int
main (void)
{
oath_rc rc;
/* Check version. */
if (!oath_check_version (OATH_VERSION))
{
printf ("oath_check_version (%s) failed [%s]\n", OATH_VERSION,
oath_check_version (NULL));
return 1;
}
if (oath_check_version (NULL) == NULL)
{
printf ("oath_check_version (NULL) == NULL\n");
return 1;
}
if (oath_check_version ("999.999"))
{
printf ("oath_check_version (999.999) succeeded?!\n");
return 1;
}
/* Test initialization. */
rc = oath_init ();
if (rc != OATH_OK)
{
printf ("oath_init: %d\n", rc);
return 1;
}
/* Test deinitialization. */
rc = oath_done ();
if (rc != OATH_OK)
{
printf ("oath_done: %d\n", rc);
return 1;
}
return 0;
}
int
main (void)
{
oath_rc rc;
char *hexsecret = "ABCDEF3435363738393031323334353637abcdef";
char secret[20];
size_t secretlen;
if (!oath_check_version (OATH_VERSION))
{
printf ("oath_check_version (%s) failed [%s]\n", OATH_VERSION,
oath_check_version (NULL));
return 1;
}
if (oath_check_version (NULL) == NULL)
{
printf ("oath_check_version (NULL) == NULL\n");
return 1;
}
if (oath_check_version ("999.999"))
{
printf ("oath_check_version (999.999) succeeded?!\n");
return 1;
}
rc = oath_init ();
if (rc != OATH_OK)
{
printf ("oath_init: %d\n", rc);
return 1;
}
secretlen = 0;
rc = oath_hex2bin (hexsecret, secret, &secretlen);
if (rc != OATH_TOO_SMALL_BUFFER)
{
printf ("oath_hex2bin too small: %d\n", rc);
return 1;
}
if (secretlen != 20)
{
printf ("oath_hex2bin too small: 20 != %d\n", secretlen);
return 1;
}
rc = oath_hex2bin ("abcd", secret, &secretlen);
if (rc != OATH_OK)
{
printf ("oath_hex2bin lower case failed: %d\n", rc);
return 1;
}
rc = oath_hex2bin ("ABCD", secret, &secretlen);
if (rc != OATH_OK)
{
printf ("oath_hex2bin upper case failed: %d\n", rc);
return 1;
}
rc = oath_hex2bin ("ABC", secret, &secretlen);
if (rc != OATH_INVALID_HEX)
{
printf ("oath_hex2bin too small failed: %d\n", rc);
return 1;
}
rc = oath_hex2bin ("JUNK", secret, &secretlen);
if (rc != OATH_INVALID_HEX)
{
printf ("oath_hex2bin junk failed: %d\n", rc);
return 1;
}
secretlen = sizeof (secret);
rc = oath_hex2bin (hexsecret, secret, &secretlen);
if (rc != OATH_OK)
{
printf ("oath_hex2bin: %d\n", rc);
return 1;
}
if (secretlen != 20)
{
printf ("oath_hex2bin: 20 != %d\n", secretlen);
return 1;
}
if (memcmp (secret, "\xAB\xCD\xEF\x34\x35\x36\x37\x38\x39\x30"
"\x31\x32\x33\x34\x35\x36\x37\xab\xcd\xef", 20) != 0)
{
printf ("oath_hex2bin: decode mismatch\n");
return 1;
}
rc = oath_done ();
if (rc != OATH_OK)
{
printf ("oath_done: %d\n", rc);
return 1;
}
return 0;
}
int
main (void)
{
oath_rc rc;
time_t last_otp;
struct stat ufstat1;
struct stat ufstat2;
if (!oath_check_version (OATH_VERSION))
{
printf ("oath_check_version (%s) failed [%s]\n", OATH_VERSION,
oath_check_version (NULL));
return 1;
}
rc = oath_init ();
if (rc != OATH_OK)
{
printf ("oath_init: %s (%d)\n", oath_strerror_name (rc), rc);
return 1;
}
rc = oath_authenticate_usersfile ("no-such-file", "joe", "755224",
0, "1234", &last_otp);
if (rc != OATH_NO_SUCH_FILE)
{
printf ("oath_authenticate_usersfile[1]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Record the current usersfile inode */
stat (CREDS, &ufstat1);
rc = oath_authenticate_usersfile (CREDS, "joe", "755224",
0, "1234", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[2]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Check that we do not update usersfile on not OATH_OK */
stat (CREDS, &ufstat2);
if (ufstat1.st_ino != ufstat2.st_ino)
{
printf ("oath_authenticate_usersfile[26]: usersfile %s changed "
"on OATH_BAD_PASSWORD\n", CREDS);
return 1;
}
rc = oath_authenticate_usersfile (CREDS, "bob", "755224",
0, "1234", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[3]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
rc = oath_authenticate_usersfile (CREDS, "silver", "670691",
0, "4711", &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[4]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
stat (CREDS, &ufstat2);
if (ufstat1.st_ino == ufstat2.st_ino)
{
printf ("oath_authenticate_usersfile[27]: usersfile %s did not "
"change on OATH_OK\n", CREDS);
return 1;
}
rc = oath_authenticate_usersfile (CREDS, "silver", "599872",
1, "4711", &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[5]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
rc = oath_authenticate_usersfile (CREDS, "silver", "072768",
