TOTP

Share your advanced PureBasic knowledge/code with the community.
infratec
Always Here
Always Here
Posts: 7575
Joined: Sun Sep 07, 2008 12:45 pm
Location: Germany

TOTP

Post by infratec »

Since I was shocked about > 40MB for a 2FA program for my PC

Code: Select all

Procedure.s TOTP(Secret$)
  
  Protected.i Last4Bits, v, SecretLen, i, Offset
  Protected.q Interval
  Protected Digest$, codeString$, Interval$
  Protected *Base32, *Secret, *Interval
  
  
  If Secret$ <> ""
    *Base32 = AllocateMemory(Len(Secret$), #PB_Memory_NoClear)
    If *Base32
      SecretLen = Base32Decoder(Secret$, *Base32, MemorySize(*Base32))
      If SecretLen
        
        *Secret = AllocateMemory(SecretLen, #PB_Memory_NoClear)
        If *Secret
          CopyMemory(*Base32, *Secret, SecretLen)
          
          Interval = DateUTC() / 30
          Interval$ = RSet(Hex(Interval), 16, "0")
          
          *Interval = AllocateMemory(8)
          If *Interval
            For i = 0 To 7
              PokeA(*Interval + i, Val("$" + Mid(Interval$, 1 + i * 2, 2)))
            Next i
            
            Digest$ = hmac(*Interval, *Secret)
            
            Offset = Val("$" + Right(Digest$, 1))
            
            v = (Val("$" + Mid(Digest$, 1 + (Offset + 0) * 2, 2)) & $7F) << 24
            v | (Val("$" + Mid(Digest$, 1 + (Offset + 1) * 2, 2)) << 16)
            v | (Val("$" + Mid(Digest$, 1 + (Offset + 2) * 2, 2)) << 8)
            v |  Val("$" + Mid(Digest$, 1 + (Offset + 3) * 2, 2))
            
            codeString$ = RSet(Str(v % 1000000), 6, "0")
            FreeMemory(*Interval)
          EndIf
          FillMemory(*Secret, SecretLen)
          FreeMemory(*Secret)
        EndIf
      EndIf
      FreeMemory(*Base32)
    EndIf
  EndIf
  
  ProcedureReturn codeString$
  
EndProcedure
You need;

Code: Select all

XIncludeFile "Base32.pbi"
XIncludeFile "HMAC.pbi"
https://www.purebasic.fr/english/viewtopic.php?t=84906
https://www.purebasic.fr/english/viewtopic.php?t=85009
Last edited by infratec on Sat Aug 10, 2024 1:17 pm, edited 1 time in total.
User avatar
NicTheQuick
Addict
Addict
Posts: 1501
Joined: Sun Jun 22, 2003 7:43 pm
Location: Germany, Saarbrücken
Contact:

Re: TOTP

Post by NicTheQuick »

When working with secrets it is always a good idea to wipe their content before freeing the memory. Or else someone using `AllocateMemory()` with #PB_Memory_NoClear may see the secrets in that portion of memory again.
I think `FillMemory()` is a good and simple way to clear any memory that contains a secret easily.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
Quin
Addict
Addict
Posts: 1122
Joined: Thu Mar 31, 2022 7:03 pm
Location: Colorado, United States
Contact:

Re: TOTP

Post by Quin »

Nice work as always Infratec! :)
User avatar
Caronte3D
Addict
Addict
Posts: 1355
Joined: Fri Jan 22, 2016 5:33 pm
Location: Some Universe

Re: TOTP

Post by Caronte3D »

Works very well, thanks :wink:
User avatar
idle
Always Here
Always Here
Posts: 5834
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: TOTP

Post by idle »

That will be very useful. Thanks
infratec
Always Here
Always Here
Posts: 7575
Joined: Sun Sep 07, 2008 12:45 pm
Location: Germany

Re: TOTP

Post by infratec »

If you combine it with my qrcode decoder pbi, you can easy build a full working 2FA program.

https://www.purebasic.fr/english/viewtopic.php?t=76669
Fred
Administrator
Administrator
Posts: 18150
Joined: Fri May 17, 2002 4:39 pm
Location: France
Contact:

Re: TOTP

Post by Fred »

I agree than 40MB programs for very simple stuffs are more and more common which is a shame. It takes a lot of bandwidth to download, memory when executed, space on disk and so on. In world wanting to be greener on the IT side it's quite the opposite happening. Purebasic, an eco friendly compiler ? 8)
Rinzwind
Enthusiast
Enthusiast
Posts: 679
Joined: Wed Mar 11, 2009 4:06 pm
Location: NL

Re: TOTP

Post by Rinzwind »

Fred wrote: Sat Aug 10, 2024 8:33 am I agree than 40MB programs for very simple stuffs are more and more common which is a shame. It takes a lot of bandwidth to download, memory when executed, space on disk and so on. In world wanting to be greener on the IT side it's quite the opposite happening. Purebasic, an eco friendly compiler ? 8)
Help by adding the now because of above common used hash algorithms HMAC and base32 to PB lib ;
infratec
Always Here
Always Here
Posts: 7575
Joined: Sun Sep 07, 2008 12:45 pm
Location: Germany

Re: TOTP

Post by infratec »

Rinzwind wrote: Sat Aug 10, 2024 9:35 am Help by adding the now because of above common used hash algorithms HMAC and base32 to PB lib ;
I don't understand what you mean.
I provided the links to the implementations of Base32.pbi and HMAC.pbi
Rinzwind
Enthusiast
Enthusiast
Posts: 679
Joined: Wed Mar 11, 2009 4:06 pm
Location: NL

Re: TOTP

Post by Rinzwind »

It was @fred. Buildin PB support out of dabox.
Anyway, thanks for this useful lib.
BarryG
Addict
Addict
Posts: 4118
Joined: Thu Apr 18, 2019 8:17 am

Re: TOTP

Post by BarryG »

I saw "TOTP" and thought this topic was about Top of the Pops :lol:
User avatar
Ajm
Enthusiast
Enthusiast
Posts: 242
Joined: Fri Apr 25, 2003 9:27 pm
Location: Kent, UK

Re: TOTP

Post by Ajm »

BarryG wrote: Sun Aug 11, 2024 4:44 am I saw "TOTP" and thought this topic was about Top of the Pops :lol:
:lol: :lol: :lol:
Regards

Andy

Image
Registered PB & PureVision User
Post Reply