Skeleton

.gitignore

@@ -0,0 +1,26 @@
+/aclocal.m4
+/autom4te.cache
+/compile
+/config.guess
+/config.log
+/config.status
+/config.sub
+/configure
+/depcomp
+/test-driver
+/install-sh
+/libtool
+/ltmain.sh
+/missing
+/mkpkgng
+*~
+.deps
+.libs
+*.la
+*.lo
+*.log
+*.o
+*.trs
+Makefile
+Makefile.in
+test.cov

.travis.yml

@@ -0,0 +1,11 @@
+language: c
+compiler:
+ - clang
+ - gcc
+
+before_script:
+ - ./autogen.sh
+ - ./configure --enable-developer-warnings --enable-werror
+
+script:
+ - make check

CREDITS

@@ -0,0 +1,4 @@
+The Cryb OTP package includes code written by Dag-Erling Smørgrav for
+the University of Oslo.  The University of Oslo has graciously granted
+the Cryb.to project permission to reuse this code under the 3-clause
+New BSD License.

Makefile.am

@@ -0,0 +1,13 @@
+ACLOCAL_AMFLAGS = -I m4
+
+SUBDIRS = include lib libexec pam bin sbin t
+
+EXTRA_DIST = \
+	CREDITS \
+	HISTORY \
+	INSTALL \
+	LICENSE \
+	README \
+	RELNOTES \
+	autogen.sh \
+	m4/ax_gcc_builtin.m4

autogen.des

@@ -0,0 +1,41 @@
+#!/bin/sh
+
+has() {
+	which "$@" >/dev/null 2>&1
+}
+
+# BullseyeCoverage needs to know exactly which compiler we're using
+if has "${CC}" "${CXX}" ; then
+	echo "using CC=${CC}"
+elif has clang clang++ ; then
+	echo "using Clang"
+	export CC="${CC:-clang}"
+	export CXX="${CXX:-clang++}"
+elif has gcc g++ ; then
+	echo "using GCC"
+	export CC="${CC:-gcc}"
+	export CXX="${CXX:-g++}"
+else
+	echo "WARNING: using default compiler," \
+	    "coverage analysis may not work"
+fi
+export CPP="${CPP:-${CC} -E}"
+
+set -e
+
+if has cov01 ; then
+	cov01 -qu
+	cov01 -q0
+fi
+
+. ./autogen.sh
+
+./configure \
+    --enable-all \
+    --enable-developer-warnings \
+    --enable-werror \
+    "$@"
+
+if has cov01 ; then
+	cov01 -qo
+fi

autogen.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+libtoolize --copy --force
+aclocal -I m4
+autoheader
+automake -a -c --foreign
+autoconf

bin/Makefile.am

@@ -0,0 +1,5 @@
+SUBDIRS =
+
+if OTP_UTIL
+SUBDIRS += otpkey
+endif OTP_UTIL

bin/otpkey/Makefile.am

@@ -0,0 +1,11 @@
+AM_CPPFLAGS = -I$(top_srcdir)/include
+
+bin_PROGRAMS = otpkey
+
+otpkey_SOURCES = otpkey.c
+dist_man1_MANS = otpkey.1
+
+if WITH_SETUID
+install-exec-hook:
+	chmod u+s $(DESTDIR)$(bindir)/otpkey$(EXEEXT)
+endif WITH_SETUID

bin/otpkey/otpkey.1

@@ -0,0 +1,45 @@
+.\"-
+.\" Copyright (c) 2017 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd March 3, 2017
+.Dt OTPKEY 1
+.Os
+.Sh NAME
+.Nm otpkey
+.Nd One-time password key management utility
+.Sh SYNOPSIS
+.Cm Nm
+.Sh DESCRIPTION
+TBW
+.Sh SEE ALSO
+.Xr otpverify 8
+.Sh AUTHORS
+The
+.Nm
+utility and this manual page were written by
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

bin/otpkey/otpkey.c

@@ -0,0 +1,64 @@
+/*-
+ * Copyright (c) 2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/otp-impl.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <cryb/otp.h>
+
+static void
+usage(void)
+{
+
+	fprintf(stderr, "usage: otpkey\n");
+	exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+	int opt;
+
+	while ((opt = getopt(argc, argv, "")) != -1)
+		switch (opt) {
+		default:
+			usage();
+		}
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc > 0)
+		usage();
+
+	exit(0);
+}

