PBKDF2Hash(const std::string& data)
{
irc::sepstream ss(data, ':');
std::string tok;
ss.GetToken(tok);
this->iterations = ConvToInt(tok);
ss.GetToken(tok);
this->hash = Base64ToBin(tok);
ss.GetToken(tok);
this->salt = Base64ToBin(tok);
this->length = this->hash.length();
}
ModResult OnPassCompare(Extensible* ex, const std::string &data, const std::string &input, const std::string &hashtype) override
{
if (!hashtype.compare(0, 5, "hmac-", 5))
{
std::string type(hashtype, 5);
HashProvider* hp = ServerInstance->Modules.FindDataService<HashProvider>("hash/" + type);
if (!hp)
return MOD_RES_PASSTHRU;
if (hp->IsKDF())
{
ServerInstance->Logs.Log(MODNAME, LOG_DEFAULT, "Tried to use HMAC with %s, which does not support HMAC", type.c_str());
return MOD_RES_DENY;
}
// this is a valid hash, from here on we either accept or deny
std::string::size_type sep = data.find('$');
if (sep == std::string::npos)
return MOD_RES_DENY;
std::string salt = Base64ToBin(data.substr(0, sep));
std::string target = Base64ToBin(data.substr(sep + 1));
if (target == hp->hmac(salt, input))
return MOD_RES_ALLOW;
else
return MOD_RES_DENY;
}
HashProvider* hp = ServerInstance->Modules.FindDataService<HashProvider>("hash/" + hashtype);
/* Is this a valid hash name? */
if (hp)
{
if (hp->Compare(input, data))
return MOD_RES_ALLOW;
else
/* No match, and must be hashed, forbid */
return MOD_RES_DENY;
}
// We don't handle this type, let other mods or the core decide
return MOD_RES_PASSTHRU;
}
void SignatureVerifier::VerifyDSASHA1SignatureValid(const std::wstring &filename, const std::string &signature_base64)
{
try
{
if (signature_base64.size() == 0)
throw BadSignatureException("Missing DSA signature!");
TinySSL::inst().VerifyDSASHA1Signature(filename, Base64ToBin(signature_base64));
}
catch (BadSignatureException&)
{
throw;
}
catch (const std::exception &e)
{
throw BadSignatureException(e.what());
}
catch (...)
{
throw BadSignatureException();
}
}
