mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7969 Commits
17 Branches
Tree: 3f5cdfe359
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3f5cdfe359'
${ noResults }
gitea/vendor/github.com/pquerna/otp/totp/totp.go

totp.go 5.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191 
  1. /**

  2.  *  Copyright 2014 Paul Querna

  3.  *

  4.  *  Licensed under the Apache License, Version 2.0 (the "License");

  5.  *  you may not use this file except in compliance with the License.

  6.  *  You may obtain a copy of the License at

  7.  *

  8.  *      http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  *  Unless required by applicable law or agreed to in writing, software

  11.  *  distributed under the License is distributed on an "AS IS" BASIS,

  12.  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  *  See the License for the specific language governing permissions and

  14.  *  limitations under the License.

  15.  *

  16.  */

  17. 

  18. package totp

  19. 

  20. import (

  21. 	"github.com/pquerna/otp"

  22. 	"github.com/pquerna/otp/hotp"

  23. 

  24. 	"crypto/rand"

  25. 	"encoding/base32"

  26. 	"math"

  27. 	"net/url"

  28. 	"strconv"

  29. 	"time"

  30. )

  31. 

  32. // Validate a TOTP using the current time.

  33. // A shortcut for ValidateCustom, Validate uses a configuration

  34. // that is compatible with Google-Authenticator and most clients.

  35. func Validate(passcode string, secret string) bool {

  36. 	rv, _ := ValidateCustom(

  37. 		passcode,

  38. 		secret,

  39. 		time.Now().UTC(),

  40. 		ValidateOpts{

  41. 			Period:    30,

  42. 			Skew:      1,

  43. 			Digits:    otp.DigitsSix,

  44. 			Algorithm: otp.AlgorithmSHA1,

  45. 		},

  46. 	)

  47. 	return rv

  48. }

  49. 

  50. // GenerateCode creates a TOTP token using the current time.

  51. // A shortcut for GenerateCodeCustom, GenerateCode uses a configuration

  52. // that is compatible with Google-Authenticator and most clients.

  53. func GenerateCode(secret string, t time.Time) (string, error) {

  54. 	return GenerateCodeCustom(secret, t, ValidateOpts{

  55. 		Period:    30,

  56. 		Skew:      1,

  57. 		Digits:    otp.DigitsSix,

  58. 		Algorithm: otp.AlgorithmSHA1,

  59. 	})

  60. }

  61. 

  62. // ValidateOpts provides options for ValidateCustom().

  63. type ValidateOpts struct {

  64. 	// Number of seconds a TOTP hash is valid for. Defaults to 30 seconds.

  65. 	Period uint

  66. 	// Periods before or after the current time to allow.  Value of 1 allows up to Period

  67. 	// of either side of the specified time.  Defaults to 0 allowed skews.  Values greater

  68. 	// than 1 are likely sketchy.

  69. 	Skew uint

  70. 	// Digits as part of the input. Defaults to 6.

  71. 	Digits otp.Digits

  72. 	// Algorithm to use for HMAC. Defaults to SHA1.

  73. 	Algorithm otp.Algorithm

  74. }

  75. 

  76. // GenerateCodeCustom takes a timepoint and produces a passcode using a

  77. // secret and the provided opts. (Under the hood, this is making an adapted

  78. // call to hotp.GenerateCodeCustom)

  79. func GenerateCodeCustom(secret string, t time.Time, opts ValidateOpts) (passcode string, err error) {

  80. 	if opts.Period == 0 {

  81. 		opts.Period = 30

  82. 	}

  83. 	counter := uint64(math.Floor(float64(t.Unix()) / float64(opts.Period)))

  84. 	passcode, err = hotp.GenerateCodeCustom(secret, counter, hotp.ValidateOpts{

  85. 		Digits:    opts.Digits,

  86. 		Algorithm: opts.Algorithm,

  87. 	})

  88. 	if err != nil {

  89. 		return "", err

  90. 	}

  91. 	return passcode, nil

  92. }

  93. 

