lemonldap-ng/lemonldap-ng-common/lib/Lemonldap/NG/Common/TOTP.pm

package Lemonldap::NG::Common::TOTP;

# This module is inspired by Auth::GoogleAuth written by Gryphon Shafer
# <gryphon@cpan.org>

use strict;
use Mouse;
use Convert::Base32 qw(decode_base32 encode_base32);
use Crypt::URandom;
use Digest::HMAC_SHA1 'hmac_sha1_hex';

our $VERSION = '2.1.0';

# Verify that TOTP $code matches with $secret
sub verifyCode {
    my ( $self, $interval, $range, $digits, $secret, $code ) = @_;
    my $s = eval { decode_base32($secret) };
    if ($@) {
        $self->logger->error('Bad characters in TOTP secret');
        return -1;
    }
    for ( -$range .. $range ) {
        if ( $code eq $self->_code( $s, $_, $interval, $digits ) ) {
            $self->userLogger->info("Codes match at range $_");
            return 1;
        }
    }
    return 0;
}

# Internal subroutine that calculates TOTP code using $secret and $interval
sub _code {
    my ( $self, $secret, $r, $interval, $digits ) = @_;
    my $hmac = hmac_sha1_hex(
        pack( 'H*',
            sprintf( '%016x', int( ( time - $r * $interval ) / $interval ) ) ),
        $secret,
    );

    return sprintf(
        '%0' . $digits . 'd',
        (
            hex( substr( $hmac, hex( substr( $hmac, -1 ) ) * 2, 8 ) ) &
              0x7fffffff
        ) % 10**$digits
    );
}

# Simply generate new base32 secret
sub newSecret {
    my ($self) = @_;
    return encode_base32( Crypt::URandom::urandom(20) );
}

1;
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`package Lemonldap::NG::Common::TOTP;`

TOTP self registration in progress (#1359) 2018-02-20 18:36:34 +01:00			`# This module is inspired by Auth::GoogleAuth written by Gryphon Shafer`
			`# <gryphon@cpan.org>`

Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`use strict;`
			`use Mouse;`
Replace rand() by Crypt::URandom::urandom() 2019-01-31 23:16:11 +01:00			`use Convert::Base32 qw(decode_base32 encode_base32);`
			`use Crypt::URandom;`
Update dependencies (#1359) 2018-02-19 22:47:10 +01:00			`use Digest::HMAC_SHA1 'hmac_sha1_hex';`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00
Set master version to 2.1.0 2019-02-12 18:21:38 +01:00			`our $VERSION = '2.1.0';`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00
Fix TOTP formula 2018-08-18 21:21:20 +02:00			`# Verify that TOTP $code matches with $secret`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`sub verifyCode {`
Full TOTP (#1359) 2018-02-21 22:07:12 +01:00			`my ( $self, $interval, $range, $digits, $secret, $code ) = @_;`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`my $s = eval { decode_base32($secret) };`
			`if ($@) {`
			`$self->logger->error('Bad characters in TOTP secret');`
			`return -1;`
			`}`
TOTP tolerates both backward and forward clock drift & Append unit test (#2394) 2020-12-04 23:05:11 +01:00			`for ( -$range .. $range ) {`
Full TOTP (#1359) 2018-02-21 22:07:12 +01:00			`if ( $code eq $self->_code( $s, $_, $interval, $digits ) ) {`
TOTP tolerates both backward and forward clock drift & Append unit test (#2394) 2020-12-04 23:05:11 +01:00			`$self->userLogger->info("Codes match at range $_");`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`return 1;`
			`}`
			`}`
			`return 0;`
			`}`

TOTP self registration in progress (#1359) 2018-02-20 18:36:34 +01:00			`# Internal subroutine that calculates TOTP code using $secret and $interval`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`sub _code {`
Full TOTP (#1359) 2018-02-21 22:07:12 +01:00			`my ( $self, $secret, $r, $interval, $digits ) = @_;`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`my $hmac = hmac_sha1_hex(`
			`pack( 'H*',`
Error in intervals (#1359) 2018-03-18 22:38:12 +01:00			`sprintf( '%016x', int( ( time - $r * $interval ) / $interval ) ) ),`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`$secret,`
			`);`

			`return sprintf(`
Full TOTP (#1359) 2018-02-21 22:07:12 +01:00			`'%0' . $digits . 'd',`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`(`
			`hex( substr( $hmac, hex( substr( $hmac, -1 ) ) * 2, 8 ) ) &`
			`0x7fffffff`
Fix TOTP formula 2018-08-18 21:21:20 +02:00			`) % 10**$digits`
Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`);`
			`}`

TOTP self registration in progress (#1359) 2018-02-20 18:36:34 +01:00			`# Simply generate new base32 secret`
			`sub newSecret {`
			`my ($self) = @_;`
Replace rand() by Crypt::URandom::urandom() 2019-01-31 23:16:11 +01:00			`return encode_base32( Crypt::URandom::urandom(20) );`
TOTP self registration in progress (#1359) 2018-02-20 18:36:34 +01:00			`}`

Move TOTP verification in Common (#1359) This Common module will be used also in admin interface 2018-02-19 22:34:23 +01:00			`1;`