scdtotp: Read all OTP parameters from the card

Instead of reading the raw key from the card, expect to find a
URI-formatted string containing all the parameters needed to
generate the one-time password.
develop
Damien Goutte-Gattat 8 years ago
parent c649fe73c7
commit a8f12cb78f
  1. 2
      src/Makefile.am
  2. 318
      src/otpauth.c
  3. 57
      src/otpauth.h
  4. 211
      src/scdtotp.c

@ -2,7 +2,7 @@ bin_PROGRAMS = scdrand scdtotp
scdrand_SOURCES = scdrand.c gpg-util.c gpg-util.h
scdtotp_SOURCES = scdtotp.c gpg-util.c gpg-util.h
scdtotp_SOURCES = scdtotp.c gpg-util.c gpg-util.h otpauth.c otpauth.h
AM_CPPFLAGS = -I$(top_srcdir)/lib
AM_LDFLAGS = -L$(top_builddir)/lib

@ -0,0 +1,318 @@
/*
* scdtools - Tools for Scdaemon and OpenPGP smartcards
* Copyright (C) 2015 Damien Goutte-Gattat
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "otpauth.h"
#include <stdio.h>
#include <string.h>
#define skip_delimiter(p) \
do { \
if ( *(p) ) \
(p) += 1; \
} while ( 0 )
static const char *
unescape(otp_t *otp, const char **uri, char delim)
{
const char *p;
char *q;
p = *uri;
q = otp->buffer;
while ( *p && *p != delim ) {
if ( *p == '%' ) {
int byte;
if ( sscanf(++p, "%02X", &byte) == 1 ) {
*(otp->buffer)++ = (char)byte;
p += 2;
}
}
else
*(otp->buffer++) = *p++;
}
*(otp->buffer++) = '\0';
skip_delimiter(p);
*uri = p;
return q;
}
static char *
copy(otp_t *otp, const char **uri, char delim)
{
const char *p;
char *q;
p = *uri;
q = otp->buffer;
while ( *p && *p != delim )
*(otp->buffer++) = *p++;
*(otp->buffer++) = '\0';
skip_delimiter(p);
*uri = p;
return q;
}
static size_t
base32_decode(const char *src, size_t slen, char *dst, size_t dlen)
{
unsigned char a, b, c;
unsigned int car, i, j, n;
for ( i = j = n = b = c = 0; i < slen && j < dlen; i++ ) {
car = src[i];
if ( car >= 'A' && car <= 'Z' )
a = car - 'A';
else if ( car >= '2' && car <= '7' )
a = car - '2' + 26;
else if ( car == '=' ) {
n = 0;
continue;
}
else
continue;
switch ( n++ ) {
case 0:
b = a;
break;
case 1:
dst[j++] = (b << 3) | (a >> 2);
c = a;
break;
case 2:
b = a;
break;
case 3:
dst[j++] = (c << 6) | (b << 1) | (a >> 4);
b = a;
break;
case 4:
dst[j++] = (b << 4) | (a >> 1);
c = a;
break;
case 5:
b = a;
break;
case 6:
dst[j++] = (c << 7) | (b << 2) | (a >> 3);
b = a;
break;
case 7:
dst[j++] = (b << 5) | a;
n = 0;
break;
}
}
return j;
}
static void
parse_label(otp_t *otp, const char **uri)
{
char *colon;
otp->label = unescape(otp, uri, '?');
if ( (colon = strchr(otp->label, ':')) ) {
*colon++ = '\0';
otp->issuer = otp->label;
while ( *colon == ' ' )
colon++;
otp->label = colon;
}
}
static int
parse_number(const char **uri)
{
unsigned n;
int i;
if ( sscanf(*uri, "%u%n", &n, &i) < 1 )
return -1;
*uri += i;
skip_delimiter(*uri);
return n;
}
static int
parse_parameter(otp_t *otp, const char **uri)
{
const char *p;
char *name;
p = *uri;
name = copy(otp, &p, '=');
if ( ! *p )
return -1;
if ( ! strcmp(name, "secret") ) {
size_t len;
const char *secret;
secret = p;
while ( *p && *p != '&' )
p += 1;
len = p - secret;
skip_delimiter(p);
otp->secret = otp->buffer = name;
otp->length = base32_decode(secret, len, otp->buffer, len);
otp->buffer += otp->length;
}
else if ( ! strcmp(name, "issuer") ) {
otp->buffer = name;
otp->issuer = unescape(otp, &p, '&');
}
else if ( ! strcmp(name, "algorithm") ) {
char *alg_name;
otp->buffer = name;
alg_name = copy(otp, &p, '&');
if ( ! strcmp(alg_name, "sha1") )
otp->algo = OTP_ALGO_SHA1;
else if ( ! strcmp(alg_name, "sha256") )
otp->algo = OTP_ALGO_SHA256;
else if ( ! strcmp(alg_name, "sha512") )
otp->algo = OTP_ALGO_SHA512;
else
return -1;
otp->buffer = name;
}
