Add HMAC implementation to HashProvider

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12508 e03df62e-2008-0410-955e-edbf42e46eb7

2 files changed, 20 insertions, 25 deletions

diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index 52128b17b..e339598af 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -14,7 +14,7 @@
 #include "inspircd.h"
 #include "socket.h"
 #include "xline.h"
-#include "../m_hash.h"
+#include "../hash.h"
 #include "../ssl.h"
 #include "socketengine.h"
 
@@ -56,31 +56,23 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string
 	HashProvider* sha256 = ServerInstance->Modules->FindDataService<HashProvider>("hash/sha256");
 	if (Utils->ChallengeResponse && sha256 && !challenge.empty())
 	{
-		/* This is how HMAC is supposed to be done:
-		 *
-		 * sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) )
-		 *
-		 * 5c and 36 were chosen as part of the HMAC standard, because they
-		 * flip the bits in a way likely to strengthen the function.
-		 */
-		std::string hmac1, hmac2;
-
-		for (size_t n = 0; n < password.length(); n++)
+		if (proto_version < 1202)
 		{
-			hmac1.push_back(static_cast<char>(password[n] ^ 0x5C));
-			hmac2.push_back(static_cast<char>(password[n] ^ 0x36));
-		}
+			/* This is how HMAC is done in InspIRCd 1.2:
+			 *
+			 * sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) )
+			 *
+			 * 5c and 36 were chosen as part of the HMAC standard, because they
+			 * flip the bits in a way likely to strengthen the function.
+			 */
+			std::string hmac1, hmac2;
+
+			for (size_t n = 0; n < password.length(); n++)
+			{
+				hmac1.push_back(static_cast<char>(password[n] ^ 0x5C));
+				hmac2.push_back(static_cast<char>(password[n] ^ 0x36));
+			}
 
-		if (proto_version >= 1202)
-		{
-			hmac2.append(challenge);
-			std::string hmac = sha256->hexsum(hmac1 + sha256->sum(hmac2));
-
-			return "AUTH:" + hmac;
-		}
-		else
-		{
-			// version 1.2 used a weaker HMAC, using hex output in the intermediate step
 			hmac2.append(challenge);
 			hmac2 = sha256->hexsum(hmac2);
 		
@@ -89,6 +81,10 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string
 
 			return "HMAC-SHA256:"+ hmac;
 		}
+		else
+		{
+			return "AUTH:" + BinToBase64(sha256->hmac(password, challenge));
+		}
 	}
 	else if (!challenge.empty() && !sha256)
 		ServerInstance->Logs->Log("m_spanningtree",DEFAULT,"Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!");
diff --git a/src/modules/m_spanningtree/treesocket1.cpp b/src/modules/m_spanningtree/treesocket1.cpp
index 596f31041..f1925afad 100644
--- a/src/modules/m_spanningtree/treesocket1.cpp
+++ b/src/modules/m_spanningtree/treesocket1.cpp
@@ -14,7 +14,6 @@
 #include "inspircd.h"
 #include "socket.h"
 #include "xline.h"
-#include "../m_hash.h"
 #include "socketengine.h"
 
 #include "main.h"