Documentation
¶
Overview ¶
Package otp (one-time passwords) provides a simple, clean, and idiomatic way for generating and verifying one-time passwords for both HOTP and TOTP defined in RFC 4226 and 6238.
Example ¶
package main
import (
"fmt"
"github.com/PaienNate/go-guardian/v2/otp"
)
func main() {
key, _ := otp.NewKeyFromRaw("otpauth://hotp/TEST?secret=GXNRHI2MFRFWXQGJHWZJFOSYI6E7MEVA")
verifier := otp.New(key)
ok, err := verifier.Verify("345515")
fmt.Println(ok, err)
}
Output: true <nil>
Index ¶
- Constants
- Variables
- func GenerateOTP(secret string, counter uint64, algo HashAlgorithm, dig Digits) (string, error)
- func GenerateSecret(size uint) (string, error)
- type Digits
- type HashAlgorithm
- type Key
- func (k *Key) AccountName() string
- func (k *Key) Algorithm() HashAlgorithm
- func (k *Key) Counter() uint64
- func (k *Key) Digits() Digits
- func (k *Key) Issuer() string
- func (k *Key) IssuerLabelPrefix() string
- func (k *Key) Label() string
- func (k *Key) Period() uint64
- func (k *Key) Secret() string
- func (k *Key) SetAlgorithm(algo HashAlgorithm)
- func (k *Key) SetCounter(count uint64)
- func (k *Key) SetDigits(d Digits)
- func (k *Key) SetIssuer(issuer string)
- func (k *Key) SetLabel(label string)
- func (k *Key) SetPeriod(p uint64)
- func (k *Key) SetSecret(secret string)
- func (k *Key) SetType(t Type)
- func (k *Key) Type() Type
- type Type
- type VerificationDisabledError
- type Verifier
Examples ¶
Constants ¶
const ( // SHA1 represents the SHA1 algorithm name. SHA1 = HashAlgorithm("SHA1") // SHA256 represents the SHA256 algorithm name. SHA256 = HashAlgorithm("SHA256") // SHA512 represents the SHA512 algorithm name. SHA512 = HashAlgorithm("SHA512") )
const ( // TOTP represents totp, defined in RFC 6238 TOTP = Type("totp") // HOTP represents hotp, defined in RFC 4266 HOTP = Type("hotp") )
Variables ¶
var ErrMaxAttempts = errors.New("OTP: Max attempts reached, Account locked out")
ErrMaxAttempts is returned by Verifier, When the verification failures count equal the max attempts.
var ErrWeakSecretSize = errors.New("Weak secret size, The shared secret MUST be at least 128 bits")
ErrWeakSecretSize is returned by GenerateSecret, when input secret size does not meet RFC 4226 requirements.
Functions ¶
func GenerateOTP ¶
GenerateOTP return one time password or an error if occurs The function compliant with RFC 4226, and implemented as mentioned in section 5.3 See https://tools.ietf.org/html/rfc4226#section-5.3
Types ¶
type HashAlgorithm ¶
type HashAlgorithm string
HashAlgorithm represents the hashing function to use in the HMAC
func (HashAlgorithm) Hasher ¶
func (h HashAlgorithm) Hasher() func() hash.Hash
Hasher returns a function create new hash.Hash.
func (HashAlgorithm) String ¶
func (h HashAlgorithm) String() string
String describe HashAlgorithm as string
type Key ¶
Key represnt Uri Format for OTP See https://github.com/google/google-authenticator/wiki/Key-Uri-Format
func NewKeyFromRaw ¶
NewKeyFromRaw return's key from raw string.
func (*Key) AccountName ¶
AccountName returns the name of the user's account.
func (*Key) Algorithm ¶
func (k *Key) Algorithm() HashAlgorithm
Algorithm return the hashing Algorithm name
func (*Key) Counter ¶
Counter return initial counter value. for provisioning a key for use with HOTP // if type not a hopt the returned value is 0
func (*Key) IssuerLabelPrefix ¶
IssuerLabelPrefix returns a string value indicating the provider or service extracted from label.
func (*Key) Period ¶
Period that a TOTP code will be valid for, in seconds. The default value is 30. if type not a topt the returned value is 0
func (*Key) SetAlgorithm ¶
func (k *Key) SetAlgorithm(algo HashAlgorithm)
SetAlgorithm set hash algorithm in key.
func (*Key) SetCounter ¶
SetCounter value in key . if type not a hopt the set operation ignored.
type VerificationDisabledError ¶
VerificationDisabledError is returned by Verifier when the password verification process disabled for a period of time.
func (VerificationDisabledError) Error ¶
func (v VerificationDisabledError) Error() string
Error returns string describe verification process disabled for a period of time.
type Verifier ¶
type Verifier struct {
// EnableLockout enable or disable lockout mechanism
// Default true
EnableLockout bool
// LockOutStartAt define in what attempt number, lockout mechanism start to work.
// Default 0
LockOutStartAt uint
// LockOutDelay define delay window to disable password verification process default 30
// the formula is delay * failed Attempts as described in RFC 4226 section-7.3.
LockOutDelay uint
// MaxAttempts define max attempts of verification failures to lock the account default 3.
MaxAttempts uint
// Failures represents the count of verification failures.
Failures uint
// Skew define periods before or after the current counter to allow,
// which allow compare OTPs not only with,
// the receiving timestamp but also the past timestamps that are within,
// the transmission delay, as described in RFC 6238 section-5.2
// Default 1.
//
// Warning: A larger Skew would expose a larger window for attacks.
Skew uint
// DealyTime represents time until password verification process re-enabled.
DealyTime time.Time
// Key represnt Uri Format for OTP.
Key *Key
// contains filtered or unexported fields
}
Verifier represents one-time password verification for both HOTP and TOTP.
func (*Verifier) GenerateOTP ¶
GenerateOTP return one time password or an error if occurs The Method is alias for GenerateOTP Function.
Source Files