Safe Haskell	Safe-Inferred
Language	GHC2021

OTP.TOTP

Contents

Usage
HMAC-SHA-1
HMAC-SHA-256
HMAC-SHA-512
URI Generation

Description

Time-based One-Time Passwords (TOTP) with the HMAC-SHA-1, HMAC-SHA-256 and HMAC-SHA-512 algorithms.

They are single-use codes used for 2-Factor Authentication.

Synopsis

data OTP
newSHA1Key :: IO AuthenticationKey
totpSHA1 :: AuthenticationKey -> Time -> Timespan -> Digits -> OTP
totpSHA1Check :: AuthenticationKey -> (Word64, Word64) -> Time -> Timespan -> Digits -> Text -> Bool
newSHA256Key :: IO AuthenticationKey
totpSHA256 :: AuthenticationKey -> Time -> Timespan -> Digits -> OTP
totpSHA256Check :: AuthenticationKey -> (Word64, Word64) -> Time -> Timespan -> Digits -> Text -> Bool
newSHA512Key :: IO AuthenticationKey
totpSHA512 :: AuthenticationKey -> Time -> Timespan -> Digits -> OTP
totpSHA512Check :: AuthenticationKey -> (Word64, Word64) -> Time -> Timespan -> Digits -> Text -> Bool
totpToURI :: Text -> Text -> Text -> Digits -> Timespan -> Algorithm -> Text

Usage

import Chronos (Timespan, now, second)
import Data.ByteString.Base32 qualified as Base32
import Data.Maybe (fromJust)
import Data.Text (Text)
import OTP.Commons
import OTP.TOTP
import Sel.HMAC.SHA256 qualified as HMAC
import Torsor (scale)

period :: Timespan
period = scale 30 second

sixDigits :: Digits
sixDigits = fromJust $ mkDigits 6

uriFromKey :: Text -> Text -> HMAC.AuthenticationKey -> Text
uriFromKey domain email key =
 let
   issuer = "your-domain"
  in
   totpToURI
     (Base32.encodeBase32Unpadded $ HMAC.unsafeAuthenticationKeyToBinary key)
     email
     issuer
     sixDigits
     period
     HMAC_SHA1

validateTOTP :: HMAC.AuthenticationKey -> Text -> IO Bool
validateTOTP key code = do
 timestamp <- now
 pure $
   totpSHA1Check
     key
     (1, 1)
     timestamp
     period
     sixDigits
     code

data OTP Source #

Since: 3.0.0.0

Instances

Instances details

Show OTP Source #	Since: 3.0.0.0
Instance details Defined in OTP.Commons Methods showsPrec :: Int -> OTP -> ShowS # show :: OTP -> String # showList :: [OTP] -> ShowS #
Eq OTP Source #	Since: 3.0.0.0
Instance details Defined in OTP.Commons Methods (==) :: OTP -> OTP -> Bool # (/=) :: OTP -> OTP -> Bool #
Ord OTP Source #	Since: 3.0.0.0
Instance details Defined in OTP.Commons Methods compare :: OTP -> OTP -> Ordering # (<) :: OTP -> OTP -> Bool # (<=) :: OTP -> OTP -> Bool # (>) :: OTP -> OTP -> Bool # (>=) :: OTP -> OTP -> Bool # max :: OTP -> OTP -> OTP # min :: OTP -> OTP -> OTP #
Display OTP Source #	Since: 3.0.0.0
Instance details Defined in OTP.Commons Methods displayBuilder :: OTP -> Builder # displayList :: [OTP] -> Builder # displayPrec :: Int -> OTP -> Builder #

HMAC-SHA-1

newSHA1Key :: IO AuthenticationKey Source #

Create an new random key to be used with the SHA-1 functions

Since: 3.0.0.0

totpSHA1 Source #

Arguments

:: AuthenticationKey	Shared secret
-> Time	Time of TOTP
-> Timespan	Time range in seconds
-> Digits	Number of digits in a password
-> OTP	TOTP

Compute a Time-based One-Time Password using secret key and time.

Since: 3.0.0.0

totpSHA1Check Source #

Arguments

:: AuthenticationKey	Shared secret
-> (Word64, Word64)	Valid counter range, before and after ideal
-> Time	Time of TOTP
-> Timespan	Time range in seconds
-> Digits	Numer of digits in a password
-> Text	Password given by user
-> Bool	True if password is valid

Check presented password against time periods.

Since: 3.0.0.0

HMAC-SHA-256

newSHA256Key :: IO AuthenticationKey Source #

Create an new random key to be used with the SHA256 functions

Since: 3.0.0.0

totpSHA256 Source #

Arguments

:: AuthenticationKey	Shared secret
-> Time	Time of TOTP
-> Timespan	Time range in seconds
-> Digits	Number of digits in a password
-> OTP	TOTP

Compute a Time-based One-Time Password using secret key and time.

Since: 3.0.0.0

totpSHA256Check Source #

Arguments

:: AuthenticationKey	Shared secret
-> (Word64, Word64)	Valid counter range, before and after ideal
-> Time	Time of TOTP
-> Timespan	Time range in seconds
-> Digits	Numer of digits in a password
-> Text	Password given by user
-> Bool	True if password is valid

Check presented password against time periods.

Since: 3.0.0.0

HMAC-SHA-512

newSHA512Key :: IO AuthenticationKey Source #

Create an new random key to be used with the SHA512 functions

Since: 3.0.0.0

totpSHA512 Source #

Arguments

:: AuthenticationKey	Shared secret
-> Time	Time of TOTP
-> Timespan	Time range in seconds
-> Digits	Number of digits in a password
-> OTP	TOTP

Compute a Time-based One-Time Password using secret key and time.

Since: 3.0.0.0

totpSHA512Check Source #

Arguments

:: AuthenticationKey	Shared secret
-> (Word64, Word64)	Valid counter range, before and after ideal
-> Time	Time of TOTP
-> Timespan	Time range in seconds
-> Digits	Numer of digits in a password
-> Text	Password given by user
-> Bool	True if password is valid

Check presented password against time periods.

Since: 3.0.0.0

URI Generation

totpToURI Source #

Arguments

:: Text	Shared secret key. Must be encoded in base32.
-> Text	Name of the account (usually an email address)
-> Text	Issuer
-> Digits	Amount of digits expected from the end-user
-> Timespan	Amount of time before the generated code expires
-> Algorithm	Algorithm required
-> Text

Create a URI suitable for authenticators.

The result of this function is best given to a QR Code generator for end-users to scan.

Since: 3.0.0.0