int main (void) { oath_rc rc; /* Check version. */ if (!oath_check_version (OATH_VERSION)) { printf ("oath_check_version (%s) failed [%s]\n", OATH_VERSION, oath_check_version (NULL)); return 1; } if (oath_check_version (NULL) == NULL) { printf ("oath_check_version (NULL) == NULL\n"); return 1; } if (oath_check_version ("999.999")) { printf ("oath_check_version (999.999) succeeded?!\n"); return 1; } /* Test initialization. */ rc = oath_init (); if (rc != OATH_OK) { printf ("oath_init: %d\n", rc); return 1; } /* Test deinitialization. */ rc = oath_done (); if (rc != OATH_OK) { printf ("oath_done: %d\n", rc); return 1; } return 0; }
int main (void) { oath_rc rc; char *hexsecret = "ABCDEF3435363738393031323334353637abcdef"; char secret[20]; size_t secretlen; if (!oath_check_version (OATH_VERSION)) { printf ("oath_check_version (%s) failed [%s]\n", OATH_VERSION, oath_check_version (NULL)); return 1; } if (oath_check_version (NULL) == NULL) { printf ("oath_check_version (NULL) == NULL\n"); return 1; } if (oath_check_version ("999.999")) { printf ("oath_check_version (999.999) succeeded?!\n"); return 1; } rc = oath_init (); if (rc != OATH_OK) { printf ("oath_init: %d\n", rc); return 1; } secretlen = 0; rc = oath_hex2bin (hexsecret, secret, &secretlen); if (rc != OATH_TOO_SMALL_BUFFER) { printf ("oath_hex2bin too small: %d\n", rc); return 1; } if (secretlen != 20) { printf ("oath_hex2bin too small: 20 != %d\n", secretlen); return 1; } rc = oath_hex2bin ("abcd", secret, &secretlen); if (rc != OATH_OK) { printf ("oath_hex2bin lower case failed: %d\n", rc); return 1; } rc = oath_hex2bin ("ABCD", secret, &secretlen); if (rc != OATH_OK) { printf ("oath_hex2bin upper case failed: %d\n", rc); return 1; } rc = oath_hex2bin ("ABC", secret, &secretlen); if (rc != OATH_INVALID_HEX) { printf ("oath_hex2bin too small failed: %d\n", rc); return 1; } rc = oath_hex2bin ("JUNK", secret, &secretlen); if (rc != OATH_INVALID_HEX) { printf ("oath_hex2bin junk failed: %d\n", rc); return 1; } secretlen = sizeof (secret); rc = oath_hex2bin (hexsecret, secret, &secretlen); if (rc != OATH_OK) { printf ("oath_hex2bin: %d\n", rc); return 1; } if (secretlen != 20) { printf ("oath_hex2bin: 20 != %d\n", secretlen); return 1; } if (memcmp (secret, "\xAB\xCD\xEF\x34\x35\x36\x37\x38\x39\x30" "\x31\x32\x33\x34\x35\x36\x37\xab\xcd\xef", 20) != 0) { printf ("oath_hex2bin: decode mismatch\n"); return 1; } rc = oath_done (); if (rc != OATH_OK) { printf ("oath_done: %d\n", rc); return 1; } return 0; }
int main (void) { oath_rc rc; time_t last_otp; struct stat ufstat1; struct stat ufstat2; if (!oath_check_version (OATH_VERSION)) { printf ("oath_check_version (%s) failed [%s]\n", OATH_VERSION, oath_check_version (NULL)); return 1; } rc = oath_init (); if (rc != OATH_OK) { printf ("oath_init: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } rc = oath_authenticate_usersfile ("no-such-file", "joe", "755224", 0, "1234", &last_otp); if (rc != OATH_NO_SUCH_FILE) { printf ("oath_authenticate_usersfile[1]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Record the current usersfile inode */ stat (CREDS, &ufstat1); rc = oath_authenticate_usersfile (CREDS, "joe", "755224", 0, "1234", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[2]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Check that we do not update usersfile on not OATH_OK */ stat (CREDS, &ufstat2); if (ufstat1.st_ino != ufstat2.st_ino) { printf ("oath_authenticate_usersfile[26]: usersfile %s changed " "on OATH_BAD_PASSWORD\n", CREDS); return 1; } rc = oath_authenticate_usersfile (CREDS, "bob", "755224", 0, "1234", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[3]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } rc = oath_authenticate_usersfile (CREDS, "silver", "670691", 0, "4711", &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[4]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } stat (CREDS, &ufstat2); if (ufstat1.st_ino == ufstat2.st_ino) { printf ("oath_authenticate_usersfile[27]: usersfile %s did not " "change on OATH_OK\n", CREDS); return 1; } rc = oath_authenticate_usersfile (CREDS, "silver", "599872", 1, "4711", &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[5]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } rc = oath_authenticate_usersfile (CREDS, "silver", "072768", 