Crate wow_srp

source ·
Expand description

An implementation of the World of Warcraft flavor of SRP6 used for authentication with the Login Server. This should work on all versions from 1.2 to 3.3.5.

The implementation is intended to abstract away as much of the protocol as possible, and limits itself to the specific requirements of the World of Warcraft implementation. For example, all key sizes are limited to exactly 32 bytes since the network packet fields describing public keys are of a fixed size in the protocol and key sizes of any other sizes are not possible.

This crate does not deal with parsing the network packets necessary to obtain the required parameters. The WoWDev wiki (archive) contains a reference list of packets and the examples implement the required functionality.

THIS SHOULD NOT BE USED FOR ANYTHING OTHER THAN WORLD OF WARCRAFT EMULATION. THE CODE IS NOT CRYPTOGRAPHICALLY VERIFIED, HAS VERY LOW KEY SIZES BECAUSE OF PACKET REQUIREMENTS AND MOST LIKELY CONTAINS EXPLOITS.

Usage

The crate is split into:

  • A server module containing structs for use on the server. Either srp-fast-math or srp-default-math must be enabled to for this to be enabled.
  • A client module containing structs for use on the client. Either srp-fast-math or srp-default-math must be enabled to for this to be enabled.
  • A vanilla_header module containing structs for decrypting Vanilla world packets.
  • A tbc_header module containing structs for decrypting TBC world packets.
  • A wrath_header module containing structs for decrypting Wrath world packets. wrath-header must be enabled for this to be enabled.
  • An error module for errors that are shared by all modules.
  • A normalized_string module used for all modules to correctly handle strings.

Examples

The wow_messages repo has examples that uses the wow_login_messages and wow_vanilla_messages library message definitions to showcase both crates.

Usage

Add the following to your Cargo.toml:

[dependencies]
wow_srp = { version = "0.5" }

Then go to either the client module or server module for specific instructions.

Features

Two different arbitrary precision integer libraries can be used, either:

  • num-bigint. A slow pure Rust implementation without external dependencies. It is enabled through the srp-default-math feature. This is enabled by default, and requires no opt in.

  • rug. A fast wrapper around the GMP library with external dependencies, as described in the gmp_mpfr_sys documentation. This is enabled with the srp-fast-math feature and disabling default features. So instead of the above do this:

[dependencies]
wow_srp = { version = "0.5", default-features = false, features = ["srp-fast-math", "tbc-header", "wrath-header"] }

The srp-fast-math feature leads to a 50% decrease in total time. It is highly recommended to enable this feature for production usage since it also theoretically has better security.

To see the performance difference on your setup you can run cargo bench for the default version, and cargo bench --features srp-fast-math --no-default-features for the srp-fast-math version.

The wrath-header feature gates features and dependencies related to wrath_header. The tbc-header feature gates features and dependencies related to tbc_header.

MSRV

wow_srp has a Minimum Supported Rust Version (MSRV) of 1.57.0. The MSRV may be increased in PATCH versions before wow_srp reaches 1.0.0 (MAJOR.MINOR.PATCH).

Other implementations

  • Ember is a C++ implementation for 1.12 with a clean, tested implementation of the protocol.
  • ArcEmu is a C++ implementation for 3.3.5.
  • vMangos is a C++ implementation.
  • WoWCore is a Pascal implementation that has 1.12, 2.4.3 and 3.3.5 versions.
  • Shadowburn is an Elixir implementation.

Modules

clientsrp-default-math or srp-fast-math
Contains all functionality related to the client part.
error
The various errors that can happen during the SRP6 process.
normalized_string
Functionality for keeping strings in a format the client expects.
serversrp-default-math or srp-fast-math
Contains all functionality related to the server part, including the generation of values for the database.
tbc_headertbc-header
Functionality for encrypting/decrypting World Packet headers.
vanilla_header
Functionality for encrypting/decrypting World Packet headers.
wrath_headerwrath-header
Functionality for encrypting/decrypting World Packet headers.

Structs

PublicKey
Represents a public key for both the client and server.

Constants

GENERATOR
Called g in RFC2945. Statically set to 7. Used for generating the public keys for both server and client, and the session key. The length in bytes is always 1 since there are no generators greater than 255.
GENERATOR_LENGTH
The length in bytes for GENERATOR. Will always be 1 since there are no generators greater than 255. Constant is provided here since the CMD_AUTH_LOGON_CHALLENGE packet requires it.
LARGE_SAFE_PRIME_BIG_ENDIAN
Static large safe prime (N) value. The big endian version of LARGE_SAFE_PRIME_LITTLE_ENDIAN. This version should not be sent over the network and should generally not be used.
LARGE_SAFE_PRIME_LENGTH
The size in bytes of the large safe prime.
LARGE_SAFE_PRIME_LITTLE_ENDIAN
Static large safe prime (N) value. The little endian version of LARGE_SAFE_PRIME_BIG_ENDIAN. This is the version that should be sent over the network in the CMD_AUTH_LOGON_CHALLENGE_Server packet.
PASSWORD_VERIFIER_LENGTH
Password verifier size in bytes.
PROOF_LENGTH
Length of a proof in bytes.
PUBLIC_KEY_LENGTH
Length in bytes for both client and server public key.
RECONNECT_CHALLENGE_DATA_LENGTH
The size of the reconnect challenge data in bytes.
SALT_LENGTH
The salt is always 32 bytes since the client expects a 32 byte salt field in the CMD_AUTH_LOGON_CHALLENGE_Server packet and will use leading zeros in the calculation.
SESSION_KEY_LENGTH
Size of the session key in bytes.