pad with zeros

Author: ilmanzo

.gitignore

@@ -7,6 +7,7 @@ gauthenticator.so
 gauthenticator.dylib
 gauthenticator.dll
 gauthenticator.a
+libgauthenticator.a
 gauthenticator.lib
 gauthenticator-test-*
 *.exe

readme.md

@@ -1,5 +1,5 @@
 ## Google Authenticator
-A small D program to generate the google authenticator code.
+A small D library to generate the google authenticator code.
 
 inspired from https://github.com/tilaklodha/google-authenticator
 
@@ -8,10 +8,19 @@ inspired from https://github.com/tilaklodha/google-authenticator
     - On OSX run `brew install dub`.
     - Follow instructions on https://code.dlang.org/ for other OSes.
 
-- Provide your 16-digit secret token in secrets.pem file
 
-The auth code works on the secret token and the current time. The time on your local machine should be in sync according to NTP.
+The OTP auth code works on the secret token and the current time. 
+The time on your local machine should be in sync according to NTP.
+The secret token usually is given to the user on the first configuration as a base32-encoded string or acquired via QR code.
+
+The library exposes two functions:
+
+- getHOTPToken
+   given a "secret" and a time interval, returns the 6-digit HOTP Token as a string
+- getTOTPToken
+   given a "secret", returns the 6-digit TOTP Token as a string using the current time
+
+
+
 
-- Run `sudo ntpdate time.nist.gov` to sync time
-- Run `rdmd example\runme.d`.
 

source/gauthenticator.d

@@ -20,135 +20,124 @@ SOFTWARE.
 
 module gauthenticator;
 
-import std.stdio;
-import std.digest.sha;
+import std.digest.hmac : HMAC;
+import std.digest.sha : SHA1,toHexString;
+import std.bitmanip : nativeToBigEndian,bigEndianToNative;
+import std.format : format;
 
-class GAuthenticator
-{
-
-    // HMAC-based One Time Password(HOTP)
-    public string getHOTPToken(const string secret, const ulong interval)
-    {
-        
-        auto key=base32decode(secret);
-        SHA1 hash;
-        hash.start();
-        hash.put(key);
-        ubyte[20] sha1sum = hash.finish();
-        int offset=(sha1sum[19] & 15);
-
-        
-        /*
-        hash = HMAC-SHA1(key)
-        offset = last nibble of hash
-        truncatedHash := hash[offset..offset+3]  //4 bytes starting at the offset
-        Set the first bit of truncatedHash to zero  //remove the most significant bit
-        code := truncatedHash mod 1000000
-        pad code with 0 from the left until length of code is 6
-        return code */
-
-        return "000000";
-    }
+// code adapted from https://github.com/tilaklodha/google-authenticator
 
-    //Time-based One Time Password(TOTP)
-    public string getTOTPToken(const string secret)
-    {
-        //The TOTP token is just a HOTP token seeded with every 30 seconds.
-        import std.datetime : Clock;
+// HMAC-based One Time Password(HOTP)
+public string getHOTPToken(const string secret, const ulong interval)
+{
+    //secret is a base32 encoded string. Converts to a byte array
+    auto key = base32decode(secret);
+    //Signing the value using HMAC-SHA1 Algorithm
+    auto hm = HMAC!SHA1(key);
+    hm.put(nativeToBigEndian(interval));
+    ubyte[20] sha1sum = hm.finish();
+	// We're going to use a subset of the generated hash.
+	// Using the last nibble (half-byte) to choose the index to start from.
+	// This number is always appropriate as it's maximum decimal 15, the hash will
+	// have the maximum index 19 (20 bytes of SHA1) and we need 4 bytes.    
+    const int offset = (sha1sum[19] & 15);
+    ubyte[4] h = sha1sum[offset .. offset + 4];
+	//Ignore most significant bits as per RFC 4226.
+	//Takes division from one million to generate a remainder less than < 7 digits    
+    const uint h12 = (bigEndianToNative!uint(h) & 0x7fffffff) % 1_000_000;
+    return format("%06d",h12);
+}
 
-        immutable ulong interval = Clock.currTime().toUnixTime() / 30;
-        return getHOTPToken(secret, interval);
-    }
+//Time-based One Time Password(TOTP)
+public string getTOTPToken(const string secret)
+{
+    //The TOTP token is just a HOTP token seeded with every 30 seconds.
+    import std.datetime : Clock;
+    immutable ulong interval = Clock.currTime().toUnixTime() / 30;
+    return getHOTPToken(secret, interval);
+}
 
