op public repos

Blob

Date:: Tue May 16 19:41:12 2023 UTC
Message:: rework uri2secret to handle (in the future) other params too
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2022, 2023 Omar Polo <op@openbsd.org>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <ctype.h>
18 #include <err.h>
19 #include <errno.h>
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <time.h>
24 #include <unistd.h>
25 
26 #include <openssl/evp.h>
27 #include <openssl/hmac.h>
28 
29 #ifndef __OpenBSD__
30 # define pledge(a, b) (0)
31 #endif
32 
33 #ifndef __dead
34 # define __dead __attribute__((noreturn))
35 #endif
36 
37 #if defined(__FreeBSD__) || defined(__NetBSD__)
38 # include <sys/endian.h>
39 #elif defined(__APPLE__)
40 # include <machine/endian.h>
41 # include <libkern/OSByteOrder.h>
42 # define htobe64(x) OSSwapHostToBigInt64(x)
43 # define be32toh(x) OSSwapBigToHostInt32(x)
44 #else
45 # include <endian.h>
46 #endif
47 
48 static __dead void
49 usage(void)
50 {
51 	fprintf(stderr, "usage: %s\n", getprogname());
52 	exit(1);
53 }
54 
55 static int
56 b32c(unsigned char c)
57 {
58 	if (c >= 'A' && c <= 'Z')
59 		return (c - 'A');
60 	if (c >= '2' && c <= '7')
61 		return (c - '2' + 26);
62 	errno = EINVAL;
63 	return (-1);
64 }
65 
66 static size_t
67 b32decode(const char *s, char *q, size_t qlen)
68 {
69 	int	 i, val[8];
70 	char	*t = q;
71 
72 	while (*s != '\0') {
73 		memset(val, 0, sizeof(val));
74 		for (i = 0; i < 8; ++i) {
75 			if (*s == '\0')
76 				break;
77 			if ((val[i] = b32c(*s)) == -1)
78 				return (0);
79 			s++;
80 		}
81 
82 		if (qlen < 5) {
83 			errno = ENOSPC;
84 			return (0);
85 		}
86 		qlen -= 5;
87 
88 		*q++ = (val[0] << 3) | (val[1] >> 2);
89 		*q++ = ((val[1] & 0x03) << 6) | (val[2] << 1) | (val[3] >> 4);
90 		*q++ = ((val[3] & 0x0F) << 4) | (val[4] >> 1);
91 		*q++ = ((val[4] & 0x01) << 7) | (val[5] << 2) | (val[6] >> 3);
92 		*q++ = ((val[6] & 0x07) << 5) | val[7];
93 	}
94 
95 	return (q - t);
96 }
97 
98 static int
99 uri2secret(char *s)
100 {
101 	char		*q, *t, *f, *secret = NULL;
102 
103 	if ((q = strchr(s, '?')) == NULL)
104 		return (-1);
105 
106 	t = q + 1;
107 	while ((f = strsep(&t, "&")) != NULL) {
108 		if (!strncmp(f, "secret=", 7))
109 			secret = f + 7;
110 	}
111 
112 	if (secret == NULL)
113 		return (-1);
114 	memmove(s, secret, strlen(secret) + 1);
115 	return (0);
116 }
117 
118 int
119 main(int argc, char **argv)
120 {
121 	char		 buf[1024];
122 	size_t		 buflen;
123 	unsigned char	 md[EVP_MAX_MD_SIZE];
124 	unsigned int	 mdlen;
125 	char		*s, *q, *line = NULL;
126 	size_t		 linesize = 0;
127 	ssize_t		 linelen;
128 	uint64_t	 ct;
129 	uint32_t	 hash;
130 	uint8_t		 off;
131 	int		 ch;
132 
133 	if (pledge("stdio", NULL) == -1)
134 		err(1, "pledge");
135 
136 	while ((ch = getopt(argc, argv, "")) != -1) {
137 		switch (ch) {
138 		default:
139 			usage();
140 		}
141 	}
142 	argc -= optind;
143 	argv += optind;
144 
145 	if (argc != 0)
146 		usage();
147 
148 	linelen = getline(&line, &linesize, stdin);
149 	if (linelen == -1) {
150 		if (ferror(stdin))
151 			err(1, "getline");
152 		errx(1, "no secret provided");
153 	}
154 	for (s = q = line; *s != '\0'; ++s) {
155 		if (isspace((unsigned char)*s)) {
156 			linelen--;
157 			continue;
158 		}
159 		*q++ = *s;
160 	}
161 	*q = '\0';
162 	if (linelen < 1)
163 		errx(1, "no secret provided");
164 
165 	if (!strncmp(line, "otpauth://", 10) && uri2secret(line) == -1)
166 		errx(1, "failed to decode otpauth URI");
167 
168 	if ((buflen = b32decode(line, buf, sizeof(buf))) == 0)
169 		err(1, "can't base32 decode the secret");
170 
171 	ct = htobe64(time(NULL) / 30);
172 
173 	HMAC(EVP_sha1(), buf, buflen, (unsigned char *)&ct, sizeof(ct),
174 	    md, &mdlen);
175 
176 	off = md[mdlen - 1] & 0x0F;
177 
178 	memcpy(&hash, md + off, sizeof(hash));
179 	hash = be32toh(hash);
180 	printf("%06d\n", (hash & 0x7FFFFFFF) % 1000000);
181 
182 	free(line);
183 	return (0);
184 }