totp 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: dc0d44097f7757f0363bb7ce7eaa4f236f86b0eb
+  data.tar.gz: 18c991e130d749c77a59da809066fe869a4f4623
+SHA512:
+  metadata.gz: bb98acd87360c4b57f497aa7216cd9ab45ec2f7291c07ba04dcbd58ecc73cb5e0411653a7b2a1441ed54c82966c5975ec7314a5fc80d57e084c7a9ec85692c23
+  data.tar.gz: 3b844ad850ebddad6940991f021cf7a17e57949f4df79dc636fbde0f6821d12397b747863bea4425ff34168441fa425b1a8482ff7a18396a88dc8206d0350934

data/.gems

@@ -0,0 +1,2 @@
+base32 -v 0.3.2
+cutest -v 1.2.1

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2014 Michel Martens
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,59 @@
+# Time-based One-Time Passwords
+
+This is an implementation of a Time-Based One-Time Password
+Algorithm compatible with Google Authenticator. You can read more
+about TOTP at http://tools.ietf.org/html/rfc6238.
+
+## Usage
+
+Passwords are derived from a secret and a time. You can use the
+`TOTP.secret` function to obtain a new, random secret.
+
+``` ruby
+TOTP.secret #=> "YYZ27CO4WZTPZAYX"
+```
+
+This helper is handy if you want to implement 2 factor
+authentication in your application.
+
+In order to generate time based one time passwords, you can use
+the `TOTP.passwords` function:
+
+``` ruby
+# Using the secret "AAAAAAAAAAAAAAAA" and the current time
+TOTP.passwords("AAAAAAAAAAAAAAAA") #=> [783743, 17086, 955099]
+```
+
+You can also provide a specific time or timestamp:
+
+``` ruby
+# Using the same secret and a timestamp
+passwords = TOTP.passwords("AAAAAAAAAAAAAAAA", 1400000000)
+
+assert_equal [306281, 553572, 304383], passwords #=> true
+```
+
+To check the validity of a given password, you can use the
+`TOTP.valid?` function:
+
+``` ruby
+TOTP.valid?(secret, password)
+```
+
+If you want to check if a password was valid at a particular time,
+you can provide a time object or a timestamp as a third argument:
+
+``` ruby
+TOTP.valid?(secret, password, time)
+```
+
+## Installation
+
+      $ gem install totp
+
+### Acknowledgments
+
+This library is inspired by the following implementations:
+
+- https://gist.github.com/bithive/987839
+- https://github.com/nricciar/google_authenticator_auth

data/lib/totp.rb

@@ -0,0 +1,50 @@
+require 'openssl'
+require 'base32'
+
+module TOTP
+
+  # Generate a random secret
+  def self.secret
+    return Base32.encode((0...10).map { rand(255).chr }.join)
+  end
+
+  # Return whether or not the key is valid for the given secret
+  def self.valid?(secret, pass, time = Time.now)
+    return self.passwords(secret, time).include?(pass)
+  end
+
+  def self.totp(hmac, time)
+    bytes = [time].pack('>q').reverse
+
+    hmac.reset
+    hmac.update(bytes)
+
+    code = hmac.digest
+    offs = code[-1].ord & 0x0F
+    hash = code[offs...offs + 4]
+
+    pass = hash.reverse.unpack('L')[0]
+    pass &= 0x7FFFFFFF
+    pass %= 1000000
+
+    return pass
+  end
+
+  # Generate passwords based on the secret and time
+  def self.passwords(secret, time = Time.now)
+
+    interval = time.to_i / 30
+
+    hmac = OpenSSL::HMAC.new(
+      Base32.decode(secret),
+      OpenSSL::Digest::SHA1.new,
+    )
+
+    # Cover three 30 second intervals
+    return [
+      totp(hmac, interval.pred),
+      totp(hmac, interval),
+      totp(hmac, interval.succ),
+    ]
+  end
+end

data/makefile

@@ -0,0 +1,4 @@
+test:
+	cutest ./test/*.rb
+
+.PHONY: test

data/test/totp_test.rb

@@ -0,0 +1,36 @@
+require_relative "../lib/totp"
+
+test "normal usage" do
+  secret = TOTP.secret
+
+  # Secret is a string of size 16
+  assert_equal 16, secret.size
+  assert_equal String, secret.class
+
+  # Secret should be different on each call
+  assert secret != TOTP.secret
+
+  passwords = TOTP.passwords(secret)
+
+  # Passwords should be unique
+  assert_equal passwords.size, passwords.uniq.size
+
+  # Passwords should be valid
+  passwords.each do |pass|
+    assert TOTP.valid?(secret, pass)
+  end
+end
+
+test "usage with known values" do
+  secret = "AAAAAAAAAAAAAAAA"
+  time   = 1400000000
+  known  = [306281, 553572, 304383]
+
+  # Accepts an optional argument for time
+  passwords = TOTP.passwords(secret, time)
+
+  # Accepts an optional argument for time
+  assert TOTP.valid?(secret, known[0], time)
+
+  assert_equal known, passwords
+end

data/totp.gemspec

@@ -0,0 +1,14 @@
+Gem::Specification.new do |s|
+  s.name              = "totp"
+  s.version           = "1.0.0"
+  s.summary           = "Time-based One-Time Passwords"
+  s.description       = "Time-based One-Time Passwords"
+  s.authors           = ["Michel Martens"]
+  s.email             = ["michel@soveran.com"]
+  s.homepage          = "http://github.com/soveran/totp"
+
+  s.files = `git ls-files`.split("\n")
+
+  s.add_dependency "base32"
+  s.add_development_dependency "cutest"
+end

metadata

@@ -0,0 +1,78 @@
+--- !ruby/object:Gem::Specification
+name: totp
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Michel Martens
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-06-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: base32
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cutest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Time-based One-Time Passwords
+email:
+- michel@soveran.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gems
+- LICENSE
+- README.md
+- lib/totp.rb
+- makefile
+- test/totp_test.rb
+- totp.gemspec
+homepage: http://github.com/soveran/totp
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Time-based One-Time Passwords
+test_files: []