt_blowfish/LINKS,v 1.4 2005/11/16 13:09:47 solar Exp $

vendor/bcrypt/Makefile

@@ -0,0 +1,77 @@
+#
+# Written and revised by Solar Designer <solar at openwall.com> in 2000-2011.
+# No copyright is claimed, and the software is hereby placed in the public
+# domain.  In case this attempt to disclaim copyright and place the software
+# in the public domain is deemed null and void, then the software is
+# Copyright (c) 2000-2011 Solar Designer and it is hereby released to the
+# general public under the following terms:
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+#
+# There's ABSOLUTELY NO WARRANTY, express or implied.
+#
+# See crypt_blowfish.c for more information.
+#
+
+CC = gcc
+AS = $(CC)
+LD = $(CC)
+RM = rm -f
+CFLAGS = -W -Wall -Wbad-function-cast -Wcast-align -Wcast-qual -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wundef -Wpointer-arith -O2 -fomit-frame-pointer -funroll-loops
+ASFLAGS = -c
+LDFLAGS = -s
+
+BLOWFISH_OBJS = \
+	crypt_blowfish.o x86.o
+
+CRYPT_OBJS = \
+	$(BLOWFISH_OBJS) crypt_gensalt.o wrapper.o
+
+TEST_OBJS = \
+	$(BLOWFISH_OBJS) crypt_gensalt.o crypt_test.o
+
+TEST_THREADS_OBJS = \
+	$(BLOWFISH_OBJS) crypt_gensalt.o crypt_test_threads.o
+
+EXTRA_MANS = \
+	crypt_r.3 crypt_rn.3 crypt_ra.3 \
+	crypt_gensalt.3 crypt_gensalt_rn.3 crypt_gensalt_ra.3
+
+all: $(CRYPT_OBJS) man
+
+check: crypt_test
+	./crypt_test
+
+crypt_test: $(TEST_OBJS)
+	$(LD) $(LDFLAGS) $(TEST_OBJS) -o $@
+
+crypt_test.o: wrapper.c ow-crypt.h crypt_blowfish.h crypt_gensalt.h
+	$(CC) -c $(CFLAGS) wrapper.c -DTEST -o $@
+
+check_threads: crypt_test_threads
+	./crypt_test_threads
+
+crypt_test_threads: $(TEST_THREADS_OBJS)
+	$(LD) $(LDFLAGS) $(TEST_THREADS_OBJS) -lpthread -o $@
+
+crypt_test_threads.o: wrapper.c ow-crypt.h crypt_blowfish.h crypt_gensalt.h
+	$(CC) -c $(CFLAGS) wrapper.c -DTEST -DTEST_THREADS=4 -o $@
+
+man: $(EXTRA_MANS)
+
+$(EXTRA_MANS):
+	echo '.so man3/crypt.3' > $@
+
+crypt_blowfish.o: crypt_blowfish.h
+crypt_gensalt.o: crypt_gensalt.h
+wrapper.o: crypt.h ow-crypt.h crypt_blowfish.h crypt_gensalt.h
+
+.c.o:
+	$(CC) -c $(CFLAGS) $*.c
+
+.S.o:
+	$(AS) $(ASFLAGS) $*.S
+
+clean:
+	$(RM) crypt_test crypt_test_threads *.o $(EXTRA_MANS) core

vendor/bcrypt/PERFORMANCE

@@ -0,0 +1,30 @@
+These numbers are for 32 iterations ("$2a$05"):
+
+			OpenBSD 3.0 bcrypt(*)	crypt_blowfish 0.4.4
+Pentium III, 840 MHz	99 c/s			121 c/s (+22%)
+Alpha 21164PC, 533 MHz	55.5 c/s		76.9 c/s (+38%)
+UltraSparc IIi, 400 MHz	49.9 c/s		52.5 c/s (+5%)
+Pentium, 120 MHz	8.8 c/s			20.1 c/s (+128%)
+PA-RISC 7100LC, 80 MHz	8.5 c/s			16.3 c/s (+92%)
+
+(*) built with -fomit-frame-pointer -funroll-loops, which I don't
+think happens for libcrypt.
+
+Starting with version 1.1 released in June 2011, default builds of
+crypt_blowfish invoke a quick self-test on every hash computation.
+This has roughly a 4.8% performance impact at "$2a$05", but only a 0.6%
+impact at a more typical setting of "$2a$08".
+
+The large speedup for the original Pentium is due to the assembly
+code and the weird optimizations this processor requires.
+
+The numbers for password cracking are 2 to 10% higher than those for
+crypt_blowfish as certain things may be done out of the loop and the
+code doesn't need to be reentrant.
+
+Recent versions of John the Ripper (1.6.25-dev and newer) achieve an
+additional 15% speedup on the Pentium Pro family of processors (which
+includes Pentium III) with a separate version of the assembly code and
+run-time CPU detection.
+
+$Owl: Owl/packages/glibc/crypt_blowfish/PERFORMANCE,v 1.6 2011/06/21 12:09:20 solar Exp $