Documentation ¶
Overview ¶
Package otp provides the HMAC-based one-time password (HOTP) algorithm described in RFC 4226 and the time-based one time password (TOTP) algorithm described in RFC 6238.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type HashAlgorithm ¶
type HashAlgorithm int
HashAlgorithm identifies the hash algorithm used for HMAC.
const ( // HashAlgorithmSHA1 represents SHA1 algorithm. HashAlgorithmSHA1 HashAlgorithm = iota // HashAlgorithmSHA256 represents SHA256 algorithm. HashAlgorithmSHA256 // HashAlgorithmSHA512 represents SHA512 algorithm. HashAlgorithmSHA512 )
func (HashAlgorithm) DefaultKeyByteSize ¶
func (algorithm HashAlgorithm) DefaultKeyByteSize() (int, error)
DefaultKeyByteSize gets the default value of HMAC key size in bytes.
type OTPManager ¶
type OTPManager interface { // Generate generates the one-time password with the specified moving factor. Generate(int64) string // Validate validates whether the one-time password matches. Validate(int64, string) bool }
OTPManager represents an HMAC-based or time-based one-time password generator and validator.
func NewHOTP ¶
func NewHOTP(algorithm HashAlgorithm, secret []byte, codeDigit int) (OTPManager, error)
NewHOTP creates a new HMAC-based one-time password (HOTP) manager with specified hash algorithm, secret keys and digit count of password codes.
When provided secret key is nil, a new secret key will be generated with cryptographically secure pseudo-random number generator provided by the operation system. By default, length of the secret key is 20 bytes for SHA1 algorithm, 32 bytes for SHA256 algorithm and 64 bytes for SHA512 algorithm.
Code digit cannot be longer than 8 digits.
func NewTOTP ¶
func NewTOTP(algorithm HashAlgorithm, secret []byte, codeDigit, timeStep, lookBackward, lookForward int) (OTPManager, error)
NewTOTP initializes a new time-based one-time password (TOTP) manager with specified hash algorithm, secret key, digit count of password codes, time step, and tolerant time steps.
A new secret key will be generated if provided one is nil. Refers to NewHOTP function for details.
Code digit cannot be longer than 8 digits.
Tolerant time steps are only used for validating. These parameters can be used to allow certain clock drift between a client and the TOTP manager. Settings to 0 to accept no time drift at all.