From 527c492cf1c86ede062c49d45ebda17c8c6dfc68 Mon Sep 17 00:00:00 2001 From: danieldg Date: Sun, 21 Feb 2010 17:08:54 +0000 Subject: Add HMAC implementation to HashProvider git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12508 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/m_spanningtree/hmac.cpp | 44 +++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 24 deletions(-) (limited to 'src/modules/m_spanningtree/hmac.cpp') diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index 52128b17b..e339598af 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -14,7 +14,7 @@ #include "inspircd.h" #include "socket.h" #include "xline.h" -#include "../m_hash.h" +#include "../hash.h" #include "../ssl.h" #include "socketengine.h" @@ -56,31 +56,23 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string HashProvider* sha256 = ServerInstance->Modules->FindDataService("hash/sha256"); if (Utils->ChallengeResponse && sha256 && !challenge.empty()) { - /* This is how HMAC is supposed to be done: - * - * sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) ) - * - * 5c and 36 were chosen as part of the HMAC standard, because they - * flip the bits in a way likely to strengthen the function. - */ - std::string hmac1, hmac2; - - for (size_t n = 0; n < password.length(); n++) + if (proto_version < 1202) { - hmac1.push_back(static_cast(password[n] ^ 0x5C)); - hmac2.push_back(static_cast(password[n] ^ 0x36)); - } + /* This is how HMAC is done in InspIRCd 1.2: + * + * sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) ) + * + * 5c and 36 were chosen as part of the HMAC standard, because they + * flip the bits in a way likely to strengthen the function. + */ + std::string hmac1, hmac2; + + for (size_t n = 0; n < password.length(); n++) + { + hmac1.push_back(static_cast(password[n] ^ 0x5C)); + hmac2.push_back(static_cast(password[n] ^ 0x36)); + } - if (proto_version >= 1202) - { - hmac2.append(challenge); - std::string hmac = sha256->hexsum(hmac1 + sha256->sum(hmac2)); - - return "AUTH:" + hmac; - } - else - { - // version 1.2 used a weaker HMAC, using hex output in the intermediate step hmac2.append(challenge); hmac2 = sha256->hexsum(hmac2); @@ -89,6 +81,10 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string return "HMAC-SHA256:"+ hmac; } + else + { + return "AUTH:" + BinToBase64(sha256->hmac(password, challenge)); + } } else if (!challenge.empty() && !sha256) ServerInstance->Logs->Log("m_spanningtree",DEFAULT,"Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!"); -- cgit v1.3.1-10-gc9f91