configure.ac

@@ -0,0 +1,270 @@
+AC_PREREQ([2.63])
+AC_INIT([cryb.otp], [devel], [des@des.no], [cryb-otp], [http://cryb.to/])
+AC_CONFIG_SRCDIR([include/cryb/otp.h])
+AC_CONFIG_MACRO_DIR([m4])
+AM_INIT_AUTOMAKE([foreign no-dist-gzip dist-xz])
+AM_CONFIG_HEADER([include/config.h])
+
+############################################################################
+#
+# Toolchain
+#
+
+# C compiler and features
+AC_LANG(C)
+AC_PROG_CC([clang gcc cc])
+AC_PROG_CC_STDC
+AC_PROG_CPP
+AC_PROG_CXX([clang++ g++ c++])
+AC_GNU_SOURCE
+AC_C_CONST
+AC_C_RESTRICT
+AC_C_VOLATILE
+AC_C_BIGENDIAN
+AC_TYPE_INT16_T
+AC_TYPE_INT32_T
+AC_TYPE_INT8_T
+AC_TYPE_INTMAX_T
+AC_TYPE_INTPTR_T
+AC_TYPE_OFF_T
+AC_TYPE_SIZE_T
+AC_TYPE_SSIZE_T
+AC_TYPE_UINT16_T
+AC_TYPE_UINT32_T
+AC_TYPE_UINT8_T
+AC_TYPE_UINTMAX_T
+AC_TYPE_UINTPTR_T
+
+# libtool
+LT_PREREQ([2.2.6])
+LT_INIT()
+
+# other programs
+AC_PROG_INSTALL
+
+############################################################################
+#
+# Headers and functions
+#
+
+AC_CHECK_HEADERS([endian.h sys/endian.h])
+AX_GCC_BUILTIN([__builtin_bswap16])
+AX_GCC_BUILTIN([__builtin_bswap32])
+AX_GCC_BUILTIN([__builtin_bswap64])
+AC_CHECK_DECLS([
+    bswap16, bswap32, bswap64,
+    be16enc, be16dec, le16enc, le16dec,
+    be32enc, be32dec, le32enc, le32dec,
+    be64enc, be64dec, le64enc, le64dec,
+    htobe16, be16toh, htole16, le16toh,
+    htobe32, be32toh, htole32, le32toh,
+    htobe64, be64toh, htole64, le64toh,
+    nothing
+], [], [], [[
+#if HAVE_SYS_ENDIAN_H
+#include <sys/endian.h>
+#endif
+#if HAVE_ENDIAN_H
+#include <endian.h>
+#endif
+]])
+AC_CHECK_FUNCS([strlcat strlcmp strlcpy])
+AC_CHECK_FUNCS([wcslcat wcslcmp wcslcpy])
+
+############################################################################
+#
+# Extra libraries
+#
+
+# cryb-core
+save_LIBS="${LIBS}"
+LIBS=""
+AC_SEARCH_LIBS([cryb_core_version], [cryb-core], [
+  CRYB_CORE_LIBS="${LIBS}"
+], [
+  AC_MSG_ERROR([cryb-core library not found])
+])
+LIBS="${save_LIBS}"
+AC_SUBST(CRYB_CORE_LIBS)
+
+# cryb-oath
+save_LIBS="${LIBS}"
+LIBS=""
+AC_SEARCH_LIBS([cryb_oath_version], [cryb-oath], [
+  CRYB_OATH_LIBS="${LIBS}"
+], [
+  AC_MSG_ERROR([cryb-oath library not found])
+])
+LIBS="${save_LIBS}"
+AC_SUBST(CRYB_OATH_LIBS)
+
+# cryb-test
+save_LIBS="${LIBS}"
+LIBS=""
+AC_SEARCH_LIBS([cryb_test_version], [cryb-test], [
+  CRYB_TEST_LIBS="${LIBS}"
+], [
+  CRYB_TEST_LIBS=""
+  AC_MSG_WARN([cryb-test library not found, unit tests disabled])
+])
+LIBS="${save_LIBS}"
+AC_SUBST(CRYB_TEST_LIBS)
+AM_CONDITIONAL([WITH_CRYB_TEST], [ test x"$CRYB_TEST_LIBS" != x"" ])
+
+# libpam
+save_LIBS="${LIBS}"
+LIBS=""
+AC_SEARCH_LIBS([pam_start], [pam], [
+  PAM_LIBS="${LIBS}"
+], [
+  PAM_LIBS=""
+])
+LIBS="${save_LIBS}"
+AC_SUBST(PAM_LIBS)
+
+############################################################################
+#
+# Build options
+#
+
+# Documentation
+AC_ARG_ENABLE([doc],
+    AC_HELP_STRING([--disable-doc],
+	[do not build the documentation]),
+    [with_doc=$enableval])
+AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" != x"no"])
+
+# Make utilities setuid
+AC_ARG_ENABLE([setuid],
+    AC_HELP_STRING([--disable-setuid],
+	[do not set the setuid bit on command-line utilities]),
+    [enable_setuid=$enableval],
+    [enable_setuid=yes])
+AM_CONDITIONAL([WITH_SETUID], [test x"$enable_setuid" = x"yes"])
+
+############################################################################
+#
+# Debugging
