totp

main.c (9461B)

---

 #include <stdbool.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
 #include <errno.h>
 #include <fcntl.h>
 #include <fnmatch.h>
 #include <inttypes.h>
 #include <termios.h>
 #include <time.h>
 #include <unistd.h>
 
 #include <sys/stat.h>
 
 #include "sha1.h"
 #include "sha256.h"
 #include "sha512.h"
 #include "tiny-AES-c/aes.h"
 #include "arg.h"
 #include "util.h"
 #include "db.h"
 #include "token.h"
 
 #define SECRET_DB_PATH ".local/share/totp"
 #define SECRET_DB_FILE "secrets.db"
 #define SECRET_DB_NEW_SUFFIX ".new"
 
 char *argv0;
 
 static void (*digest_hmacs[])(const void *key, size_t keylen,
 			      const void *data, size_t datalen,
 			      void *h) = {
 	sha1_hmac,
 	sha224_hmac,
 	sha256_hmac,
 	sha384_hmac,
 	sha512_hmac,
 };
 
 static size_t digest_sizes[] = {
 	SHA1_HASHSIZE,
 	SHA224_HASHSIZE,
 	SHA256_HASHSIZE,
 	SHA384_HASHSIZE,
 	SHA512_HASHSIZE,
 };
 
 static void print_base32(FILE *stream, struct bytes data)
 {
 	const char *chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
 	uint8_t *buffer = data.data;
 	uint16_t v = 0;
 	size_t b = 0;
 
 	while (buffer < data.end) {
 		v = v << 8 | *buffer++;
 		b += 8;
 		while (b >= 5) {
 			fprintf(stream, "%c", chars[(v >> (b - 5)) & 31]);
 			b -= 5;
 		}
 	}
 	if (b)
 		fprintf(stream, "%c", chars[(v << (5 - b)) & 31]);
 }
 
 void print_key(struct token *token, void *data)
 {
 	FILE *stream = data;
 
 	(void)data;
 
 	fprintf(stream, "%.*s%s%.*s\n",
 		(int)bytes_len(token->issuer), token->issuer.data,
 		bytes_len(token->issuer) ? ":" : "",
 		(int)bytes_len(token->desc), token->desc.data);
 }
 
 static void print_uriencode(FILE *stream, struct bytes data, bool getarg)
 {
 	const char *escape = ":/@+% &?";
 	const char *buf = (const void *)data.data;
 	const char *end = (const void *)data.end;
 	while (buf < end && *buf) {
 		size_t pass = strncspn(buf, end - buf, escape);
 		printf("%.*s", (int)pass, buf);
 		buf += pass;
 
 		while (buf < end && *buf && strchr(escape, *buf)) {
 			if (*buf == ' ' && getarg)
 				fprintf(stream, "+");
 			else
 				fprintf(stream, "%%%02" PRIx8, *(uint8_t *)buf);
 			buf++;
 		}
 	}
 }
 
 void print_keyuri(struct token *token,
 		  void *data)
 {
 	FILE *stream = data;
 
 	fputs("otpauth://totp/", stream);
 	if (bytes_len(token->issuer)) {
 		print_uriencode(stream, token->issuer, false);
 		fputc(':', stream);
 	}
 	print_uriencode(stream, token->desc, false);
 	fputs("?secret=", stream);
 	print_base32(stream, token->key);
 	if (bytes_len(token->issuer)) {
 		fputs("&issuer=", stream);
 		print_uriencode(stream, token->issuer, true);
 	}
 	fprintf(stream, "&algorithm=%s&digits=%" PRIu8 "&period=%" PRIu8 "\n",
 		digest_names[token->digest],
 		token->digits,
 		token->period);
 }
 
 struct generate_data {
 	const char *filter;
 	bool found;
 	time_t time;
 };
 
 void generate_token(struct token *token, void *data)
 {
 	struct generate_data *d = data;
 	uint32_t modulo = 1;
 	uint8_t i;
 	char descbuf[2 * UINT8_MAX + 2];
 	char *dp = descbuf;
 
 	if (bytes_len(token->issuer)) {
 		dp = mempushb(dp, token->issuer);
 		*dp++ = ':';
 	}
 	dp = mempushb(dp, token->desc);
 	*dp = '\0';
 
 	if (fnmatch(d->filter, descbuf, FNM_NOESCAPE))
 		return;
 
 	d->found = true;
 	for (i = 0; i < token->digits; i++)
 		modulo *= 10;
 
 	printf("%0*" PRIu32 "\n", (int)token->digits,
 	       totp(token->key.data, bytes_len(token->key), d->time, token->period, token->t0, digest_hmacs[token->digest], digest_sizes[token->digest]) % modulo);
 }
 
