-
Notifications
You must be signed in to change notification settings - Fork 97
/
main.go
80 lines (65 loc) · 2.12 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package main
import (
"crypto/hmac"
"crypto/sha1"
"encoding/base32"
"fmt"
"os"
"strings"
"time"
)
func toBytes(value int64) []byte {
var result []byte
mask := int64(0xFF)
shifts := [8]uint16{56, 48, 40, 32, 24, 16, 8, 0}
for _, shift := range shifts {
result = append(result, byte((value>>shift)&mask))
}
return result
}
func toUint32(bytes []byte) uint32 {
return (uint32(bytes[0]) << 24) + (uint32(bytes[1]) << 16) +
(uint32(bytes[2]) << 8) + uint32(bytes[3])
}
func oneTimePassword(key []byte, value []byte) uint32 {
// sign the value using HMAC-SHA1
hmacSha1 := hmac.New(sha1.New, key)
hmacSha1.Write(value)
hash := hmacSha1.Sum(nil)
// We're going to use a subset of the generated hash.
// Using the last nibble (half-byte) to choose the index to start from.
// This number is always appropriate as it's maximum decimal 15, the hash will
// have the maximum index 19 (20 bytes of SHA1) and we need 4 bytes.
offset := hash[len(hash)-1] & 0x0F
// get a 32-bit (4-byte) chunk from the hash starting at offset
hashParts := hash[offset : offset+4]
// ignore the most significant bit as per RFC 4226
hashParts[0] = hashParts[0] & 0x7F
number := toUint32(hashParts)
// size to 6 digits
// one million is the first number with 7 digits so the remainder
// of the division will always return < 7 digits
pwd := number % 1000000
return pwd
}
// all []byte in this program are treated as Big Endian
func main() {
if len(os.Args) < 2 {
fmt.Fprintln(os.Stderr, "must specify key to use")
os.Exit(1)
}
input := os.Args[1]
// decode the key from the first argument
inputNoSpaces := strings.Replace(input, " ", "", -1)
inputNoSpacesUpper := strings.ToUpper(inputNoSpaces)
key, err := base32.StdEncoding.WithPadding(base32.NoPadding).DecodeString(inputNoSpacesUpper)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
// generate a one-time password using the time at 30-second intervals
epochSeconds := time.Now().Unix()
pwd := oneTimePassword(key, toBytes(epochSeconds/30))
secondsRemaining := 30 - (epochSeconds % 30)
fmt.Printf("%06d (%d second(s) remaining)\n", pwd, secondsRemaining)
}