Struct totp_rs::TOTP

pub struct TOTP<T = Vec<u8>> {
    pub algorithm: Algorithm,
    pub digits: usize,
    pub skew: u8,
    pub step: u64,
    pub secret: T,
}

TOTP holds informations as to how to generate an auth code and validate it. Its secret field is sensitive data, treat it accordingly

Fields

algorithm: Algorithm

SHA-1 is the most widespread algorithm used, and for totp pursposes, SHA-1 hash collisions are not a problem as HMAC-SHA-1 is not impacted. It’s also the main one cited in rfc-6238 even though the reference implementation permits the use of SHA-1, SHA-256 and SHA-512. Not all clients support other algorithms then SHA-1

digits: usize

The number of digits composing the auth code. Per rfc-4226, this can oscilate between 6 and 8 digits

skew: u8

Number of steps allowed as network delay. 1 would mean one step before current step and one step after are valids. The recommended value per rfc-6238 is 1. Anything more is sketchy, and anyone recommending more is, by definition, ugly and stupid

step: u64

Duration in seconds of a step. The recommended value per rfc-6238 is 30 seconds

secret: T

As per rfc-4226 the secret should come from a strong source, most likely a CSPRNG. It should be at least 128 bits, but 160 are recommended

Implementations

impl<T: AsRef<[u8]>> TOTP<T>

pub fn new(
    algorithm: Algorithm,
    digits: usize,
    skew: u8,
    step: u64,
    secret: T
) -> TOTP<T>

Will create a new instance of TOTP with given parameters. See the doc for reference as to how to choose those values

pub fn sign(&self, time: u64) -> Vec<u8>

Will sign the given timestamp

pub fn generate(&self, time: u64) -> String

Will generate a token according to the provided timestamp in seconds

pub fn check(&self, token: &str, time: u64) -> bool

Will check if token is valid by current time, accounting skew

pub fn get_secret_base32(&self) -> String

Will return the base32 representation of the secret, which might be useful when users want to manually add the secret to their authenticator

pub fn get_url(&self, label: &str, issuer: &str) -> String

Will generate a standard URL used to automatically add TOTP auths. Usually used with qr codes

pub fn get_qr(
    &self,
    label: &str,
    issuer: &str
) -> Result<String, Box<dyn Error>>

Will return a qrcode to automatically add a TOTP as a base64 string. Needs feature qr to be enabled!

Errors

This will return an error in case the URL gets too long to encode into a QR code

It will also return an error in case it can’t encode the qr into a png. This shouldn’t happen unless either the qrcode library returns malformed data, or the image library doesn’t encode the data correctly

Trait Implementations

impl<T: Clone> Clone for TOTP<T>

fn clone(&self) -> TOTP<T>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<T: Debug> Debug for TOTP<T>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de, T> Deserialize<'de> for TOTP<T> where
    T: Deserialize<'de>, 

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
    __D: Deserializer<'de>, 

Deserialize this value from the given Serde deserializer.

impl<T> Serialize for TOTP<T> where
    T: Serialize, 

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
    __S: Serializer, 

Serialize this value into the given Serde serializer.