Provide a single OTP function that accepts a configuration struct

This commit is contained in:
Lucas 2021-02-16 16:59:56 +00:00
parent 44de0c64b0
commit dd84a23e7e
3 changed files with 74 additions and 51 deletions

23
cli.c
View File

@ -44,6 +44,7 @@ main(int argc, char *argv[])
const char *errstr;
unsigned char *key;
char *in, *line;
struct otpcfg otpcfg;
size_t inlen, linesz;
ssize_t linelen;
uint64_t counter;
@ -132,17 +133,23 @@ main(int argc, char *argv[])
if (!b32_decode(key, keylen, in, inlen))
errx(1, "error decoding base32 string");
otpcfg.algorithm = hmac;
otpcfg.digits = digits;
otpcfg.secret = key;
otpcfg.secretlen = keylen;
if (do_hotp) {
r = hotp(hmac, key, keylen, counter, digits);
if (r == -1)
errx(1, "couldn't calculate HOTP");
printf("%0*" PRId32 "\n", digits, r);
otpcfg.type = OTP_HOTP;
otpcfg.u.hotp.counter = counter;
} else {
r = totp(hmac, key, keylen, counter, period, digits);
if (r == -1)
errx(1, "couldn't calculate TOTP");
printf("%0*" PRId32 "\n", digits, r);
otpcfg.type = OTP_TOTP;
otpcfg.u.totp.time = counter;
otpcfg.u.totp.period = period;
}
r = otp(&otpcfg);
if (r == -1)
errx(1, "couldn't calculate %cOTP", do_hotp ? 'H' : 'T');
printf("%0*" PRId32 "\n", digits, r);
return 0;
}

75
otp.c
View File

@ -18,19 +18,47 @@
#include "otp.h"
static int32_t
otp(const EVP_MD *evp_md, const void *key, int key_len, uint64_t counter,
unsigned int digits)
int32_t
otp(const struct otpcfg *otpcfg)
{
const EVP_MD *evp_md;
unsigned char md_value[EVP_MAX_MD_SIZE];
uint8_t buf[8];
uint64_t counter;
uint32_t res;
int32_t modulo;
unsigned int md_len, offset;
unsigned int digits, md_len, offset;
switch (otpcfg->type) {
case OTP_HOTP:
counter = otpcfg->u.hotp.counter;
break;
case OTP_TOTP:
if (otpcfg->u.totp.period == 0)
return -1;
counter = otpcfg->u.totp.time / otpcfg->u.totp.period;
break;
default:
return -1;
}
switch (otpcfg->algorithm) {
case OTP_HMAC_SHA1:
evp_md = EVP_sha1();
break;
case OTP_HMAC_SHA256:
evp_md = EVP_sha256();
break;
case OTP_HMAC_SHA512:
evp_md = EVP_sha512();
break;
default:
return -1;
}
digits = otpcfg->digits;
if (digits < 6 || digits > 10)
return -1;
/*
* 10 digits would be 10_000_000_000, which overflows 32 bits.
* Nevertheless, given the number construction, 10 digits OTP are
@ -50,8 +78,8 @@ otp(const EVP_MD *evp_md, const void *key, int key_len, uint64_t counter,
buf[6] = (counter >> 8) & 0xff;
buf[7] = counter & 0xff;
if (HMAC(evp_md, key, key_len, buf, sizeof(buf), md_value, &md_len) ==
NULL)
if (HMAC(evp_md, otpcfg->secret, otpcfg->secretlen, buf, sizeof(buf),
md_value, &md_len) == NULL)
return -1;
offset = md_value[md_len - 1] & 0xf;
@ -63,36 +91,3 @@ otp(const EVP_MD *evp_md, const void *key, int key_len, uint64_t counter,
return digits == 10 ? (int32_t)res : (int32_t)res % modulo;
}
int32_t
hotp(enum otp_hmac hmac, const void *key, size_t key_len, uint64_t counter,
unsigned int digits)
{
const EVP_MD *evp_md;
if (key_len > INT_MAX)
return -1;
switch (hmac) {
case OTP_HMAC_SHA1:
evp_md = EVP_sha1();
break;
case OTP_HMAC_SHA256:
evp_md = EVP_sha256();
break;
case OTP_HMAC_SHA512:
evp_md = EVP_sha512();
break;
default:
return -1;
}
return otp(evp_md, key, (int)key_len, counter, digits);
}
int32_t
totp(enum otp_hmac hmac, const void *key, size_t key_len, uint64_t t,
unsigned int period, unsigned int digits)
{
return hotp(hmac, key, key_len, t / period, digits);
}

27
otp.h
View File

@ -14,12 +14,33 @@
#include <stdint.h>
enum otp_type {
OTP_HOTP,
OTP_TOTP,
};
enum otp_hmac {
OTP_HMAC_SHA1,
OTP_HMAC_SHA256,
OTP_HMAC_SHA512,
};
int32_t hotp(enum otp_hmac, const void *, size_t, uint64_t, unsigned int);
int32_t totp(enum otp_hmac, const void *, size_t, uint64_t, unsigned int,
unsigned int);
struct otpcfg {
enum otp_type type;
enum otp_hmac algorithm;
unsigned int digits;
const void *secret;
size_t secretlen;
union {
struct {
uint64_t counter;
} hotp;
struct {
uint64_t time;
unsigned int period;
} totp;
} u;
};
int32_t otp(const struct otpcfg *);