mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-20 22:59:34 -05:00
ITS#8230 add GnuTLS/nettle support
This commit is contained in:
Howard Chu
parent
ccedb68ee2
commit
639da48fdc
1 changed files with 38 additions and 10 deletions
|
|
@ -33,9 +33,41 @@
|
|||
/* include socket.h to get sys/types.h and/or winsock2.h */
|
||||
#include <ac/socket.h>
|
||||
|
||||
#if HAVE_OPENSSL
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
#define TOTP_SHA512_DIGEST_LENGTH SHA512_DIGEST_LENGTH
|
||||
#define TOTP_SHA1 EVP_sha1()
|
||||
#define TOTP_SHA256 EVP_sha256()
|
||||
#define TOTP_SHA512 EVP_sha512()
|
||||
#define TOTP_HMAC_CTX HMAC_CTX
|
||||
|
||||
#define HMAC_setup(ctx, key, len, hash) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, hash, 0)
|
||||
#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len)
|
||||
#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
|
||||
|
||||
#elif HAVE_GNUTLS
|
||||
#include <nettle/hmac.h>
|
||||
|
||||
#define TOTP_SHA512_DIGEST_LENGTH SHA512_DIGEST_SIZE
|
||||
#define TOTP_SHA1 &nettle_sha1
|
||||
#define TOTP_SHA256 &nettle_sha256
|
||||
#define TOTP_SHA512 &nettle_sha512
|
||||
#define TOTP_HMAC_CTX struct hmac_sha512_ctx
|
||||
|
||||
#define HMAC_setup(ctx, key, len, hash) \
|
||||
const struct nettle_hash *h=hash;\
|
||||
hmac_set_key(&ctx.outer, &ctx.inner, &ctx.state, h, len, key)
|
||||
#define HMAC_crunch(ctx, buf, len) hmac_update(&ctx.state, h, len, buf)
|
||||
#define HMAC_finish(ctx, dig, dlen) \
|
||||
hmac_digest(&ctx.outer, &ctx.inner, &ctx.state, h, h->digest_size, dig);\
|
||||
dlen = h->digest_size
|
||||
|
||||
#else
|
||||
# error Unsupported crypto backend.
|
||||
#endif
|
||||
|
||||
#include "slap.h"
|
||||
#include "config.h"
|
||||
|
||||
|
|
@ -289,9 +321,6 @@ totp_b32_pton(
|
|||
|
||||
/* RFC6238 TOTP */
|
||||
|
||||
#define HMAC_setup(ctx, key, len, hash) HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, hash, 0)
|
||||
#define HMAC_crunch(ctx, buf, len) HMAC_Update(&ctx, buf, len)
|
||||
#define HMAC_finish(ctx, dig, dlen) HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
|
||||
|
||||
typedef struct myval {
|
||||
ber_len_t mv_len;
|
||||
|
|
@ -304,7 +333,7 @@ static void do_hmac(
|
|||
myval *data,
|
||||
myval *out)
|
||||
{
|
||||
HMAC_CTX ctx;
|
||||
TOTP_HMAC_CTX ctx;
|
||||
unsigned int digestLen;
|
||||
|
||||
HMAC_setup(ctx, key->mv_val, key->mv_len, hash);
|
||||
|
|
@ -318,12 +347,12 @@ static const int DIGITS_POWER[] = {
|
|||
|
||||
static void generate(
|
||||
myval *key,
|
||||
uint64_t long tval,
|
||||
uint64_t tval,
|
||||
int digits,
|
||||
myval *out,
|
||||
const void *mech)
|
||||
{
|
||||
unsigned char digest[SHA512_DIGEST_LENGTH];
|
||||
unsigned char digest[TOTP_SHA512_DIGEST_LENGTH];
|
||||
myval digval;
|
||||
myval data;
|
||||
unsigned char msg[8];
|
||||
|
|
@ -448,7 +477,7 @@ static int chk_totp1(
|
|||
const struct berval *cred,
|
||||
const char **text)
|
||||
{
|
||||
return chk_totp(passwd, cred, EVP_sha1(), text);
|
||||
return chk_totp(passwd, cred, TOTP_SHA1, text);
|
||||
}
|
||||
|
||||
static int chk_totp256(
|
||||
|
|
@ -457,7 +486,7 @@ static int chk_totp256(
|
|||
const struct berval *cred,
|
||||
const char **text)
|
||||
{
|
||||
return chk_totp(passwd, cred, EVP_sha256(), text);
|
||||
return chk_totp(passwd, cred, TOTP_SHA256, text);
|
||||
}
|
||||
|
||||
static int chk_totp512(
|
||||
|
|
@ -466,7 +495,7 @@ static int chk_totp512(
|
|||
const struct berval *cred,
|
||||
const char **text)
|
||||
{
|
||||
return chk_totp(passwd, cred, EVP_sha512(), text);
|
||||
return chk_totp(passwd, cred, TOTP_SHA512, text);
|
||||
}
|
||||
|
||||
static int passwd_string32(
|
||||
|
|
@ -620,7 +649,6 @@ totp_bind_response( Operation *op, SlapReply *rs )
|
|||
}
|
||||
}
|
||||
|
||||
done:
|
||||
be_entry_release_r( op, e );
|
||||
|
||||
/* perform the update */
|
||||
|
|
|
|||
Loading…
Reference in a new issue