cryb-to/lib/oath/cryb_oath_key_create.c
Dag-Erling Smørgrav 54c67f337a Add partial support for issuer parameter.
We can read the issuer from a URI (as a separate parameter, not as a prefix to the label) and store it, but not yet output it.  That will be implemented in a future rewrite of oath_key_to_uri().
2018-04-26 00:06:48 +02:00

184 lines
4.9 KiB
C

/*-
* Copyright (c) 2013-2014 The University of Oslo
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "cryb/impl.h"
#include <sys/types.h>
#include <stdint.h>
#include <string.h>
#include <cryb/oath.h>
#include <cryb/rand.h>
/*
* OATH
*
* Creates an OATH key with the specified parameters
*/
struct oath_key *
oath_key_create(const char *issuer, const char *label,
enum oath_mode mode, enum oath_hash hash,
const char *keydata, size_t keylen)
{
char keybuf[OATH_MAX_KEYLEN];
struct oath_key *key;
int issuerlen, labellen;
/* check issuer */
if (issuer == NULL ||
(issuerlen = strlen(issuer)) >= OATH_MAX_ISSUERLEN)
return (NULL);
/* check label */
if (label == NULL ||
(labellen = strlen(label)) >= OATH_MAX_LABELLEN)
return (NULL);
/* check key length */
if (keylen > OATH_MAX_KEYLEN ||
(keydata != NULL && keylen == 0))
return (NULL);
if (keylen == 0)
keylen = 20;
/* check mode */
switch (mode) {
case om_hotp:
case om_totp:
break;
default:
return (NULL);
}
/* check hash */
switch (hash) {
case oh_undef:
hash = oh_sha1;
break;
case oh_md5:
case oh_sha1:
case oh_sha256:
case oh_sha512:
break;
default:
return (NULL);
}
/* generate key data if necessary */
if (keydata == NULL) {
if (rand_bytes((uint8_t *)keybuf, keylen) != (ssize_t)keylen)
return (NULL);
keydata = keybuf;
}
/* allocate */
if ((key = oath_key_alloc()) == NULL)
return (NULL);
/* issuer */
memcpy(key->issuer, issuer, issuerlen);
key->issuer[issuerlen] = 0;
key->issuerlen = issuerlen;
/* label */
memcpy(key->label, label, labellen);
key->label[labellen] = 0;
key->labellen = labellen;
/* mode and hash */
key->mode = mode;
key->hash = hash;
/* default parameters */
key->digits = 6;
if (key->mode == om_totp)
key->timestep = 30;
/* key */
memcpy(key->key, keydata, keylen);
key->keylen = keylen;
return (key);
}
/**
* The =oath_key_create function allocates and initializes an OATH key
* structure with the specified parameters.
*
* The =label parameter must point to a string describing the key.
*
* The =mode parameter indicates the OTP algorithm to use:
*
* ;om_hotp:
* RFC 4226 HOTP
* ;om_totp:
* RFC 6238 TOTP
*
* The =hash parameter indicates which hash algorithm to use:
*
* ;oh_md5:
* RFC 1321 MD5
* ;oh_sha1:
* RFC 3174 SHA-1
* ;oh_sha256:
* RFC 6234 SHA-256
* ;oh_sha512:
* RFC 6234 SHA-512
*
* If =hash is ;oh_undef, the default algorithm (SHA-1) is used.
*
* The =keydata parameter should point to a buffer containing the raw key
* to use.
* If =keydata is NULL, a key will be randomly generated.
* Note that the strength of the generated key is dependent on the
* strength of the operating system's pseudo-random number generator.
*
* The =keylen parameter specifies the length of the provided (or
* generated) key in bytes.
* Note that some OATH HOTP / TOTP implementations do not support key
* lengths that are not a multiple of 20 bits (5 bytes).
* If =keydata is NULL and =keylen is 0, a hardcoded default of 160 bits
* (20 bytes) is used.
*
* The following key parameters are set to hardcoded default values and
* can be changed after key creation:
*
* - For HOTP keys, the initial counter value is set to 0.
* - For TOTP keys, the timestep is set to 30 seconds.
* - For both HOTP and TOTP keys, the number of digits is set to 6.
*
* Keys created with =oath_key_create must be freed using =oath_key_free.
*
* >oath_key_alloc
* >oath_key_free
*
* AUTHOR UIO
*/