+#
+
+# Developer-friendly compiler flags
+AC_ARG_ENABLE([developer-warnings],
+    AS_HELP_STRING([--enable-developer-warnings],
+	[enable strict warnings (default is NO)]),
+    [CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual -Wshadow -Wno-unused-result"])
+AC_ARG_ENABLE([debugging-symbols],
+    AS_HELP_STRING([--enable-debugging-symbols],
+	[enable debugging symbols (default is NO)]),
+    [CFLAGS="${CFLAGS} -O0 -g -fno-inline"])
+AC_ARG_ENABLE([werror],
+    AS_HELP_STRING([--enable-werror],
+	[use -Werror (default is NO)]),
+    [CFLAGS="${CFLAGS} -Werror"])
+
+############################################################################
+#
+# Components
+#
+
+# Everything
+AC_ARG_ENABLE([all],
+    AC_HELP_STRING([--disable-all],
+        [disable all libraries and tools]),
+    [enable_all=$enableval],
+    [enable_all=yes])
+
+# Library
+elements="$elements lib"
+AC_ARG_ENABLE([otp-lib],
+    AC_HELP_STRING([--enable-otp-lib],
+	[build the OTP library]),
+    [enable_otp_lib=$enableval],
+    [enable_otp_lib=$enable_all])
+AM_CONDITIONAL([OTP_LIB], [test x"$enable_otp_lib" = x"yes"])
+
+# BSD Auth module
+elements="$elements bsdauth"
+requires="$requires bsdauth:lib"
+AC_ARG_ENABLE([otp-bsdauth],
+    AC_HELP_STRING([--enable-otp-bsdauth],
+	[build the BSD Auth module]),
+    [enable_otp_bsdauth=$enableval],
+    [enable_otp_bsdauth=$enable_all])
+AM_CONDITIONAL([OTP_BSDAUTH], [test x"$enable_otp_bsdauth" = x"yes"])
+
+# PAM module
+elements="$elements pam"
+requires="$requires pam:lib"
+AC_ARG_ENABLE([otp-pam],
+    AC_HELP_STRING([--enable-otp-pam],
+	[build the PAM module]),
+    [enable_otp_pam=$enableval],
+    [enable_otp_pam=$enable_all])
+AM_CONDITIONAL([OTP_PAM], [test x"$enable_otp_pam" = x"yes"])
+
+# RADIUS server
+elements="$elements radius"
+requires="$requires radius:lib"
+AC_ARG_ENABLE([otp-radius],
+    AC_HELP_STRING([--enable-otp-radius],
+	[build the RADIUS server]),
+    [enable_otp_radius=$enableval],
+    [enable_otp_radius=$enable_all])
+AM_CONDITIONAL([OTP_RADIUS], [test x"$enable_otp_radius" = x"yes"])
+
+# Command-line utilities
+elements="$elements util"
+requires="$requires util:lib"
+AC_ARG_ENABLE([otp-util],
+    AC_HELP_STRING([--enable-otp-util],
+	[build the command-line utilities]),
+    [enable_otp_util=$enableval],
+    [enable_otp_util=$enable_all])
+AM_CONDITIONAL([OTP_UTIL], [test x"$enable_otp_util" = x"yes"])
+
+# Check dependencies
+AC_MSG_CHECKING([dependencies])
+for req in $requires ; do
+    lhs=${req%:*}
+    lhs_ena=`eval echo \\\$enable_otp_$lhs`
+    if test x"$lhs_ena" = x"yes" ; then
+        rhs=${req#*:}
+	rhs_ena=`eval echo \\\$enable_otp_$rhs`
+	if test x"$rhs_ena" != x"yes" ; then
+	    AC_MSG_ERROR([otp-$lhs requires otp-$rhs])
+	fi
+    fi
+done
+AC_MSG_RESULT([ok])
+
+############################################################################
+#
+# Output
+#
+
+AC_CONFIG_FILES([
+    Makefile
+    include/Makefile
+    include/cryb/Makefile
+    lib/Makefile
+    lib/otp/Makefile
+    pam/Makefile
+    pam/pam_otp/Makefile
+    libexec/Makefile
+    libexec/login_otp/Makefile
+    bin/Makefile
+    bin/otpkey/Makefile
+    sbin/Makefile
+    sbin/otpradiusd/Makefile
+    t/Makefile
+])
+AC_OUTPUT
+
+echo
+echo The following Cryb OTP components will be built:
+echo
+for elem in $elements ; do
+    enable=`eval echo \\\$enable_otp_$elem`
+    printf "%16s: %s\n" $elem ${enable:-no}
+done
+echo