else if ( ! strcmp(name, "period") ) {
int n;
otp->buffer = name;
if ( otp->type != OTP_TYPE_TOTP )
return -1;
if ( (n = parse_number(&p)) == -1 )
return -1;
otp->period = n;
}
else if ( ! strcmp(name, "counter") ) {
int n;
otp->buffer = name;
if ( otp->type != OTP_TYPE_HOTP )
return -1;
if ( (n = parse_number(&p)) == -1 )
return -1;
otp->counter = n;
}
else if ( ! strcmp(name, "digits") ) {
int n;
otp->buffer = name;
if ( (n = parse_number(&p)) == -1 )
return -1;
otp->digits = n;
}
else {
/* Skip unknown parameter. */
while ( *p && *p != '&' )
p += 1;
skip_delimiter(p);
}
*uri = p;
return 0;
}
otp_t *
otp_parse_uri(const char *uri)
{
otp_t *otp;
const char *p;
p = uri;
if ( strncmp(p, "otpauth://", 10) )
return NULL;
p += 10;
/* By allocating a buffer at least the size of the input URI,
* we are sure to have enough space to store all parameters. */
if ( ! (otp = malloc(sizeof(otp_t) + strlen(uri))) )
return NULL;
otp->buffer = (char *)otp + sizeof(otp_t);
otp->algo = OTP_ALGO_SHA1;
otp->digits = 6;
otp->label = otp->buffer;
otp->issuer = NULL;
otp->secret = NULL;
if ( strncmp(p, "totp/", 5) == 0 && (p += 5) ) {
otp->type = OTP_TYPE_TOTP;
otp->period = 30;
}
else if ( strncmp(p, "hotp", 5) == 0 && (p += 5) ) {
otp->type = OTP_TYPE_HOTP;
otp->counter = 0;
}
else
goto bad_uri;
parse_label(otp, &p);
while ( *p ) {
if ( parse_parameter(otp, &p) == -1 )
goto bad_uri;
}
if ( ! otp->secret )
goto bad_uri;
return otp;
bad_uri:
free(otp);
return NULL;
}

@ -0,0 +1,57 @@
/*
* scdtools - Tools for Scdaemon and OpenPGP smartcards
* Copyright (C) 2015 Damien Goutte-Gattat
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef ICP20150202_OTPAUTH_H
#define ICP20150202_OTPAUTH_H
#include <stdlib.h>
#define OTP_TYPE_TOTP 0x00
#define OTP_TYPE_HOTP 0x01
#define OTP_ALGO_SHA1 0x00
#define OTP_ALGO_SHA256 0x01
#define OTP_ALGO_SHA512 0x02
typedef struct {
unsigned type;
unsigned algo;
unsigned digits;
union {
unsigned period;
unsigned counter;
};
const char *issuer;
const char *label;
const char *secret;
size_t length;
char *buffer;
} otp_t;
#ifdef __cpluscplus
extern "C" {
#endif
otp_t *
otp_parse_uri(const char *);
#ifdef __cplusplus
}
#endif
#endif /* !ICP20150202_OTPAUTH_H */

@ -31,10 +31,10 @@
#include <gcrypt.h>
#include "gpg-util.h"
#include "otpauth.h"
#define DEFAULT_TIME_STEP 30
#define DEFAULT_DIGITS 6
#define MAX_KEY_SIZE 64
#define UNSET_PARAM UINT_MAX
#define MAX_HASH_SIZE 64 /* Size of a SHA-512 hash. */
static void
usage(int status)
@ -49,19 +49,9 @@ found in a OpenPGP smartcard.\n\
-v, --version Display the version message.\n\
");
printf("\
puts("\
-t, --time SECONDS Generate OTP for the specified time\n\
(in seconds) instead of current time.\n\
-s, --step N Specify the time step factor\n\
(defualt is %d).\n\
-d, --digits N Specify number of digits to output\n\
(default is %d).\n\
\n", DEFAULT_TIME_STEP, DEFAULT_DIGITS);
puts("\
-m, --mac-algo ALG Use the specified HMAC algorithm.\n\
ALG can be 'sha1' (default)',\n\
'sha256' or 'sha512'.\n\
");
printf("\
@ -69,6 +59,14 @@ found in a OpenPGP smartcard.\n\
(default is %d).\n\
\n", DEFAULT_PRIVATE_DO);
puts("The following options will override the parameters\n\
read from the smartcard:\n\
-p, --period N Use a period of N seconds.\n\
-d, --digits N Output N digits (must be 6, 7, or 8).\n\
-m, --mac-algo ALG Use the specified HMAC algorithm (must\n\
be 'sha1', 'sha256', or 'sha512').\n\
");
printf("Report bugs to <%s>.\n", PACKAGE_BUGREPORT);
exit(status);
@ -116,87 +114,12 @@ time2factor(time_t time, int step, unsigned char *buffer, size_t len)
return 8;
}
/*
* Convert a hexstring into a bytes array.
