From d3b2a8018cd73180cf8260bb9e24e33590fb518e Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 16 Jul 2019 17:40:49 +0100 Subject: fish --- .gitignore | 10 +++ sha1/msauth.asm | 187 ++++++++++++++++++++++++++++++++-------------- sha1/test/Makefile | 11 +++ sha1/test/totp.pl | 212 +++++++++++++++++++++++++++++++++++++++++++++++++++++ sha1/test/totp3.c | 2 - 5 files changed, 366 insertions(+), 56 deletions(-) create mode 100644 sha1/test/Makefile create mode 100755 sha1/test/totp.pl diff --git a/.gitignore b/.gitignore index 57e6bbc..8188dde 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,13 @@ *.app *.lst *.p +.*.*swp +sha1/test/ +*.stamp +*.hex +sha1/*.l +sha1/*.lst +sha1/*.img +sha1/*.srec +from_others/numpad/numpad-?.asm +from_others/numpad/numpad.asm diff --git a/sha1/msauth.asm b/sha1/msauth.asm index 20523ae..e4d0929 100644 --- a/sha1/msauth.asm +++ b/sha1/msauth.asm @@ -108,27 +108,27 @@ sha1_loop: sta idx cmp #20 bhs sha1_k2 - lda #(K1-base) + lda #(K1-BASE_START) sta k ; T1 = (B & C) | ((~B) & D) - lda #(T2-base) + lda #(T2-BASE_START) sta dest - lda #(VB-base) + lda #(VB-BASE_START) sta src1 - lda #(FFFFFFFF-base) + lda #(FFFFFFFF-BASE_START) jsr xor4 ;T2=~B - lda #(T2-base) + lda #(T2-BASE_START) sta src1 - lda #(VD-base) + lda #(VD-BASE_START) jsr and4 ;T2=T2&D bra sha1_t2_or_bandc ; T1=T2 | (B&C) sha1_k2: cmp #40 bhs sha1_k3 - lda #(K2-base) + lda #(K2-BASE_START) sta k bra sha1_k24 ; T1 = B ^ C ^ D @@ -136,88 +136,88 @@ sha1_k3: cmp #60 bhs sha1_k4 ; T1 = (B & C) | (B & D) | (C & D) - lda #(K3-base) + lda #(K3-BASE_START) sta k - lda #(T1-base) + lda #(T1-BASE_START) sta dest - lda #(VD-base) + lda #(VD-BASE_START) sta src1 - lda #(VB-base) + lda #(VB-BASE_START) jsr and4 ; T1=B&D - lda #(T2-base) + lda #(T2-BASE_START) sta dest - lda #(VC-base) + lda #(VC-BASE_START) jsr and4 ; T2=C&D - lda #(T2-base) + lda #(T2-BASE_START) sta src1 - lda #(T1-base) + lda #(T1-BASE_START) jsr or4 ; T2=T1|T2 sha1_t2_or_bandc: - lda #(T1-base) + lda #(T1-BASE_START) sta dest - lda #(VB-base) + lda #(VB-BASE_START) sta src1 - lda #(VC-base) + lda #(VC-BASE_START) jsr and4 ; T1 = B&C - lda #(T1-base) + lda #(T1-BASE_START) sta src1 - lda #(T2-base) + lda #(T2-BASE_START) jsr or4 ; T1= T1|T2 bra sha1_shuffle sha1_k4: - lda #(K4-base) + lda #(K4-BASE_START) sta k sha1_k24: ; T1 = B ^ C ^ D - lda #(T1-base) + lda #(T1-BASE_START) sta dest - lda #(VB-base) + lda #(VB-BASE_START) sta src1 - lda #(VC-base) + lda #(VC-BASE_START) jsr xor4 - lda #(T1-base) + lda #(T1-BASE_START) sta src1 - lda #(VD-base) + lda #(VD-BASE_START) jsr xor4 sha1_shuffle: ; T1 is src1 and dest here - lda #(VE-base) + lda #(VE-BASE_START) jsr add4 ; T1=T1+E lda k jsr add4 ; T1=T1+k ; get data here - lda #(ZERO-base) + lda #(ZERO-BASE_START) jsr add4 ; T1=T1+data - lda #(VD-base) + lda #(VD-BASE_START) jsr copy_down ; E=D - lda #(VC-base) + lda #(VC-BASE_START) jsr copy_down ; D=C - lda #(VB-base) + lda #(VB-BASE_START) jsr copy_down ; C=B lda #30 jsr rot_left ; C=ROTLEFT(C,30) - lda #(VA-base) + lda #(VA-BASE_START) jsr copy_down ; B=A - lda #(VA-base) + lda #(VA-BASE_START) sta dest sta src1 lda #5 jsr rot_left ; A=ROTLEFT(A,5) - lda #(T1-base) + lda #(T1-BASE_START) jsr add4 ; A=A+T1 @@ -250,7 +250,7 @@ copy_down: sta src1 add #4 sta dest - lda #(ZERO-base) + lda #(ZERO-BASE_START) add4: sta src2 @@ -275,25 +275,25 @@ or4: sta op4_src2 op4_binary: ldx #0 - lda #base & $ff + lda #BASE_START & $ff add src2 sta op4_src2+2 txa - adc #base>>8 + adc #BASE_START>>8 sta op4_src2+1 - lda #base & $ff + lda #BASE_START & $ff add src1 sta op4_src1+2 txa - adc #base>>8 + adc #BASE_START>>8 sta op4_src1+1 - lda #base & $ff + lda #BASE_START & $ff add dest sta op4_dst+2 txa - adc #base>>8 + adc #BASE_START>>8 sta op4_dst+1 clc @@ -314,28 +314,36 @@ rot_left: ldx dest