1, "4711", &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[6]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } stat (CREDS, &ufstat1); rc = oath_authenticate_usersfile (CREDS, "foo", "755224", 0, "8989", &last_otp); if (rc != OATH_REPLAYED_OTP) { printf ("oath_authenticate_usersfile[7]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } if (last_otp != 1260206742) { printf ("oath_authenticate_usersfile timestamp %ld != 1260203142\n", last_otp); return 1; } stat (CREDS, &ufstat2); if (ufstat1.st_ino != ufstat2.st_ino) { printf ("oath_authenticate_usersfile[28]: usersfile %s changed " "on OATH_REPLAYED_OTP\n", CREDS); return 1; } rc = oath_authenticate_usersfile (CREDS, "rms", "755224", 0, "4321", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[8]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } rc = oath_authenticate_usersfile (CREDS, "rms", "436521", 10, "6767", &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[9]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Run 'TZ=UTC oathtool --totp --now=2006-12-07 00 -w10' to generate: 963013 068866 734019 038980 630208 533058 042289 046988 047407 892423 619507 */ /* Test completely invalid OTP */ rc = oath_authenticate_usersfile (CREDS, "eve", "386397", 0, "4711", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[10]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Test the next OTP but search window = 0. */ rc = oath_authenticate_usersfile (CREDS, "eve", "068866", 0, NULL, &last_otp); if (rc != OATH_INVALID_OTP) { printf ("oath_authenticate_usersfile[11]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Test the next OTP with search window = 1. */ rc = oath_authenticate_usersfile (CREDS, "eve", "068866", 1, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[12]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Test to replay last OTP. */ rc = oath_authenticate_usersfile (CREDS, "eve", "068866", 1, NULL, &last_otp); if (rc != OATH_REPLAYED_OTP) { printf ("oath_authenticate_usersfile[13]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Test to replay previous OTP. */ rc = oath_authenticate_usersfile (CREDS, "eve", "963013", 1, NULL, &last_otp); if (rc != OATH_REPLAYED_OTP) { printf ("oath_authenticate_usersfile[14]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try an OTP in the future but outside search window. */ rc = oath_authenticate_usersfile (CREDS, "eve", "892423", 1, NULL, &last_otp); if (rc != OATH_INVALID_OTP) { printf ("oath_authenticate_usersfile[15]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try OTP in the future with good search window. */ rc = oath_authenticate_usersfile (CREDS, "eve", "892423", 10, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[16]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Now try a rather old OTP within search window. */ rc = oath_authenticate_usersfile (CREDS, "eve", "630208", 10, NULL, &last_otp); if (rc != OATH_REPLAYED_OTP) { printf ("oath_authenticate_usersfile[17]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try OTP that matches user's second line. */ rc = oath_authenticate_usersfile (CREDS, "twouser", "874680", 10, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[18]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try OTP that matches user's third and final line. */ rc = oath_authenticate_usersfile (CREDS, "threeuser", "255509", 10, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[19]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try OTP that matches user's third and next-to-last line. */ rc = oath_authenticate_usersfile (CREDS, "fouruser", "663447", 10, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[19]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try incorrect OTP for user with five lines. */ rc = oath_authenticate_usersfile (CREDS, "fiveuser", "812658", 10, NULL, &last_otp); if (rc != OATH_INVALID_OTP) { printf ("oath_authenticate_usersfile[20]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try OTP that matches user's second line. */ rc = oath_authenticate_usersfile (CREDS, "fiveuser", "123001", 10, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[21]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try OTP that matches user's fourth line. */ rc = oath_authenticate_usersfile (CREDS, "fiveuser", "893841", 10, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[22]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try