include/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS = cryb

include/config.h

@@ -0,0 +1,352 @@
+/* include/config.h.  Generated from config.h.in by configure.  */
+/* include/config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+/* #undef AC_APPLE_UNIVERSAL_BUILD */
+
+/* Define to 1 if you have the declaration of `be16dec', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE16DEC 1
+
+/* Define to 1 if you have the declaration of `be16enc', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE16ENC 1
+
+/* Define to 1 if you have the declaration of `be16toh', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE16TOH 1
+
+/* Define to 1 if you have the declaration of `be32dec', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE32DEC 1
+
+/* Define to 1 if you have the declaration of `be32enc', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE32ENC 1
+
+/* Define to 1 if you have the declaration of `be32toh', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE32TOH 1
+
+/* Define to 1 if you have the declaration of `be64dec', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE64DEC 1
+
+/* Define to 1 if you have the declaration of `be64enc', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE64ENC 1
+
+/* Define to 1 if you have the declaration of `be64toh', and to 0 if you
+   don't. */
+#define HAVE_DECL_BE64TOH 1
+
+/* Define to 1 if you have the declaration of `bswap16', and to 0 if you
+   don't. */
+#define HAVE_DECL_BSWAP16 1
+
+/* Define to 1 if you have the declaration of `bswap32', and to 0 if you
+   don't. */
+#define HAVE_DECL_BSWAP32 1
+
+/* Define to 1 if you have the declaration of `bswap64', and to 0 if you
+   don't. */
+#define HAVE_DECL_BSWAP64 1
+
+/* Define to 1 if you have the declaration of `htobe16', and to 0 if you
+   don't. */
+#define HAVE_DECL_HTOBE16 1
+
+/* Define to 1 if you have the declaration of `htobe32', and to 0 if you
+   don't. */
+#define HAVE_DECL_HTOBE32 1
+
+/* Define to 1 if you have the declaration of `htobe64', and to 0 if you
+   don't. */
+#define HAVE_DECL_HTOBE64 1
+
+/* Define to 1 if you have the declaration of `htole16', and to 0 if you
+   don't. */
+#define HAVE_DECL_HTOLE16 1
+
+/* Define to 1 if you have the declaration of `htole32', and to 0 if you
+   don't. */
+#define HAVE_DECL_HTOLE32 1
+
+/* Define to 1 if you have the declaration of `htole64', and to 0 if you
+   don't. */
+#define HAVE_DECL_HTOLE64 1
+
+/* Define to 1 if you have the declaration of `le16dec', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE16DEC 1
+
+/* Define to 1 if you have the declaration of `le16enc', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE16ENC 1
+
+/* Define to 1 if you have the declaration of `le16toh', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE16TOH 1
+
+/* Define to 1 if you have the declaration of `le32dec', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE32DEC 1
+
+/* Define to 1 if you have the declaration of `le32enc', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE32ENC 1
+
+/* Define to 1 if you have the declaration of `le32toh', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE32TOH 1
+
+/* Define to 1 if you have the declaration of `le64dec', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE64DEC 1
+
+/* Define to 1 if you have the declaration of `le64enc', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE64ENC 1
+
+/* Define to 1 if you have the declaration of `le64toh', and to 0 if you
+   don't. */
+#define HAVE_DECL_LE64TOH 1
+
+/* Define to 1 if you have the declaration of `nothing ', and to 0 if you
+   don't. */
+#define HAVE_DECL_NOTHING_ 0
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the <endian.h> header file. */
+/* #undef HAVE_ENDIAN_H */
+
+/* Define to 1 if the system has the type `intmax_t'. */
+#define HAVE_INTMAX_T 1
+
+/* Define to 1 if the system has the type `intptr_t'. */
+#define HAVE_INTPTR_T 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Define to 1 if the system has the type `long long int'. */
+#define HAVE_LONG_LONG_INT 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the `strlcat' function. */
+#define HAVE_STRLCAT 1
+
+/* Define to 1 if you have the `strlcmp' function. */
+/* #undef HAVE_STRLCMP */
+
+/* Define to 1 if you have the `strlcpy' function. */
+#define HAVE_STRLCPY 1
+
+/* Define to 1 if you have the <sys/endian.h> header file. */
+#define HAVE_SYS_ENDIAN_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if the system has the type `uintmax_t'. */
+#define HAVE_UINTMAX_T 1
+
+/* Define to 1 if the system has the type `uintptr_t'. */
+#define HAVE_UINTPTR_T 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if the system has the type `unsigned long long int'. */
+#define HAVE_UNSIGNED_LONG_LONG_INT 1
+
+/* Define to 1 if you have the `wcslcat' function. */
+#define HAVE_WCSLCAT 1
+
+/* Define to 1 if you have the `wcslcmp' function. */
+/* #undef HAVE_WCSLCMP */
+
+/* Define to 1 if you have the `wcslcpy' function. */
+#define HAVE_WCSLCPY 1
+
+/* Define to 1 if the system has the `__builtin_bswap16' built-in function */
+#define HAVE___BUILTIN_BSWAP16 1
+
+/* Define to 1 if the system has the `__builtin_bswap32' built-in function */
+#define HAVE___BUILTIN_BSWAP32 1
+
+/* Define to 1 if the system has the `__builtin_bswap64' built-in function */
+#define HAVE___BUILTIN_BSWAP64 1
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#define LT_OBJDIR ".libs/"
+
+/* Name of package */
+#define PACKAGE "cryb-otp"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "des@des.no"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "cryb.otp"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "cryb.otp devel"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "cryb-otp"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL "http://cryb.to/"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "devel"
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# define _ALL_SOURCE 1
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE 1
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# define _POSIX_PTHREAD_SEMANTICS 1
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# define _TANDEM_SOURCE 1
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# define __EXTENSIONS__ 1
+#endif
+
+
+/* Version number of package */
+#define VERSION "devel"
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* #  undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Define to 1 if on MINIX. */
+/* #undef _MINIX */
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+   this defined. */
+/* #undef _POSIX_1_SOURCE */
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+/* #undef _POSIX_SOURCE */
+
+/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+/* #undef _UINT32_T */
+
+/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+/* #undef _UINT8_T */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define to the type of a signed integer type of width exactly 16 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef int16_t */
+
+/* Define to the type of a signed integer type of width exactly 32 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef int32_t */
+
+/* Define to the type of a signed integer type of width exactly 8 bits if such
+   a type exists and the standard includes do not define it. */
+/* #undef int8_t */
+
+/* Define to the widest signed integer type if <stdint.h> and <inttypes.h> do
+   not define. */
+/* #undef intmax_t */
+
+/* Define to the type of a signed integer type wide enough to hold a pointer,
+   if such a type exists, and if the system does not define it. */
+/* #undef intptr_t */
+
+/* Define to `long int' if <sys/types.h> does not define. */
+/* #undef off_t */
+
+/* Define to the equivalent of the C99 'restrict' keyword, or to
+   nothing if this is not supported.  Do not define if restrict is
+   supported directly.  */
+#define restrict __restrict
+/* Work around a bug in Sun C++: it does not support _Restrict or
+   __restrict__, even though the corresponding Sun C compiler ends up with
+   "#define restrict _Restrict" or "#define restrict __restrict__" in the
+   previous line.  Perhaps some future version of Sun C++ will work with
+   restrict; if so, hopefully it defines __RESTRICT like Sun C does.  */
+#if defined __SUNPRO_CC && !defined __RESTRICT
+# define _Restrict
+# define __restrict__
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+/* Define to `int' if <sys/types.h> does not define. */
+/* #undef ssize_t */
+
+/* Define to the type of an unsigned integer type of width exactly 16 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint16_t */
+
+/* Define to the type of an unsigned integer type of width exactly 32 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint32_t */
+
+/* Define to the type of an unsigned integer type of width exactly 8 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint8_t */
+
+/* Define to the widest unsigned integer type if <stdint.h> and <inttypes.h>
+   do not define. */
+/* #undef uintmax_t */
+
+/* Define to the type of an unsigned integer type wide enough to hold a
+   pointer, if such a type exists, and if the system does not define it. */
+/* #undef uintptr_t */
+
+/* Define to empty if the keyword `volatile' does not work. Warning: valid
+   code using `volatile' can become incorrect without. Disable with care. */
+/* #undef volatile */

