From c4414548f18bb47c0a263d20eb438b8adef54bc5 Mon Sep 17 00:00:00 2001
From: SignpostMarv <github@signpostmarv.name>
Date: Sun, 10 Jun 2012 00:38:36 +0100
Subject: [PATCH] adding support for seamless transition from md5 hashing to
 sha-512 hashing, although mssql & sqlite resource changes
 are absent.

---
 OpenSim/Data/MySQL/Resources/AuthStore.migrations  |    9 ++++++++
 OpenSim/Framework/Util.cs                          |   21 ++++++++++++++++++++
 .../AuthenticationServiceBase.cs                   |    8 +++---
 .../PasswordAuthenticationService.cs               |   15 +++++++++++++-
 4 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/OpenSim/Data/MySQL/Resources/AuthStore.migrations b/OpenSim/Data/MySQL/Resources/AuthStore.migrations
index 023c786..30fa733 100644
--- a/OpenSim/Data/MySQL/Resources/AuthStore.migrations
+++ b/OpenSim/Data/MySQL/Resources/AuthStore.migrations
@@ -37,3 +37,12 @@ BEGIN;
 ALTER TABLE `auth` ADD COLUMN `accountType` VARCHAR(32) NOT NULL DEFAULT 'UserAccount';
 
 COMMIT;
+
+:VERSION 4         # -------------------------------
+
+BEGIN;
+
+ALTER TABLE `auth` CHANGE `passwordHash` `passwordHash` CHAR(128) NOT NULL default '';
+ALTER TABLE `auth` CHANGE `passwordSalt` `passwordSalt` CHAR(128) NOT NULL default '';
+
+COMMIT;
diff --git a/OpenSim/Framework/Util.cs b/OpenSim/Framework/Util.cs
index e03bb74..7da0397 100644
--- a/OpenSim/Framework/Util.cs
+++ b/OpenSim/Framework/Util.cs
@@ -475,6 +475,8 @@ namespace OpenSim.Framework
             return epoch.AddSeconds(seconds);
         }
 
+        #region hashing
+
         /// <summary>
         /// Return an md5 hash of the given string
         /// </summary>
@@ -522,6 +524,25 @@ namespace OpenSim.Framework
             return SHA1.ComputeHash(src);
         }
 
+        public static string SHA512Hash(string data)
+        {
+            return SHA512Hash(Encoding.Default.GetBytes(data));
+        }
+
+        public static string SHA512Hash(byte[] data)
+        {
+            byte[] hash = ComputeSHA512Hash(data);
+            return BitConverter.ToString(hash).Replace("-", string.Empty);
+        }
+
+        private static byte[] ComputeSHA512Hash(byte[] src)
+        {
+            SHA512CryptoServiceProvider SHA512 = new SHA512CryptoServiceProvider();
+            return SHA512.ComputeHash(src);
+        }
+
+        #endregion
+
         public static int fast_distance2d(int x, int y)
         {
             x = Math.Abs(x);
diff --git a/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs b/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs
index 229f557..f2f5f84 100644
--- a/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs
+++ b/OpenSim/Services/AuthenticationService/AuthenticationServiceBase.cs
@@ -104,9 +104,9 @@ namespace OpenSim.Services.AuthenticationService
 
         public virtual bool SetPassword(UUID principalID, string password)
         {
-            string passwordSalt = Util.Md5Hash(UUID.Random().ToString());
-            string md5PasswdHash = Util.Md5Hash(Util.Md5Hash(password) + ":" + passwordSalt);
-
+            string passwordSalt = Util.SHA512Hash(UUID.Random().ToString());
+            string sha512PasswdHash = Util.SHA512Hash(Util.Md5Hash(password) + ":" + passwordSalt);
+            m_log.Info("pass: " + Util.Md5Hash(password));
             AuthenticationData auth = m_Database.Get(principalID);
             if (auth == null)
             {
@@ -116,7 +116,7 @@ namespace OpenSim.Services.AuthenticationService
                 auth.Data["accountType"] = "UserAccount";
                 auth.Data["webLoginKey"] = UUID.Zero.ToString();
             }
-            auth.Data["passwordHash"] = md5PasswdHash;
+            auth.Data["passwordHash"] = sha512PasswdHash;
             auth.Data["passwordSalt"] = passwordSalt;
             if (!m_Database.Store(auth))
             {
diff --git a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs
index 5f1bde1..1c57e55 100644
--- a/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs
+++ b/OpenSim/Services/AuthenticationService/PasswordAuthenticationService.cs
@@ -78,12 +78,25 @@ namespace OpenSim.Services.AuthenticationService
             }
             else
             {
-                string hashed = Util.Md5Hash(password + ":" + data.Data["passwordSalt"].ToString());
+                bool migrateToSHA512 = data.Data["passwordSalt"].ToString().Length == 32;
+                string hashed = migrateToSHA512 ? Util.Md5Hash(password + ":" + data.Data["passwordSalt"].ToString()) : Util.SHA512Hash(password + ":" + data.Data["passwordSalt"].ToString());
 
                 m_log.DebugFormat("[PASS AUTH]: got {0}; hashed = {1}; stored = {2}", password, hashed, data.Data["passwordHash"].ToString());
 
                 if (data.Data["passwordHash"].ToString() == hashed)
                 {
+                    if (migrateToSHA512)
+                    {
+                        string passwordSalt = Util.SHA512Hash(UUID.Random().ToString());
+                        string sha512PasswdHash = Util.SHA512Hash(password + ":" + passwordSalt);
+                        data.Data["passwordHash"] = sha512PasswdHash;
+                        data.Data["passwordSalt"] = passwordSalt;
+                        if (!m_Database.Store(data))
+                        {
+                            m_log.DebugFormat("[AUTHENTICATION DB]: Failed to store authentication data");
+                            return string.Empty;
+                        }
+                    }
                     return GetToken(principalID, lifetime);
                 }
                 else
-- 
1.7.8.msysgit.0