mirror of https://github.com/redstrate/Astra.git synced 2025-04-21 20:27:45 +00:00

History

Joshua Goins 5ee036dd09 Add option to generate OTP codes automatically * This uses the great libcotp library, I stripped it down to fit inside the repository. * This is a security-convenience trade-off, and it's made very clear with the tooltips on the settings page. * It's still secured by your system keychain, and it's up to the users whether that's good enough for them. Eventually down the line I would like to support more esoteric keychains such as Bitwarden or KeePass. * Right now it's only integrated into the auto-login desktop feature, but there will eventually be like an "auto-fill OTP" button in the main window. There's still a lot to clean up with these new features but they work a little at least :-)		2022-08-31 21:19:25 -04:00
..
cmake	Add option to generate OTP codes automatically	2022-08-31 21:19:25 -04:00
src	Add option to generate OTP codes automatically	2022-08-31 21:19:25 -04:00
.gitignore	Add option to generate OTP codes automatically	2022-08-31 21:19:25 -04:00
CMakeLists.txt	Add option to generate OTP codes automatically	2022-08-31 21:19:25 -04:00
LICENSE	Add option to generate OTP codes automatically	2022-08-31 21:19:25 -04:00
README.md	Add option to generate OTP codes automatically	2022-08-31 21:19:25 -04:00
SECURITY.md	Add option to generate OTP codes automatically	2022-08-31 21:19:25 -04:00

README.md

libcotp

C library that generates TOTP and HOTP according to RFC-6238

Requirements

libbaseencode
GCC/Clang and CMake to build the library
libgcrypt

Build and Install

$ git clone https://github.com/paolostivanin/libcotp.git
$ cd libcotp
$ mkdir build && cd $_
$ cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr ../   # add -DBUILD_TESTING=ON if you want to compile also the tests
$ make
# make install

How To Use It

char *totp = get_totp (const char *base32_encoded_secret, int digits, int period, int algo, cotp_error_t *err);
free (totp);

char *steam_totp = get_steam_totp (const char *secret, int period, cotp_error_t *err)

char *hotp = get_hotp (const char *base32_encoded_secret, long counter, int digits, int algo, cotp_error_t *err);
free (hotp);

char *get_totp_at (const char *base32_encoded_secret, long target_date, int digits, int algo, cotp_error_t *err)

int is_valid = totp_verify (const har *base32_encoded_secret, const char *totp, int digits, int period, int algo, cotp_error_t *err);

int is_valid = hotp_verify (const char *base32_encoded_secret, long counter, digits, char *hotp, int algo, cotp_error_t *err);

where:

secret_key is the base32 encoded secret. Usually, a website gives you the secret already base32 encoded, so you should pay attention to not encode the secret again. The format of the secret can either be hxdm vjec jjws or HXDMVJECJJWS. In the first case, the library will normalize the secret to second format before computing the OTP.
digits is between 3 and 10 inclusive
period is between 1 and 120 inclusive
counter is a value decided with the server
target_date is the target date specified as the unix epoch format in seconds
algo is either SHA1, SHA256 or SHA512

Errors

get_totp, get_hotp and get_totp_at return NULL if an error occurs and err is set accordingly. The following errors are currently supported:

GCRYPT_VERSION_MISMATCH, set if the installed Gcrypt library is too old
INVALID_B32_INPUT, set if the given input is not valid base32 text
INVALID_ALGO, set if the given algo is not supported by the library
INVALID_PERIOD, set if period is <= 0 or > 120 seconds
INVALID_DIGITS, set if digits is < 3 or > 10

totp_verify and hotp_verify can return, in addition to one of the previous code, also the error INVALID_OTP if the given OTP doesn't match the computed one.

In case of success, the value returned by get_totp, get_hotp and get_totp_at must be freed once no longer needed.