Fix time sensitive exploit as referenced in https://gruss.cc/files/counterseveillance.pdf (thank you)

Author: tilkinsc

cotp.c

@@ -124,43 +124,29 @@ void otp_free(OTPData* data)
 			1 success
 		error, 0
 */
-COTPRESULT otp_byte_secret(OTPData* data, char* out_str)
-{
-	if (out_str == NULL || strlen(data->base32_secret) % 8 != 0)
+COTPRESULT otp_byte_secret(OTPData* data, char* out_str) {
+	if (out_str == NULL || strlen(data->base32_secret) % 8 != 0) {
 		return OTP_ERROR;
+	}
 
 	size_t base32_length = strlen(data->base32_secret);
 	size_t num_blocks = base32_length / 8;
 	size_t output_length = num_blocks * 5;
 
-	if (output_length == 0)
+	if (output_length == 0) {
 		return OTP_OK;
+	}
 
-	for (size_t i = 0; i < num_blocks; i++)
-	{
+	int valid = 1;
+	
+	for (size_t i = 0; i < num_blocks; i++) {
 		unsigned int block_values[8] = { 0 };
 
-		for (int j = 0; j < 8; j++)
-		{
+		for (int j = 0; j < 8; j++) {
 			char c = data->base32_secret[i * 8 + j];
-			if (c == '=')
-				break;
-				
-			int found = 0;
-			for (int k = 0; k < 32; k++)
-			{
-				if (c == OTP_DEFAULT_BASE32_CHARS[k])
-				{
-					block_values[j] = k;
-					found = 1;
-					break;
-				}
-			}
-			
-			if (!found)
-			{
-				return OTP_ERROR;
-			}
+			unsigned int value = (unsigned char) c < 256 ? OTP_DEFAULT_BASE32_OFFSETS[(unsigned char) c] : -1;
+			block_values[j] = value & 31;
+			valid &= (value >= 0);
 		}
 
 		out_str[i * 5] = (block_values[0] << 3) | (block_values[1] >> 2);
@@ -169,8 +155,8 @@ COTPRESULT otp_byte_secret(OTPData* data, char* out_str)
 		out_str[i * 5 + 3] = (block_values[4] << 7) | (block_values[5] << 2) | (block_values[6] >> 3);
 		out_str[i * 5 + 4] = (block_values[6] << 5) | block_values[7];
 	}
-	
-	return OTP_OK;
+
+	return valid ? OTP_OK : OTP_ERROR;
 }
 
 /*

cotp.h

@@ -12,7 +12,30 @@ typedef int COTPRESULT;
 
 
 /*
-	Default characters used in BASE32 digests.
+	Default characters used in BASE32 digests for security concious linear lookup.
+	For use with otp_byte_secret()
+*/
+static const int OTP_DEFAULT_BASE32_OFFSETS[256] = {
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 0-15
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 16-31
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 32-47
+	0, 0, 26, 27, 28, 29, 30, 31, 0, 0, 0, 0, 0, 0, 0, 0, // 48-63 ('2'-'7')
+	0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, // 64-79 ('A'-'O')
+	15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, 0, 0, 0, 0, // 80-95 ('P'-'Z')
+	0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, // 96-111 ('a'-'o')
+	15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 0, 0, 0, 0, 0, // 112-127 ('p'-'z')
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 128-143
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 144-159
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 160-175
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 176-191
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 192-207
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 208-223
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 224-239
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0  // 240-255
+};
+
+/*
+	
 	For use with otp_random_base32()
 */
 static const char OTP_DEFAULT_BASE32_CHARS[32] =
@@ -23,7 +46,6 @@ static const char OTP_DEFAULT_BASE32_CHARS[32] =
 	'6', '7'
 };
 
-
 /*
 	Used for differentiation on which
 	  method you are using. Necessary

test/main.c

@@ -226,8 +226,8 @@ int main(int argc, char** argv)
 	char base32_new_secret[base32_len + 1];
 	memset(&base32_new_secret, 0, base32_len + 1);
 
-	otp_random_base32(base32_len, base32_new_secret);
-	printf("Random Generated BASE32 Secret: `%s`\n", base32_new_secret);
+	int random_otp_err = otp_random_base32(base32_len, base32_new_secret);
+	printf("Random Generated BASE32 Secret pass=1: `%s` `%d`\n", base32_new_secret, random_otp_err);
 
 	puts(""); // line break for readability