2 * Copyright (c) 2022, 2023 Omar Polo <op@openbsd.org>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 #include <openssl/evp.h>
27 #include <openssl/hmac.h>
30 # define pledge(a, b) (0)
34 # define __dead __attribute__((noreturn))
37 #if defined(__FreeBSD__)
38 # include <sys/endian.h>
39 #elif defined(__APPLE__)
40 # include <machine/endian.h>
41 # include <libkern/OSByteOrder.h>
42 # define htobe64(x) OSSwapHostToBigInt64(x)
43 # define be32toh(x) OSSwapBigToHostInt32(x)
51 fprintf(stderr, "usage: %s\n", getprogname());
58 if (c >= 'A' && c <= 'Z')
60 if (c >= '2' && c <= '7')
61 return (c - '2' + 26);
67 b32decode(const char *s, char *q, size_t qlen)
73 memset(val, 0, sizeof(val));
74 for (i = 0; i < 8; ++i) {
77 if ((val[i] = b32c(*s)) == -1)
88 *q++ = (val[0] << 3) | (val[1] >> 2);
89 *q++ = ((val[1] & 0x03) << 6) | (val[2] << 1) | (val[3] >> 4);
90 *q++ = ((val[3] & 0x0F) << 4) | (val[4] >> 1);
91 *q++ = ((val[4] & 0x01) << 7) | (val[5] << 2) | (val[6] >> 3);
92 *q++ = ((val[6] & 0x07) << 5) | val[7];
103 if ((q = strchr(s, '?')) == NULL)
105 if ((t = strstr(q, "?secret=")) == NULL &&
106 (t = strstr(q, "&secret=")) == NULL)
109 while (*t != '\0' && *t != '&' && *t != '#')
116 main(int argc, char **argv)
120 unsigned char md[EVP_MAX_MD_SIZE];
122 char *s, *q, *line = NULL;
130 if (pledge("stdio", NULL) == -1)
133 while ((ch = getopt(argc, argv, "")) != -1) {
145 linelen = getline(&line, &linesize, stdin);
149 errx(1, "no secret provided");
151 for (s = q = line; *s != '\0'; ++s) {
152 if (isspace((unsigned char)*s)) {
160 errx(1, "no secret provided");
162 if (!strncmp(line, "otpauth://", 10) && uri2secret(line) == -1)
163 errx(1, "failed to decode otpauth URI");
165 if ((buflen = b32decode(line, buf, sizeof(buf))) == 0)
166 err(1, "can't base32 decode the secret");
168 ct = htobe64(time(NULL) / 30);
170 HMAC(EVP_sha1(), buf, buflen, (unsigned char *)&ct, sizeof(ct),
173 off = md[mdlen - 1] & 0x0F;
175 memcpy(&hash, md + off, sizeof(hash));
176 hash = be32toh(hash);
177 printf("%06d\n", (hash & 0x7FFFFFFF) % 1000000);