another OTP that matches user's second line. */ rc = oath_authenticate_usersfile (CREDS, "fiveuser", "746888", 10, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[23]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try another OTP that matches user's fifth line. */ rc = oath_authenticate_usersfile (CREDS, "fiveuser", "730790", 10, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[24]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Try too old OTP for user's second line. */ rc = oath_authenticate_usersfile (CREDS, "fiveuser", "692901", 10, NULL, &last_otp); if (rc != OATH_INVALID_OTP) { printf ("oath_authenticate_usersfile[25]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Test password field of + */ rc = oath_authenticate_usersfile (CREDS, "plus", "328482", 1, "4711", &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[26]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } rc = oath_authenticate_usersfile (CREDS, "plus", "812658", 1, "4712", &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[27]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Test different tokens with different passwords for one user */ rc = oath_authenticate_usersfile (CREDS, "password", "898463", 5, NULL, &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[28]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } rc = oath_authenticate_usersfile (CREDS, "password", "989803", 5, "test", &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[29]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } rc = oath_authenticate_usersfile (CREDS, "password", "427517", 5, "darn", &last_otp); if (rc != OATH_OK) { printf ("oath_authenticate_usersfile[30]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Valid OTP for first token but incorrect password. */ rc = oath_authenticate_usersfile (CREDS, "password", "917625", 5, "nope", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[31]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Valid OTP for second token but incorrect password. */ rc = oath_authenticate_usersfile (CREDS, "password", "459145", 5, "nope", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[32]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Valid OTP for first token but with password for second user. */ rc = oath_authenticate_usersfile (CREDS, "password", "917625", 5, "test", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[33]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Valid OTP for second token but with password for first user. */ rc = oath_authenticate_usersfile (CREDS, "password", "459145", 5, "", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[34]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } /* Valid OTP for third token but with password for second user. */ rc = oath_authenticate_usersfile (CREDS, "password", "633070", 9, "test", &last_otp); if (rc != OATH_BAD_PASSWORD) { printf ("oath_authenticate_usersfile[35]: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } rc = oath_done (); if (rc != OATH_OK) { printf ("oath_done: %s (%d)\n", oath_strerror_name (rc), rc); return 1; } return 0; }
int main (int argc, char *argv[]) { struct gengetopt_args_info args_info; char *secret; size_t secretlen = 0; int rc; size_t window; uint64_t moving_factor; unsigned digits; char otp[10]; time_t now, when, t0, time_step_size; int totpflags = 0; set_program_name (argv[0]); if (cmdline_parser (argc, argv, &args_info) != 0) return EXIT_FAILURE; if (args_info.version_given) { char *p; int l = -1; if (strcmp (oath_check_version (NULL), OATH_VERSION) != 0) l = asprintf (&p, "OATH Toolkit liboath.so %s oath.h %s", oath_check_version (NULL), OATH_VERSION); else if (strcmp (OATH_VERSION, PACKAGE_VERSION) != 0) l = asprintf (&p, "OATH Toolkit %s", oath_check_version (NULL), OATH_VERSION); version_etc (stdout, "oathtool", l == -1 ? "OATH Toolkit" : p, PACKAGE_VERSION, "Simon Josefsson", (char *) NULL); if (l != -1) free (p); return EXIT_SUCCESS; } if (args_info.help_given) usage (EXIT_SUCCESS); if (args_info.inputs_num == 0) { cmdline_parser_print_help (); emit_bug_reporting_address (); return EXIT_SUCCESS; } rc = oath_init (); if (rc != OATH_OK) error (EXIT_FAILURE, 0, "liboath initialization failed: %s", oath_strerror (rc)); if (args_info.base32_flag) { rc = oath_base32_decode (args_info.inputs[0], strlen (args_info.inputs[0]), &secret, &secretlen); if (rc != OATH_OK) error (EXIT_FAILURE, 0, "base32 decoding failed: %s", oath_strerror (rc)); } else { secretlen = 1 + strlen (args_info.inputs[0]) / 2; secret = malloc (secretlen); if (!secret) error (EXIT_FAILURE, errno, "malloc"); rc = oath_hex2bin (args_info.inputs[0], secret, &secretlen); if (rc != OATH_OK) error (EXIT_FAILURE, 0, "hex decoding of secret key failed"); } if (args_info.counter_orig) moving_factor = args_info.counter_arg; else moving_factor = 0; if (args_info.digits_orig) digits = args_info.digits_arg; else digits = 6; if (args_info.window_orig) window = args_info.window_arg; else window = 0; if (digits != 6 && digits != 7 && digits != 8) error (EXIT_FAILURE, 0, "only digits 6, 7 and 8 are supported"); if (validate_otp_p (args_info.inputs_num) && !args_info.digits_orig) digits = strlen (args_info.inputs[1]); else if (validate_otp_p (args_info.inputs_num) && args_info.digits_orig && args_info.digits_arg != strlen (args_info.inputs[1])) error (EXIT_FAILURE, 0, "given one-time password has bad length %d != %ld", args_info.digits_arg, strlen (args_info.inputs[1])); if (args_info.inputs_num > 2) error (EXIT_FAILURE, 0, "too many parameters"); if (args_info.verbose_flag) { char *tmp; tmp = malloc (2 * secretlen + 1); if (!tmp) error (EXIT_FAILURE, errno, "malloc"); oath_bin2hex (secret, secretlen, tmp); printf ("Hex secret: %s\n", tmp); free (tmp); rc = oath_base32_encode (secret, secretlen, &tmp, NULL); if (rc != OATH_OK) error (EXIT_FAILURE, 0, "base32 encoding failed: %s", oath_strerror (rc)); printf ("Base32 secret: %s\n", tmp); free (tmp); if (args_info.inputs_num == 2) printf ("OTP: %s\n", args_info.inputs[1]); printf ("Digits: %d\n", digits); printf ("Window size: %ld\n", window); } if (args_info.totp_given) { now = time (NULL); when = parse_time (args_info.now_arg, now); t0 = parse_time (args_info.start_time_arg, now); time_step_size = parse_duration (args_info.time_step_size_arg); if (when == BAD_TIME) error (EXIT_FAILURE, 0, "cannot parse time `%s'", args_info.now_arg); if (t0 == BAD_TIME) error (EXIT_FAILURE, 0, "cannot parse time `%s'", args_info.start_time_arg); if (time_step_size == BAD_TIME) error (EXIT_FAILURE, 0, "cannot parse time `%s'", args_info.time_step_size_arg); if (strcmp (args_info.totp_arg, "sha256") == 0) totpflags = OATH_TOTP_HMAC_SHA256; else if (strcmp (args_info.totp_arg, "sha512") == 0) totpflags = OATH_TOTP_HMAC_SHA512; if (args_info.verbose_flag) verbose_totp (t0, time_step_size, when); } else { if (args_info.verbose_flag) verbose_hotp (moving_factor); } if (generate_otp_p (args_info.inputs_num) && !args_info.totp_given) { size_t iter = 0; do { rc = oath_hotp_generate (secret, secretlen, moving_factor + iter, digits, false, OATH_HOTP_DYNAMIC_TRUNCATION, otp); if (rc != OATH_OK) error (EXIT_FAILURE, 0, "generating one-time password failed (%d)", rc); printf ("%s\n", otp); } while (window - iter++ > 0); } else if (generate_otp_p (args_info.inputs_num) && args_info.totp_given) { size_t iter = 0; do { rc = oath_totp_generate2 (secret, secretlen, when + iter * time_step_size, time_step_size, t0, digits, totpflags, otp); if (rc != OATH_OK) error (EXIT_FAILURE, 0, "generating one-time password failed (%d)", rc); printf ("%s\n", otp); } while (window - iter++ > 0); } else if (validate_otp_p (args_info.inputs_num) && !args_info.totp_given) { rc = oath_hotp_validate (secret, secretlen, moving_factor, window, args_info.inputs[1]); if (rc == OATH_INVALID_OTP) error (EXIT_OTP_INVALID, 0, "password \"%s\" not found in range %ld .. %ld", args_info.inputs[1], (long) moving_factor, (long) moving_factor + window); else if (rc < 0) error (EXIT_FAILURE, 0, "validating one-time password failed (%d)", rc); printf ("%d\n", rc); } else if (validate_otp_p (args_info.inputs_num) && args_info.totp_given) { rc = oath_totp_validate4 (secret, secretlen, when, time_step_size, t0, window, NULL, NULL, totpflags, args_info.inputs[1]); if (rc == OATH_INVALID_OTP) error (EXIT_OTP_INVALID, 0, "password \"%s\" not found in range %ld .. %ld", args_info.inputs[1], (long) ((when - t0) / time_step_size - window / 2), (long) ((when - t0) / time_step_size + window / 2)); else if (rc < 0) error (EXIT_FAILURE, 0, "validating one-time password failed (%d)", rc); printf ("%d\n", rc); } free (secret); oath_done (); return EXIT_SUCCESS; }