1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

//! Two-step verification of TOTP algorithm
//!
//! # Example
//!
//! ```
//! extern crate otpauth;
//! extern crate time;
//!
//! fn main() {
//!     let auth = otpauth::TOTP::new("python");
//!     let timestamp1 = time::now().to_timespec().sec as usize;
//!     let code = auth.generate(30, timestamp1);
//!     let timestamp2 = time::now().to_timespec().sec as usize;
//!     assert!(auth.verify(code, 30, timestamp2));
//! }
//! ```
//!
use super::hotp;


#[derive(Debug, Eq, PartialEq, Clone)]
pub struct TOTP {
    /// A secret token for the authentication
    pub secret: String,
}

impl TOTP {
    /// Constructs a new `TOTP`
    pub fn new<S: Into<String>>(secret: S) -> TOTP {
        TOTP {
            secret: secret.into(),
        }
    }

    /// Generate a TOTP code.
    ///
    /// A TOTP code is an extension of HOTP algorithm.
    ///
    /// ``period``: A period that a TOTP code is valid in seconds
    ///
    /// ``timestamp``: Create TOTP at this given timestamp
    pub fn generate(&self, period: usize, timestamp: usize) -> u32 {
        let counter = timestamp / period;
        let hotp_auth = hotp::HOTP::new(&self.secret[..]);
        hotp_auth.generate(counter)
    }

    /// Valid a TOTP code.
    ///
    /// ``code``: A number that is less than 6 characters.
    ///
    /// ``period``: A period that a TOTP code is valid in seconds
    ///
    /// ``timestamp``: Validate TOTP at this given timestamp
    pub fn verify(&self, code: u32, period: usize, timestamp: usize) -> bool {
        let code_str = code.to_string();
        let code_bytes = code_str.as_bytes();
        if code_bytes.len() > 6 {
            return false;
        }
        let valid_code = self.generate(period, timestamp).to_string();
        let valid_bytes = valid_code.as_bytes();
        if code_bytes.len() != valid_code.len() {
            return false;
        }
        let mut rv = 0;
        for (a, b) in code_bytes.iter().zip(valid_bytes.iter()) {
            rv |= a ^ b;
        }
        rv == 0
    }

    /// Generate the otpauth protocal string.
    ///
    /// ``label``: Label of the identifier.
    ///
    /// ``issuer``: The company, the organization or something else.
    pub fn to_uri<S: AsRef<str>>(&self, label: S, issuer: S) -> String {
        use base32::encode;
        use base32::Alphabet::RFC4648;

        let encoded_secret = encode(RFC4648 { padding: false }, self.secret.as_bytes());
        format!("otpauth://totp/{}?secret={}&issuer={}", label.as_ref(), encoded_secret, issuer.as_ref())
    }
}