new file mode 100644

@@ -0,0 +1,11 @@

+root = true

+

+[*]

+charset = utf-8

+end_of_line = lf

+insert_final_newline = true

+trim_trailing_whitespace = true

+

+[*.{cc,h}]

+indent_style = space

+indent_size = 4

@@ -1,10 +1,10 @@

-CXXFLAGS += -fPIC -fno-stack-protector -std=c++11

-CFLAGS += -fPIC -fno-stack-protector

-LDFLAGS = -lpam

+CXXFLAGS += -fPIC -fno-stack-protector -std=c++14  -g

+CFLAGS += -fPIC -fno-stack-protector -g

+LDFLAGS = -lcryptopp -lpam

 INTEGRATION_OBJS = sys_syslog.o sys_fstream.o sys_unistd.o sys_pwd.o sys_pam.o \

                    sys_stdlib.o sys_time.o

-OBJS = dual_control.o request.o validator.o conversation.o user.o token.o logger.o session.o installer.o system.o

+OBJS = dual_control.o request.o validator.o conversation.o user.o token.o logger.o session.o installer.o system.o generator.o

 TEST_SOURCES := $(wildcard *_test.cc)

 TESTS := $(patsubst %.cc,%.out,$(TEST_SOURCES))

 TESTRUNS := $(patsubst %.out,RUN_%,$(TESTS))

@@ -46,7 +46,7 @@ distclean: clean

 -include .depend

 %_test.out: %_test.o $(OBJS)

-	$(CXX) $(CXXFLAGS) $(CPPFLAGS)  -o $@ $^

+	$(CXX) $(CXXFLAGS) $(CPPFLAGS) -o $@ $^ -lcryptopp

 RUN_%: %.out

 	@echo running $<

@@ -70,5 +70,3 @@ endif

 .PHONY: format

 format:

 	@./format.sh *.cc *.h

-

-

@@ -16,20 +16,22 @@

 #include "conversation.h"

-

 namespace

 {

 class impl : public conversation_ifc

 {

 private:

     pam pam_;

-    pam_conv_result conversation(const std::string &msg, int msg_style, const pam_request &request) {

+    pam_conv_result conversation (const std::string &msg, int msg_style,

+                                  const pam_request &request)

+    {

         const pam_conv *conv;

         int get_conv_result = pam_.get_conv (request.handle(), &conv);

+

         if (get_conv_result != PAM_SUCCESS) {

             return pam_conv_result {get_conv_result, PAM_CONV_ERR, std::vector<pam_response *>()};

         }

-        

+

         pam_message message;

         message.msg = const_cast<char *> (msg.c_str());

         message.msg_style = msg_style;

@@ -39,8 +41,8 @@ private:

         std::vector<pam_response *> responses (1);

         int conv_result = conv->conv (1, messages.data(),

-                                             responses.data(),

-                                             conv->appdata_ptr);

+                                      responses.data(),

+                                      conv->appdata_ptr);

         return pam_conv_result {get_conv_result, conv_result, responses};

     }

@@ -51,12 +53,16 @@ public:

     {

         conversation_result result;

-        pam_conv_result token_result (conversation("Dual control token: ", PAM_PROMPT_ECHO_OFF, request));

+        pam_conv_result token_result (conversation ("Dual control token: ",

+                                      PAM_PROMPT_ECHO_OFF, request));

+

         if (token_result.get_conv_result != PAM_SUCCESS) {

             return result;

         }

-        pam_conv_result reason_result (conversation("Reason: ", PAM_PROMPT_ECHO_ON, request));

+        pam_conv_result reason_result (conversation ("Reason: ", PAM_PROMPT_ECHO_ON,

+                                       request));

+

         if (reason_result.get_conv_result != PAM_SUCCESS) {

             return result;

         }

@@ -18,6 +18,7 @@

 #include "user.h"

 #include "sys_unistd.h"

 #include "sys_pwd.h"

+#include "sys_time.h"

 #include "token.h"

 #include "system.h"

 #include "sys_fstream.h"

@@ -39,9 +40,14 @@ installer init_installer()

     unistd unistd (unistd::create());

     directory directory (directory::create (unistd, pwd));

     stdlib stdlib (stdlib::get());

-    generator generator{make_generator (stdlib)};

-    installer installer (installer::create (tokens, unistd,

-                                            directory, generator));