sta rot_cnt rot_loop: - lda base,x + lda BASE_START,x rola - lda base+1,x + lda BASE_START+1,x rola - sta base+1,x - lda base+2,x + sta BASE_START+1,x + lda BASE_START+2,x rola - sta base+2,x - lda base+3,x + sta BASE_START+2,x + lda BASE_START+3,x rola - sta base+3,x - lda base,x + sta BASE_START+3,x + lda BASE_START,x rola - sta base,x + sta BASE_START,x dec rot_cnt bne rot_loop rts -data: - -H: DB $01 +BASE_START: + +KEY: + DW $0e89 + DW $6e38 + DW $3cbb + DW $e9cf + DW $0000 + DW $e44f + +IH: DB $01 DB $23 DB $45 DB $67 @@ -355,7 +363,6 @@ H: DB $01 DB $E1 DB $D2 DB $C3 -base: K1: DB $99 DB $79 @@ -409,4 +416,76 @@ T2: DW 0 ZERO: DW 0 DW 0 + + +WBUF: + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + +KEYOR: + DW 0 + DW 0 + + +H: + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + + +DATA1: + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 + DW 0 +DATA2: + DW 0 + DW 0 + +BASE_END: diff --git a/sha1/test/Makefile b/sha1/test/Makefile new file mode 100644 index 0000000..62b3ef7 --- /dev/null +++ b/sha1/test/Makefile @@ -0,0 +1,11 @@ +TEST=3 + +PROG=totp${TEST} + +test: ${PROG} + ./totp.pl + ./${PROG} + + + + diff --git a/sha1/test/totp.pl b/sha1/test/totp.pl new file mode 100755 index 0000000..5903133 --- /dev/null +++ b/sha1/test/totp.pl @@ -0,0 +1,212 @@ +#!/usr/bin/perl -w +# +# 2 Factor Authentication Perl code which used the Time-based One-time Password +# Algorithm (TOTP) algorithm. You can use this code with the Google Authenticator +# mobile app or the Authy mobile or browser app. +# See: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm +# +# To get this to work you: +# +# 1) Properly seed the random number generator. +# 2) Use generateBase32Secret(...) to generate a secret key for a user. +# 3) Store the secret key in the database associated with the user account. +# 4) Display the QR image URL returned by qrImageUrl(...) to the user. +# 5) User uses the image to load the secret key into his authenticator application. +# +# Whenever the user logs in: +# +# 1) The user enters the number from the authenticator application into the login form. +# 2) The server compares the user input with the output from generateCurrentNumber(...). +# 3) If they are equal then the user is allowed to log in. +# +# Thanks to Vijay Boyapati @ stackoverflow +# http://stackoverflow.com/questions/25534193/google-authenticator-implementation-in-perl +# +######################################################################################## +# +# Copyright 2015, Gray Watson +# +# Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby +# granted provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE +# IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, +# OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +# THIS SOFTWARE. +# +# By Gray Watson http://256.com/gray/ +# + +use strict; +use warnings; + + +use Digest::SHA1 qw(sha1); + + +sub hash { + my ($msg, $key) = @_; + + if ( length($key) > 64) { $key = sha1($key) } + + my $ipad =xor_string_max_64($key, 0x36); + my $opad =xor_string_max_64($key, 0x5c); + + my $in1=$ipad . $msg; + print "in1=",unpack('H*',$in1),"\n"; + my $step1=sha1($in1); + + print "step1=",unpack('H*',$step1),"\n"; + + return sha1($opad . $step1); +} + +sub hexhash { + unpack("H*", hash(@_)); +} + +sub xor_string_max_64 { + my ($string, $xor_with) = @_; + my @ASCII = unpack("C*", $string); + my $i; + + for ($i=0; $i<=$#ASCII; $i++) { $ASCII[$i] = $ASCII[$i] ^ $xor_with } + if ($#ASCII < 63) { + for ($i=$#ASCII+1; $i<=63; $i++) { $ASCII[$i] = $xor_with } + } + pack("C*", @ASCII); +} + + + + +# this is a standard for most authenticator applications +my $TIME_STEP = 30; + +# there are better ways to seed the random number +srand(time() ^ $$); + +# once we generate a secret, it can be associated