1, "4711", &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[6]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
stat (CREDS, &ufstat1);
rc = oath_authenticate_usersfile (CREDS,
"foo", "755224", 0, "8989", &last_otp);
if (rc != OATH_REPLAYED_OTP)
{
printf ("oath_authenticate_usersfile[7]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
if (last_otp != 1260206742)
{
printf ("oath_authenticate_usersfile timestamp %ld != 1260203142\n",
last_otp);
return 1;
}
stat (CREDS, &ufstat2);
if (ufstat1.st_ino != ufstat2.st_ino)
{
printf ("oath_authenticate_usersfile[28]: usersfile %s changed "
"on OATH_REPLAYED_OTP\n", CREDS);
return 1;
}
rc = oath_authenticate_usersfile (CREDS,
"rms", "755224", 0, "4321", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[8]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
rc = oath_authenticate_usersfile (CREDS,
"rms", "436521", 10, "6767", &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[9]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/*
Run 'TZ=UTC oathtool --totp --now=2006-12-07 00 -w10' to generate:
963013
068866
734019
038980
630208
533058
042289
046988
047407
892423
619507
*/
/* Test completely invalid OTP */
rc = oath_authenticate_usersfile (CREDS,
"eve", "386397", 0, "4711", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[10]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Test the next OTP but search window = 0. */
rc = oath_authenticate_usersfile (CREDS,
"eve", "068866", 0, NULL, &last_otp);
if (rc != OATH_INVALID_OTP)
{
printf ("oath_authenticate_usersfile[11]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Test the next OTP with search window = 1. */
rc = oath_authenticate_usersfile (CREDS,
"eve", "068866", 1, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[12]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Test to replay last OTP. */
rc = oath_authenticate_usersfile (CREDS,
"eve", "068866", 1, NULL, &last_otp);
if (rc != OATH_REPLAYED_OTP)
{
printf ("oath_authenticate_usersfile[13]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Test to replay previous OTP. */
rc = oath_authenticate_usersfile (CREDS,
"eve", "963013", 1, NULL, &last_otp);
if (rc != OATH_REPLAYED_OTP)
{
printf ("oath_authenticate_usersfile[14]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try an OTP in the future but outside search window. */
rc = oath_authenticate_usersfile (CREDS,
"eve", "892423", 1, NULL, &last_otp);
if (rc != OATH_INVALID_OTP)
{
printf ("oath_authenticate_usersfile[15]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try OTP in the future with good search window. */
rc = oath_authenticate_usersfile (CREDS,
"eve", "892423", 10, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[16]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Now try a rather old OTP within search window. */
rc = oath_authenticate_usersfile (CREDS,
"eve", "630208", 10, NULL, &last_otp);
if (rc != OATH_REPLAYED_OTP)
{
printf ("oath_authenticate_usersfile[17]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try OTP that matches user's second line. */
rc = oath_authenticate_usersfile (CREDS, "twouser",
"874680", 10, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[18]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try OTP that matches user's third and final line. */
rc = oath_authenticate_usersfile (CREDS, "threeuser",
"255509", 10, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[19]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try OTP that matches user's third and next-to-last line. */
rc = oath_authenticate_usersfile (CREDS, "fouruser",
"663447", 10, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[19]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try incorrect OTP for user with five lines. */
rc = oath_authenticate_usersfile (CREDS, "fiveuser",
"812658", 10, NULL, &last_otp);
if (rc != OATH_INVALID_OTP)
{
printf ("oath_authenticate_usersfile[20]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try OTP that matches user's second line. */
rc = oath_authenticate_usersfile (CREDS, "fiveuser",
"123001", 10, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[21]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try OTP that matches user's fourth line. */
rc = oath_authenticate_usersfile (CREDS, "fiveuser",
"893841", 10, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[22]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try another OTP that matches user's second line. */
