From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8CFEDA2BFE for ; Tue, 20 Jun 2023 13:23:38 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 76D27343C0 for ; Tue, 20 Jun 2023 13:23:08 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 20 Jun 2023 13:23:08 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A619B41C1C for ; Tue, 20 Jun 2023 13:23:07 +0200 (CEST) Date: Tue, 20 Jun 2023 13:23:06 +0200 From: Wolfgang Bumiller To: Maximiliano Sandoval Cc: pbs-devel@lists.proxmox.com Message-ID: References: <20230609155225.173010-1-m.sandoval@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230609155225.173010-1-m.sandoval@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.125 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [totp.rs] Subject: [pbs-devel] applied: [PATCH pbs] tfa: Improve TOTP algorithm parsing X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2023 11:23:38 -0000 applied, though not too happy when tools just randomly casefold stuff instead of using the values listed in the "spec" (whatever this one's worth...) On Fri, Jun 09, 2023 at 05:52:25PM +0200, Maximiliano Sandoval wrote: > It is very common for TOTP URIs to contain the algorithm in lowercase, > hence we convert to lowercase when doing From<&str> for Algorithm. > > Signed-off-by: Maximiliano Sandoval > --- > proxmox-tfa/src/totp.rs | 28 ++++++++++++++++++++++++---- > 1 file changed, 24 insertions(+), 4 deletions(-) > > diff --git a/proxmox-tfa/src/totp.rs b/proxmox-tfa/src/totp.rs > index 7b8e6b3..97be715 100644 > --- a/proxmox-tfa/src/totp.rs > +++ b/proxmox-tfa/src/totp.rs > @@ -99,10 +99,10 @@ impl std::str::FromStr for Algorithm { > type Err = Error; > > fn from_str(s: &str) -> Result { > - Ok(match s { > - "SHA1" => Algorithm::Sha1, > - "SHA256" => Algorithm::Sha256, > - "SHA512" => Algorithm::Sha512, > + Ok(match s.to_lowercase().as_str() { > + "sha1" => Algorithm::Sha1, > + "sha256" => Algorithm::Sha256, > + "sha512" => Algorithm::Sha512, > _ => return Err(Error::UnsupportedAlgorithm(s.to_string())), > }) > } > @@ -640,3 +640,23 @@ fn test_otp() { > assert_eq!(parsed.issuer.as_deref(), Some("An Issuer")); > assert_eq!(parsed.account_name.as_deref(), Some("The Account Name")); > } > + > +#[test] > +fn test_algorithm_parsing() { > + let secret = "AA"; > + let period = 30; > + let digits = 6; > + let issuer = "ISSUER"; > + let uri = format!("otpauth://totp/user%40hostname?secret={secret}&issuer={issuer}&algorithm=sha1&digits={digits}&period={period}"); > + let hotp: Totp = uri.parse().expect("failed to parse otp uri"); > + > + assert_eq!(hotp.algorithm, Algorithm::Sha1); > + assert_eq!(hotp.period, period); > + assert_eq!(hotp.digits, digits); > + assert_eq!(hotp.issuer.as_deref(), Some(issuer)); > + assert_eq!(hotp.account_name.as_deref(), Some("user@hostname")); > + assert_eq!( > + &base32::encode(base32::Alphabet::RFC4648 { padding: false }, &hotp.secret()), > + secret > + ) > +} > -- > 2.39.2