include/cryb/Makefile.am

@@ -0,0 +1,10 @@
+crybdir = $(includedir)/cryb
+
+cryb_HEADERS =
+
+if OTP_LIB
+cryb_HEADERS += otp.h
+endif OTP_LIB
+
+noinst_HEADERS = \
+	otp-impl.h

include/cryb/otp-impl.h

@@ -0,0 +1,43 @@
+/*-
+ * Copyright (c) 2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef CRYB_OTP_IMPL_H_INCLUDED
+#define CRYB_OTP_IMPL_H_INCLUDED
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifndef CRYB_TO
+#include <cryb/to.h>
+#endif
+
+#include <cryb/coverage.h>
+
+#endif

include/cryb/otp.h

@@ -0,0 +1,43 @@
+/*-
+ * Copyright (c) 2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef CRYB_OTP_H_INCLUDED
+#define CRYB_OTP_H_INCLUDED
+
+#ifndef CRYB_TO
+#include <cryb/to.h>
+#endif
+
+CRYB_BEGIN
+
+const char *cryb_otp_version(void);
+
+CRYB_END
+
+#endif

lib/Makefile.am

@@ -0,0 +1,5 @@
+SUBDIRS =
+
+if OTP_LIB
+SUBDIRS += otp
+endif OTP_LIB

lib/otp/Makefile.am

@@ -0,0 +1,11 @@
+AM_CPPFLAGS = -I$(top_srcdir)/include
+
+lib_LTLIBRARIES = libcryb-otp.la
+
+libcryb_otp_la_SOURCES = \
+	\
+	cryb_otp.c
+
+libcryb_otp_la_LIBADD = \
+	$(CRYB_CORE_LIBS) \
+	$(CRYB_OATH_LIBS)

lib/otp/cryb_otp.c

@@ -0,0 +1,44 @@
+/*-
+ * Copyright (c) 2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/otp-impl.h"
+
+#include <stdint.h>
+#include <unistd.h>
+
+#include <cryb/otp.h>
+
+static const char *cryb_otp_version_string = PACKAGE_VERSION;
+
+const char *
+cryb_otp_version(void)
+{
+
+	return (cryb_otp_version_string);
+}

libexec/Makefile.am

@@ -0,0 +1,5 @@
+SUBDIRS =
+
+if OTP_BSDAUTH
+SUBDIRS += login_otp
+endif

libexec/login_otp/Makefile.am

@@ -0,0 +1,10 @@
+AM_CPPFLAGS = -I$(top_srcdir)/include
+
+libotp = $(top_builddir)/lib/otp/libcryb-otp.la
+
+libexec_PROGRAMS = login_otp
+
+login_otp_SOURCES = login_otp.c
+login_otp_LDADD = $(libotp)
+
+dist_man8_MANS = login_otp.8

libexec/login_otp/login_otp.8

@@ -0,0 +1,51 @@
+.\"-
+.\" Copyright (c) 2017 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd March 3, 2017
+.Dt LOGIN_OTP 8
+.Os
+.Sh NAME
+.Nm login_otp
+.Nd BSD Authentication module for one-time passwords
+.Sh SYNOPSIS
+.Cm Nm
+.Op Fl d
+.Op Fl s Ar service
+.Op Fl v Ar key Ns = Ns Ar value ...
+.Op Ar class
+.Ar user
+.Sh DESCRIPTION
+TBW
+.Sh SEE ALSO
+.Xr otpkey 1 ,
+.Xr otpverify 8
+.Sh AUTHORS
+The
+.Nm
+module and this manual page were written by
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

