]>
git.wh0rd.org - tt-rss.git/blob - lib/otphp/lib/otp.php
3 * Copyright (c) 2011 Le Lag
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 * One Time Password Generator
27 * The OTP class allow the generation of one-time
28 * password that is described in rfc 4xxx.
30 * This is class is meant to be compatible with
31 * Google Authenticator.
33 * This class was originally ported from the rotp
34 * ruby library available at https://github.com/mdp/rotp
38 * The base32 encoded secret key
44 * The algorithm used for the hmac hash function
50 * The number of digits in the one-time password
56 * Constructor for the OTP class
57 * @param string $secret the secret key
58 * @param array $opt options array can contain the
60 * @param integer digits : the number of digits in the one time password
61 * Currently Google Authenticator only support 6. Defaults to 6.
62 * @param string digest : the algorithm used for the hmac hash function
63 * Google Authenticator only support sha1. Defaults to sha1
65 * @return new OTP class.
67 public function __construct($secret, $opt = Array()) {
68 $this->digits
= isset($opt['digits']) ?
$opt['digits'] : 6;
69 $this->digest
= isset($opt['digest']) ?
$opt['digest'] : 'sha1';
70 $this->secret
= $secret;
74 * Generate a one-time password
76 * @param integer $input : number used to seed the hmac hash function.
77 * This number is usually a counter (HOTP) or calculated based on the current
78 * timestamp (see TOTP class).
79 * @return integer the one-time password
81 public function generateOTP($input) {
82 $hash = hash_hmac($this->digest
, $this->intToBytestring($input), $this->byteSecret());
83 foreach(str_split($hash, 2) as $hex) { // stupid PHP has bin2hex but no hex2bin WTF
84 $hmac[] = hexdec($hex);
86 $offset = $hmac[19] & 0xf;
87 $code = ($hmac[$offset+
0] & 0x7F) << 24 |
88 ($hmac[$offset +
1] & 0xFF) << 16 |
89 ($hmac[$offset +
2] & 0xFF) << 8 |
90 ($hmac[$offset +
3] & 0xFF);
91 return $code %
pow(10, $this->digits
);
95 * Returns the binary value of the base32 encoded secret
97 * This method should be private but was left public for
98 * phpunit tests to work.
99 * @return binary secret key
101 public function byteSecret() {
102 return \Base32
::decode($this->secret
);
106 * Turns an integer in a OATH bytestring
107 * @param integer $int
109 * @return string bytestring
111 public function intToBytestring($int) {
114 $result[] = chr($int & 0xFF);
117 return str_pad(join(array_reverse($result)), 8, "\000", STR_PAD_LEFT
);