X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_password_hash.cpp;h=09cdbb402c180dd15e95cf15aabb75458f14af1d;hb=2595b35cc2191d33a625d041f31c41ab23156185;hp=926ba56323d2c05fbfe6d25638160c4fee92663e;hpb=c1cc5cf147babcd834ba0dbbdd4b1c1d4ae010b6;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp
index 926ba5632..09cdbb402 100644
--- a/src/modules/m_password_hash.cpp
+++ b/src/modules/m_password_hash.cpp
@@ -36,14 +36,21 @@ class CommandMkpasswd : public Command
 	{
 		if (!algo.compare(0, 5, "hmac-", 5))
 		{
-			std::string type = algo.substr(5);
+			std::string type(algo, 5);
 			HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
 			if (!hp)
 			{
 				user->WriteNotice("Unknown hash type");
 				return;
 			}
-			std::string salt = ServerInstance->GenRandomStr(6, false);
+
+			if (hp->IsKDF())
+			{
+				user->WriteNotice(type + " does not support HMAC");
+				return;
+			}
+
+			std::string salt = ServerInstance->GenRandomStr(hp->out_size, false);
 			std::string target = hp->hmac(salt, stuff);
 			std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0);
 
@@ -54,7 +61,7 @@ class CommandMkpasswd : public Command
 		if (hp)
 		{
 			/* Now attempt to generate a hash */
-			std::string hexsum = hp->hexsum(stuff);
+			std::string hexsum = hp->Generate(stuff);
 			user->WriteNotice(algo + " hashed password for " + stuff + " is " + hexsum);
 		}
 		else
@@ -84,10 +91,17 @@ class ModuleOperHash : public Module
 	{
 		if (!hashtype.compare(0, 5, "hmac-", 5))
 		{
-			std::string type = hashtype.substr(5);
+			std::string type(hashtype, 5);
 			HashProvider* hp = ServerInstance->Modules->FindDataService<HashProvider>("hash/" + type);
 			if (!hp)
 				return MOD_RES_PASSTHRU;
+
+			if (hp->IsKDF())
+			{
+				ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Tried to use HMAC with %s, which does not support HMAC", type.c_str());
+				return MOD_RES_DENY;
+			}
+
 			// this is a valid hash, from here on we either accept or deny
 			std::string::size_type sep = data.find('$');
 			if (sep == std::string::npos)
@@ -106,8 +120,7 @@ class ModuleOperHash : public Module
 		/* Is this a valid hash name? */
 		if (hp)
 		{
-			// Use the timing-safe compare function to compare the hashes
-			if (InspIRCd::TimingSafeCompare(data, hp->hexsum(input)))
+			if (hp->Compare(input, data))
 				return MOD_RES_ALLOW;
 			else
 				/* No match, and must be hashed, forbid */