twofactor

README

twofactor

Author

twofactor was written by Kyle Isom kyle@tyrfingr.is.

License

Copyright (c) 2017 Kyle Isom <kyle@imap.cc>

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

Documentation

Overview

twofactor implements two-factor authentication.

Currently supported are RFC 4226 HOTP one-time passwords and RFC 6238 TOTP SHA-1 one-time passwords.

Index

• Constants
• Variables
• func Pad(s string) string
• type HOTP
  • func GenerateGoogleHOTP() *HOTP
  • func NewHOTP(key []byte, counter uint64, digits int) *HOTP
  • func (otp *HOTP) OTP() string
  • func (otp *HOTP) QR(label string) ([]byte, error)
  • func (otp *HOTP) SetProvider(provider string)
  • func (otp *HOTP) Type() Type
  • func (otp *HOTP) URL(label string) string
• type OATH
  • func (o OATH) Counter() uint64
  • func (o OATH) Hash() func() hash.Hash
  • func (o OATH) Key() []byte
  • func (o OATH) OTP(counter uint64) string
  • func (o OATH) QR(t Type, label string) ([]byte, error)
  • func (o OATH) SetCounter(counter uint64)
  • func (o OATH) Size() int
  • func (o OATH) URL(t Type, label string) string
• type OTP
  • func FromURL(URL string) (OTP, string, error)
• type TOTP
  • func GenerateGoogleTOTP() *TOTP
  • func NewGoogleTOTP(secret string) (*TOTP, error)
  • func NewTOTP(key []byte, start uint64, step uint64, digits int, algo crypto.Hash) *TOTP
  • func NewTOTPSHA1(key []byte, start uint64, step uint64, digits int) *TOTP
  • func (otp *TOTP) OTP() string
  • func (otp *TOTP) OTPCounter() uint64
  • func (otp *TOTP) QR(label string) ([]byte, error)
  • func (otp *TOTP) SetProvider(provider string)
  • func (otp *TOTP) Type() Type
  • func (otp *TOTP) URL(label string) string
• type Type

Constants

const (
	OATH_HOTP = iota
	OATH_TOTP
)

Variables

var (
	ErrInvalidURL  = errors.New("twofactor: invalid URL")
	ErrInvalidAlgo = errors.New("twofactor: invalid algorithm")
)

var PRNG = rand.Reader

PRNG is an io.Reader that provides a cryptographically secure random byte stream.

Functions

func Pad

func Pad(s string) string

Pad calculates the number of '='s to add to our encoded string to make base32.StdEncoding.DecodeString happy

Types

type HOTP

type HOTP struct {
	*OATH
}

HOTP represents an RFC-4226 Hash-based One Time Password instance.

func GenerateGoogleHOTP

func GenerateGoogleHOTP() *HOTP

GenerateGoogleHOTP generates a new HOTP instance as used by Google Authenticator.

func NewHOTP

func NewHOTP(key []byte, counter uint64, digits int) *HOTP

NewHOTP takes the key, the initial counter value, and the number of digits (typically 6 or 8) and returns a new HOTP instance.

func (*HOTP) OTP

func (otp *HOTP) OTP() string

OTP returns the next OTP and increments the counter.

func (*HOTP) QR

func (otp *HOTP) QR(label string) ([]byte, error)

QR generates a new QR code for the HOTP.

func (*HOTP) SetProvider

func (otp *HOTP) SetProvider(provider string)

SetProvider sets up the provider component of the OTP URL.

func (*HOTP) Type

func (otp *HOTP) Type() Type

Type returns OATH_HOTP.

func (*HOTP) URL

func (otp *HOTP) URL(label string) string

URL returns an HOTP URL (i.e. for putting in a QR code).

type OATH

type OATH struct {
	// contains filtered or unexported fields
}

OATH provides a baseline structure for the two OATH algorithms.

func (OATH) Counter

func (o OATH) Counter() uint64

Counter returns the OATH token's counter.

func (OATH) Hash

func (o OATH) Hash() func() hash.Hash

Hash returns the token's hash function.

func (OATH) Key

func (o OATH) Key() []byte

Key returns the token's secret key.

func (OATH) OTP

func (o OATH) OTP(counter uint64) string

The top-level type should provide a counter; for example, HOTP will provide the counter directly while TOTP will provide the time-stepped counter.

func (OATH) QR

func (o OATH) QR(t Type, label string) ([]byte, error)

QR generates a byte slice containing the a QR code encoded as a PNG with level Q error correction.

func (OATH) SetCounter

func (o OATH) SetCounter(counter uint64)

SetCounter updates the OATH token's counter to a new value.

func (OATH) Size

func (o OATH) Size() int

Size returns the output size (in characters) of the password.

func (OATH) URL

func (o OATH) URL(t Type, label string) string

URL constructs a URL appropriate for the token (i.e. for use in a QR code).

type OTP

type OTP interface {
	// Returns the current counter value; the meaning of the
	// returned value is algorithm-specific.
	Counter() uint64

	// Set the counter to a specific value.
	SetCounter(uint64)

	// the secret key contained in the OTP
	Key() []byte

	// generate a new OTP
	OTP() string

	// the output size of the OTP
	Size() int

	// the hash function used by the OTP
	Hash() func() hash.Hash

	// Returns the type of this OTP.
	Type() Type
}

Type OTP represents a one-time password token -- whether a software taken (as in the case of Google Authenticator) or a hardware token (as in the case of a YubiKey).

func FromURL

func FromURL(URL string) (OTP, string, error)

FromURL constructs a new OTP token from a URL string.

type TOTP

type TOTP struct {
	*OATH
	// contains filtered or unexported fields
}

TOTP represents an RFC 6238 Time-based One-Time Password instance.

func GenerateGoogleTOTP

func GenerateGoogleTOTP() *TOTP

GenerateGoogleTOTP produces a new TOTP token with the defaults expected by Google Authenticator.

func NewGoogleTOTP

func NewGoogleTOTP(secret string) (*TOTP, error)

NewGoogleTOTP takes a secret as a base32-encoded string and returns an appropriate Google Authenticator TOTP instance.

func NewTOTP

func NewTOTP(key []byte, start uint64, step uint64, digits int, algo crypto.Hash) *TOTP

NewOTP takes a new key, a starting time, a step, the number of digits of output (typically 6 or 8) and the hash algorithm to use, and builds a new OTP.

func NewTOTPSHA1

func NewTOTPSHA1(key []byte, start uint64, step uint64, digits int) *TOTP

NewTOTPSHA1 will build a new TOTP using SHA-1.

func (*TOTP) OTP

func (otp *TOTP) OTP() string

OTP returns the OTP for the current timestep.

func (*TOTP) OTPCounter

func (otp *TOTP) OTPCounter() uint64

OTPCounter returns the current time value for the OTP.

func (*TOTP) QR

func (otp *TOTP) QR(label string) ([]byte, error)

QR generates a new TOTP QR code.

func (*TOTP) SetProvider

func (otp *TOTP) SetProvider(provider string)

SetProvider sets up the provider component of the OTP URL.

func (*TOTP) Type

func (otp *TOTP) Type() Type

Type returns OATH_TOTP.

func (*TOTP) URL

func (otp *TOTP) URL(label string) string

URL returns a TOTP URL (i.e. for putting in a QR code).

type Type

type Type uint