rc = oath_authenticate_usersfile (CREDS, "fiveuser",
"746888", 10, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[23]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try another OTP that matches user's fifth line. */
rc = oath_authenticate_usersfile (CREDS, "fiveuser",
"730790", 10, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[24]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Try too old OTP for user's second line. */
rc = oath_authenticate_usersfile (CREDS, "fiveuser",
"692901", 10, NULL, &last_otp);
if (rc != OATH_INVALID_OTP)
{
printf ("oath_authenticate_usersfile[25]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Test password field of + */
rc = oath_authenticate_usersfile (CREDS,
"plus", "328482", 1, "4711", &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[26]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
rc = oath_authenticate_usersfile (CREDS,
"plus", "812658", 1, "4712", &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[27]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Test different tokens with different passwords for one user */
rc = oath_authenticate_usersfile (CREDS,
"password", "898463", 5, NULL, &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[28]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
rc = oath_authenticate_usersfile (CREDS,
"password", "989803", 5, "test", &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[29]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
rc = oath_authenticate_usersfile (CREDS,
"password", "427517", 5, "darn", &last_otp);
if (rc != OATH_OK)
{
printf ("oath_authenticate_usersfile[30]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Valid OTP for first token but incorrect password. */
rc = oath_authenticate_usersfile (CREDS,
"password", "917625", 5, "nope", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[31]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Valid OTP for second token but incorrect password. */
rc = oath_authenticate_usersfile (CREDS,
"password", "459145", 5, "nope", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[32]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Valid OTP for first token but with password for second user. */
rc = oath_authenticate_usersfile (CREDS,
"password", "917625", 5, "test", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[33]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Valid OTP for second token but with password for first user. */
rc = oath_authenticate_usersfile (CREDS,
"password", "459145", 5, "", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[34]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
/* Valid OTP for third token but with password for second user. */
rc = oath_authenticate_usersfile (CREDS,
"password", "633070", 9, "test", &last_otp);
if (rc != OATH_BAD_PASSWORD)
{
printf ("oath_authenticate_usersfile[35]: %s (%d)\n",
oath_strerror_name (rc), rc);
return 1;
}
rc = oath_done ();
if (rc != OATH_OK)
{
printf ("oath_done: %s (%d)\n", oath_strerror_name (rc), rc);
return 1;
}
return 0;
}
int
main (int argc, char *argv[])
{
struct gengetopt_args_info args_info;
char *secret;
size_t secretlen = 0;
int rc;
size_t window;
uint64_t moving_factor;
unsigned digits;
char otp[10];
time_t now, when, t0, time_step_size;
int totpflags = 0;
set_program_name (argv[0]);
if (cmdline_parser (argc, argv, &args_info) != 0)
return EXIT_FAILURE;
if (args_info.version_given)
{
char *p;
int l = -1;
if (strcmp (oath_check_version (NULL), OATH_VERSION) != 0)
l = asprintf (&p, "OATH Toolkit liboath.so %s oath.h %s",
oath_check_version (NULL), OATH_VERSION);
else if (strcmp (OATH_VERSION, PACKAGE_VERSION) != 0)
l = asprintf (&p, "OATH Toolkit %s",
oath_check_version (NULL), OATH_VERSION);
version_etc (stdout, "oathtool", l == -1 ? "OATH Toolkit" : p,
PACKAGE_VERSION, "Simon Josefsson", (char *) NULL);
if (l != -1)
free (p);
return EXIT_SUCCESS;
}
if (args_info.help_given)
usage (EXIT_SUCCESS);
if (args_info.inputs_num == 0)
{
cmdline_parser_print_help ();
emit_bug_reporting_address ();
return EXIT_SUCCESS;
}
rc = oath_init ();
if (rc != OATH_OK)
error (EXIT_FAILURE, 0, "liboath initialization failed: %s",
oath_strerror (rc));
if (args_info.base32_flag)
{
rc = oath_base32_decode (args_info.inputs[0],
strlen (args_info.inputs[0]),
