From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BD2E69F8F6 for ; Fri, 9 Jun 2023 17:52:56 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9AD3E311B5 for ; Fri, 9 Jun 2023 17:52:26 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 9 Jun 2023 17:52:26 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id DD15E42CFC for ; Fri, 9 Jun 2023 17:52:25 +0200 (CEST) From: Maximiliano Sandoval To: pbs-devel@lists.proxmox.com Date: Fri, 9 Jun 2023 17:52:25 +0200 Message-Id: <20230609155225.173010-1-m.sandoval@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [totp.rs] Subject: [pbs-devel] [PATCH pbs] tfa: Improve TOTP algorithm parsing X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jun 2023 15:52:56 -0000 It is very common for TOTP URIs to contain the algorithm in lowercase, hence we convert to lowercase when doing From<&str> for Algorithm. Signed-off-by: Maximiliano Sandoval --- proxmox-tfa/src/totp.rs | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/proxmox-tfa/src/totp.rs b/proxmox-tfa/src/totp.rs index 7b8e6b3..97be715 100644 --- a/proxmox-tfa/src/totp.rs +++ b/proxmox-tfa/src/totp.rs @@ -99,10 +99,10 @@ impl std::str::FromStr for Algorithm { type Err = Error; fn from_str(s: &str) -> Result { - Ok(match s { - "SHA1" => Algorithm::Sha1, - "SHA256" => Algorithm::Sha256, - "SHA512" => Algorithm::Sha512, + Ok(match s.to_lowercase().as_str() { + "sha1" => Algorithm::Sha1, + "sha256" => Algorithm::Sha256, + "sha512" => Algorithm::Sha512, _ => return Err(Error::UnsupportedAlgorithm(s.to_string())), }) } @@ -640,3 +640,23 @@ fn test_otp() { assert_eq!(parsed.issuer.as_deref(), Some("An Issuer")); assert_eq!(parsed.account_name.as_deref(), Some("The Account Name")); } + +#[test] +fn test_algorithm_parsing() { + let secret = "AA"; + let period = 30; + let digits = 6; + let issuer = "ISSUER"; + let uri = format!("otpauth://totp/user%40hostname?secret={secret}&issuer={issuer}&algorithm=sha1&digits={digits}&period={period}"); + let hotp: Totp = uri.parse().expect("failed to parse otp uri"); + + assert_eq!(hotp.algorithm, Algorithm::Sha1); + assert_eq!(hotp.period, period); + assert_eq!(hotp.digits, digits); + assert_eq!(hotp.issuer.as_deref(), Some(issuer)); + assert_eq!(hotp.account_name.as_deref(), Some("user@hostname")); + assert_eq!( + &base32::encode(base32::Alphabet::RFC4648 { padding: false }, &hotp.secret()), + secret + ) +} -- 2.39.2