From 639da48fdc17949ddba35d68a2ef30768013567d Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Fri, 25 Sep 2015 19:28:18 +0100 Subject: [PATCH] ITS#8230 add GnuTLS/nettle support --- .../slapd-modules/passwd/totp/slapd-totp.c | 48 +++++++++++++++---- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/contrib/slapd-modules/passwd/totp/slapd-totp.c b/contrib/slapd-modules/passwd/totp/slapd-totp.c index 91f7f0703c..4a0d40a0c0 100644 --- a/contrib/slapd-modules/passwd/totp/slapd-totp.c +++ b/contrib/slapd-modules/passwd/totp/slapd-totp.c @@ -33,9 +33,41 @@ /* include socket.h to get sys/types.h and/or winsock2.h */ #include +#if HAVE_OPENSSL #include #include +#define TOTP_SHA512_DIGEST_LENGTH SHA512_DIGEST_LENGTH +#define TOTP_SHA1 EVP_sha1() +#define TOTP_SHA256 EVP_sha256() +#define TOTP_SHA512 EVP_sha512() +#define TOTP_HMAC_CTX HMAC_CTX + +#define HMAC_setup(ctx, key, len, hash) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, hash, 0) +#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len) +#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx) + +#elif HAVE_GNUTLS +#include + +#define TOTP_SHA512_DIGEST_LENGTH SHA512_DIGEST_SIZE +#define TOTP_SHA1 &nettle_sha1 +#define TOTP_SHA256 &nettle_sha256 +#define TOTP_SHA512 &nettle_sha512 +#define TOTP_HMAC_CTX struct hmac_sha512_ctx + +#define HMAC_setup(ctx, key, len, hash) \ + const struct nettle_hash *h=hash;\ + hmac_set_key(&ctx.outer, &ctx.inner, &ctx.state, h, len, key) +#define HMAC_crunch(ctx, buf, len) hmac_update(&ctx.state, h, len, buf) +#define HMAC_finish(ctx, dig, dlen) \ + hmac_digest(&ctx.outer, &ctx.inner, &ctx.state, h, h->digest_size, dig);\ + dlen = h->digest_size + +#else +# error Unsupported crypto backend. +#endif + #include "slap.h" #include "config.h" @@ -289,9 +321,6 @@ totp_b32_pton( /* RFC6238 TOTP */ -#define HMAC_setup(ctx, key, len, hash) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, hash, 0) -#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len) -#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx) typedef struct myval { ber_len_t mv_len; @@ -304,7 +333,7 @@ static void do_hmac( myval *data, myval *out) { - HMAC_CTX ctx; + TOTP_HMAC_CTX ctx; unsigned int digestLen; HMAC_setup(ctx, key->mv_val, key->mv_len, hash); @@ -318,12 +347,12 @@ static const int DIGITS_POWER[] = { static void generate( myval *key, - uint64_t long tval, + uint64_t tval, int digits, myval *out, const void *mech) { - unsigned char digest[SHA512_DIGEST_LENGTH]; + unsigned char digest[TOTP_SHA512_DIGEST_LENGTH]; myval digval; myval data; unsigned char msg[8]; @@ -448,7 +477,7 @@ static int chk_totp1( const struct berval *cred, const char **text) { - return chk_totp(passwd, cred, EVP_sha1(), text); + return chk_totp(passwd, cred, TOTP_SHA1, text); } static int chk_totp256( @@ -457,7 +486,7 @@ static int chk_totp256( const struct berval *cred, const char **text) { - return chk_totp(passwd, cred, EVP_sha256(), text); + return chk_totp(passwd, cred, TOTP_SHA256, text); } static int chk_totp512( @@ -466,7 +495,7 @@ static int chk_totp512( const struct berval *cred, const char **text) { - return chk_totp(passwd, cred, EVP_sha512(), text); + return chk_totp(passwd, cred, TOTP_SHA512, text); } static int passwd_string32( @@ -620,7 +649,6 @@ totp_bind_response( Operation *op, SlapReply *rs ) } } -done: be_entry_release_r( op, e ); /* perform the update */ -- 2.39.2