libotp: Replace NSS with OpenSSL HMAC

Use OpenSSL's HMAC API instead of NSS.

Fixes: Fixes: https://pagure.io/freeipa/issue/6857
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

configure.ac

@@ -54,10 +54,8 @@ AM_CONDITIONAL([WITH_IPATESTS], [test x"$with_ipatests" = xyes])
 AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
 
 dnl ---------------------------------------------------------------------------
-dnl - Check for NSPR/NSS
+dnl - Check for POPT
 dnl ---------------------------------------------------------------------------
-PKG_CHECK_MODULES([NSPR], [nspr])
-PKG_CHECK_MODULES([NSS], [nss])
 
 PKG_CHECK_MODULES([POPT], [popt])
 

daemons/ipa-kdb/Makefile.am

@@ -17,7 +17,6 @@ AM_CPPFLAGS =						\
 	$(KRB5_CFLAGS)					\
 	$(WARN_CFLAGS)					\
 	$(NDRPAC_CFLAGS)				\
-	$(NSS_CFLAGS)					\
 	$(SSSCERTMAP_CFLAGS)				\
 	$(NULL)
 
@@ -60,7 +59,6 @@ ipadb_la_LIBADD = 		\
 	$(LDAP_LIBS)		\
 	$(NDRPAC_LIBS)		\
 	$(UNISTRING_LIBS)	\
-	$(NSS_LIBS)             \
 	$(SSSCERTMAP_LIBS)	\
 	$(top_builddir)/util/libutil.la	\
 	$(NULL)
@@ -100,7 +98,6 @@ ipa_kdb_tests_LDADD =          \
        $(LDAP_LIBS)            \
        $(NDRPAC_LIBS)          \
        $(UNISTRING_LIBS)       \
-       $(NSS_LIBS)             \
        $(SSSCERTMAP_LIBS)      \
        $(top_builddir)/util/libutil.la	\
        -lkdb5                  \

daemons/ipa-otpd/Makefile.am

@@ -1,4 +1,4 @@
-AM_CFLAGS := @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ @KRB5_CFLAGS@
+AM_CFLAGS := @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ @KRB5_CFLAGS@ @NSPR_CFLAGS@
 AM_LDFLAGS := @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ @KRB5_LIBS@
 
 noinst_HEADERS = internal.h

daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am

@@ -17,7 +17,6 @@ AM_CPPFLAGS =							\
 	$(LDAP_CFLAGS)						\
 	$(KRB5_CFLAGS)						\
 	$(NSPR_CFLAGS)						\
-	$(NSS_CFLAGS)						\
 	$(WARN_CFLAGS)						\
 	$(NULL)
 
@@ -25,8 +24,6 @@ AM_LDFLAGS = \
 	$(CRYPTO_LIBS)	\
 	$(KRB5_LIBS)	\
 	$(LDAP_LIBS)	\
-	$(NSPR_LIBS)	\
-	$(NSS_LIBS)	\
 	-avoid-version	\
 	-export-symbols-regex ^ipapwd_init$
 

daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h

@@ -51,7 +51,6 @@
 #include <unistd.h>
 
 #include <prio.h>
-#include <ssl.h>
 #include <krb5.h>
 #include <kdb.h>
 #include <lber.h>

daemons/ipa-slapi-plugins/libotp/Makefile.am

@@ -4,15 +4,15 @@ PLUGIN_COMMON_DIR = $(srcdir)/../common
 AM_CPPFLAGS =							\
 	-I$(PLUGIN_COMMON_DIR)					\
 	$(DIRSRV_CFLAGS)					\
+	$(CRYPTO_CFLAGS)					\
 	$(NSPR_CFLAGS)						\
-	$(NSS_CFLAGS)						\
 	$(NULL)
 
 noinst_LTLIBRARIES = libhotp.la libotp.la
 libhotp_la_SOURCES = hotp.c hotp.h
 libotp_la_SOURCES = otp_config.c otp_config.h otp_token.c otp_token.h
-libotp_la_LIBADD = libhotp.la
+libotp_la_LIBADD = libhotp.la $(CRYPTO_LIBS)
 
 check_PROGRAMS = t_hotp
 TESTS = $(check_PROGRAMS)
-t_hotp_LDADD = libhotp.la $(NSPR_LIBS) $(NSS_LIBS)
+t_hotp_LDADD = libhotp.la $(CRYPTO_LIBS)

daemons/ipa-slapi-plugins/libotp/hotp.c

@@ -43,139 +43,48 @@
  */
 
 #include "hotp.h"
-#include <time.h>
+#include <endian.h>
-
+#include <string.h>
-#include <nss.h>
-#include <blapit.h>
-#include <pk11pub.h>
-#include <hasht.h>
-#include <prerror.h>
-#include <prnetdb.h>
 #include <syslog.h>
+#include <time.h>
+#include <openssl/hmac.h>
 
