ITS#8230 add GnuTLS/nettle support

contrib/slapd-modules/passwd/totp/slapd-totp.c

@@ -33,9 +33,41 @@
 /* include socket.h to get sys/types.h and/or winsock2.h */
 #include <ac/socket.h>
 
+#if HAVE_OPENSSL
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 
+#define TOTP_SHA512_DIGEST_LENGTH	SHA512_DIGEST_LENGTH
+#define TOTP_SHA1	EVP_sha1()
+#define TOTP_SHA256	EVP_sha256()
+#define TOTP_SHA512	EVP_sha512()
+#define TOTP_HMAC_CTX	HMAC_CTX
+
+#define HMAC_setup(ctx, key, len, hash)	HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, hash, 0)
+#define HMAC_crunch(ctx, buf, len)	HMAC_Update(&ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen)	HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
+
+#elif HAVE_GNUTLS
+#include <nettle/hmac.h>
+
+#define TOTP_SHA512_DIGEST_LENGTH	SHA512_DIGEST_SIZE
+#define TOTP_SHA1	&nettle_sha1
+#define TOTP_SHA256	&nettle_sha256
+#define TOTP_SHA512	&nettle_sha512
+#define TOTP_HMAC_CTX	struct hmac_sha512_ctx
+
+#define HMAC_setup(ctx, key, len, hash)	\
+	const struct nettle_hash *h=hash;\
+	hmac_set_key(&ctx.outer, &ctx.inner, &ctx.state, h, len, key)
+#define HMAC_crunch(ctx, buf, len)	hmac_update(&ctx.state, h, len, buf)
+#define HMAC_finish(ctx, dig, dlen) \
+	hmac_digest(&ctx.outer, &ctx.inner, &ctx.state, h, h->digest_size, dig);\
+	dlen = h->digest_size
+
+#else
+# error Unsupported crypto backend.
+#endif
+
 #include "slap.h"
 #include "config.h"
 
@@ -289,9 +321,6 @@ totp_b32_pton(
 
 /* RFC6238 TOTP */
 
-#define HMAC_setup(ctx, key, len, hash)	HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, key, len, hash, 0)
-#define HMAC_crunch(ctx, buf, len)	HMAC_Update(&ctx, buf, len)
-#define HMAC_finish(ctx, dig, dlen)	HMAC_Final(&ctx, dig, &dlen); HMAC_CTX_cleanup(&ctx)
 
 typedef struct myval {
 	ber_len_t mv_len;
@@ -304,7 +333,7 @@ static void do_hmac(
 	myval *data,
 	myval *out)
 {
-	HMAC_CTX ctx;
+	TOTP_HMAC_CTX ctx;
 	unsigned int digestLen;
 
 	HMAC_setup(ctx, key->mv_val, key->mv_len, hash);
@@ -318,12 +347,12 @@ static const int DIGITS_POWER[] = {
 
 static void generate(
 	myval *key,
-	uint64_t long tval,
+	uint64_t tval,
 	int digits,
 	myval *out,
 	const void *mech)
 {
-	unsigned char digest[SHA512_DIGEST_LENGTH];
+	unsigned char digest[TOTP_SHA512_DIGEST_LENGTH];
 	myval digval;
 	myval data;
 	unsigned char msg[8];
@@ -448,7 +477,7 @@ static int chk_totp1(
 	const struct berval *cred,
 	const char **text)
 {
-	return chk_totp(passwd, cred, EVP_sha1(), text);
+	return chk_totp(passwd, cred, TOTP_SHA1, text);
 }
 
 static int chk_totp256(
@@ -457,7 +486,7 @@ static int chk_totp256(
 	const struct berval *cred,
 	const char **text)
 {
-	return chk_totp(passwd, cred, EVP_sha256(), text);
+	return chk_totp(passwd, cred, TOTP_SHA256, text);
 }
 
 static int chk_totp512(
@@ -466,7 +495,7 @@ static int chk_totp512(
 	const struct berval *cred,
 	const char **text)
 {
-	return chk_totp(passwd, cred, EVP_sha512(), text);
+	return chk_totp(passwd, cred, TOTP_SHA512, text);
 }
 
 static int passwd_string32(
@@ -620,7 +649,6 @@ totp_bind_response( Operation *op, SlapReply *rs )
 		}
 	}
 
-done:
 	be_entry_release_r( op, e );
 
 	/* perform the update */