-    //RFC 4648
-    package ubyte[] base32decode(const string message)
+//RFC 4648
+private ubyte[] base32decode(const string message)
+{
+    int buffer = 0;
+    int bitsLeft = 0;
+    ubyte[] result;
+    for (int i = 0; i < message.length; i++)
     {
-        int buffer = 0;
-        int bitsLeft = 0;
-        ubyte[] result;
-        for (int i = 0; i < message.length; i++)
+        int ch = message[i];
+        if (ch == '=')
+            break;
+        if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n' || ch == '-')
         {
-            int ch = message[i];
-            if (ch == '=')
-                break;
-            if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n' || ch == '-')
-            {
-                continue;
-            }
-            buffer = buffer << 5;
-
-            // Deal with commonly mistyped characters
-            if (ch == '0')
-            {
-                ch = 'O';
-            }
-            else if (ch == '1')
-            {
-                ch = 'L';
-            }
-            else if (ch == '8')
-            {
-                ch = 'B';
-            }
-
-            // Look up one base32 digit
-            if ((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z'))
-            {
-                ch = (ch & 0x1F) - 1;
-            }
-            else if (ch >= '2' && ch <= '7')
-            {
-                ch -= ('2' - 26);
-            }
-
-            buffer |= ch;
-            bitsLeft += 5;
-            if (bitsLeft >= 8)
-            {
-                int c = (buffer >> (bitsLeft - 8));
-                result ~= cast(byte)(c & 0xff);
-                bitsLeft -= 8;
-            }
+            continue;
+        }
+        buffer = buffer << 5;
 
+        // Deal with commonly mistyped characters
+        if (ch == '0')
+        {
+            ch = 'O';
+        }
+        else if (ch == '1')
+        {
+            ch = 'L';
+        }
+        else if (ch == '8')
+        {
+            ch = 'B';
         }
-        return result;
 
-    }
-    //test base32 decoder
-    unittest
-    {
-        auto ga = new GAuthenticator;
-        byte[] expected = ['F', 'O', 'O', 'B', 'A', 'R'];
-        auto message = ga.base32decode("IZHU6QSBKI");
-        assert(message == expected);
-        expected = ['1', '2', '3', '4', '5', 't', 'e', 's', 't'];
-        message = ga.base32decode("GEZDGNBVORSXG5A=");
-        assert(message == expected);
-    }
+        // Look up one base32 digit
+        if ((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z'))
+        {
+            ch = (ch & 0x1F) - 1;
+        }
+        else if (ch >= '2' && ch <= '7')
+        {
+            ch -= ('2' - 26);
+        }
 
+        buffer |= ch;
+        bitsLeft += 5;
+        if (bitsLeft >= 8)
+        {
+            const c = (buffer >> (bitsLeft - 8));
+            result ~= cast(byte)(c & 0xff);
+            bitsLeft -= 8;
+        }
 
-    // SHA1 test
-    unittest
-    {
-        SHA1 hash;
-        hash.start();
-        ubyte[] data = ['a', 'b', 'c'];
-        hash.put(data);
-        ubyte[20] result = hash.finish();
-        //writeln(toHexString(result));
-        assert(toHexString(result)=="A9993E364706816ABA3E25717850C26C9CD0D89D");
     }
+    return result;
 
-    /*
-    unittest
-    {
-        auto ga = new GAuthenticator;
-        auto secret = "dummySECRETdummy";
-        auto interval = ulong(50780342);
-        auto otp = "971294";
-        assert(otp == ga.getHOTPToken(secret, interval));
-    }
-*/
+}
+//test for base32 decoder
+unittest
+{
+    auto expected = cast(byte[])("FOOBAR");
+    auto message = base32decode("IZHU6QSBKI");
+    assert(message == expected);
+    expected = cast(byte[])("12345test");
+    message = base32decode("GEZDGNBVORSXG5A=");
+    assert(message == expected);
+}
 
+// test for SHA1 func
+unittest
+{
+    SHA1 hash;
+    hash.start();
+    auto data = cast(ubyte[])"abc";
+    hash.put(data);
+    ubyte[20] result = hash.finish();
+    assert(toHexString(result) == "A9993E364706816ABA3E25717850C26C9CD0D89D");
 }
 
+//final test for OTP functionality (with a fixed time)
+unittest
+{
+    auto secret = "dummySECRETdummy";
+    auto interval = ulong(50_780_342);  // D allows underscore in numbers to improve readability
+    const otp = "971294";
+    assert(otp == getHOTPToken(secret, interval));
+}