ykoath

package module

v1.4.0 Latest Latest Go to latest Published: Feb 1, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/canokeys/ykoath

Links

Open Source Insights

README ¶

ykoath

The package ykoath implements the Yubikey YOATH protocol over USB with the following exceptions:

No support for HOTP (only TOTP)
No support for SET CODE and subsequently no support for VALIDATE and SELECT challenges - no authentication schema except requiring touch is supported
No support for RESET (removing all state from device)

Example usage


logger := log.New(os.Stderr, "", log.LstdFlags)

oath, err := ykoath.New()

if err != nil {
	log.Fatal(err)
}

oath.Debug = logger

defer oath.Close()

_, err = oath.Select()

if err != nil {
	logger.Fatal(errors.Wrapf(err, "failed to select"))
}

names, err := oath.List()

if err != nil {
	logger.Fatal(errors.Wrapf(err, "failed to list"))
}

for _, name := range names {

	calc, err := oath.Calculate(name.Name, func(name string) error {
		fmt.Printf("*** PLEASE TOUCH YOUR YUBIKEY TO UNLOCK %q ***\n", name)
		return nil
	})

	if err != nil {
		logger.Fatal(errors.Wrapf(err, "failed to calculate name for %q", name.Name))
	}

	fmt.Printf("Got one-time-password %s for %q\n", calc, name)

}

if err := oath.Put("test", ykoath.HmacSha1, ykoath.Totp, 6, []byte("open sesame"), true); err != nil {
	logger.Fatal(err)
}

if err := oath.Put("test2", ykoath.HmacSha1, ykoath.Totp, 6, []byte("open sesame"), true); err != nil {
	logger.Fatal(err)
}

Documentation ¶

Overview ¶

Example ¶

oath, _ := New()

// fix the clock
oath.Clock = func() time.Time {
	return time.Unix(59, 0)
}

defer oath.Close()

// enable OATH for this session
_, _ = oath.Select()

// add the testvector
_ = oath.Put("testvector", HmacSha1, Totp, 8, []byte("12345678901234567890"), false, false, 0)

names, _ := oath.List()

for _, name := range names {
	fmt.Println(name)
}

otp, _ := oath.Calculate("testvector", nil)
fmt.Println(otp)

Output:

testvector (HMAC-SHA1 TOTP)
94287082

Examples ¶

Package

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Algorithm ¶

type Algorithm byte

Algorithm denotes the HMAc algorithm used for deriving the one-time passwords

const (
	// HmacSha1 describes a HMAC with SHA-1
	HmacSha1 Algorithm = 0x01

	// HmacSha256 describes a HMAC with SHA-2 (256-bit)
	HmacSha256 Algorithm = 0x02

	// HmacSha512 describes a HMAC with SHA-2 (512-bit)
	HmacSha512 Algorithm = 0x03
)

func (Algorithm) String ¶

func (a Algorithm) String() string

String returns a string representation of the algorithm

type Name ¶

type Name struct {
	Algorithm Algorithm
	Type      Type
	Name      string
}

Name encapsulates the result of the "LIST" instruction

func (*Name) String ¶

func (n *Name) String() string

String returns a string representation of the algorithm

type OATH ¶

type OATH struct {
	Clock func() time.Time

	Debug debugger
	// contains filtered or unexported fields
}

OATH implements most parts of the TOTP portion of the YKOATH specification https://developers.yubico.com/OATH/YKOATH_Protocol.html

func New ¶

func New() (*OATH, error)

New initializes a new OATH session

func (*OATH) Calculate ¶

func (o *OATH) Calculate(name string, touchRequiredCallback func(string) error) (string, error)

Calculate implements the "CALCULATE" instruction to fetch a single truncated TOTP response

func (*OATH) CalculateAll ¶

func (o *OATH) CalculateAll() (map[string]string, error)

CalculateAll implements the "CALCULATE ALL" instruction to fetch all TOTP tokens and their codes (or a constant indicating a touch requirement)

func (*OATH) Close ¶

func (o *OATH) Close() error

Close terminates an OATH session

func (*OATH) Delete ¶

func (o *OATH) Delete(name string) error

Delete sends a "DELETE" instruction, removing one named OATH credential

func (*OATH) List ¶

func (o *OATH) List() ([]*Name, error)

List sends a "LIST" instruction, return a list of OATH credentials

func (*OATH) Put ¶

func (o *OATH) Put(name string, a Algorithm, t Type, digits uint8, key []byte, touch bool, increasing bool, counter uint32) error

Put sends a "PUT" instruction, storing a new / overwriting an existing OATH credentials with an algorithm and type, 6 or 8 digits one-time password, shared secrets and touch-required bit

func (*OATH) Rename ¶ added in v1.4.0

func (o *OATH) Rename(oldName, newName string) error

func (*OATH) Select ¶

func (o *OATH) Select() (*Select, error)

Select sends a "SELECT" instruction, initializing the device for an OATH session

func (*OATH) SetAsDefault ¶

func (o *OATH) SetAsDefault(name string) error

func (*OATH) SetPassword ¶ added in v1.4.0

func (o *OATH) SetPassword(key []byte) (err error)

func (*OATH) Validate ¶ added in v1.4.0

func (o *OATH) Validate(chalFromSelect []byte, key []byte) (err error)

type Select ¶

type Select struct {
	Algorithm []byte
	Challenge []byte
	Name      []byte
	Version   []byte
}

Select encapsulates the results of the "SELECT" instruction

type Type ¶

type Type byte

Type denotes the kind of derivation used for the one-time password

const (

	// Hotp describes HMAC based one-time passwords (https://tools.ietf.org/html/rfc4226)
	Hotp Type = 0x10

	// Totp describes time-based one-time passwords (https://tools.ietf.org/html/rfc6238)
	Totp Type = 0x20
)

func (Type) String ¶

func (t Type) String() string

String returns a string representation of the type

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL