From e284ff5f38ac773ca0e041091e0356499d2ea403 Mon Sep 17 00:00:00 2001
From: juanjp600 <juanjp@live.com>
Date: Mon, 29 Aug 2016 07:13:19 -0300
Subject: [PATCH] Heavier password encryption

I don't think this fixes actual bugs but the encryption seemed kinda weak.
---
 Subsurface/Source/Networking/GameClient.cs         | 10 +++++++---
 Subsurface/Source/Networking/GameServer.cs         | 13 +++++++------
 Subsurface/Source/Networking/GameServerLogin.cs    |  9 ++++++---
 Subsurface/Source/Networking/GameServerSettings.cs |  6 +++---
 4 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/Subsurface/Source/Networking/GameClient.cs b/Subsurface/Source/Networking/GameClient.cs
index 8b8743fca..bd43d9ff1 100644
--- a/Subsurface/Source/Networking/GameClient.cs
+++ b/Subsurface/Source/Networking/GameClient.cs
@@ -6,6 +6,7 @@ using Barotrauma.Networking.ReliableMessages;
 using FarseerPhysics;
 using System.IO;
 using System.Linq;
+using System.Text;
 using Barotrauma.Items.Components;
 using System.ComponentModel;
 
@@ -172,7 +173,7 @@ namespace Barotrauma.Networking
                 reconnectBox.Buttons[0].OnClicked += reconnectBox.Close;
             }
 
-            CoroutineManager.StartCoroutine(WaitForStartingInfo(password));
+            CoroutineManager.StartCoroutine(WaitForStartingInfo(Encoding.UTF8.GetString(NetUtility.ComputeSHAHash(Encoding.UTF8.GetBytes(password)))));
             
             // Start the timer
             //update.Start();
@@ -336,9 +337,12 @@ namespace Barotrauma.Networking
 
                                 var outmsg = client.CreateMessage();
 
-                                NetEncryption algo = new NetXtea(client, password);
+                                string saltedPw = password;
+                                saltedPw = saltedPw + Convert.ToString(nonce);
+                                saltedPw = Encoding.UTF8.GetString(NetUtility.ComputeSHAHash(Encoding.UTF8.GetBytes(saltedPw)));
+                                NetEncryption algo = new NetXtea(client, saltedPw);
                                 outmsg.Write((byte)PacketTypes.Login);
-                                outmsg.Write(nonce);
+                                outmsg.Write(saltedPw);
                                 outmsg.Write(myID);
                                 outmsg.Write(GameMain.Version.ToString());
                                 outmsg.Write(GameMain.SelectedPackage.Name);
diff --git a/Subsurface/Source/Networking/GameServer.cs b/Subsurface/Source/Networking/GameServer.cs
index 791a64af8..3c8e819b5 100644
--- a/Subsurface/Source/Networking/GameServer.cs
+++ b/Subsurface/Source/Networking/GameServer.cs
@@ -3,6 +3,7 @@ using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Linq;
+using System.Text;
 using Lidgren.Network;
 using Microsoft.Xna.Framework;
 using RestSharp;
@@ -55,7 +56,7 @@ namespace Barotrauma.Networking
             name = name.Replace(";", "");
 
             this.name = name;
-            this.password = password;
+            this.password = Encoding.UTF8.GetString(NetUtility.ComputeSHAHash(Encoding.UTF8.GetBytes(password)));
             
             config = new NetPeerConfiguration("barotrauma");
 
@@ -1510,13 +1511,13 @@ namespace Barotrauma.Networking
                 sender.ChatMessages.RemoveAt(0);
             }
 
-            if (sender.inGame || (Screen.Selected == GameMain.NetLobbyScreen))
-            {
+            if (sender.inGame || (Screen.Selected == GameMain.NetLobbyScreen))
+            {
                 AddChatMessage(message);
             }
-            else
-            {
-                GameServer.Log(message.Text, message.Color);
+            else
+            {
+                GameServer.Log(message.Text, message.Color);
             }
             sender.ChatSpamSpeed += 5.0f;
 
diff --git a/Subsurface/Source/Networking/GameServerLogin.cs b/Subsurface/Source/Networking/GameServerLogin.cs
index c57d774e9..1b1b4004d 100644
--- a/Subsurface/Source/Networking/GameServerLogin.cs
+++ b/Subsurface/Source/Networking/GameServerLogin.cs
@@ -62,11 +62,14 @@ namespace Barotrauma.Networking
             {
                 unauthenticatedClients.Remove(unauthenticatedClient);
 
-                NetEncryption algo = new NetXtea(server, password);
+                string saltedPw = password;
+                saltedPw = saltedPw + Convert.ToString(unauthenticatedClient.Nonce);
+                saltedPw = Encoding.UTF8.GetString(NetUtility.ComputeSHAHash(Encoding.UTF8.GetBytes(saltedPw)));
+                NetEncryption algo = new NetXtea(server, saltedPw);
                 inc.Decrypt(algo);
 
-                int nonce = inc.ReadInt32();
-                if (nonce != unauthenticatedClient.Nonce)
+                string rdPw = inc.ReadString();
+                if (rdPw != saltedPw)
                 {
                     inc.SenderConnection.Disconnect("Wrong password!");
                     return;
diff --git a/Subsurface/Source/Networking/GameServerSettings.cs b/Subsurface/Source/Networking/GameServerSettings.cs
index 9bc6ab807..fe38ef629 100644
--- a/Subsurface/Source/Networking/GameServerSettings.cs
+++ b/Subsurface/Source/Networking/GameServerSettings.cs
@@ -647,8 +647,8 @@ namespace Barotrauma.Networking
             return false;
         }
 
-        public void ManagePlayersFrame(GUIFrame infoFrame)
-        {
+        public void ManagePlayersFrame(GUIFrame infoFrame)
+        {
             GUIListBox cList = new GUIListBox(new Rectangle(0, 0, 280, 300), Color.White * 0.7f, GUI.Style, infoFrame);
             cList.Padding = new Vector4(10.0f, 10.0f, 10.0f, 10.0f);
             //crewList.OnSelected = SelectCrewCharacter;
@@ -677,7 +677,7 @@ namespace Barotrauma.Networking
                 kickButton.OnClicked += GameMain.NetLobbyScreen.KickPlayer;
 
                 textBlock.Padding = new Vector4(5.0f, 0.0f, 5.0f, 0.0f);
-            }
+            }
         }
     }
 }