+    sys_time timer (sys_time::get());

+    int code_digits = 6;

+    std::shared_ptr<totp_generator> totp_generator =

+        std::make_shared<totp_generator> (timer, "\x00", code_digits);

+    generator generator = std::bind (&TOTPGenerator::generate_token,

+                                     totp_generator);

+    installer installer (installer::create (tokens, unistd, directory,

+                                            generator));

     return installer;

 }

new file mode 100644

@@ -0,0 +1,126 @@

+/* Copyright (C) CJ Affiliate

+ *

+ * You may use, distribute and modify this code under  the

+ * terms of the  GNU General Public License  version 2  or

+ * later.

+ *

+ * You should have received a copy of the license with this

+ * file. If not, you will find a copy in the "LICENSE" file

+ * at https://github.com/cjdev/dual-control.

+ */

+

+#include "generator.h"

+#include <iostream>

+

+int ipow (int base, int exp)

+{

+    int result = 1;

+

+    while (exp) {

+        if (exp & 1) {

+            result *= base;

+        }

+

+        exp >>= 1;

+        base *= base;

+    }

+

+    return result;

+}

+

+unsigned long bytesToInt (const std::string &bytes)

+{

+    unsigned long result = 0;

+    auto          byteCount = bytes.size() - 1;

+

+    for (auto byte = bytes.cbegin(); byte < bytes.cend(); byte++, byteCount--) {

+        const uint8_t val = static_cast<uint8_t> (*byte);

+        result |= val << (byteCount * 8);

+    }

+

+    return result;

+}

+

+time_t time_step (const time_t time, const int step)

+{

+    // Time is > 0 so division produces the result we want.

+    return time / step;

+}

+

+class impl : public token_generator_ifc

+{

+private:

+    const sys_time &sys_time;

+    unsigned int code_digits;

+    const std::shared_ptr<CryptoPP::SecByteBlock> key;

+

+    unsigned long truncate (const std::string &mac) const;

+

+    unsigned long hotp (const CryptoPP::SecByteBlock &key,

+                        const CryptoPP::Integer &counter) const;

+

+    // TODO: move elsewhere

+    CryptoPP::SecByteBlock generate_key (unsigned int size) const;

+

+    unsigned long totp_generator::truncate (const std::string &mac) const

+    {

+        uint8_t offset = static_cast<uint8_t > (mac[19]) & static_cast<uint8_t>

+                         (0x0f);

+        std::string  offsetBytes = mac.substr (offset, 4);

+        return bytesToInt (offsetBytes) & 0x7fffffff;

+    }

+

+    unsigned long totp_generator::hotp (const CryptoPP::SecByteBlock &key,

+                                        const CryptoPP::Integer &counter) const

+    {

+        std::string mac;

+

+        CryptoPP::SecByteBlock counter_bytes (8);

+        // Do I know that 8 is sufficient here? . . .

+        counter.Encode (counter_bytes.BytePtr(), 8, CryptoPP::Integer::UNSIGNED);

+

+        CryptoPP::HMAC<CryptoPP::SHA1> hmac (key, key.size());

+

+        CryptoPP::StringSink  *stringSink = new CryptoPP::StringSink (mac);

+        CryptoPP::HashFilter  *hashFilter = new CryptoPP::HashFilter (hmac,

+                stringSink);

+        CryptoPP::StringSource ss2 (counter_bytes, counter_bytes.size(), true,

+                                    hashFilter);

+

+        unsigned long result = truncate (mac);

+

+        result = result % ipow (10, code_digits);

+        return result;

+    }

+

+    CryptoPP::SecByteBlock totp_generator::generate_key (unsigned int size)

+    const

+    {

+        CryptoPP::AutoSeededRandomPool prng;

+

+        CryptoPP::SecByteBlock key (size);

+        prng.GenerateBlock (key, key.size());

+        return key;

+    }

+

+public:

+    std::string generate_token () const override

+    {

+        time_t foo = 111;

+        const CryptoPP::Integer &time = sys_time.time (&foo);

+        std::cout << "At the tone, the time is: " << foo << " or " << time << "\a"

+                  << std::endl;

+        int time_step_size = 30;

+        CryptoPP::Integer current_step = time_step (time.ConvertToLong(),

+                                         time_step_size);

+        long otp = hotp (*key, current_step);

+        std::ostringstream is;

+        is << std::setfill ('0') << std::setw (6)<< otp;

+        return is.str();

+    }

+};

+

+// Generator goes here....

