X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_spanningtree%2Fhmac.cpp;h=d79f13567b925860325e65401787da43066dc43c;hb=e950f568d0f571e9475aa38177486468714de4d3;hp=c08ac15226969799eced1b63f81070455de00296;hpb=b7bed41eb90a1c71bf99af1ce7cb0685e5582cf7;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_spanningtree/hmac.cpp b/src/modules/m_spanningtree/hmac.cpp
index c08ac1522..d79f13567 100644
--- a/src/modules/m_spanningtree/hmac.cpp
+++ b/src/modules/m_spanningtree/hmac.cpp
@@ -1,29 +1,30 @@
-/*       +------------------------------------+
- *       | Inspire Internet Relay Chat Daemon |
- *       +------------------------------------+
+/*
+ * InspIRCd -- Internet Relay Chat Daemon
  *
- *  InspIRCd: (C) 2002-2010 InspIRCd Development Team
- * See: http://wiki.inspircd.org/Credits
+ *   Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
+ *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
  *
- * This program is free but copyrighted software; see
- *            the file COPYING for details.
+ * This file is part of InspIRCd.  InspIRCd is free software: you can
+ * redistribute it and/or modify it under the terms of the GNU General Public
+ * License as published by the Free Software Foundation, version 2.
  *
- * ---------------------------------------------------
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+
 #include "inspircd.h"
-#include "socket.h"
-#include "xline.h"
-#include "../m_hash.h"
-#include "../ssl.h"
-#include "socketengine.h"
+#include "modules/hash.h"
+#include "modules/ssl.h"
 
 #include "main.h"
-#include "utils.h"
-#include "treeserver.h"
 #include "link.h"
 #include "treesocket.h"
-#include "resolvers.h"
 
 const std::string& TreeSocket::GetOurChallenge()
 {
@@ -55,92 +56,19 @@ std::string TreeSocket::MakePass(const std::string &password, const std::string
 	 */
 	HashProvider* sha256 = ServerInstance->Modules->FindDataService<HashProvider>("hash/sha256");
 	if (Utils->ChallengeResponse && sha256 && !challenge.empty())
-	{
-		/* This is how HMAC is supposed to be done:
-		 *
-		 * sha256( (pass xor 0x5c) + sha256((pass xor 0x36) + m) )
-		 *
-		 * 5c and 36 were chosen as part of the HMAC standard, because they
-		 * flip the bits in a way likely to strengthen the function.
-		 */
-		std::string hmac1, hmac2;
-
-		for (size_t n = 0; n < password.length(); n++)
-		{
-			hmac1.push_back(static_cast<char>(password[n] ^ 0x5C));
-			hmac2.push_back(static_cast<char>(password[n] ^ 0x36));
-		}
-
-		if (proto_version >= 1202)
-		{
-			hmac2.append(challenge);
-			std::string hmac = sha256->hexsum(hmac1 + sha256->sum(hmac2));
+		return "AUTH:" + BinToBase64(sha256->hmac(password, challenge));
 
-			return "AUTH:" + hmac;
-		}
-		else
-		{
-			// version 1.2 used a weaker HMAC, using hex output in the intermediate step
-			hmac2.append(challenge);
-			hmac2 = sha256->hexsum(hmac2);
-		
-			std::string hmac = hmac1 + hmac2;
-			hmac = sha256->hexsum(hmac);
-
-			return "HMAC-SHA256:"+ hmac;
-		}
-	}
-	else if (!challenge.empty() && !sha256)
-		ServerInstance->Logs->Log("m_spanningtree",DEFAULT,"Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!");
+	if (!challenge.empty() && !sha256)
+		ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Not authenticating to server using SHA256/HMAC because we don't have m_sha256 loaded!");
 
 	return password;
 }
 
-std::string TreeSocket::RandString(unsigned int ilength)
-{
-	char* randombuf = new char[ilength+1];
-	std::string out;
-#ifndef WINDOWS
-	int f = open("/dev/urandom", O_RDONLY, 0);
-
-	if (f >= 0)
-	{
-		if (read(f, randombuf, ilength) < (int)ilength)
-			ServerInstance->Logs->Log("m_spanningtree", DEFAULT, "Entropy source has gone predictable (did not return enough data)");
-		close(f);
-	}
-	else
-#endif
-	{
-		for (unsigned int i = 0; i < ilength; i++)
-			randombuf[i] = rand();
-	}
-
-	for (unsigned int i = 0; i < ilength; i++)
-	{
-		char randchar = static_cast<char>(0x3F + (randombuf[i] & 0x3F));
-		out += randchar;
-	}
-
-	delete[] randombuf;
-	return out;
-}
-
 bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 {
 	capab->auth_fingerprint = !link.Fingerprint.empty();
 	capab->auth_challenge = !capab->ourchallenge.empty() && !capab->theirchallenge.empty();
 
-	std::string fp;
-	if (GetIOHook())
-	{
-		SocketCertificateRequest req(this, Utils->Creator);
-		if (req.cert)
-		{
-			fp = req.cert->GetFingerprint();
-		}
-	}
-
 	if (capab->auth_challenge)
 	{
 		std::string our_hmac = MakePass(link.RecvPass, capab->ourchallenge);
@@ -156,6 +84,7 @@ bool TreeSocket::ComparePass(const Link& link, const std::string &theirs)
 			return false;
 	}
 
+	std::string fp = SSLClientCert::GetFingerprint(this);
 	if (capab->auth_fingerprint)
 	{
 		/* Require fingerprint to exist and match */