  94. // ValidateCustom validates a TOTP given a user specified time and custom options.

  95. // Most users should use Validate() to provide an interpolatable TOTP experience.

  96. func ValidateCustom(passcode string, secret string, t time.Time, opts ValidateOpts) (bool, error) {

  97. 	if opts.Period == 0 {

  98. 		opts.Period = 30

  99. 	}

  100. 

  101. 	counters := []uint64{}

  102. 	counter := int64(math.Floor(float64(t.Unix()) / float64(opts.Period)))

  103. 

  104. 	counters = append(counters, uint64(counter))

  105. 	for i := 1; i <= int(opts.Skew); i++ {

  106. 		counters = append(counters, uint64(counter+int64(i)))

  107. 		counters = append(counters, uint64(counter-int64(i)))

  108. 	}

  109. 

  110. 	for _, counter := range counters {

  111. 		rv, err := hotp.ValidateCustom(passcode, counter, secret, hotp.ValidateOpts{

  112. 			Digits:    opts.Digits,

  113. 			Algorithm: opts.Algorithm,

  114. 		})

  115. 

  116. 		if err != nil {

  117. 			return false, err

  118. 		}

  119. 

  120. 		if rv == true {

  121. 			return true, nil

  122. 		}

  123. 	}

  124. 

  125. 	return false, nil

  126. }

  127. 

  128. // GenerateOpts provides options for Generate().  The default values

  129. // are compatible with Google-Authenticator.

  130. type GenerateOpts struct {

  131. 	// Name of the issuing Organization/Company.

  132. 	Issuer string

  133. 	// Name of the User's Account (eg, email address)

  134. 	AccountName string

  135. 	// Number of seconds a TOTP hash is valid for. Defaults to 30 seconds.

  136. 	Period uint

  137. 	// Size in size of the generated Secret. Defaults to 10 bytes.

  138. 	SecretSize uint

  139. 	// Digits to request. Defaults to 6.

  140. 	Digits otp.Digits

  141. 	// Algorithm to use for HMAC. Defaults to SHA1.

  142. 	Algorithm otp.Algorithm

  143. }

  144. 

  145. // Generate a new TOTP Key.

  146. func Generate(opts GenerateOpts) (*otp.Key, error) {

  147. 	// url encode the Issuer/AccountName

  148. 	if opts.Issuer == "" {

  149. 		return nil, otp.ErrGenerateMissingIssuer

  150. 	}

  151. 

  152. 	if opts.AccountName == "" {

  153. 		return nil, otp.ErrGenerateMissingAccountName

  154. 	}

  155. 

  156. 	if opts.Period == 0 {

  157. 		opts.Period = 30

  158. 	}

  159. 

  160. 	if opts.SecretSize == 0 {

  161. 		opts.SecretSize = 10

  162. 	}

  163. 

  164. 	if opts.Digits == 0 {

  165. 		opts.Digits = otp.DigitsSix

  166. 	}

  167. 

  168. 	// otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example

  169. 

  170. 	v := url.Values{}

  171. 	secret := make([]byte, opts.SecretSize)

  172. 	_, err := rand.Read(secret)

  173. 	if err != nil {

  174. 		return nil, err

  175. 	}

  176. 

  177. 	v.Set("secret", base32.StdEncoding.EncodeToString(secret))

  178. 	v.Set("issuer", opts.Issuer)

  179. 	v.Set("period", strconv.FormatUint(uint64(opts.Period), 10))

  180. 	v.Set("algorithm", opts.Algorithm.String())

  181. 	v.Set("digits", opts.Digits.String())

  182. 

  183. 	u := url.URL{

  184. 		Scheme:   "otpauth",

  185. 		Host:     "totp",

  186. 		Path:     "/" + opts.Issuer + ":" + opts.AccountName,

  187. 		RawQuery: v.Encode(),

  188. 	}

  189. 

  190. 	return otp.NewKeyFromURL(u.String())

  191. }