+std::string totp_generator::generate_token () const

+;

+

@@ -9,6 +9,7 @@

  * at https://github.com/cjdev/dual-control.

  */

+#pragma once

 #ifndef GENERATOR_H_

 #define GENERATOR_H_

@@ -17,25 +18,39 @@

 #include <sstream>

 #include <iomanip>

 #include <cmath>

+#include <ctime>

+

+#include <cryptopp/base32.h>

+#include <cryptopp/hex.h>

+#include <cryptopp/hmac.h>

+#include <cryptopp/osrng.h>

 #include "sys_stdlib.h"

+#include "sys_time.h"

 using generator = std::function<std::string()>;

+int ipow (int base, int exp);

+time_t time_step (const time_t time, const int step);

-inline    std::string token_from_int (int x)

+class token_generator_ifc

 {

-    int v = std::abs (x % 1000000);

-    std::ostringstream is;

-    is << std::setfill ('0') << std::setw (6)<< v;

-    return is.str();

-}

+public:

+    virtual std::string generate_token () const;

+};

-inline generator make_generator (const stdlib &stdlib)

+class totp_generator : public token_generator

 {

-    return [stdlib] {

-        return token_from_int (stdlib.rand());

-    };

-}

+public:

+    totp_generator (const class sys_time &sys_time,

+                    const std::string &key_c,

+                    const int code_digits) :

+        sys_time (sys_time), code_digits (code_digits),

+        key (std::make_shared<CryptoPP::SecByteBlock> (CryptoPP::SecByteBlock (

+                    reinterpret_cast<const unsigned char *> (key_c.c_str()), key_c.size())))

+    {};

+

+    std::string generate_token () const;

+};

 #endif

@@ -13,9 +13,12 @@

 #include <initializer_list>

 #include <vector>

 #include <climits>

+#include <ctime>

+#include <iostream>

 #include "generator.h"

 #include "sys_stdlib.h"

+#include "sys_time.h"

 #include "test_util.h"

 class fake_stdlib : public stdlib_ifc

@@ -40,16 +43,46 @@ public:

     }

 };

+class fake_time : public sys_time_ifc

+{

+

+private:

+    std::vector<time_t> samples_;

+    mutable std::vector<time_t>::iterator current_;

+public:

+    fake_time ( const std::initializer_list<time_t> &samples)

+        : samples_ (samples.begin(), samples.end()),

+          current_ (samples_.begin()) {}

+    time_t time (time_t *time_ptr) const override

+    {

+        if (current_ != samples_.end()) {

+            auto rval = *current_;

+

+            if (time_ptr != nullptr) {

+                *time_ptr = rval;

+            }

+

+            current_ += 1;

+            return rval;

+        }

+

+        return 0;

+    }

+};

+

 int six_digits()

 {

     // given

-    std::initializer_list<int> samples { 1 };

-    auto test_stdlib = std::make_shared<fake_stdlib> (samples);

-    stdlib stdlib (test_stdlib);

-    generator generator = make_generator (stdlib);

+    std::initializer_list<time_t> samples { 1 };

+    auto test_stdtime = std::make_shared<fake_time> (samples);

+

+    sys_time stdtime (test_stdtime);

+    // Fake the Key

+    std::string key = "\xff\x91\xebO\x04\xa4\xda$\xd2$a\x95Vs\xaf`";

+    auto generator = totp_generator (stdtime, key, 6);

     // when

-    auto actual = generator();

+    auto actual = generator.generate_token();

     // then

     check (actual.size() == 6, "size is wrong");

@@ -62,30 +95,36 @@ int six_digits()

 int modulated_source_modulates_tokens()

 {

     // given

-    std::initializer_list<int> samples { 1, 2, 3 };

-    auto test_stdlib = std::make_shared<fake_stdlib> (samples);

-    stdlib stdlib (test_stdlib);

-    generator generator = make_generator (stdlib);

+    std::initializer_list<time_t> samples { 1, 31 };

+    auto test_stdtime = std::make_shared<fake_time> (samples);

+

+    sys_time stdtime (test_stdtime);

