README
¶
ykoath
The package ykoath implements the Yubikey YOATH protocol over USB with the following exceptions:
- No support for HOTP (only TOTP)
- No support for
SET CODEand subsequently no support forVALIDATEandSELECTchallenges - no authentication schema except requiring touch is supported - No support for
RESET(removing all state from device)
Example usage
logger := log.New(os.Stderr, "", log.LstdFlags)
oath, err := ykoath.New()
if err != nil {
log.Fatal(err)
}
oath.Debug = logger
defer oath.Close()
_, err = oath.Select()
if err != nil {
logger.Fatal(errors.Wrapf(err, "failed to select"))
}
names, err := oath.List()
if err != nil {
logger.Fatal(errors.Wrapf(err, "failed to list"))
}
for _, name := range names {
calc, err := oath.Calculate(name.Name, func(name string) error {
fmt.Printf("*** PLEASE TOUCH YOUR YUBIKEY TO UNLOCK %q ***\n", name)
return nil
})
if err != nil {
logger.Fatal(errors.Wrapf(err, "failed to calculate name for %q", name.Name))
}
fmt.Printf("Got one-time-password %s for %q\n", calc, name)
}
if err := oath.Put("test", ykoath.HmacSha1, ykoath.Totp, 6, []byte("open sesame"), true); err != nil {
logger.Fatal(err)
}
if err := oath.Put("test2", ykoath.HmacSha1, ykoath.Totp, 6, []byte("open sesame"), true); err != nil {
logger.Fatal(err)
}
Documentation
¶
Overview ¶
Example ¶
oath, _ := New()
// fix the clock
oath.Clock = func() time.Time {
return time.Unix(59, 0)
}
defer oath.Close()
// enable OATH for this session
_, _ = oath.Select()
// add the testvector
_ = oath.Put("testvector", HmacSha1, Totp, 8, []byte("12345678901234567890"), false)
names, _ := oath.List()
for _, name := range names {
fmt.Println(name)
}
otp, _ := oath.Calculate("testvector", nil)
fmt.Println(otp)
Output: testvector (HMAC-SHA1 TOTP) 94287082
Index ¶
- type Algorithm
- type Name
- type OATH
- func (o *OATH) Calculate(name string, touchRequiredCallback func(string) error) (string, error)
- func (o *OATH) Close() error
- func (o *OATH) Delete(name string) error
- func (o *OATH) List() ([]*Name, error)
- func (o *OATH) Put(name string, a Algorithm, t Type, digits uint8, key []byte, touch bool) error
- func (o *OATH) Select() (*Select, error)
- func (o *OATH) Serial() (string, error)
- type Select
- type Type
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Algorithm ¶
type Algorithm byte
Algorithm denotes the HMAc algorithm used for deriving the one-time passwords
type OATH ¶
type OATH struct {
Clock func() time.Time
Debug debugger
// contains filtered or unexported fields
}
OATH implements most parts of the TOTP portion of the YKOATH specification https://developers.yubico.com/OATH/YKOATH_Protocol.html
func NewFromSerial ¶ added in v1.0.5
NewFromSerial creates an OATH session for a specific key
func NewFromSerialList ¶ added in v1.0.5
NewFromSerialList creates an OATH session from the first match found for a list of keys
func (*OATH) Calculate ¶
Calculate is a high-level function that first identifies all TOTP credentials that are configured and returns the matching one (if no touch is required) or fires the callback and then fetches the name again while blocking during the device awaiting touch
func (*OATH) Put ¶
Put sends a "PUT" instruction, storing a new / overwriting an existing OATH credentials with an algorithm and type, 6 or 8 digits one-time password, shared secrets and touch-required bit
type Type ¶
type Type byte
Type denotes the kind of derivation used for the one-time password
const ( // Hotp describes HMAC based one-time passwords (https://tools.ietf.org/html/rfc4226) Hotp Type = 0x10 // Totp describes time-based one-time passwords (https://tools.ietf.org/html/rfc6238) Totp Type = 0x20 )
Source Files
Directories