From: Frank Cusack <frank@google.com>
Date: Wed, 20 Jul 2011 10:12:11 +0000 (+0200)
Subject: Add flag and API for OATH initial moving factor.
X-Git-Tag: v1.6.0~3
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f326e8ec16506bb883428332731f842c6281d75;p=yubikey-personalization

Add flag and API for OATH initial moving factor.

Signed-off-by: Simon Josefsson <simon@josefsson.org>
---

diff --git a/libykpers-1.map b/libykpers-1.map
index 3fb110c..582da7d 100644
--- a/libykpers-1.map
+++ b/libykpers-1.map
@@ -116,5 +116,7 @@ LIBYKPERS_1.5 {
   yk_wait_for_key_status;
   yk_read_response_from_key;
   yk_get_serial;
+  ykp_set_oath_imf;
+  ykp_get_oath_imf;
 # Variables:
 } LIBYKPERS_1.4;
diff --git a/ykpers-args.c b/ykpers-args.c
index a25d6a8..6d8620c 100644
--- a/ykpers-args.c
+++ b/ykpers-args.c
@@ -113,6 +113,7 @@ const char *usage =
 "          [-]chal-hmac           set/clear CHAL_HMAC\n"
 "          [-]hmac-lt64           set/clear HMAC_LT64\n"
 "          [-]chal-btn-trig       set/clear CHAL_BTN_TRIG\n"
+"          oath-imf=IMF           set OATH Initial Moving Factor\n"
 "\n"
 "          Extended flags for firmware version 2.2 and above:\n"
 "          [-]serial-btn-visible  set/clear SERIAL_BTN_VISIBLE\n"
@@ -416,6 +417,31 @@ int args_to_config(int argc, char **argv, YKP_CONFIG *cfg,
 			CFGFLAG("hmac-lt64", HMAC_LT64)
 			CFGFLAG("chal-btn-trig", CHAL_BTN_TRIG)
 #undef CFGFLAG
+			else if (strncmp(optarg, "oath-imf=", 9) == 0) {
+				unsigned long imf;
+
+				if (!(ycfg->tktFlags & TKTFLAG_OATH_HOTP) == TKTFLAG_OATH_HOTP) {
+					fprintf(stderr,
+						"Option oath-imf= only valid with -ooath-hotp or -ooath-hotp8.\n"
+						);
+					*exit_code = 1;
+					return 0;
+				}
+
+				if (sscanf(optarg+9, "%lu", &imf) != 1 ||
+				    /* yubikey limitations */
+				    imf > 65535*16 || imf % 16 != 0) {
+					fprintf(stderr,
+						"Invalid value %s for oath-imf=.\n", optarg+9
+						);
+					*exit_code = 1;
+					return 0;
+				}
+				if (! ykp_set_oath_imf(cfg, imf)) {
+					*exit_code = 1;
+					return 0;
+				}
+			}
 
 #define EXTFLAG(o, f)							\
 			else if (strcmp(optarg, o) == 0) {		\
diff --git a/ykpers.c b/ykpers.c
index 6f0b954..c833653 100644
--- a/ykpers.c
+++ b/ykpers.c
@@ -309,6 +309,36 @@ static bool vcheck_v22_or_greater(const YKP_CONFIG *cfg)
 		cfg->yk_major_version > 2;
 }
 
+int ykp_set_oath_imf(YKP_CONFIG *cfg, unsigned long imf)
+{
+	if (!vcheck_v22_or_greater(cfg)) {
+		ykp_errno = YKP_EYUBIKEYVER;
+		return 0;		
+	}
+	if (imf > 65535*16) {
+		ykp_errno = YKP_EINVAL;
+		return 0;		
+	}
+	if (imf % 16 != 0) {
+		ykp_errno = YKP_EINVAL;
+		return 0;		
+	}
+	/* IMF/16 is 16 bits stored big-endian in uid[4] */
+	imf /= 16;
+	cfg->ykcore_config.uid[4] = imf >> 8;
+	cfg->ykcore_config.uid[5] = imf;
+	return 1;
+}
+
+unsigned long ykp_get_oath_imf(YKP_CONFIG *cfg)
+{
+	if (!vcheck_v22_or_greater(cfg))
+		return 0;		
+
+	/* we can't do a simple cast due to alignment issues */
+	return ((cfg->ykcore_config.uid[4] << 8) | cfg->ykcore_config.uid[5]) << 4;
+}
+
 #define def_set_charfield(fnname,fieldname,size,extra,vcheck)	\
 int ykp_set_ ## fnname(YKP_CONFIG *cfg, unsigned char *input, size_t len)	\
 {								\
@@ -431,6 +461,7 @@ const char str_fixed[] = "fixed";
 const char str_uid[] = "uid";
 const char str_key[] = "key";
 const char str_acc_code[] = "acc_code";
+const char str_oath_imf[] = "OATH IMF";
 
 const char str_flags_separator[] = "|";
 
@@ -569,6 +600,21 @@ int ykp_write_config(const YKP_CONFIG *cfg,
 		writer(buffer, strlen(buffer), userdata);
 		writer("\n", 1, userdata);
 
+		/* OATH IMF: */
+		if ((cfg->ykcore_config.tktFlags & TKTFLAG_OATH_HOTP) == TKTFLAG_OATH_HOTP &&
+		    vcheck_v22_or_greater(cfg)) {
+			writer(str_oath_imf, strlen(str_oath_imf), userdata);
+			writer(str_key_value_separator,
+				strlen(str_key_value_separator),
+				userdata);
+			writer(str_hex_prefix,
+				strlen(str_hex_prefix),
+				userdata);
+			sprintf(buffer, "%lx", ykp_get_oath_imf(cfg));
+			writer(buffer, strlen(buffer), userdata);
+			writer("\n", 1, userdata);
+		}
+
 		/* ticket_flags: */
 		buffer[0] = '\0';
 		for (p = ticket_flags_map; p->flag; p++) {
@@ -693,6 +739,7 @@ static const char *errtext[] = {
 	"option not available for this Yubikey version",
 	"too old yubikey for this operation",
 	"invalid configuration number (this is a programming error)",
+	"invalid option/argument value",
 };
 const char *ykp_strerror(int errnum)
 {
diff --git a/ykpers.h b/ykpers.h
index cf0ef18..614cdb3 100644
--- a/ykpers.h
+++ b/ykpers.h
@@ -54,6 +54,8 @@ int ykp_HMAC_key_from_hex(YKP_CONFIG *cfg, const char *hexkey);
 int ykp_set_access_code(YKP_CONFIG *cfg, unsigned char *access_code, size_t len);
 int ykp_set_fixed(YKP_CONFIG *cfg, unsigned char *fixed, size_t len);
 int ykp_set_uid(YKP_CONFIG *cfg, unsigned char *uid, size_t len);
+int ykp_set_oath_imf(YKP_CONFIG *cfg, unsigned long imf);
+unsigned long ykp_get_oath_imf(YKP_CONFIG *cfg);
 
 int ykp_set_tktflag_TAB_FIRST(YKP_CONFIG *cfg, bool state);
 int ykp_set_tktflag_APPEND_TAB1(YKP_CONFIG *cfg, bool state);
@@ -109,5 +111,6 @@ const char *ykp_strerror(int errnum);
 #define YKP_EYUBIKEYVER	0x03
 #define YKP_EOLDYUBIKEY	0x04
 #define YKP_EINVCONFNUM	0x05
+#define YKP_EINVAL	0x06
 
 #endif	// __YKPERS_H_INCLUDED__