1 | /*- |
---|
2 | * Copyright (c) 2013 Universitetet i Oslo |
---|
3 | * All rights reserved. |
---|
4 | * |
---|
5 | * Redistribution and use in source and binary forms, with or without |
---|
6 | * modification, are permitted provided that the following conditions |
---|
7 | * are met: |
---|
8 | * 1. Redistributions of source code must retain the above copyright |
---|
9 | * notice, this list of conditions and the following disclaimer. |
---|
10 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
11 | * notice, this list of conditions and the following disclaimer in the |
---|
12 | * documentation and/or other materials provided with the distribution. |
---|
13 | * 3. The name of the author may not be used to endorse or promote |
---|
14 | * products derived from this software without specific prior written |
---|
15 | * permission. |
---|
16 | * |
---|
17 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
---|
18 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
19 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
20 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
---|
21 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
22 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
23 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
24 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
25 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
26 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
27 | * SUCH DAMAGE. |
---|
28 | * |
---|
29 | * $Id: oath_key.c 772 2014-03-09 11:45:05Z des $ |
---|
30 | */ |
---|
31 | |
---|
32 | #ifdef HAVE_CONFIG_H |
---|
33 | # include "config.h" |
---|
34 | #endif |
---|
35 | |
---|
36 | #include <sys/types.h> |
---|
37 | |
---|
38 | #include <inttypes.h> |
---|
39 | #include <stdio.h> |
---|
40 | #include <stdlib.h> |
---|
41 | |
---|
42 | #include <security/pam_appl.h> |
---|
43 | #include <security/openpam.h> |
---|
44 | |
---|
45 | #include "openpam_strlcmp.h" |
---|
46 | |
---|
47 | #include <security/oath.h> |
---|
48 | |
---|
49 | struct oath_key * |
---|
50 | oath_key_from_file(const char *filename) |
---|
51 | { |
---|
52 | struct oath_key *key; |
---|
53 | FILE *f; |
---|
54 | char *line; |
---|
55 | size_t len; |
---|
56 | |
---|
57 | if ((f = fopen(filename, "r")) == NULL) |
---|
58 | return (NULL); |
---|
59 | /* get first non-empty non-comment line */ |
---|
60 | line = openpam_readline(f, NULL, &len); |
---|
61 | if (strlcmp("otpauth://", line, len) == 0) { |
---|
62 | key = oath_key_from_uri(line); |
---|
63 | } else { |
---|
64 | openpam_log(PAM_LOG_ERROR, |
---|
65 | "unrecognized key file format: %s", filename); |
---|
66 | key = NULL; |
---|
67 | } |
---|
68 | fclose(f); |
---|
69 | return (key); |
---|
70 | } |
---|
71 | |
---|
72 | char * |
---|
73 | oath_key_to_uri(const struct oath_key *key) |
---|
74 | { |
---|
75 | const char *hash; |
---|
76 | char *tmp, *uri; |
---|
77 | size_t kslen, urilen; |
---|
78 | |
---|
79 | switch (key->hash) { |
---|
80 | case oh_sha1: |
---|
81 | hash = "SHA1"; |
---|
82 | break; |
---|
83 | case oh_sha256: |
---|
84 | hash = "SHA256"; |
---|
85 | break; |
---|
86 | case oh_sha512: |
---|
87 | hash = "SHA512"; |
---|
88 | break; |
---|
89 | case oh_md5: |
---|
90 | hash = "MD5"; |
---|
91 | break; |
---|
92 | default: |
---|
93 | return (NULL); |
---|
94 | } |
---|
95 | |
---|
96 | /* XXX the label should be URI-encoded */ |
---|
97 | if (key->mode == om_hotp) { |
---|
98 | urilen = asprintf(&uri, "otpauth://%s/%s?" |
---|
99 | "algorithm=%s&digits=%d&counter=%ju&secret=", |
---|
100 | "hotp", key->label, hash, key->digits, |
---|
101 | (uintmax_t)key->counter); |
---|
102 | } else if (key->mode == om_totp) { |
---|
103 | urilen = asprintf(&uri, "otpauth://%s/%s?" |
---|
104 | "algorithm=%s&digits=%d&period=%u&lastused=%ju&secret=", |
---|
105 | "totp", key->label, hash, key->digits, key->timestep, |
---|
106 | (uintmax_t)key->lastused); |
---|
107 | } else { |
---|
108 | /* unreachable */ |
---|
109 | return (NULL); |
---|
110 | } |
---|
111 | |
---|
112 | /* compute length of base32-encoded key and append it */ |
---|
113 | kslen = base32_enclen(key->keylen) + 1; |
---|
114 | if ((tmp = realloc(uri, urilen + kslen)) == NULL) { |
---|
115 | free(uri); |
---|
116 | return (NULL); |
---|
117 | } |
---|
118 | uri = tmp; |
---|
119 | if (base32_enc((char *)key->key, key->keylen, uri + urilen, &kslen) != 0) { |
---|
120 | free(uri); |
---|
121 | return (NULL); |
---|
122 | } |
---|
123 | |
---|
124 | return (uri); |
---|
125 | } |
---|