Crate wow_srp[−][src]

Expand description

An implementation of the World of Warcraft flavor of SRP6 used for authentication on the 1.12 client.

The implementation is intended to abstract away as much of the protocol as possible, and limits itself to the specific requirements of the World of Warcraft implementation. For example, all key sizes are limited to exactly 32 bytes since the network packet fields describing public keys are of a fixed size in the protocol and key sizes of any other sizes are not possible.

This crate does not deal with parsing the network packets necessary to obtain the required parameters. The WoWDev wiki (archive) contains a reference list of packets and the examples implement the required functionality.

THIS SHOULD NOT BE USED FOR ANYTHING OTHER THAN WORLD OF WARCRAFT EMULATION. THE CODE IS NOT CRYPTOGRAPHICALLY VERIFIED, HAS VERY LOW KEY SIZES BECAUSE OF PACKET REQUIREMENTS AND MOST LIKELY CONTAINS EXPLOITS.

Usage

The crate is split into a server module, a client module, an error module, and a normalized_string module. A server example can be found in examples/server.rs and a client example can be found in examples/client.rs. These example will perform the full SRP6 protocol and reconnect. The server will work with a 1.12 client, using the username and password a and a. The client will work not with anything else since it ignores everything that is not absolutely necessary for SRP6. The normalized string module is used for both the client and server and prevents the use of non-ASCII username/password strings. Further information can be found on the normalized_string page.

Running the examples

Clone the repo with git clone https://github.com/gtker/wow_srp.
Run the server with cargo run --example server inside the directory. This runs a simple authentication server that accepts the username “a” and the password “a”. Anything else panics.
Run a real client with the realmlist set to localhost or run the client example with cargo run --example client.

Other implementations

Ember is a C++ implementation with a clean, tested implementation of the protocol.
ArcEmu is a C++ implementation.
vMangos is a C++ implementation.

Modules

client	Contains all functionality related to the client part.
error	The various errors that can happen during the SRP6 process.
normalized_string	Functionality for keeping strings in a format the client expects.
server	Contains all functionality related to the server part, including the generation of values for the database.

Structs

PublicKey

Represents a public key for both the client and server.

Constants

GENERATOR	Called `g` in RFC2945. Statically set to 7. Used for generating the public keys for both server and client, and the session key.
GENERATOR_LENGTH	The length in bytes for GENERATOR. Will always be 1, constant is provided here for clarity.
LARGE_SAFE_PRIME_BIG_ENDIAN	Static large safe prime (`N`) value. The big endian version of LARGE_SAFE_PRIME_LITTLE_ENDIAN. This version should not be sent over the network and should generally not be used.
LARGE_SAFE_PRIME_LENGTH	The size in bytes of the large safe prime.
LARGE_SAFE_PRIME_LITTLE_ENDIAN	Static large safe prime (`N`) value. The little endian version of LARGE_SAFE_PRIME_BIG_ENDIAN. This is the version that should be sent over the network.
PASSWORD_VERIFIER_LENGTH	Password verifier size in bytes.
PROOF_LENGTH	Length of a proof in bytes.
PUBLIC_KEY_LENGTH	Length in bytes for both client and server public key.
RECONNECT_CHALLENGE_DATA_LENGTH	The size of the reconnect challenge data in bytes.
SALT_LENGTH	The salt is always 32 bytes since the client expects a 32 byte salt field and will use leading zeros in the calculation.
SESSION_KEY_LENGTH	Size of the session key in bytes.