libexec/login_otp/login_otp.c

@@ -0,0 +1,77 @@
+/*-
+ * Copyright (c) 2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/otp-impl.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <cryb/otp.h>
+
+static void
+usage(void)
+{
+
+	fprintf(stderr, "usage: "
+	    "login_otp [-d] [-s service] [-o key=value ...] [class] user\n");
+	exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+	int opt;
+
+	while ((opt = getopt(argc, argv, "ds:v:")) != -1)
+		switch (opt) {
+		case 'd':
+			break;
+		case 's':
+			break;
+		case 'v':
+			break;
+		default:
+			usage();
+		}
+
+	argc -= optind;
+	argv += optind;
+
+	switch (argc) {
+	case 2:
+		/* fall through */
+	case 1:
+		break;
+	default:
+		usage();
+	}
+
+	exit(0);
+}

m4/ax_gcc_builtin.m4

@@ -0,0 +1,170 @@
+# ===========================================================================
+#      http://www.gnu.org/software/autoconf-archive/ax_gcc_builtin.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_GCC_BUILTIN(BUILTIN)
+#
+# DESCRIPTION
+#
+#   This macro checks if the compiler supports one of GCC's built-in
+#   functions; many other compilers also provide those same built-ins.
+#
+#   The BUILTIN parameter is the name of the built-in function.
+#
+#   If BUILTIN is supported define HAVE_<BUILTIN>. Keep in mind that since
+#   builtins usually start with two underscores they will be copied over
+#   into the HAVE_<BUILTIN> definition (e.g. HAVE___BUILTIN_EXPECT for
+#   __builtin_expect()).
+#
+#   The macro caches its result in the ax_cv_have_<BUILTIN> variable (e.g.
+#   ax_cv_have___builtin_expect).
+#
+#   The macro currently supports the following built-in functions:
+#
+#    __builtin_assume_aligned
+#    __builtin_bswap16
+#    __builtin_bswap32
+#    __builtin_bswap64
+#    __builtin_choose_expr
+#    __builtin___clear_cache
+#    __builtin_clrsb
+#    __builtin_clrsbl
+#    __builtin_clrsbll
+#    __builtin_clz
+#    __builtin_clzl
+#    __builtin_clzll
+#    __builtin_complex
+#    __builtin_constant_p
+#    __builtin_ctz
+#    __builtin_ctzl
+#    __builtin_ctzll
+#    __builtin_expect
+#    __builtin_ffs
+#    __builtin_ffsl
+#    __builtin_ffsll
+#    __builtin_fpclassify
+#    __builtin_huge_val
+#    __builtin_huge_valf
+#    __builtin_huge_vall
+#    __builtin_inf
+#    __builtin_infd128
+#    __builtin_infd32
+#    __builtin_infd64
+#    __builtin_inff
+#    __builtin_infl
+#    __builtin_isinf_sign
+#    __builtin_nan
+#    __builtin_nand128
+#    __builtin_nand32
+#    __builtin_nand64
+#    __builtin_nanf
+#    __builtin_nanl
+#    __builtin_nans
+#    __builtin_nansf
+#    __builtin_nansl
+#    __builtin_object_size
+#    __builtin_parity
+#    __builtin_parityl
+#    __builtin_parityll
+#    __builtin_popcount
+#    __builtin_popcountl
+#    __builtin_popcountll
+#    __builtin_powi
+#    __builtin_powif
+#    __builtin_powil
+#    __builtin_prefetch
+#    __builtin_trap
+#    __builtin_types_compatible_p
+#    __builtin_unreachable
+#
+#   Unsuppored built-ins will be tested with an empty parameter set and the
+#   result of the check might be wrong or meaningless so use with care.
+#
+# LICENSE
+#
+#   Copyright (c) 2013 Gabriele Svelto <gabriele.svelto@gmail.com>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved.  This file is offered as-is, without any
+#   warranty.
+
+#serial 3
+
+AC_DEFUN([AX_GCC_BUILTIN], [
+    AS_VAR_PUSHDEF([ac_var], [ax_cv_have_$1])
+
+    AC_CACHE_CHECK([for $1], [ac_var], [
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([], [
+            m4_case([$1],
+                [__builtin_assume_aligned], [$1("", 0)],
+                [__builtin_bswap16], [$1(0)],
+                [__builtin_bswap32], [$1(0)],
+                [__builtin_bswap64], [$1(0)],
+                [__builtin_choose_expr], [$1(0, 0, 0)],
+                [__builtin___clear_cache], [$1("", "")],
+                [__builtin_clrsb], [$1(0)],
+                [__builtin_clrsbl], [$1(0)],
+                [__builtin_clrsbll], [$1(0)],
+                [__builtin_clz], [$1(0)],
+                [__builtin_clzl], [$1(0)],
+                [__builtin_clzll], [$1(0)],
+                [__builtin_complex], [$1(0.0, 0.0)],
+                [__builtin_constant_p], [$1(0)],
+                [__builtin_ctz], [$1(0)],
+                [__builtin_ctzl], [$1(0)],
+                [__builtin_ctzll], [$1(0)],
+                [__builtin_expect], [$1(0, 0)],
+                [__builtin_ffs], [$1(0)],
+                [__builtin_ffsl], [$1(0)],
+                [__builtin_ffsll], [$1(0)],
+                [__builtin_fpclassify], [$1(0, 1, 2, 3, 4, 0.0)],
+                [__builtin_huge_val], [$1()],
+                [__builtin_huge_valf], [$1()],
+                [__builtin_huge_vall], [$1()],
+                [__builtin_inf], [$1()],
+                [__builtin_infd128], [$1()],
+                [__builtin_infd32], [$1()],
+                [__builtin_infd64], [$1()],
+                [__builtin_inff], [$1()],
+                [__builtin_infl], [$1()],
+                [__builtin_isinf_sign], [$1(0.0)],
+                [__builtin_nan], [$1("")],
+                [__builtin_nand128], [$1("")],
+                [__builtin_nand32], [$1("")],
+                [__builtin_nand64], [$1("")],
+                [__builtin_nanf], [$1("")],
+                [__builtin_nanl], [$1("")],
+                [__builtin_nans], [$1("")],
+                [__builtin_nansf], [$1("")],
+                [__builtin_nansl], [$1("")],
+                [__builtin_object_size], [$1("", 0)],
+                [__builtin_parity], [$1(0)],
+                [__builtin_parityl], [$1(0)],
+                [__builtin_parityll], [$1(0)],
+                [__builtin_popcount], [$1(0)],
+                [__builtin_popcountl], [$1(0)],
+                [__builtin_popcountll], [$1(0)],
+                [__builtin_powi], [$1(0, 0)],
+                [__builtin_powif], [$1(0, 0)],
+                [__builtin_powil], [$1(0, 0)],
+                [__builtin_prefetch], [$1("")],
+                [__builtin_trap], [$1()],
+                [__builtin_types_compatible_p], [$1(int, int)],
+                [__builtin_unreachable], [$1()],
+                [m4_warn([syntax], [Unsupported built-in $1, the test may fail])
+                 $1()]
+            )
+            ])],
+            [AS_VAR_SET([ac_var], [yes])],
+            [AS_VAR_SET([ac_var], [no])])
+    ])
+
+    AS_IF([test yes = AS_VAR_GET([ac_var])],
+        [AC_DEFINE_UNQUOTED(AS_TR_CPP(HAVE_$1), 1,
+            [Define to 1 if the system has the `$1' built-in function])], [])
+
+    AS_VAR_POPDEF([ac_var])
+])

