return CMD_ERROR;
}
- if(strcasecmp(cargv[1], csc_generateresetcode(rup->lockuntil, rup->username))) {
+ if(hmac_strcmp(cargv[1], csc_generateresetcode(rup->lockuntil, rup->username))) {
chanservstdmessage(sender, QM_BADRESETCODE);
return CMD_ERROR;
}
hmac_printhex(digest, hexbuf, sizeof(digest));
- if(!strcasecmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
+ if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
return 1;
return 0;
hmacsha256_update(&hmac, (unsigned char *)challenge, strlen(challenge));
hmacsha256_final(&hmac, digest);
- if(!strcasecmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
+ if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
return 1;
return 0;
hmacmd5_update(&hmac, (unsigned char *)challenge, strlen(challenge));
hmacmd5_final(&hmac, digest);
- if(!strcasecmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
+ if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
return 1;
return 0;
MD5Update(&ctx, (unsigned char *)challenge, strlen(challenge));
MD5Final(digest, &ctx);
- if(!strcasecmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
+ if(!hmac_strcmp(hmac_printhex(digest, hexbuf, sizeof(digest)), response))
return 1;
return 0;
MD5Update(&ctx, (unsigned char *)buf, strlen(buf));
MD5Final(digest, &ctx);
- if(strcasecmp(hash, hmac_printhex(digest, hexbuf, sizeof(digest))))
+ if(hmac_strcmp(hash, hmac_printhex(digest, hexbuf, sizeof(digest))))
return 0;
return 1;
hmac_printhex(digestbuf, hexbuf, sizeof(digestbuf));
- if(!strcasecmp(hexbuf, digest))
+ if(!hmac_strcmp(hexbuf, digest))
return 0;
return 1;
*o = '\0';
return out;
}
+
+int hmac_strcmp(char *a, char *b) {
+ int result = 1;
+
+ if(!a || !b)
+ return 1;
+
+ if(strlen(a) != strlen(b))
+ return 1;
+
+ while(*a)
+ result&=(tolower(*a++) == tolower(*b++));
+
+ return !result;
+}
+
void hmacmd5_init(hmacmd5 *c, unsigned char *key, int keylen);
char *hmac_printhex(unsigned char *data, char *out, size_t len);
+
+int hmac_strcmp(char *a, char *b);
/* hahahaha */
snprintf(buffer, sizeof(buffer), "%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7], digest[8], digest[9], digest[10], digest[11], digest[12], digest[13], digest[14], digest[15], digest[16], digest[17], digest[18], digest[19], digest[20], digest[21], digest[22], digest[23], digest[24], digest[25], digest[26], digest[27], digest[28], digest[29], digest[30], digest[31]);
- if(strcasecmp(buffer, uhmac)) {
+ if(hmac_strcmp(buffer, uhmac)) {
controlwall(NO_OPER, NL_MISC, "%s!%s@%s attempted to TICKETAUTH as %s (bad HMAC)", np->nick, np->ident, np->host->name->content, acc);
controlreply(np, "Bad HMAC.");
return CMD_ERROR;
}
SHA1Final(digest, &s);
- if(strcasecmp(hmac_printhex(digest, digestbuf, SHA1_DIGESTSIZE), buf)) {
+ if(hmac_strcmp(hmac_printhex(digest, digestbuf, SHA1_DIGESTSIZE), buf)) {
abandonreplication("digest mismatch");
return CMD_ERROR;
}