&secret, &secretlen);
if (rc != OATH_OK)
error (EXIT_FAILURE, 0, "base32 decoding failed: %s",
oath_strerror (rc));
}
else
{
secretlen = 1 + strlen (args_info.inputs[0]) / 2;
secret = malloc (secretlen);
if (!secret)
error (EXIT_FAILURE, errno, "malloc");
rc = oath_hex2bin (args_info.inputs[0], secret, &secretlen);
if (rc != OATH_OK)
error (EXIT_FAILURE, 0, "hex decoding of secret key failed");
}
if (args_info.counter_orig)
moving_factor = args_info.counter_arg;
else
moving_factor = 0;
if (args_info.digits_orig)
digits = args_info.digits_arg;
else
digits = 6;
if (args_info.window_orig)
window = args_info.window_arg;
else
window = 0;
if (digits != 6 && digits != 7 && digits != 8)
error (EXIT_FAILURE, 0, "only digits 6, 7 and 8 are supported");
if (validate_otp_p (args_info.inputs_num) && !args_info.digits_orig)
digits = strlen (args_info.inputs[1]);
else if (validate_otp_p (args_info.inputs_num) && args_info.digits_orig &&
args_info.digits_arg != strlen (args_info.inputs[1]))
error (EXIT_FAILURE, 0,
"given one-time password has bad length %d != %ld",
args_info.digits_arg, strlen (args_info.inputs[1]));
if (args_info.inputs_num > 2)
error (EXIT_FAILURE, 0, "too many parameters");
if (args_info.verbose_flag)
{
char *tmp;
tmp = malloc (2 * secretlen + 1);
if (!tmp)
error (EXIT_FAILURE, errno, "malloc");
oath_bin2hex (secret, secretlen, tmp);
printf ("Hex secret: %s\n", tmp);
free (tmp);
rc = oath_base32_encode (secret, secretlen, &tmp, NULL);
if (rc != OATH_OK)
error (EXIT_FAILURE, 0, "base32 encoding failed: %s",
oath_strerror (rc));
printf ("Base32 secret: %s\n", tmp);
free (tmp);
if (args_info.inputs_num == 2)
printf ("OTP: %s\n", args_info.inputs[1]);
printf ("Digits: %d\n", digits);
printf ("Window size: %ld\n", window);
}
if (args_info.totp_given)
{
now = time (NULL);
when = parse_time (args_info.now_arg, now);
t0 = parse_time (args_info.start_time_arg, now);
time_step_size = parse_duration (args_info.time_step_size_arg);
if (when == BAD_TIME)
error (EXIT_FAILURE, 0, "cannot parse time `%s'", args_info.now_arg);
if (t0 == BAD_TIME)
error (EXIT_FAILURE, 0, "cannot parse time `%s'",
args_info.start_time_arg);
if (time_step_size == BAD_TIME)
error (EXIT_FAILURE, 0, "cannot parse time `%s'",
args_info.time_step_size_arg);
if (strcmp (args_info.totp_arg, "sha256") == 0)
totpflags = OATH_TOTP_HMAC_SHA256;
else if (strcmp (args_info.totp_arg, "sha512") == 0)
totpflags = OATH_TOTP_HMAC_SHA512;
if (args_info.verbose_flag)
verbose_totp (t0, time_step_size, when);
}
else
{
if (args_info.verbose_flag)
verbose_hotp (moving_factor);
}
if (generate_otp_p (args_info.inputs_num) && !args_info.totp_given)
{
size_t iter = 0;
do
{
rc = oath_hotp_generate (secret,
secretlen,
moving_factor + iter,
digits,
false, OATH_HOTP_DYNAMIC_TRUNCATION, otp);
if (rc != OATH_OK)
error (EXIT_FAILURE, 0,
"generating one-time password failed (%d)", rc);
printf ("%s\n", otp);
}
while (window - iter++ > 0);
}
else if (generate_otp_p (args_info.inputs_num) && args_info.totp_given)
{
size_t iter = 0;
do
{
rc = oath_totp_generate2 (secret,
secretlen,
when + iter * time_step_size,
time_step_size, t0, digits, totpflags,
otp);
if (rc != OATH_OK)
error (EXIT_FAILURE, 0,
"generating one-time password failed (%d)", rc);
printf ("%s\n", otp);
}
while (window - iter++ > 0);
}
else if (validate_otp_p (args_info.inputs_num) && !args_info.totp_given)
{
rc = oath_hotp_validate (secret,
secretlen,
moving_factor, window, args_info.inputs[1]);
if (rc == OATH_INVALID_OTP)
error (EXIT_OTP_INVALID, 0,
"password \"%s\" not found in range %ld .. %ld",
args_info.inputs[1],
(long) moving_factor, (long) moving_factor + window);
else if (rc < 0)
error (EXIT_FAILURE, 0,
"validating one-time password failed (%d)", rc);
printf ("%d\n", rc);
}
else if (validate_otp_p (args_info.inputs_num) && args_info.totp_given)
{
rc = oath_totp_validate4 (secret,
secretlen,
when,
time_step_size,
t0,
window,
NULL, NULL, totpflags, args_info.inputs[1]);
if (rc == OATH_INVALID_OTP)
error (EXIT_OTP_INVALID, 0,
"password \"%s\" not found in range %ld .. %ld",
args_info.inputs[1],
(long) ((when - t0) / time_step_size - window / 2),
(long) ((when - t0) / time_step_size + window / 2));
else if (rc < 0)
error (EXIT_FAILURE, 0,
"validating one-time password failed (%d)", rc);
printf ("%d\n", rc);
}
free (secret);
oath_done ();
return EXIT_SUCCESS;
}