+    // Fake the Key

+    std::string key = "\xff\x91\xebO\x04\xa4\xda$\xd2$a\x95Vs\xaf`";

+    auto generator = totp_generator (stdtime, key, 6);

     // when

-    auto actual1 = generator();

-    auto actual2 = generator();

+    auto actual1 = generator.generate_token();

+    auto actual2 = generator.generate_token();

     // then

-    check (actual1 != actual2, "samples should be different");

+    check (actual1 != actual2, "tokens should be different");

     succeed();

 }

 int int_max()

 {

     // given

-    std::initializer_list<int> samples { INT_MAX };

-    auto test_stdlib = std::make_shared<fake_stdlib> (samples);

-    stdlib stdlib (test_stdlib);

-    generator generator = make_generator (stdlib);

+    std::initializer_list<time_t> samples { INT_MAX };

+    auto test_stdtime = std::make_shared<fake_time> (samples);

+

+    sys_time stdtime (test_stdtime);

+    // Fake the Key

+    std::string key = "\xff\x91\xebO\x04\xa4\xda$\xd2$a\x95Vs\xaf`";

+    auto generator = totp_generator (stdtime, key, 6);

     // when

-    auto actual = generator();

+    auto actual = generator.generate_token();

     // then

     check (actual.size() == 6, "size is wrong");

@@ -98,13 +137,16 @@ int int_max()

 int int_min()

 {

     // given

-    std::initializer_list<int> samples { INT_MIN };

-    auto test_stdlib = std::make_shared<fake_stdlib> (samples);

-    stdlib stdlib (test_stdlib);

-    generator generator = make_generator (stdlib);

+    std::initializer_list<time_t> samples { INT_MIN };

+    auto test_stdtime = std::make_shared<fake_time> (samples);

+

+    sys_time stdtime (test_stdtime);

+    // Fake the Key

+    std::string key = "\xff\x91\xebO\x04\xa4\xda$\xd2$a\x95Vs\xaf`";

+    auto generator = totp_generator (stdtime, key, 6);

     // when

-    auto actual = generator();

+    auto actual = generator.generate_token();

     // then

     check (actual.size() == 6, "size is wrong");

@@ -114,12 +156,39 @@ int int_min()

     succeed();

 }

+// totp test

+int int_precomputed()

+{

+    // given

+    // The token for key 76I6WTYEUTNCJUREMGKVM45PMA and time '2017/01/01 00:00:00' is 258675

+    time_t theTime = 1483257600;

+    /// TODO: int -> time_t

+    std::initializer_list<time_t> samples { theTime }; //

+    auto test_stdtime = std::make_shared<fake_time> (samples);

+

+    sys_time stdtime (test_stdtime);

+    // Fake the Key

+    std::string key = "\xff\x91\xebO\x04\xa4\xda$\xd2$a\x95Vs\xaf`";

+    auto generator = totp_generator (stdtime, key, 6);

+    std::string expected = "258675";

+

+    // when

+    auto actual = generator.generate_token();

+

+    // then

+    check (actual.size() == 6, "size is wrong");

+    check (actual == expected,

+           "precomputed value failed to match"); // TODO: Does == work for std::string like I want it to?

+    succeed();

+}

+

 int run_tests()

 {

     test (six_digits);

     test (modulated_source_modulates_tokens);

     test (int_max);

     test (int_min);

+    test (int_precomputed);

     succeed();

 }

@@ -127,4 +196,3 @@ int main (int argc, char *argv[])

 {

     return !run_tests();

 }

-

@@ -16,7 +16,7 @@

 #include <cstdio>

 #define check(assertion, msg) \

     if (!(assertion)) { \

-      fprintf(stderr, "assertion failed: %s\n", msg); \

+      fprintf(stderr, "> assertion failed: %s\n", msg); \

       return 0; \

     }

@@ -32,11 +32,13 @@

 #define test(NAME) \

     { \

-      int result = NAME (); \

-      if (!result) { \

-          fprintf(stderr, "test failed: %s\n", #NAME); \

-          return 0; \

-      } \

+        int result = NAME (); \

+        if (!result) { \

+            fprintf(stderr, "> test failed: %s\n", #NAME); \

+            return 0; \

+        } else { \

+            fprintf (stderr, "> test passed: %s\n", #NAME); \

+        } \

     }

 #define succeed() return 1