pub struct TOTP {
pub algorithm: Algorithm,
pub digits: usize,
pub skew: u8,
pub step: u64,
pub secret: Vec<u8>,
pub account_name: String,
pub issuer: Option<String>,
}
Expand description
TOTP holds informations as to how to generate an auth code and validate it. Its secret field is sensitive data, treat it accordingly
Fields
algorithm: Algorithm
SHA-1 is the most widespread algorithm used, and for totp pursposes, SHA-1 hash collisions are not a problem as HMAC-SHA-1 is not impacted. It’s also the main one cited in rfc-6238 even though the reference implementation permits the use of SHA-1, SHA-256 and SHA-512.
Not all clients support other algorithms then SHA-1
digits: usize
The number of digits for the auth code.
Per rfc-4226, this can be in the range between 6 and 8 digits
skew: u8
Number of steps allowed as network delay.
One would mean one step before current step and one step after are valid.
The recommended value per rfc-6238 is 1. Anything more is sketchy and should not be used.
step: u64
Duration in seconds of a step.
The recommended value per rfc-6238 is 30 seconds
secret: Vec<u8>
As per rfc-4226 the secret should come from a strong source, most likely a CSPRNG.
It should be at least 128 bits, but 160 are recommended.
account_name: String
The account name, typically either an email address or username.
The “mock@example.com” part of “Github:mock@example.com”.
Must not contain a colon :
.
issuer: Option<String>
The name of your service/website.
The “Github” part of “Github:mock@example.com”.
Must not contain a colon :
.
Implementations
sourceimpl TOTP
impl TOTP
sourcepub fn new(
algorithm: Algorithm,
digits: usize,
skew: u8,
step: u64,
secret: Vec<u8>,
account_name: String,
issuer: Option<String>
) -> Result<TOTP>
pub fn new(
algorithm: Algorithm,
digits: usize,
skew: u8,
step: u64,
secret: Vec<u8>,
account_name: String,
issuer: Option<String>
) -> Result<TOTP>
Create a new instance of TOTP with given parameters.
See the doc for reference as to how to choose those values.
digits
: MUST be between 6 & 8secret
: Must have bitsize of at least 128account_name
: Must not contain:
issuer
: Must not contain:
sourcepub fn generate(&self, time: u64) -> String
pub fn generate(&self, time: u64) -> String
Generate a token given the provided timestamp in seconds
sourcepub fn next_step(&self, time: u64) -> u64
pub fn next_step(&self, time: u64) -> u64
Returns the timestamp of the first second for the next step given the provided timestamp in seconds
sourcepub fn next_step_current(&self) -> Result<u64>
pub fn next_step_current(&self) -> Result<u64>
Returns the timestamp of the first second of the next step According to system time
sourcepub fn generate_current(&self) -> Result<String>
pub fn generate_current(&self) -> Result<String>
Generate a token from the current system time
sourcepub fn check(&self, token: &str, time: u64) -> bool
pub fn check(&self, token: &str, time: u64) -> bool
Check if token is valid given the provided timestamp in seconds, accounting skew
sourcepub fn check_current(&self, token: &str) -> Result<bool>
pub fn check_current(&self, token: &str) -> Result<bool>
Check if token is valid by current system time, accounting skew.
sourcepub fn to_secret_base32(&self) -> String
pub fn to_secret_base32(&self) -> String
Return the base32 representation of the secret, which might be useful when users want to manually add the secret to their authenticator.
sourcepub fn from_secret_base32<S: AsRef<str>>(secret: S) -> Result<TOTP>
pub fn from_secret_base32<S: AsRef<str>>(secret: S) -> Result<TOTP>
Convert a base32 secret into a TOTP.
The account name is the empty string and the issuer is None; so you should set them explicitly after decoding the secret bytes.