 struct write_filter_data {
 	int fd;
 	const char *filter;
 	struct AES_ctx *c;
 };
 
 void write_filter_key(struct token *token,
 		      void *data)
 {
 	struct write_filter_data *d = data;
 
 	if (d->filter) {
 		char descbuf[UINT8_MAX * 2 + 2];
 		char *w = descbuf;
 
 		if (bytes_len(token->issuer)) {
 			w = mempushb(w, token->issuer);
 			*w++ = ':';
 		}
 		*(char *)mempushb(w, token->desc) = '\0';
 
 		if (!fnmatch(d->filter, descbuf, FNM_NOESCAPE))
 			return;
 	}
 
 	db_add_key(d->fd, d->c, token);
 }
 
 enum cmd {
 	CMD_NONE,
 	CMD_TOK,
 	CMD_LIST,
 	CMD_ADD,
 	CMD_DEL,
 	CMD_EXP
 };
 
 void usage()
 {
 	fprintf(stderr,
 		"Usage: totp [OPTIONS]\n"
 		"-f <file>\tuse file as database\n"
 		"-k <pass>\tpassphrase for database encryption\n"
 		"-K <file>\tread encryption passphrase from file\n"
 		"-T <time>\tunix time for token generation\n"
 		"-l\tlist known secrets\n"
 		"-a <uri>\tadd uri to secrets\n"
 		"-d <filter>\tremove secrets matching filter\n"
 		"-t <filter>\tgenerate tokens for secrets matching filter\n"
 		"-T <time>\toverride current time for token generation\n"
 		"-e\texport secrets\n");
 	exit(1);
 }
 
 static void setecho(bool echo)
 {
 	struct termios tio;
 	if (tcgetattr(STDIN_FILENO, &tio))
 		return;
 	if (echo)
 		tio.c_lflag |= ECHO;
 	else
 		tio.c_lflag &= ~ECHO;
 	tcsetattr(STDIN_FILENO, TCSANOW, &tio);
 }
 
 int main(int argc, char *argv[])
 {
 	int fd;
 	int r;
 	struct sha1 d;
 	enum cmd cmd = CMD_NONE;
 	char *totpuri;
 	const char *key = NULL;
 	const char *keyfile = NULL;
 	const char *keyquery = NULL;
 	char *secretfile = NULL;
 	char *newsecretfile = NULL;
 	bool free_secretfile = true;
 	uint8_t keybuf[AES_KEYLEN + AES_BLOCKLEN];
 	size_t keylen = 0;
 	struct generate_data gd = { NULL, false, time(NULL) };
 	struct token token;
 	char *t;
 	struct AES_ctx c;
 	struct AES_ctx wc;
 	int wfd;
 
 	ARGBEGIN {
 	case 'l':
 		cmd = CMD_LIST;
 		break;
 	case 'a':
 		cmd = CMD_ADD;
 		totpuri = EARGF(usage());
 		break;
 	case 'd':
 		cmd = CMD_DEL;
 		keyquery = EARGF(usage());
 		break;
 	case 't':
 		cmd = CMD_TOK;
 		keyquery = EARGF(usage());
 		break;
 	case 'T':
 		gd.time = strtoull(EARGF(usage()), NULL, 10);
 		break;
 	case 'e':
 		cmd = CMD_EXP;
 		break;
 	case 'k':
 		key = EARGF(usage());
 		break;
 	case 'K':
 		keyfile = EARGF(usage());
 		break;
 	case 'f':
 		secretfile = EARGF(usage());
 		free_secretfile = false;
 		break;
 	default:
 		usage();
 		break;
 
 	} ARGEND
 
 	if (cmd == CMD_NONE && !argc)
 		usage();
 
 	sha1_init(&d);
 
 	if (key) {
 		sha1_update(&d, key, strlen(key));
 	} else {
 		size_t l = 0;
 		if (keyfile && strcmp(keyfile, "-")) {
 			fd = open(keyfile, O_RDONLY);
 		} else {
 			fd = STDIN_FILENO;
 
 			if (!keyfile) {
 				fprintf(stderr, "Enter passphrase: ");
 				setecho(false);
 			}
 		}
 
 		while ((r = read(fd, d.buffer + l,
 				 sizeof(d.buffer) - l)) > 0) {
 			size_t ll = strncspn((const char *)d.buffer + l, r, "\r\n");
 
 			if (ll < (size_t)r) {
 				l += ll;
 				break;
 			}
 
 			l += r;
 			if (l < sizeof(d.buffer))
 				continue;
 			sha1_update(&d, d.buffer, sizeof(d.buffer));
 			l = 0;
 		}
 
