gotp

package module
Version: v0.0.0-...-fab697c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2022 License: MIT Imports: 10 Imported by: 49

README

GOTP - The Golang One-Time Password Library

build-status MIT License

GOTP is a Golang package for generating and verifying one-time passwords. It can be used to implement two-factor (2FA) or multi-factor (MFA) authentication methods in anywhere that requires users to log in.

Open MFA standards are defined in RFC 4226 (HOTP: An HMAC-Based One-Time Password Algorithm) and in RFC 6238 (TOTP: Time-Based One-Time Password Algorithm). GOTP implements server-side support for both of these standards.

GOTP was inspired by PyOTP.

Installation

$ go get github.com/xlzd/gotp

Usage

Check API docs at https://godoc.org/github.com/xlzd/gotp

Time-based OTPs
totp := gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO")
totp.Now()  // current otp '123456'
totp.At(1524486261)  // otp of timestamp 1524486261 '123456'

# OTP verified for a given timestamp
totp.Verify('492039', 1524486261)  // true
totp.Verify('492039', 1520000000)  // false

// generate a provisioning uri
totp.ProvisioningUri("demoAccountName", "issuerName")
// otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName
Counter-based OTPs
hotp := gotp.NewDefaultHOTP("4S62BZNFXXSZLCRO")
hotp.At(0)  // '944181'
hotp.At(1)  // '770975'

# OTP verified for a given timestamp
hotp.Verify('944181', 0)  // true
hotp.Verify('944181', 1)  // false

// generate a provisioning uri
hotp.ProvisioningUri("demoAccountName", "issuerName", 1)
// otpauth://hotp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&counter=1&issuer=issuerName
Generate random secret
secretLength := 16
gotp.RandomSecret(secretLength) // LMT4URYNZKEWZRAA
Google Authenticator Compatible

GOTP works with the Google Authenticator iPhone and Android app, as well as other OTP apps like Authy. GOTP includes the ability to generate provisioning URIs for use with the QR Code scanner built into these MFA client apps via otpObj.ProvisioningUri method:

gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO").ProvisioningUri("demoAccountName", "issuerName")
// otpauth://totp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&issuer=issuerName


gotp.NewDefaultHOTP("4S62BZNFXXSZLCRO").ProvisioningUri("demoAccountName", "issuerName", 1)
// otpauth://hotp/issuerName:demoAccountName?secret=4S62BZNFXXSZLCRO&counter=1&issuer=issuerName

This URL can then be rendered as a QR Code which can then be scanned and added to the users list of OTP credentials.

Working example

Scan the following barcode with your phone's OTP app (e.g. Google Authenticator):

Demo

Now run the following and compare the output:

package main

import (
	"fmt"
	"github.com/xlzd/gotp"
)

func main() {
	fmt.Println("Current OTP is", gotp.NewDefaultTOTP("4S62BZNFXXSZLCRO").Now())
}

License

GOTP is licensed under the MIT License

Documentation

Index

Constants

View Source
const (
	OtpTypeTotp = "totp"
	OtpTypeHotp = "hotp"
)

Variables

This section is empty.

Functions

func BuildUri

func BuildUri(otpType, secret, accountName, issuerName, algorithm string, initialCount, digits, period int) string

Returns the provisioning URI for the OTP; works for either TOTP or HOTP. This can then be encoded in a QR Code and used to provision the Google Authenticator app. For module-internal use. See also:

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

params:

otpType:     otp type, must in totp/hotp
secret:       the hotp/totp secret used to generate the URI
accountName:  name of the account
issuerName:   the name of the OTP issuer; this will be the organization title of the OTP entry in Authenticator
algorithm:    the algorithm used in the OTP generation
initialCount: starting counter value. Only works for hotp
digits:       the length of the OTP generated code.
period:       the number of seconds the OTP generator is set to expire every code.

returns: provisioning uri

func Itob

func Itob(integer int) []byte

integer to byte array

func RandomSecret

func RandomSecret(length int) string

generate a random secret of given length (number of bytes) returns empty string if something bad happened

Types

type HOTP

type HOTP struct {
	OTP
}

HMAC-based OTP counters.

func NewDefaultHOTP

func NewDefaultHOTP(secret string) *HOTP

func NewHOTP

func NewHOTP(secret string, digits int, hasher *Hasher) *HOTP

func (*HOTP) At

func (h *HOTP) At(count int) string

Generates the OTP for the given count.

func (*HOTP) ProvisioningUri

func (h *HOTP) ProvisioningUri(accountName, issuerName string, initialCount int) string

Returns the provisioning URI for the OTP. This can then be encoded in a QR Code and used to provision an OTP app like Google Authenticator.

See also:

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

params:

accountName:  name of the account
issuerName:   the name of the OTP issuer; this will be the organization title of the OTP entry in Authenticator
initialCount: starting HMAC counter value

returns: provisioning URI

func (*HOTP) Verify

func (h *HOTP) Verify(otp string, count int) bool

Verify OTP.

params:

otp:   the OTP to check against
count: the OTP HMAC counter

type Hasher

type Hasher struct {
	HashName string
	Digest   func() hash.Hash
}

type OTP

type OTP struct {
	// contains filtered or unexported fields
}

func NewOTP

func NewOTP(secret string, digits int, hasher *Hasher) OTP

type TOTP

type TOTP struct {
	OTP
	// contains filtered or unexported fields
}

time-based OTP counters.

func NewDefaultTOTP

func NewDefaultTOTP(secret string) *TOTP

func NewTOTP

func NewTOTP(secret string, digits, interval int, hasher *Hasher) *TOTP

func (*TOTP) At

func (t *TOTP) At(timestamp int) string

Generate time OTP of given timestamp

func (*TOTP) Now

func (t *TOTP) Now() string

Generate the current time OTP

func (*TOTP) NowWithExpiration

func (t *TOTP) NowWithExpiration() (string, int64)

Generate the current time OTP and expiration time

func (*TOTP) ProvisioningUri

func (t *TOTP) ProvisioningUri(accountName, issuerName string) string

Returns the provisioning URI for the OTP. This can then be encoded in a QR Code and used to provision an OTP app like Google Authenticator.

See also:

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

params:

accountName: name of the account
issuerName:  the name of the OTP issuer; this will be the organization title of the OTP entry in Authenticator

returns: provisioning URI

func (*TOTP) Verify

func (t *TOTP) Verify(otp string, timestamp int) bool

Verify OTP.

params:

otp:         the OTP to check against
timestamp:   time to check OTP at

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL