/* Copyright (C) CJ Affiliate
*
* You may use, distribute and modify this code under the
* terms of the GNU General Public License version 2 or
* later.
*
* You should have received a copy of the license with this
* file. If not, you will find a copy in the "LICENSE" file
* at https://github.com/cjdev/dual-control.
*/
#include "generator.h"
#include <iostream>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include "base32.h"
namespace
{
class hmac_failed_exception : public std::exception
{};
int ipow (int base, int exp)
{
int result = 1;
while (exp) {
if (exp & 1) {
result *= base;
}
exp >>= 1;
base *= base;
}
return result;
}
unsigned char *timeToBytes (unsigned long long time, unsigned char *data,
size_t data_size)
{
for (int idx = data_size - 1; idx > -1; idx--) {
unsigned char next_digit = time & 0xff;
data[idx] = next_digit;
time >>= 8;
}
return data;
}
template <typename S>
unsigned long bytesToInt (const S &bytes)
{
unsigned long result = 0;
auto byteCount = bytes.size() - 1;
for (auto byte = bytes.cbegin(); byte < bytes.cend(); byte++, byteCount--) {
const uint8_t val = static_cast<uint8_t> (*byte);
result |= val << (byteCount * 8);
}
return result;
}
class token_generator_impl : public token_generator_ifc
{
private:
const sys_time clock;
const unsigned int code_digits;
const base32 codec;
private:
std::string zero_fill (unsigned long result, int digits) const
{
std::ostringstream result_stream;
result_stream << std::setw (digits) << std::setfill ('0') << result;
return result_stream.str();
}
unsigned long truncate (const octet_vector &mac) const
{
uint8_t offset = static_cast<uint8_t > (mac[19]) & static_cast<uint8_t>
(0x0f);
auto mac_begin = mac.begin();
auto subseq_begin = mac_begin + offset;
octet_vector offsetBytes (subseq_begin, subseq_begin + 4);
return bytesToInt (offsetBytes) & 0x7fffffff;
}
std::string hotp (const std::vector<uint8_t> &key,
const unsigned char *data,
size_t data_size, const int digits=6) const
{
// TODO: see if I can use sha256/etc. with google auth...
const unsigned char *digest = HMAC (EVP_sha1(), key.data(), key.size(), data,
data_size, NULL, NULL);
if (digest == nullptr) {
throw hmac_failed_exception();
}
size_t sha1_output_size = 20;
// const_cast should be safe here because we generated the pointer
octet_vector digest_s = octet_vector (digest, digest+sha1_output_size);
unsigned long result = truncate (digest_s) % ipow (10,digits);
return zero_fill (result, digits);
}
public:
token_generator_impl (const sys_time clock,
const int code_digits) :
clock (clock), code_digits (code_digits)
{}
std::string generate_token (const octet_vector &key) const override
{
// Assuming time is > 0, integer division produces the result we want.
const time_t &time_chunk = clock.time (nullptr) / 30;
unsigned char data[8] = {0,0,0,0,0,0,0,0};
timeToBytes (time_chunk, data, 8);
return hotp (key, data, 8, code_digits);
}
};
}
// Generator goes here....
totp_generator::totp_generator (
const sys_time clock,
const int code_digits) :
delegate_ (std::make_shared<token_generator_impl> (clock, code_digits))
{}