pam/Makefile.am

@@ -0,0 +1,5 @@
+SUBDIRS =
+
+if OTP_PAM
+SUBDIRS += pam_otp
+endif OTP_PAM

pam/pam_otp/Makefile.am

@@ -0,0 +1,14 @@
+AM_CPPFLAGS = -I$(top_srcdir)/include
+
+libotp = $(top_builddir)/lib/otp/libcryb-otp.la
+
+moduledir = $(libdir)
+module_LTLIBRARIES = pam_otp.la
+
+pam_otp_la_SOURCES = pam_otp.c
+pam_otp_la_LIBADD = \
+	$(libotp) \
+	$(PAM_LIBS)
+pam_otp_la_LDFLAGS = -no-undefined -module -export-symbols-regex '^pam_sm_'
+
+dist_man8_MANS = pam_otp.8

pam/pam_otp/pam_otp.8

@@ -0,0 +1,85 @@
+.\"-
+.\" Copyright (c) 2012-2016 The University of Oslo
+.\" Copyright (c) 2017 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd January 11, 2016
+.Dt PAM_OTP 8
+.Os
+.Sh NAME
+.Nm pam_otp
+.Nd One-time password service module
+.Sh SYNOPSIS
+.Op Ar service
+.Ar module-type
+.Ar control-flag
+.Cm Nm
+.Op Ar arguments
+.Sh DESCRIPTION
+The
+.Nm
+service module implements counter-based and time-based one-time
+passwords.
+.Pp
+The
+.Nm
+service module recognizes the following options:
+.Bl -tag -width ".Cm echo_pass"
+.It Cm nokey = Ar fail | fake | ignore
+Specifies how the module should behave when no key is available for
+the user: either fail immediately, prompt for a code but fail anyway,
+or let authentication proceed by other means.
+\" .It Cm nouser = Ar fail | fake | ignore
+\" Specifies how the module should behave when the user does not exist.
+\" See
+\" .Bm nokey
+\" above.
+\" .It Cm badkey = Ar fail | fake | ignore
+\" Specifies how the module should behave when the user exists and has a
+\" key, but the key could not be loaded (e.g. due to a syntax error in
+\" the keyfile).
+\" See
+\" .Bm nokey
+\" above.
+.El
+.Pp
+The
+.Nm
+service module uses
+.Xr pam_get_authtok 3
+to prompt the user, and will therefore also be affected by the
+standard options
+.Sh SEE ALSO
+.Xr oathkey 1 ,
+.Xr pam.conf 5 ,
+.Xr pam 8
+.Sh AUTHORS
+The
+.Nm
+module and this manual page were developed by
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no
+for the University of Oslo.