 struct digest_buffer {
-    uint8_t buf[SHA512_LENGTH];
+    unsigned char buf[EVP_MAX_MD_SIZE];
     unsigned int len;
 };
 
 static const struct {
     const char *algo;
-    CK_MECHANISM_TYPE mech;
+    const char *sn_mech;
 } algo2mech[] = {
-    { "sha1",   CKM_SHA_1_HMAC },
+    { "sha1",   SN_sha1 },
-    { "sha256", CKM_SHA256_HMAC },
+    { "sha256", SN_sha256 },
-    { "sha384", CKM_SHA384_HMAC },
+    { "sha384", SN_sha384 },
-    { "sha512", CKM_SHA512_HMAC },
+    { "sha512", SN_sha512 },
     { }
 };
 
-static PK11SymKey *
+static bool hmac(const struct hotp_token_key *key, const char *sn_mech,
-import_key(PK11SlotInfo *slot, CK_MECHANISM_TYPE mech, SECItem *key)
+                 uint64_t counter, struct digest_buffer *out)
 {
-    uint8_t ct[(key->len / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE];
+    unsigned char in[sizeof(uint64_t)];
-    uint8_t iv[AES_BLOCK_SIZE] = {};
+    const EVP_MD *evp;
-    SECItem ivitem = { .data = iv, .len = sizeof(iv), .type = siBuffer };
+    unsigned char *result;
-    SECItem ctitem = { .data = ct, .len = sizeof(ct), .type = siBuffer };
-    PK11SymKey *ekey = NULL;
-    PK11SymKey *skey = NULL;
 
-    /* Try to import the key directly. */
+    memcpy(in, &counter, sizeof(uint64_t));
-    skey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap,
-                             CKA_SIGN, key, NULL);
-    if (skey)
-        return skey;
 
-    /* If we get here, we are probably in FIPS mode. Let's encrypt the key so
+    evp = EVP_get_digestbyname(sn_mech);
-     * that we can unseal it instead of loading it directly. */
+    if (evp == NULL) {
-
+        return false;
-    /* Generate an ephemeral key. */
-    ekey = PK11_TokenKeyGenWithFlags(slot, CKM_AES_CBC_PAD, NULL,
-                                     AES_128_KEY_LENGTH, NULL,
-                                     CKF_ENCRYPT | CKF_UNWRAP,
-                                     PK11_ATTR_SESSION |
-                                     PK11_ATTR_PRIVATE |
-                                     PK11_ATTR_SENSITIVE, NULL);
-    if (!ekey) {
-        syslog(LOG_ERR, "libotp: in FIPS, PK11_TokenKeyGenWithFlags failed: %d",
-               PR_GetError());
-        goto egress;
     }
 
-    /* Encrypt the input key. */
+    if (!HMAC(evp, (void *)key->bytes, key->len, in, sizeof(in),
-    if (PK11_Encrypt(ekey, CKM_AES_CBC_PAD, &ivitem, ctitem.data, &ctitem.len,
+              out->buf, &out->len)) {
-                     ctitem.len, key->data, key->len) != SECSuccess) {
+        return false;
-        syslog(LOG_ERR, "libotp: in FIPS, PK11_Encrypt failed: %d",
-               PR_GetError());
-        goto egress;
     }
 
-    /* Unwrap the input key. */
+    return true;
-    skey = PK11_UnwrapSymKey(ekey, CKM_AES_CBC_PAD, &ivitem,
-                             &ctitem, mech, CKA_SIGN, key->len);
-    if (!skey) {
-        syslog(LOG_ERR, "libotp: in FIPS, PK11_UnwrapSymKey failed: %d",
-               PR_GetError());
-    }
-
-egress:
-    PK11_FreeSymKey(ekey);
-    return skey;
-}
-
-/*
- * This code is mostly cargo-cult taken from here:
- *   http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn5.html
- *
- * It should implement HMAC with the given mechanism (SHA: 1, 256, 384, 512).
- */
-static bool hmac(SECItem *key, CK_MECHANISM_TYPE mech, const SECItem *in,
-                 struct digest_buffer *out)
-{
-    SECItem param = { siBuffer, NULL, 0 };
-    PK11SlotInfo *slot = NULL;
-    PK11SymKey *symkey = NULL;
-    PK11Context *ctx = NULL;
-    bool ret = false;
-    SECStatus s;
-
-    slot = PK11_GetBestSlot(mech, NULL);
-    if (slot == NULL) {
-        slot = PK11_GetInternalKeySlot();
-        if (slot == NULL) {
-            goto done;
-        }
-    }
-
-    symkey = import_key(slot, mech, key);
-    if (symkey == NULL)
-        goto done;
-
-    ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN, symkey, &param);
-    if (ctx == NULL)
-        goto done;
-
-    s = PK11_DigestBegin(ctx);
-    if (s != SECSuccess)
-        goto done;
-
-    s = PK11_DigestOp(ctx, in->data, in->len);
-    if (s != SECSuccess)
-        goto done;
-
-    s = PK11_DigestFinal(ctx, out->buf, &out->len, sizeof(out->buf));
-    if (s != SECSuccess)
-        goto done;
-
-    ret = true;
-
-done:
-    if (ctx != NULL)
-        PK11_DestroyContext(ctx, PR_TRUE);
-    if (symkey != NULL)
-        PK11_FreeSymKey(symkey);
-    if (slot != NULL)
-        PK11_FreeSlot(slot);
-    return ret;
 }
 
