otp

package module

v0.0.0-...-4b0f748 Latest Latest Go to latest Published: Nov 9, 2023 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jonfriesen/otp

Links

Open Source Insights

README ¶

This package is an implementation of RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm and RFC 6238: TOTP: Time-Based One-Time Password Algorithm with slight deviations from the RFC based on the algorithmic reference implementation and tested using the RFC test values to ensure comaptibility with other HOTP and TOTP systems.

Installation

Clone this repository into your Go src directory or pull it automatically with:

$ go get github.com/jonfriesen/otp

Usage

import "github.com/jonfriesen/otp"
...
// To generate and checking a Time base OTP
totpToken := NewTOTP("secret", Time, 8, 30, 2, sha1.New)
totp := totpToken.Generate()
isValid := totp == totpToken.Check("12345678")
...
// To generate and checking a HMAC OTP 
hotpToken := NewHOTP("secret", 0, 6, 5, sha1.New)
hotp := hotpToken.Generate()
isValid := hotp == hotpToken.Check("123456")

Considerations and Variations from RFC

Checksum

The checksum option is not included in this implementation as I feel most real world implementations don't use it or account for it.

Truncation Offset

The truncation offset is intended to give the entire hash digest the opportunity to contribute to the truncated portion of the hash. Removing this section does not make the algorithm more or less secure.

Motivation

The OTP package was created to offer a simple, close implementation of RFC 4226 and RFC 6238 for easy consumption in Go.

Contributions

Pull Requests are welcome, please include tests covering your contributions.

Documentation ¶

Index ¶

func Secret(isBase32 bool) string
type Hotp
- func NewHOTP(c *HotpConfig) *Hotp
type HotpConfig
type Totp
- func NewTOTP(c *TotpConfig) *Totp
- func (t Totp) Check(otp string) bool
- func (t Totp) Generate() string
type TotpConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Secret ¶

func Secret(isBase32 bool) string

Secret Quickly Generates a Secret of 20 characters

Types ¶

type Hotp ¶

type Hotp struct {
	Secret   string
	Count    int
	Length   int
	Window   int
	IsBase32 bool
	Hasher   func() hash.Hash
}

Hotp is a struct holding the details for a hmac-sha1 otp

func NewHOTP ¶

func NewHOTP(c *HotpConfig) *Hotp

NewHOTP constructor for hotp object

func (Hotp) Check ¶

func (h Hotp) Check(otp string) (bool, int)

Check validates an HOTP accepts secret, count, length to generate the OTP's to validate an incoming OTP, and how many times to increase the validation count

func (Hotp) Generate ¶

func (h Hotp) Generate() string

Generate Generates an HOTP Note: HOTP recommended length is 6 as per RFC 4226

func (Hotp) Sync ¶

func (h Hotp) Sync(otp1 string, otp2 string) (bool, int)

Sync checks next OTP until it finds two sequential matches max of 100 checks returns success and new count location

type HotpConfig ¶

type HotpConfig struct {
	Secret    string
	Count     int
	Length    int
	Window    int
	UseBase32 bool
	Crypto    string
}

HotpConfig holds user friendly configurations for creating tokens using the NewHOTP function otherwise the Hotp object can be created independantly.

type Totp ¶

type Totp struct {
	Secret     string
	TimeBox    time.Time
	Length     int
	Window     int
	WindowSize int
	IsBase32   bool
	Hasher     func() hash.Hash
}

Totp is a struct holding the details for a time based hmac-sha1 otp

func NewTOTP ¶

func NewTOTP(c *TotpConfig) *Totp

NewTOTP constructor for hotp object func NewTOTP(secret string, TimeBox time.Time, length int, window int, windowSize int, isBase32 bool, hasher func() hash.Hash) *Totp {

func (Totp) Check ¶

func (t Totp) Check(otp string) bool

Check validates an TOTP accepts secret, time, length to generate the OTP's to validate an incoming OTP, and how many times to increase the validation count

func (Totp) Generate ¶

func (t Totp) Generate() string

Generate Generates an TOTP Note: TOTP recommended length is 8 as per RFC 6238

type TotpConfig ¶

type TotpConfig struct {
	Secret     string
	Time       time.Time
	Length     int
	Window     int
	WindowSize int
	UseBase32  bool
	Crypto     string
}

TotpConfig holds user friendly configurations for creating tokens using the NewTOTP function otherwise the Hotp object can be created independantly.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL