From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <w.bumiller@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 8CFEDA2BFE
 for <pbs-devel@lists.proxmox.com>; Tue, 20 Jun 2023 13:23:38 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 76D27343C0
 for <pbs-devel@lists.proxmox.com>; Tue, 20 Jun 2023 13:23:08 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pbs-devel@lists.proxmox.com>; Tue, 20 Jun 2023 13:23:08 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A619B41C1C
 for <pbs-devel@lists.proxmox.com>; Tue, 20 Jun 2023 13:23:07 +0200 (CEST)
Date: Tue, 20 Jun 2023 13:23:06 +0200
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Maximiliano Sandoval <m.sandoval@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Message-ID: <kywwbkhcwgqcmgarcv4l3liy3ywqhxcs2xkd4encw7eeepwyrl@y6m6wexnvsph>
References: <20230609155225.173010-1-m.sandoval@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230609155225.173010-1-m.sandoval@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.125 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [totp.rs]
Subject: [pbs-devel] applied: [PATCH pbs] tfa: Improve TOTP algorithm parsing
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2023 11:23:38 -0000

applied, though not too happy when tools just randomly casefold stuff
instead of using the values listed in the "spec" (whatever this one's
worth...)

On Fri, Jun 09, 2023 at 05:52:25PM +0200, Maximiliano Sandoval wrote:
> It is very common for TOTP URIs to contain the algorithm in lowercase,
> hence we convert to lowercase when doing From<&str> for Algorithm.
> 
> Signed-off-by: Maximiliano Sandoval <m.sandoval@proxmox.com>
> ---
>  proxmox-tfa/src/totp.rs | 28 ++++++++++++++++++++++++----
>  1 file changed, 24 insertions(+), 4 deletions(-)
> 
> diff --git a/proxmox-tfa/src/totp.rs b/proxmox-tfa/src/totp.rs
> index 7b8e6b3..97be715 100644
> --- a/proxmox-tfa/src/totp.rs
> +++ b/proxmox-tfa/src/totp.rs
> @@ -99,10 +99,10 @@ impl std::str::FromStr for Algorithm {
>      type Err = Error;
>  
>      fn from_str(s: &str) -> Result<Self, Error> {
> -        Ok(match s {
> -            "SHA1" => Algorithm::Sha1,
> -            "SHA256" => Algorithm::Sha256,
> -            "SHA512" => Algorithm::Sha512,
> +        Ok(match s.to_lowercase().as_str() {
> +            "sha1" => Algorithm::Sha1,
> +            "sha256" => Algorithm::Sha256,
> +            "sha512" => Algorithm::Sha512,
>              _ => return Err(Error::UnsupportedAlgorithm(s.to_string())),
>          })
>      }
> @@ -640,3 +640,23 @@ fn test_otp() {
>      assert_eq!(parsed.issuer.as_deref(), Some("An Issuer"));
>      assert_eq!(parsed.account_name.as_deref(), Some("The Account Name"));
>  }
> +
> +#[test]
> +fn test_algorithm_parsing() {
> +    let secret = "AA";
> +    let period = 30;
> +    let digits = 6;
> +    let issuer = "ISSUER";
> +    let uri = format!("otpauth://totp/user%40hostname?secret={secret}&issuer={issuer}&algorithm=sha1&digits={digits}&period={period}");
> +    let hotp: Totp = uri.parse().expect("failed to parse otp uri");
> +
> +    assert_eq!(hotp.algorithm, Algorithm::Sha1);
> +    assert_eq!(hotp.period, period);
> +    assert_eq!(hotp.digits, digits);
> +    assert_eq!(hotp.issuer.as_deref(), Some(issuer));
> +    assert_eq!(hotp.account_name.as_deref(), Some("user@hostname"));
> +    assert_eq!(
> +        &base32::encode(base32::Alphabet::RFC4648 { padding: false }, &hotp.secret()),
> +        secret
> +    )
> +}
> -- 
> 2.39.2