gosora/common/gauth/authenticator.go

66 lines
1.9 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// Google Authenticator 2FA
// Borrowed from https://github.com/tilaklodha/google-authenticator, as we can't import it as a library as it's in package main
package gauth
import (
"bytes"
"crypto/hmac"
"crypto/sha1"
"encoding/base32"
"encoding/binary"
"strconv"
"strings"
"time"
)
// Append extra 0s if the length of otp is less than 6
// If otp is "1234", it will return it as "001234"
func prefix0(otp string) string {
if len(otp) == 6 {
return otp
}
for i := (6 - len(otp)); i > 0; i-- {
otp = "0" + otp
}
return otp
}
func GetHOTPToken(secret string, interval int64) (string, error) {
// Converts secret to base32 Encoding. Base32 encoding desires a 32-character subset of the twenty-six letters AZ and ten digits 09
key, err := base32.StdEncoding.DecodeString(strings.ToUpper(secret))
if err != nil {
return "", err
}
bs := make([]byte, 8)
binary.BigEndian.PutUint64(bs, uint64(interval))
// Signing the value using HMAC-SHA1 Algorithm
hash := hmac.New(sha1.New, key)
hash.Write(bs)
h := hash.Sum(nil)
// We're going to use a subset of the generated hash.
// Using the last nibble (half-byte) to choose the index to start from.
// This number is always appropriate as it's maximum decimal 15, the hash will have the maximum index 19 (20 bytes of SHA1) and we need 4 bytes.
o := (h[19] & 15)
var header uint32
// Get 32 bit chunk from hash starting at the o
r := bytes.NewReader(h[o : o+4])
err = binary.Read(r, binary.BigEndian, &header)
if err != nil {
return "", err
}
// Ignore most significant bits as per RFC 4226.
// Takes division from one million to generate a remainder less than < 7 digits
h12 := (int(header) & 0x7fffffff) % 1000000
return prefix0(strconv.Itoa(int(h12))), nil
}
func GetTOTPToken(secret string) (string, error) {
// The TOTP token is just a HOTP token seeded with every 30 seconds.
interval := time.Now().Unix() / 30
return GetHOTPToken(secret, interval)
}