with a user account and persisted +#my $base32Secret = generateBase32Secret(); +# secret could have been retrieved from database associated with user +my $base32Secret = "NY4A5CPJZ46LXZCP"; + +print "secret = $base32Secret\n"; + +# this is the name of the key which can be displayed by the authenticator program +#my $keyId = "user\@foo.com"; +#print "Image url = " . qrImageUrl($keyId, $base32Secret) . "\n"; +# we can display this image to the user to let them load it into their auth program + +my $key = decodeBase32($base32Secret); + +my $time; + +$time=int(time() / $TIME_STEP); +$time=int(42918); + +print "key=",unpack('H*',$key),"\n"; + +my $paddedTime = sprintf("%016x",$time); +# this starts with \0's +my $data = pack('H*', $paddedTime); + +print "time=",unpack('H*',$data),"\n"; + +# we can use the code here and compare it against user input +# +my $code = generateCurrentNumber($base32Secret,$time); + +print "code = $code\n"; + +exit 0; + + +# +# this little loop is here to show how the number changes over time +# +while (1) { + my $diff = $TIME_STEP - (time() % $TIME_STEP); + my $time=int(time() / $TIME_STEP); + $code = generateCurrentNumber($base32Secret,$time); + print "Secret code = $code, change in $diff seconds\n"; + sleep(1); +} + +####################################################################################### + +# +# Generate a secret key in base32 format (A-Z2-7) +# +sub generateBase32Secret { + my @chars = ("A".."Z", "2".."7"); + my $length = scalar(@chars); + my $base32Secret = ""; + for (my $i = 0; $i < 16; $i++) { + $base32Secret .= $chars[rand($length)]; + } + return $base32Secret; +} + +# +# Return the current number associated with base32 secret to be compared with user input. +# +sub generateCurrentNumber { + my ($base32Secret,$time) = @_; + + # For more details of this magic algorithm, see: + # http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm + + # need a 16 character hex value + my $paddedTime = sprintf("%016x",$time); + # this starts with \0's + my $data = pack('H*', $paddedTime); + my $key = decodeBase32($base32Secret); + + # encrypt the data with the key and return the SHA1 of it in hex + my $hmac = hexhash($data, $key); + print "hmac=",$hmac,"\n"; + + # take the 4 least significant bits (1 hex char) from the encrypted string as an offset + my $offset = hex(substr($hmac, -1)); + print "offset=",$offset,"\n"; + # take the 4 bytes (8 hex chars) at the offset (* 2 for hex), and drop the high bit + my $encrypted = hex(substr($hmac, $offset * 2, 8)) & 0x7fffffff; + + # the token is then the last 6 digits in the number + my $token = $encrypted % 1000000; + # make sure it is 0 prefixed + return sprintf("%06d", $token); +} + +# +# Return the QR image url thanks to Google. This can be shown to the user and scanned +# by the authenticator program as an easy way to enter the secret. +# +sub qrImageUrl { + my ($keyId, $base32Secret) = @_; + my $otpUrl = "otpauth://totp/$keyId%3Fsecret%3D$base32Secret"; + return "https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=$otpUrl"; +} + +# +# Decode a base32 number which is used to encode the secret. +# +sub decodeBase32 { + my ($val) = @_; + + # turn into binary characters + $val =~ tr|A-Z2-7|\0-\37|; + # unpack into binary + $val = unpack('B*', $val); + + # cut off the 000 prefix + $val =~ s/000(.....)/$1/g; + # trim off some characters if not 8 character aligned + my $len = length($val); + $val = substr($val, 0, $len & ~7) if $len & 7; + + # pack back up + $val = pack('B*', $val); + return $val; +} diff --git a/sha1/test/totp3.c b/sha1/test/totp3.c index e2e6cfd..a1da5e5 100644 --- a/sha1/test/totp3.c +++ b/sha1/test/totp3.c @@ -257,8 +257,6 @@ sha1digest (void) } /* End of sha1digest() */ - - int main (int argc, char *argv[]) { -- cgit v1.2.3