diff options
| author | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-11-16 17:59:06 +0000 |
|---|---|---|
| committer | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2009-11-16 17:59:06 +0000 |
| commit | 54fb0cd5aa7d090d5c3da5ab54988c86ba8a2e8e (patch) | |
| tree | bc20ce6dca41b2d16349ae4c8212861c10e3685e /src/modules/m_spanningtree/hmac.cpp | |
| parent | 3bfd0db65ff01c026e968af4de074cc1155a4061 (diff) | |
Use ServiceProvider for inter-module dependencies
This will stop dependency chains from preventing module reloads when
it is not actually needed; however, it removes some failsafes that will
need to be reimplemented in order to avoid unmapped vtables.
This deprecates Request as an inter-module signaling mechanism, although
SQL still uses it.
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12140 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/m_spanningtree/hmac.cpp')
| -rw-r--r-- | src/modules/m_spanningtree/hmac.cpp | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp index b5a5fa228..790358d36 100644 --- a/src/modules/m_spanningtree/hmac.cpp +++ b/src/modules/m_spanningtree/hmac.cpp @@ -55,16 +55,13 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string * Note: If m_sha256.so is not loaded, we MUST fall back to plaintext with no * HMAC challenge/response. */ - Module* sha256 = ServerInstance->Modules->Find("m_sha256.so"); + HashProvider* sha256 = ServerInstance->Modules->FindDataService<HashProvider>("hash/sha256"); if (Utils->ChallengeResponse && sha256 && !challenge.empty()) { - /* XXX: This is how HMAC is supposed to be done: + /* This is how HMAC is supposed to be done: * * sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) ) * - * Note that we are encoding the hex hash, not the binary - * output of the hash which is slightly different to standard. - * * 5c and 36 were chosen as part of the HMAC standard, because they * flip the bits in a way likely to strengthen the function. */ @@ -72,17 +69,28 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string for (size_t n = 0; n < password.length(); n++) { - hmac1 += static_cast<char>(password[n] ^ 0x5C); - hmac2 += static_cast<char>(password[n] ^ 0x36); + hmac1.push_back(static_cast<char>(password[n] ^ 0x5C)); + hmac2.push_back(static_cast<char>(password[n] ^ 0x36)); } - hmac2 += challenge; - hmac2 = HashRequest(Utils->Creator, sha256, hmac2).hex(); + if (proto_version >= 1202) + { + hmac2.append(challenge); + std::string hmac = sha256->hexsum(hmac1 + sha256->sum(hmac2)); + + return "AUTH:" + hmac; + } + else + { + // version 1.2 used a weaker HMAC, using hex output in the intermediate step + hmac2.append(challenge); + hmac2 = sha256->hexsum(hmac2); - std::string hmac = hmac1 + hmac2; - hmac = HashRequest(Utils->Creator, sha256, hmac).hex(); + std::string hmac = hmac1 + hmac2; + hmac = sha256->hexsum(hmac); - return "HMAC-SHA256:"+ hmac; + return "HMAC-SHA256:"+ hmac; + } } else if (!challenge.empty() && !sha256) ServerInstance->Logs->Log("m_spanningtree",DEFAULT,"Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!"); |