 /*
@@ -183,32 +92,34 @@ done:
  */
 bool hotp(const struct hotp_token *token, uint64_t counter, uint32_t *out)
 {
-    const SECItem cntr = { siBuffer, (uint8_t *) &counter, sizeof(counter) };
+    const char *mech = SN_sha1;
-    SECItem keyitm = { siBuffer, token->key.bytes, token->key.len };
-    CK_MECHANISM_TYPE mech = CKM_SHA_1_HMAC;
-    PRUint64 offset, binary, div;
     struct digest_buffer digest;
+    unsigned char counter_buf[sizeof(uint64_t)];
+    const EVP_MD *evp;
     int digits = token->digits;
     int i;
+    uint64_t div, offset, binary;
 
     /* Convert counter to network byte order. */
-    counter = PR_htonll(counter);
+    counter = htobe64(counter);
+
+    /* Copy counter to buffer */
+    memcpy(counter_buf, &counter, sizeof(uint64_t));
 
     /* Find the mech. */
     for (i = 0; algo2mech[i].algo; i++) {
         if (strcasecmp(algo2mech[i].algo, token->algo) == 0) {
-            mech = algo2mech[i].mech;
+            mech = algo2mech[i].sn_mech;
             break;
         }
     }
-
     /* Create the digits divisor. */
     for (div = 1; digits > 0; digits--) {
         div *= 10;
     }
 
     /* Do the digest. */
-    if (!hmac(&keyitm, mech, &cntr, &digest)) {
+    if (!hmac(&(token->key), mech, counter, &digest)) {
         return false;
     }
 

daemons/ipa-slapi-plugins/libotp/t_hotp.c

@@ -43,7 +43,6 @@
 #include <stddef.h>
 #include <time.h>
 #include <string.h>
-#include <nss.h>
 
 #define KEY(s) { (uint8_t *) s, sizeof(s) - 1 }
 
@@ -104,8 +103,6 @@ main(int argc, const char *argv[])
     uint32_t otp;
     int i;
 
-    NSS_NoDB_Init(".");
-
     for (i = 0; i < sizeof(hotp_answers) / sizeof(*hotp_answers); i++) {
         assert(hotp(&hotp_token, i, &otp));
         assert(otp == hotp_answers[i]);
@@ -116,6 +113,5 @@ main(int argc, const char *argv[])
         assert(otp == totp_tests[i].answer);
     }
 
-    NSS_Shutdown();
     return 0;
 }

freeipa.spec.in

@@ -178,7 +178,6 @@ BuildRequires:  systemd
 # systemd-tmpfiles which is executed from make install requires apache user
 BuildRequires:  httpd
 BuildRequires:  nspr-devel
-BuildRequires:  nss-devel >= %{nss_version}
 BuildRequires:  openssl-devel
 BuildRequires:  libini_config-devel
 BuildRequires:  cyrus-sasl-devel
@@ -323,7 +322,6 @@ Requires: python3-ipaserver = %{version}-%{release}
 Requires: python3-ldap >= %{python_ldap_version}
 Requires: 389-ds-base >= %{ds_version}
 Requires: openldap-clients > 2.4.35-4
-Requires: nss >= %{nss_version}
 Requires: nss-tools >= %{nss_version}
 Requires(post): krb5-server >= %{krb5_version}
 Requires(post): krb5-server >= %{krb5_base_version}, krb5-server < %{krb5_base_version}.100

server.m4

@@ -4,6 +4,9 @@ dnl ---------------------------------------------------------------------------
 dnl - Check for DS slapi plugin
 dnl ---------------------------------------------------------------------------
 
+# 389-ds headers depend on NSPR
+PKG_CHECK_MODULES([NSPR], [nspr])
+
 # Need to hack CPPFLAGS to be able to correctly detect slapi-plugin.h
 SAVE_CPPFLAGS=$CPPFLAGS
 CPPFLAGS=$NSPR_CFLAGS