pam/pam_otp/pam_otp.c

@@ -0,0 +1,65 @@
+/*-
+ * Copyright (c) 2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/otp-impl.h"
+
+#define PAM_SM_AUTH
+
+#include <security/pam_modules.h>
+#include <security/pam_appl.h>
+
+#include <cryb/otp.h>
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+    int argc, const char *argv[])
+{
+
+	/* unused */
+	(void)pamh;
+	(void)flags;
+	(void)argc;
+	(void)argv;
+	return (PAM_AUTH_ERR);
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags,
+    int argc, const char *argv[])
+{
+
+	/* unused */
+	(void)pamh;
+	(void)flags;
+	(void)argc;
+	(void)argv;
+	return (PAM_SUCCESS);
+}
+
+PAM_MODULE_ENTRY("pam_otp");

sbin/Makefile.am

@@ -0,0 +1,5 @@
+SUBDIRS =
+
+if OTP_RADIUS
+SUBDIRS += otpradiusd
+endif OTP_RADIUS

sbin/otpradiusd/Makefile.am

@@ -0,0 +1,6 @@
+AM_CPPFLAGS = -I$(top_srcdir)/include
+
+sbin_PROGRAMS = otpradiusd
+
+otpradiusd_SOURCES = otpradiusd.c
+dist_man8_MANS = otpradiusd.8

sbin/otpradiusd/otpradiusd.8

@@ -0,0 +1,46 @@
+.\"-
+.\" Copyright (c) 2017 Dag-Erling Smørgrav
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd March 3, 2017
+.Dt OTPRADIUSD 8
+.Os
+.Sh NAME
+.Nm otpkey
+.Nd One-time password RADIUS server
+.Sh SYNOPSIS
+.Cm Nm
+.Sh DESCRIPTION
+TBW
+.Sh SEE ALSO
+.Xr otpkey 1 ,
+.Xr otpverify 8
+.Sh AUTHORS
+The
+.Nm
+utility and this manual page were written by
+.An Dag-Erling Sm\(/orgrav Aq Mt des@des.no .

sbin/otpradiusd/otpradiusd.c

@@ -0,0 +1,64 @@
+/*-
+ * Copyright (c) 2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/otp-impl.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <cryb/otp.h>
+
+static void
+usage(void)
+{
+
+	fprintf(stderr, "usage: otpradiusd\n");
+	exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+	int opt;
+
+	while ((opt = getopt(argc, argv, "")) != -1)
+		switch (opt) {
+		default:
+			usage();
+		}
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc > 0)
+		usage();
+
+	exit(0);
+}

t/Makefile.am

@@ -0,0 +1,28 @@
+AM_CPPFLAGS = -I$(top_srcdir)/include
+
+EXTRA_DIST =
+
+if WITH_CRYB_TEST
+
+libotp = $(top_builddir)/lib/otp/libcryb-otp.la
+
+# tests
+TESTS =
+
+# c++ header test
+TESTS += t_cxx
+t_cxx_SOURCES = t_cxx.cc
+t_cxx_CPPFLAGS = $(AM_CPPFLAGS)
+t_cxx_LDADD =
+if OTP_LIB
+t_cxx_CPPFLAGS += -DWITH_OTP_LIB
+t_cxx_LDADD += $(libotp)
+endif OTP_LIB
+
+# libcryb-otp
+if OTP_LIB
+endif OTP_LIB
+
+check_PROGRAMS = $(TESTS)
+
+endif WITH_CRYB_TEST

t/t_cxx.cc

@@ -0,0 +1,98 @@
+/*-
+ * Copyright (c) 2017 Dag-Erling Smørgrav
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "cryb/otp-impl.h"
+
+/* gcc's <cstdint> is broken */
+#include <stdint.h>
+#include <cstring>
+#include <iostream>
+#include <vector>
+
+#include <cryb/coverage.h>
+
+CRYB_DISABLE_COVERAGE;
+
+class test {
+public:
+	virtual const char *name() = 0;
+	virtual int run() = 0;
+};
+
+#define TEST(lib) \
+	class test_##lib : public test {				\
+	public:								\
+		virtual const char *name() {				\
+			return (#lib);					\
+		}							\
+		virtual int run() {					\
+			return (std::strcmp(cryb_##lib##_version(),	\
+			    PACKAGE_VERSION) == 0);			\
+		}							\
+	};
+
+#if WITH_OTP_LIB
+#include <cryb/otp.h>
+TEST(otp)
+#endif
+
+#undef TEST
+
+int
+main(int argc, char *argv[])
+{
+	std::vector<test *> tests;
+	int ret;
+
+#define TEST(lib) tests.push_back(new test_##lib())
+
+#if WITH_CRYB_OTP
+	TEST(otp);
+#endif
+
+#undef TEST
+
+
+	ret = 0;
+	if (tests.empty()) {
+		std::cout << "1..1" << std::endl <<
+		    "ok 1 - dummy" << std::endl;
+	} else {
+		std::cout << "1.." << tests.size() << std::endl;
+		for (int i = 0; i < tests.size(); ++i) {
+			if (!tests[i]->run()) {
+				std::cout << "not ";
+				ret = 1;
+			}
+			std::cout << "ok " << (i + 1) << " - " <<
+			    tests[i]->name() << std::endl;
+		}
+	}
+	return (ret);
+}