-
Show log
Commit
-
Hash : c30d02b5
Author :
Date : 2022-03-07T23:10:31
Use last byte of HMAC output for truncating This is to use the least significant byte of the HMAC regardless of size. RFC 6328 (TOTP) Section 1.2 says you can use SHA-1 SHA-256 or SHA-512 with the same algorithm of RFC 4226 (HTOP). This seems ok until you realize that all the new HMACs have different output sizes and HTOP only expects a 20 byte fixed MAC. It is not completely clear if RFC 4226 Section 5.3 means "get the bottom 4 bits from byte at offset 19" or "get the 4 least significant bits". Other implementations (https://github.com/pyauth/pyotp/blob/6568c1a83af8e0229f3c4b28d03552d601e2b7fe/src/pyotp/otp.py#L28) and Wikipedia read the "Dynamic Truncation" algorithm to be the last 4 bits of the MAC, so I think this implementation should follow the others.
-
Properties
-
Git HTTP https://git.kmx.io/thodg/totp-rs.git Git SSH git@git.kmx.io:thodg/totp-rs.git Public access ? public Description TOTP for Rust by constantoine.
Users
Tags - v5.6.0
- v5.5.0
- v5.4.0
- v5.3.0
- v5.2.0
- v5.1.0
- v5.0.2
- v5.0.1
- v5.0
- v4.2.0
- v4.1
- v4.0
- v3.1.0
- v3.0.1
- v3.0.0
- v2.0.1
- v2.0.0
- v1.4.0
- v1.3.0
- v1.2.1
- v1.2.0
- v1.1.0
- v1.0
- v0.7.4
- v0.7.3
- v0.7.2
- v0.7.1
- v0.7.0
- qrcodegen-image/v1.4.0
- qrcodegen-image/v1.3.0
- qrcodegen-image/v1.2.0
- qrcodegen-image/v1.1.0
- qrcodegen-image/v1.0.0
-
README.md
-
totp-rs
This library permits the creation of 2FA authentification tokens per TOTP, the verification of said tokens, with configurable time skew, validity time of each token, algorithm and number of digits! Default features are kept as lightweight as possible to ensure small binaries and short compilation time
Be aware that some authenticator apps will accept the
SHA256andSHA512algorithms but silently fallback toSHA1which will make thecheck()function fail due to mismatched algorithms.Features
qr
With optional feature “qr”, you can use it to generate a base64 png qrcode
serde_support
With optional feature “serde_support”, library-defined types will be Deserialize-able and Serialize-able
How to use
Add it to your
Cargo.toml:[dependencies] totp-rs = "~0.7"You can then do something like:
use std::time::SystemTime; use totp_rs::{Algorithm, TOTP}; let totp = TOTP::new( Algorithm::SHA1, 6, 1, 30, "supersecret", ); let time = SystemTime::now() .duration_since(SystemTime::UNIX_EPOCH).unwrap() .as_secs(); let url = totp.get_url("user@example.com", "my-org.com"); println!("{}", url); let token = totp.generate(time); println!("{}", token);With qrcode generation
Add it to your
Cargo.toml:[dependencies.totp-rs] version = "~0.7" features = ["qr"]You can then do something like:
use totp_rs::{Algorithm, TOTP}; let totp = TOTP::new( Algorithm::SHA1, 6, 1, 30, "supersecret", ); let code = totp.get_qr("user@example.com", "my-org.com")?; println!("{}", code);With serde support
Add it to your
Cargo.toml:[dependencies.totp-rs] version = "~0.7" features = ["serde_support"]