*
* @param hexstring The string to convert.
* @param buffer The output buffer.
* @param len Size of the output buffer.
*
* @return The number of bytes written to the output buffer, or
* -1 if the buffer is not large enough.
*/
static int
hexstring2bytes(const char *hexstring, unsigned char *buffer, size_t len)
{
int high_nibble;
unsigned val, n;
high_nibble = 1;
n = 0;
while ( *hexstring && n < len ) {
switch ( *hexstring ) {
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
val = *hexstring - '0';
break;
case 'a':
case 'b':
case 'c':
case 'd':
case 'e':
case 'f':
val = *hexstring - 'a' + 10;
break;
case 'A':
case 'B':
case 'C':
case 'D':
case 'E':
case 'F':
val = *hexstring - 'A' + 10;
break;
default:
hexstring += 1;
continue;
}
if ( high_nibble ) {
buffer[n] = val << 4;
high_nibble = 0;
}
else {
buffer[n] |= (val & 0xF);
high_nibble = 1;
n += 1;
}
hexstring += 1;
}
if ( *hexstring )
return -1; /* Buffer too small. */
return n;
}
/*
* Generate a time-based one-time password as per RFC 6238.
*
* @param algo Libgcrypt identifier of the HMAC algorithm to use.
* @param key Hexstring representation of the key.
* @param key Byte array containing the key.
* @param length Length of the key.
* @param time Time in seconds.
* @param step Time step parameter.
* @param digits Number of digits of the OTP to generate
@ -210,6 +133,7 @@ hexstring2bytes(const char *hexstring, unsigned char *buffer, size_t len)
static gpg_error_t
generate_totp(int algo,
const char *key,
size_t length,
time_t time,
unsigned step,
int digits,
@ -217,18 +141,15 @@ generate_totp(int algo,
{
gcry_mac_hd_t mac;
gpg_error_t e;
unsigned char buffer[MAX_KEY_SIZE];
unsigned char buffer[MAX_HASH_SIZE];
size_t len;
int offset;
static int modulo[] = { 0, 0, 0, 0, 0, 0, 1000000, 10000000, 100000000 };
if ( (int) (len = hexstring2bytes(key, buffer, sizeof(buffer))) == -1 )
return gcry_error(GPG_ERR_INV_KEYLEN);
if ( ! (e = gcry_mac_open(&mac, algo, 0, NULL)) ) {
if ( ! (e = gcry_mac_setkey(mac, buffer, len)) ) {
if ( ! (e = gcry_mac_setkey(mac, key, length)) ) {
(void)time2factor(time, step, buffer, sizeof(buffer));
if ( ! (e = gcry_mac_write(mac, buffer, 8)) ) {
@ -255,60 +176,43 @@ generate_totp(int algo,
return e;
}
struct key_data_t {
char * buffer;
size_t len;
int found;
};
/*
* Callback for the below function.
*/
static gpg_error_t
get_otp_key_cb(void *arg, const char *line)
get_otp_params_cb(void *arg, const char *line)
{
struct key_data_t *key = (struct key_data_t *)arg;
otp_t **otp = arg;
if ( ! strncmp("PRIVATE-DO-", line, 11) ) {
const char *cursor;
size_t n;
cursor = line + 12;
n = 0;
while ( *cursor != '\n' && n < key->len - 1 ) {
if ( isxdigit(*cursor) )
key->buffer[n++] = *cursor;
cursor += 1;
}
key->buffer[n] = '\0';
key->found = 1;
if ( (*otp = otp_parse_uri(line + 13)) )
return 0;
else
return gcry_error(GPG_ERR_BAD_URI);
}
return 0;
return gcry_error(GPG_ERR_NO_DATA);
}
/*
* Retrieve an OTP key from an inserted OpenPGP smartcard.
* Retrieve OTP parameters from an inserted OpenPGP smartcard.
*
* @param buffer String buffer to store the retrieved key.
* @param len Size of the output buffer.
