osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Watch 15
Star 7
Wiki 捐赠
本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 4f0cac5ea6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4f0cac5ea6'
${ noResults }
com/vendor/github.com/pquerna/otp/hotp/hotp.go

182 lines
4.7KB
Raw Blame History 

  1. /**

  2.  *  Copyright 2014 Paul Querna

  3.  *

  4.  *  Licensed under the Apache License, Version 2.0 (the "License");

  5.  *  you may not use this file except in compliance with the License.

  6.  *  You may obtain a copy of the License at

  7.  *

  8.  *      http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  *  Unless required by applicable law or agreed to in writing, software

  11.  *  distributed under the License is distributed on an "AS IS" BASIS,

  12.  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  *  See the License for the specific language governing permissions and

  14.  *  limitations under the License.

  15.  *

  16.  */

  17. 

  18. package hotp

  19. 

  20. import (

  21. 	"github.com/pquerna/otp"

  22. 

  23. 	"crypto/hmac"

  24. 	"crypto/rand"

  25. 	"crypto/subtle"

  26. 	"encoding/base32"

  27. 	"encoding/binary"

  28. 	"fmt"

  29. 	"math"

  30. 	"net/url"

  31. 	"strings"

  32. )

  33. 

  34. const debug = false

  35. 

  36. // Validate a HOTP passcode given a counter and secret.

  37. // This is a shortcut for ValidateCustom, with parameters that

  38. // are compataible with Google-Authenticator.

  39. func Validate(passcode string, counter uint64, secret string) bool {

  40. 	rv, _ := ValidateCustom(

  41. 		passcode,

  42. 		counter,

  43. 		secret,

  44. 		ValidateOpts{

  45. 			Digits:    otp.DigitsSix,

  46. 			Algorithm: otp.AlgorithmSHA1,

  47. 		},

  48. 	)

  49. 	return rv

  50. }

  51. 

  52. // ValidateOpts provides options for ValidateCustom().

  53. type ValidateOpts struct {

  54. 	// Digits as part of the input. Defaults to 6.

  55. 	Digits otp.Digits

  56. 	// Algorithm to use for HMAC. Defaults to SHA1.

  57. 	Algorithm otp.Algorithm

  58. }

  59. 

  60. // GenerateCode creates a HOTP passcode given a counter and secret.

  61. // This is a shortcut for GenerateCodeCustom, with parameters that

  62. // are compataible with Google-Authenticator.

  63. func GenerateCode(secret string, counter uint64) (string, error) {

  64. 	return GenerateCodeCustom(secret, counter, ValidateOpts{

  65. 		Digits:    otp.DigitsSix,

  66. 		Algorithm: otp.AlgorithmSHA1,

  67. 	})

  68. }

  69. 

  70. // GenerateCodeCustom uses a counter and secret value and options struct to

  71. // create a passcode.

  72. func GenerateCodeCustom(secret string, counter uint64, opts ValidateOpts) (passcode string, err error) {

  73. 	secretBytes, err := base32.StdEncoding.DecodeString(secret)

  74. 	if err != nil {

  75. 		return "", otp.ErrValidateSecretInvalidBase32

  76. 	}

  77. 

  78. 	buf := make([]byte, 8)

  79. 	mac := hmac.New(opts.Algorithm.Hash, secretBytes)

  80. 	binary.BigEndian.PutUint64(buf, counter)

  81. 	if debug {

  82. 		fmt.Printf("counter=%v\n", counter)

  83. 		fmt.Printf("buf=%v\n", buf)

  84. 	}

  85. 

  86. 	mac.Write(buf)

  87. 	sum := mac.Sum(nil)

  88. 

  89. 	// "Dynamic truncation" in RFC 4226

  90. 	// http://tools.ietf.org/html/rfc4226#section-5.4

  91. 	offset := sum[len(sum)-1] & 0xf

  92. 	value := int64(((int(sum[offset]) & 0x7f) << 24) |

  93. 		((int(sum[offset+1] & 0xff)) << 16) |

  94. 		((int(sum[offset+2] & 0xff)) << 8) |

  95. 		(int(sum[offset+3]) & 0xff))

  96. 

  97. 	l := opts.Digits.Length()

  98. 	mod := int32(value % int64(math.Pow10(l)))

  99. 

  100. 	if debug {

  101. 		fmt.Printf("offset=%v\n", offset)

  102. 		fmt.Printf("value=%v\n", value)

  103. 		fmt.Printf("mod'ed=%v\n", mod)

  104. 	}

  105. 

  106. 	return opts.Digits.Format(mod), nil

  107. }

  108. 

  109. // ValidateCustom validates an HOTP with customizable options. Most users should

  110. // use Validate().

  111. func ValidateCustom(passcode string, counter uint64, secret string, opts ValidateOpts) (bool, error) {

  112. 	passcode = strings.TrimSpace(passcode)

  113. 

  114. 	if len(passcode) != opts.Digits.Length() {

  115. 		return false, otp.ErrValidateInputInvalidLength

  116. 	}

  117. 

  118. 	otpstr, err := GenerateCodeCustom(secret, counter, opts)

  119. 	if err != nil {

  120. 		return false, err

  121. 	}

  122. 

  123. 	if subtle.ConstantTimeCompare([]byte(otpstr), []byte(passcode)) == 1 {

  124. 		return true, nil

  125. 	}

  126. 

  127. 	return false, nil

  128. }

  129. 

  130. // GenerateOpts provides options for .Generate()

  131. type GenerateOpts struct {

  132. 	// Name of the issuing Organization/Company.

  133. 	Issuer string

  134. 	// Name of the User's Account (eg, email address)

  135. 	AccountName string

  136. 	// Size in size of the generated Secret. Defaults to 10 bytes.

  137. 	SecretSize uint

  138. 	// Digits to request. Defaults to 6.

  139. 	Digits otp.Digits

  140. 	// Algorithm to use for HMAC. Defaults to SHA1.

  141. 	Algorithm otp.Algorithm

  142. }

  143. 

  144. // Generate creates a new HOTP Key.

  145. func Generate(opts GenerateOpts) (*otp.Key, error) {

  146. 	// url encode the Issuer/AccountName

  147. 	if opts.Issuer == "" {

  148. 		return nil, otp.ErrGenerateMissingIssuer

  149. 	}

  150. 

  151. 	if opts.AccountName == "" {

  152. 		return nil, otp.ErrGenerateMissingAccountName

  153. 	}

  154. 

  155. 	if opts.SecretSize == 0 {

  156. 		opts.SecretSize = 10

  157. 	}

  158. 

  159. 	// otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example

  160. 

  161. 	v := url.Values{}

  162. 	secret := make([]byte, opts.SecretSize)

  163. 	_, err := rand.Read(secret)

  164. 	if err != nil {

  165. 		return nil, err

  166. 	}

  167. 

  168. 	v.Set("secret", base32.StdEncoding.EncodeToString(secret))

  169. 	v.Set("issuer", opts.Issuer)

  170. 	v.Set("algorithm", opts.Algorithm.String())

  171. 	v.Set("digits", opts.Digits.String())

  172. 

  173. 	u := url.URL{

  174. 		Scheme:   "otpauth",

  175. 		Host:     "hotp",

  176. 		Path:     "/" + opts.Issuer + ":" + opts.AccountName,

  177. 		RawQuery: v.Encode(),

  178. 	}

  179. 

  180. 	return otp.NewKeyFromURL(u.String())

  181. }
上海开阖软件有限公司 沪ICP备12045867号-1