Assume the secret is in base32 by default

cli.c

@@ -22,6 +22,7 @@
 #include <time.h>
 #include <unistd.h>
 
+#include "base32.h"
 #include "err.h"
 #include "strtonum.h"
 #include "otp.h"
@@ -42,13 +43,14 @@ int
 main(int argc, char *argv[])
 {
 	const char *errstr;
-	char *key, *line;
+	unsigned char *key;
-	size_t key_len, linesz;
+	char *in, *line;
+	size_t inlen, linesz;
 	ssize_t linelen;
 	uint64_t counter;
 	unsigned int period;
 	int32_t r;
-	int ch, digits, do_hotp, do_totp;
+	int ch, digits, do_hotp, do_totp, keylen;
 	enum otp_hmac hmac;
 
 	counter = (uint64_t)time(NULL);
@@ -106,8 +108,8 @@ main(int argc, char *argv[])
 		usage();
 
 	if (argc == 1) {
-		key = argv[0];
+		in = argv[0];
-		key_len = strlen(key);
+		inlen = strlen(in);
 	} else {
 		line = NULL;
 		linesz = 0;
@@ -118,17 +120,26 @@ main(int argc, char *argv[])
 			line[linelen - 1] = '\0';
 			linelen--;
 		}
-		key = line;
+		in = line;
-		key_len = linelen;
+		inlen = linelen;
 	}
 
+	keylen = b32_decoded_len(in, inlen);
+	if (keylen == -1)
+		errx(1, "invalid base32 string: %s", in);
+	key = malloc(keylen);
+	if (key == NULL)
+		err(1, "malloc");
+	if (!b32_decode(key, keylen, in, inlen))
+		errx(1, "error decoding base32 string");
+
 	if (do_hotp) {
-		r = hotp(hmac, key, key_len, counter, digits);
+		r = hotp(hmac, key, keylen, counter, digits);
 		if (r == -1)
 			errx(1, "couldn't calculate HOTP");
 		printf("%0*" PRId32 "\n", digits, r);
 	} else {
-		r = totp(hmac, key, key_len, counter, period, digits);
+		r = totp(hmac, key, keylen, counter, period, digits);
 		if (r == -1)
 			errx(1, "couldn't calculate TOTP");
 		printf("%0*" PRId32 "\n", digits, r);

run-tests.sh

@@ -47,11 +47,11 @@ case_stdin_eq()
 	fi
 }
 
-b="1234567890"
+b="GEZDGNBVGY3TQOJQ"
 HOTP_SECRET=$b$b
 TOTP_SECRET=$b$b
-TOTP_SHA256_SECRET=$b$b$b"12"
+TOTP_SHA256_SECRET=$b$b$b"GEZA"
-TOTP_SHA512_SECRET=$b$b$b$b$b$b"1234"
+TOTP_SHA512_SECRET=$b$b$b$b$b$b"GEZDGNA"
 
 case_eq 755224 ./otpcli -H 0 "$HOTP_SECRET"
 case_eq 287082 ./otpcli -H 1 "$HOTP_SECRET"