Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateTokenHOTP(h *HOTP, unsafe bool) (string, error)
- func GenerateTokenTOTP(t *TOTP, unsafe bool) (string, error)
- func ValidateTokenHOTP(probable string, h *HOTP, unsafe bool) (bool, error)
- func ValidateTokenTOTP(probable string, t *TOTP, unsafe bool) (bool, error)
- type Algorithm
- type HOTP
- type TOTP
Constants ¶
const ( DefaultLength = 8 // Default digit token length MinLength = 6 // Minimum digit token length MaxLength = 10 // Maximum digit token length DefaultStep = 30 // Default time step for TOTP tokens in seconds DefaultSecretLength = 160 // Default length in bits for newly created secrets MinSecretLength = 128 // Minimum length in bits for newly created secrets )
Variables ¶
var ( ErrMaxLength = fmt.Errorf("a %d-digit code is the maximum length", MaxLength) ErrMinLength = fmt.Errorf("a %d-digit code is the minimum length", MinLength) ErrSecretLength = fmt.Errorf("the Secret's length must be at least %d bits", MinSecretLength) )
Functions ¶
func GenerateTokenHOTP ¶
GenerateTokenHOTP uses the passed HOTP struct to generate a HOTP token if no errors occur. See the HOTP struct's documentation for more information. If unsafe is true, it is allowed to create HOTP tokens from secrets which are too short to be considered safe.
func GenerateTokenTOTP ¶
GenerateTokenTOTP uses the passed TOTP struct to generate a TOTP token if no errors occur. See the TOTP struct's documentation for more information. If unsafe is true, it is allowed to create HOTP tokens from secrets which are too short to be considered safe.
func ValidateTokenHOTP ¶
ValidateTokenHOTP takes a possible token and a HOTP struct to validate the possible token named probable. It uses an implementation of constant time comparison to minimize the timing attack vector. true is only returned in case the probable input and the token generated using the HOTP struct matched in a byte comparison. If unsafe is true, it is allowed to create HOTP tokens from secrets which are too short to be considered safe.
func ValidateTokenTOTP ¶
ValidateTokenTOTP takes a possible token and a TOTP struct to validate the possible token named probable. It uses an implementation of constant time comparison to minimize the timing attack vector. true is only returned in case the probable input and the token generated using the TOTP struct matched in a byte comparison. If unsafe is true, it is allowed to create HOTP tokens from secrets which are too short to be considered safe.
Types ¶
type HOTP ¶
type HOTP struct { Algorithm Algorithm // The algorithm used in the HMAC function. Secret string // The shared secret, MUST be at least 128 bits, RECOMMENDed 160 bits. Counter uint64 // The moving factor, time, or other value that changes on a per use basis. Digits int // The number of digits in the OTP. The length MUST be at least 6 digits, up to 10. // contains filtered or unexported fields }
HOTP holds all values used in the generation of HOTP tokens
Algorithm
Supports SHA-1, SHA-256 and SHA-512 as HMAC algorithms represented by AlgorithmSHA1, AlgorithmSHA256 and AlgorithmSHA512. AlgorithmSHA1 is used as default value.
Secret
Must be specified. The length must at least be 128 bits. 160 bits are recommended.
Counter
The moving factor. 0 is used as default value.
Digits
Supports token lengths in the range including MinLength (6) and MaxLength (10). DefaultLength (8) is used as default value.
The terms used were based on RFC 4226, for section Notation and Symbols see: https://tools.ietf.org/html/rfc4226#section-5.1
type TOTP ¶
type TOTP struct { Algorithm Algorithm // The algorithm used in the HMAC function. Secret string // The shared secret, MUST be at least 128 bits, RECOMMENDed 160 bits. UnixTime uint64 // Unix time part to calculate Counter. Period uint // Step in seconds parto to calculate the Counter. Digits int // The number of digits in the OTP. The length MUST be at least 6 digits, up to 10. }
TOTP holds all values used in the generation of TOTP tokens
Algorithm
Supports SHA-1, SHA-256 and SHA-512 as HMAC algorithms represented by AlgorithmSHA1, AlgorithmSHA256 and AlgorithmSHA512. AlgorithmSHA1 is used as default value.
Secret
Must be specified. The length must at least be 128 bits. 160 bits are recommended.
UnixTime
The Unix time to start counting time steps. 0 is used as default value.
Period
The time step in seconds. DefaultStep (30) is used as default value.
Digits
Supports token lengths in the range including MinLength (6) and MaxLength (10). DefaultLength (8) is used as default value.