ホーム エクスプローラ ヘルプ
サインイン
mbuesch
/
pwman
Watch 1
Star 0
Fork 0
ファイル 課題 0 プルリクエスト 0 Wiki
ブランチ: argon2
ブランチ タグ
pwman
/
libpwman
/
otp.py

otp.py 2.1 KB
パーマリンク 履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. # -*- coding: utf-8 -*-
    2. 

  2. """
    3. 

  3. # HOTP/TOTP support
    4. 

  4. # Copyright (c) 2019-2023 Michael Büsch <m@bues.ch>
    5. 

  5. # Licensed under the GNU/GPL version 2 or later.
    6. 

  6. """
    7. 

  7. 

  8. import time
    9. 

  9. from base64 import b32decode
    10. 

  10. import binascii
    11. 

  11. import hmac
    12. 

  12. import hashlib
    13. 

  13. 

  14. __all__ = [
    15. 

  15. 	"OtpError",
    16. 

  16. 	"hotp",
    17. 

  17. 	"totp",
    18. 

  18. ]
    19. 

  19. 

  20. class OtpError(Exception):
    21. 

  21. 	"""HOTP/TOTP exception.
    22. 

  22. 	"""
    23. 

  23. 

  24. def hotp(key, counter, nrDigits=6, hmacHash="SHA1"):
    25. 

  25. 	"""HOTP - An HMAC-Based One-Time Password Algorithm.
    26. 

  26. 	key: The HOTP key. Either raw bytes or a base32 encoded string.
    27. 

  27. 	counter: The HOTP counter integer.
    28. 

  28. 	nrDigits: The number of digits to return. Can be 1 to 8.
    29. 

  29. 	hmacHash: The name string of the hashing algorithm.
    30. 

  30. 	Returns the calculated HOTP token string.
    31. 

  31. 	"""
    32. 

  32. 	if isinstance(key, str):
    33. 

  33. 		try:
    34. 

  34. 			key = b32decode(key.encode("UTF-8"), casefold=True)
    35. 

  35. 		except (binascii.Error, UnicodeError):
    36. 

  36. 			raise OtpError("Invalid key.")
    37. 

  37. 	if not (0 <= counter <= (2 ** 64) - 1):
    38. 

  38. 		raise OtpError("Invalid counter.")
    39. 

  39. 	if not (1 <= nrDigits <= 8):
    40. 

  40. 		raise OtpError("Invalid number of digits.")
    41. 

  41. 	try:
    42. 

  42. 		hmacHash = hmacHash.replace("-", "")
    43. 

  43. 		hmacHash = hmacHash.replace("_", "")
    44. 

  44. 		hmacHash = hmacHash.replace(" ", "")
    45. 

  45. 		hmacHash = hmacHash.upper().strip()
    46. 

  46. 		hmacHash = {
    47. 

  47. 			"SHA1"   : hashlib.sha1,
    48. 

  48. 			"SHA256" : hashlib.sha256,
    49. 

  49. 			"SHA512" : hashlib.sha512,
    50. 

  50. 		}[hmacHash]
    51. 

  51. 	except KeyError:
    52. 

  52. 		raise OtpError("Invalid HMAC hash type.")
    53. 

  53. 

  54. 	counter = counter.to_bytes(length=8, byteorder="big", signed=False)
    55. 

  55. 	h = bytearray(hmac.new(key, counter, hmacHash).digest())
    56. 

  56. 	offset = h[19] & 0xF
    57. 

  57. 	h[offset] &= 0x7F
    58. 

  58. 	hSlice = int.from_bytes(h[offset:offset+4], byteorder="big", signed=False)
    59. 

  59. 	otp = hSlice % (10 ** nrDigits)
    60. 

  60. 	fmt = "%0" + str(nrDigits) + "d"
    61. 

  61. 	return fmt % otp
    62. 

  62. 

  63. def totp(key, nrDigits=6, hmacHash="SHA1", t=None):
    64. 

  64. 	"""TOTP - Time-Based One-Time Password Algorithm.
    65. 

  65. 	nrDigits: The number of digits to return. Can be 1 to 8.
    66. 

  66. 	hmacHash: The name string of the hashing algorithm.
    67. 

  67. 	t: Optional; the time in seconds. Uses time.time(), if not given.
    68. 

  68. 	Returns the calculated TOTP token string.
    69. 

  69. 	"""
    70. 

  70. 	if t is None:
    71. 

  71. 		t = time.time()
    72. 

  72. 	t = (int(round(t)) // 30) - 1
    73. 

  73. 	return hotp(key, t, nrDigits, hmacHash)
    74. 

  74.