* @param privatedo Number of the private Data Object to read from.
* @param otp Double pointer to a otp_t structure
* representing the OTP parameters. It will be
* automatically allocated and should be freed
* by the caller.
*
* @return 0 if successful, or a gpg_error_t error code.
*/
static gpg_error_t
get_otp_key(unsigned privatedo, char *buffer, size_t len)
get_otp_params(unsigned privatedo, otp_t **otp)
{
assuan_context_t ctx;
gpg_error_t e;
struct key_data_t key;
char command[32];
key.buffer = buffer;
key.len = len;
key.found = 0;
if ( privatedo < 1 || privatedo > 4 )
return gcry_error(GPG_ERR_INV_ARG);
@ -316,13 +220,8 @@ get_otp_key(unsigned privatedo, char *buffer, size_t len)
snprintf(command, sizeof(command), "GETATTR PRIVATE-DO-%d", privatedo);
if ( ! (e = assuan_transact(ctx, command, NULL, NULL,
NULL, NULL, get_otp_key_cb, &key)) ) {
if ( key.found )
e = gcry_error(GPG_ERR_NO_ERROR);
else
e = gcry_error(GPG_ERR_NO_DATA);
}
e = assuan_transact(ctx, command, NULL, NULL, NULL, NULL,
get_otp_params_cb, otp);
assuan_release(ctx);
}
@ -394,17 +293,17 @@ get_uinteger_or_die(const char *arg)
int
main(int argc, char **argv)
{
int c, algo;
char key[MAX_KEY_SIZE * 2 + 1];
unsigned otp, step, digits, privatedo;
int c;
unsigned algo, period, digits, privatedo, value;
time_t secs;
gcry_error_t e;
otp_t *otp;
struct option options[] = {
{ "help", 0, NULL, 'h' },
{ "version", 0, NULL, 'v' },
{ "time", 1, NULL, 't' },
{ "step", 1, NULL, 's' },
{ "period", 1, NULL, 'p' },
{ "digits", 1, NULL, 'd' },
{ "mac-algo", 1, NULL, 'm' },
{ "private-do", 1, NULL, 'n' },
@ -413,12 +312,10 @@ main(int argc, char **argv)
setprogname(argv[0]);
secs = time(NULL);
step = DEFAULT_TIME_STEP;
digits = DEFAULT_DIGITS;
algo = GCRY_MAC_HMAC_SHA1;
algo = period = digits = UNSET_PARAM;
privatedo = DEFAULT_PRIVATE_DO;
while ( (c = getopt_long(argc, argv, "hvt:s:d:m:n:",
while ( (c = getopt_long(argc, argv, "hvt:p:d:m:n:",
options, NULL)) != -1 ) {
switch ( c ) {
case 'h':
@ -437,8 +334,8 @@ main(int argc, char **argv)
secs = get_uinteger_or_die(optarg);
break;
case 's':
step = get_uinteger_or_die(optarg);
case 'p':
period = get_uinteger_or_die(optarg);
break;
case 'd':
@ -473,15 +370,31 @@ main(int argc, char **argv)
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
if ( privatedo > 2 && (e = verify_pin(privatedo == 4)) )
errx(EXIT_FAILURE, "Cannot get key from token: %s", gcry_strerror(e));
errx(EXIT_FAILURE, "Cannot get OTP info from token: %s", gcry_strerror(e));
if ( (e = get_otp_params(privatedo, &otp)) )
errx(EXIT_FAILURE, "Cannot get OTP info from token: %s", gcry_strerror(e));
if ( algo == UNSET_PARAM ) {
if ( otp->algo == OTP_ALGO_SHA1 )
algo = GCRY_MAC_HMAC_SHA1;
else if ( otp->algo == OTP_ALGO_SHA256 )
algo = GCRY_MAC_HMAC_SHA256;
else if ( otp->algo == OTP_ALGO_SHA512 )
algo = GCRY_MAC_HMAC_SHA512;
}
if ( period == UNSET_PARAM )
period = otp->period;
if ( (e = get_otp_key(privatedo, key, sizeof(key))) )
errx(EXIT_FAILURE, "Cannot get key from token: %s", gcry_strerror(e));
if ( digits == UNSET_PARAM )
digits = otp->digits;
if ( (e = generate_totp(algo, key, secs, step, digits, &otp)) )
if ( (e = generate_totp(algo, otp->secret, otp->length, secs,
period, digits, &value)) )
errx(EXIT_FAILURE, "Cannot generate OTP: %s", gcry_strerror(e));
print_otp(otp, digits);
print_otp(value, digits);
return EXIT_SUCCESS;
}

Loading…
Cancel
Save