 		if (l)
 			sha1_update(&d, d.buffer, l);
 
 		if (!keyfile) {
 			fprintf(stderr, "\n");
 			setecho(true);
 		} else if (strcmp(keyfile, "-")) {
 			close(fd);
 		}
 	}
 
 	sha1_finish(&d);
 
 	while (keylen + sizeof(d.h) < sizeof(keybuf)) {
 		memcpy(keybuf + keylen, d.h, sizeof(d.h));
 		memcpy(d.buffer, d.h, sizeof(d.h));
 		sha1_init(&d);
 		sha1_update(&d, d.buffer, sizeof(d.h)); 
 		sha1_finish(&d);
 		keylen += sizeof(d.h);
 	}
 	memcpy(keybuf + keylen, d.h, sizeof(keybuf) - keylen);
 
 	srand(time(NULL));
 
 	if (!secretfile) {
 		const char *home = getenv("HOME");
 		secretfile = malloc(strlen(home) + sizeof(SECRET_DB_PATH) + sizeof(SECRET_DB_FILE) + 1);
 		sprintf(secretfile, "%s/%s/%s", home, SECRET_DB_PATH, SECRET_DB_FILE);
 	}
 
 	newsecretfile = malloc(strlen(secretfile) + sizeof(SECRET_DB_NEW_SUFFIX));
 	sprintf(newsecretfile, "%s%s", secretfile, SECRET_DB_NEW_SUFFIX);
 
 	for (t = strtok(secretfile + 1, "/"); (t = strtok(NULL, "/")); ) {
 		if (mkdir(secretfile, 0700) && errno != EEXIST)
 			croak("Could not create secret db dir: %s", totp_strerror(errno));
 		t[-1] = '/';
 	}
 
 	switch (cmd) {
 	case CMD_LIST:
 		fd = db_open_read(secretfile, &c, keybuf);
 		if (fd < 0 && errno != ENOENT)
 			croak("Opening existing db failed: %s", totp_strerror(errno));
 		db_foreach(fd, &c, print_key, stdout);
 		close(fd);
 		break;
 
 	case CMD_ADD:
 		token = token_parse_uri(totpuri);
 		if (!token.valid)
 			croak("Invalid uri");
 
 		fd = db_open_read(secretfile, &c, keybuf);
 		if (fd < 0 && errno != ENOENT)
 			croak("Opening existing db failed: %s", totp_strerror(errno));
 
 		wfd = db_open_write(newsecretfile, &wc, keybuf);
 		if (wfd < 0)
 			croak("Could not open temporary secret file: %s", totp_strerror(errno));
 		if (fd >= 0) {
 			db_foreach(fd, &c, write_filter_key,
 				   &(struct write_filter_data){ .fd = wfd, .c = &wc });
 			close(fd);
 		}
 		db_add_key(wfd, &wc, &token);
 		close(wfd);
 
 		rename(newsecretfile, secretfile);
 
 		break;
 
 	case CMD_NONE:
 		keyquery = argv[0];
 		/* fall-through */
 	case CMD_TOK:
 		fd = db_open_read(secretfile, &c, keybuf);
 		if (fd < 0)
 			croak("Could not open secret file: %s", totp_strerror(errno));
 		gd.filter = keyquery;
 		db_foreach(fd, &c, generate_token, &gd);
 		close(fd);
 		if (!gd.found)
 			croak("No secrets matching filter found");
 		break;
 
 	case CMD_DEL:
 		fd = db_open_read(secretfile, &c, keybuf);
 		if (fd < 0) {
 			if (errno == ENOENT)
 				break;
 			croak("Could not open secret file: %s", totp_strerror(errno));
 		}
 		wfd = db_open_write(newsecretfile, &wc, keybuf);
 		if (wfd < 0)
 			croak("Could not open temporary secret file: %s", totp_strerror(errno));
 		db_foreach(fd, &c, write_filter_key,
 			   &(struct write_filter_data){
 				.fd = wfd, .filter = keyquery,
 				.c = &wc
 			   });
 		close(wfd);
 		close(fd);
 		rename(newsecretfile, secretfile);
 		break;
 
 	case CMD_EXP:
 		fd = db_open_read(secretfile, &c, keybuf);
 		if (fd < 0)
 			croak("Could not open secret file: %s", totp_strerror(errno));
 		db_foreach(fd, &c, print_keyuri, stdout);
 		close(fd);
 		break;
 	}
 
 	if (free_secretfile)
 		free(secretfile);
 	free(newsecretfile);
 
 	return 0;
 }