// otp.c, version 0.2.0
// OMKOV cryptutils otp
// Copyright (C) 2020, Jakob Wakeling
// MIT Licence

#include "util/base32.h"
#include "util/error.c"
#include "util/optget.h"
#include "util/strconv.h"

#include <openssl/evp.h>
#include <openssl/hmac.h>

#include <math.h>
#include <stdint.h>
#include <stdio.h>

#define VERSION "0.2.0"

static struct lop lops[] = {
	{ "help",    ARG_NUL, 256 },
	{ "version", ARG_NUL, 257 },
	{ NULL, 0, 0 }
};

static inline uint32_t hotp(uint8_t *K, size_t Klen, uint64_t C);

static void hlp(void);
static void ver(void);

int main(int ac, char *av[]) { A0 = av[0];
	struct opt opt = OPTGET_INIT; opt.str = ""; opt.lops = lops;
	for (int o; (o = optget(&opt, av, 1)) != -1;) switch (o) {
	case 256: { hlp(); return 0; }
	case 257: { ver(); return 0; }
	default: { return 1; }
	}
	
	if (opt.ind == ac) { error(1, "missing operand"); }
	
	uint8_t *k; size_t l = strlen(av[opt.ind]); uint64_t c;
	
	if (opt.ind == ac - 1) { c = time(NULL) / 30; }
	else {
		char *ep; c = strtou64(av[opt.ind + 1], &ep, 10);
		if (*ep) { error(1, "invalid counter"); }
	}
	
	k = (uint8_t *)malloc(B32DLEN(l) * sizeof (*k));
	if (!k) { error(1, "%s", serr()); }
	
	size_t kl = b32decode(k, (uint8_t *)av[opt.ind], l);
	
	printf("%06u\n", hotp(k, kl, c)); free(k); return 0;
}

/* Compute HOTP token with a key and counter */
static inline uint32_t hotp(uint8_t *K, size_t Klen, uint64_t C) {
	// Convert the counter to big endian if it isn't already
	uint32_t e = 0x000000FF; if ((*(uint8_t *)&e) == 0xFF) {
		C = ((C & 0x00000000FFFFFFFF) << 32) | ((C & 0xFFFFFFFF00000000) >> 32);
		C = ((C & 0x0000FFFF0000FFFF) << 16) | ((C & 0xFFFF0000FFFF0000) >> 16);
		C = ((C & 0x00FF00FF00FF00FF) <<  8) | ((C & 0xFF00FF00FF00FF00) >>  8);
	}
	
	// Step 1: Generate HMAC-SHA-1 digest
	uint8_t *d = HMAC(EVP_sha1(), K, Klen, (uint8_t *)&C, sizeof (C), NULL, 0);
	
	// Step 2: Truncate digest to 4 bytes
	uint32_t dt =
		(d[(d[19] & 0x0F)]     & 0x7F) << 24 |
		(d[(d[19] & 0x0F) + 1] & 0xFF) << 16 |
		(d[(d[19] & 0x0F) + 2] & 0xFF) << 8  |
		(d[(d[19] & 0x0F) + 3] & 0xFF);
	
	// Step 3: Calculate modulus of dt to get HOTP token
	return dt % (uint32_t)pow(10, 6/*Token length*/);
}

/* Print help information */
static void hlp(void) {
	puts("otp - compute hotp or totp tokens\n");
	puts("usage: otp secret [counter]\n");
	puts("options:");
	puts("  --help     Display help information");
	puts("  --version  Display version information");
}

/* Print version information */
static void ver(void) {
	puts("OMKOV cryptutils otp, version " VERSION);
	puts("Copyright (C) 2020, Jakob Wakeling");
	puts("MIT Licence (https://opensource.org/licenses/MIT)");
}