From a79f03d9a62f1b1c8c850f9f78729d7eabb17636 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 28 Oct 2019 12:20:42 +0100
Subject: [PATCH] OTP: support v2 secret format

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 src/PVE/OTP.pm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/PVE/OTP.pm b/src/PVE/OTP.pm
index 019076b..070ab59 100644
--- a/src/PVE/OTP.pm
+++ b/src/PVE/OTP.pm
@@ -137,7 +137,13 @@ sub oath_verify_otp {
     foreach my $k (PVE::Tools::split_list($keys)) {
 	# Note: we generate 3 values to allow small time drift
 	my $binkey;
-	if ($k =~ /^[A-Z2-7=]{16}$/) {
+	if ($k =~ /^v2-0x([0-9a-fA-F]+)$/) {
+	    # v2, hex
+	    $binkey = pack('H*', $1);
+	} elsif ($k =~ /^v2-([A-Z2-7=]+)$/) {
+	    # v2, base32
+	    $binkey = MIME::Base32::decode_rfc3548($1);
+	} elsif ($k =~ /^[A-Z2-7=]{16}$/) {
 	    $binkey = MIME::Base32::decode_rfc3548($k);
 	} elsif ($k =~ /^[A-Fa-f0-9]{40}$/) {
 	    $binkey = pack('H*', $k);
-- 
2.39.2