PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

TOTP

https://www.purebasic.fr/english/viewtopic.php?t=85040

Page 1 of 1

TOTP

Posted: Thu Aug 08, 2024 8:19 am
by infratec
Since I was shocked about > 40MB for a 2FA program for my PC

Code: Select all

Procedure.s TOTP(Secret$)
  
  Protected.i Last4Bits, v, SecretLen, i, Offset
  Protected.q Interval
  Protected Digest$, codeString$, Interval$
  Protected *Base32, *Secret, *Interval
  
  
  If Secret$ <> ""
    *Base32 = AllocateMemory(Len(Secret$), #PB_Memory_NoClear)
    If *Base32
      SecretLen = Base32Decoder(Secret$, *Base32, MemorySize(*Base32))
      If SecretLen
        
        *Secret = AllocateMemory(SecretLen, #PB_Memory_NoClear)
        If *Secret
          CopyMemory(*Base32, *Secret, SecretLen)
          
          Interval = DateUTC() / 30
          Interval$ = RSet(Hex(Interval), 16, "0")
          
          *Interval = AllocateMemory(8)
          If *Interval
            For i = 0 To 7
              PokeA(*Interval + i, Val("$" + Mid(Interval$, 1 + i * 2, 2)))
            Next i
            
            Digest$ = hmac(*Interval, *Secret)
            
            Offset = Val("$" + Right(Digest$, 1))
            
            v = (Val("$" + Mid(Digest$, 1 + (Offset + 0) * 2, 2)) & $7F) << 24
            v | (Val("$" + Mid(Digest$, 1 + (Offset + 1) * 2, 2)) << 16)
            v | (Val("$" + Mid(Digest$, 1 + (Offset + 2) * 2, 2)) << 8)
            v |  Val("$" + Mid(Digest$, 1 + (Offset + 3) * 2, 2))
            
            codeString$ = RSet(Str(v % 1000000), 6, "0")
            FreeMemory(*Interval)
          EndIf
          FillMemory(*Secret, SecretLen)
          FreeMemory(*Secret)
        EndIf
      EndIf
      FreeMemory(*Base32)
    EndIf
  EndIf
  
  ProcedureReturn codeString$
  
EndProcedure
You need;

Code: Select all

XIncludeFile "Base32.pbi"
XIncludeFile "HMAC.pbi"
https://www.purebasic.fr/english/viewtopic.php?t=84906
https://www.purebasic.fr/english/viewtopic.php?t=85009

Re: TOTP

Posted: Thu Aug 08, 2024 10:13 am
by NicTheQuick
When working with secrets it is always a good idea to wipe their content before freeing the memory. Or else someone using `AllocateMemory()` with #PB_Memory_NoClear may see the secrets in that portion of memory again.
I think `FillMemory()` is a good and simple way to clear any memory that contains a secret easily.

Re: TOTP

Posted: Thu Aug 08, 2024 11:18 am
by Quin
Nice work as always Infratec! :)

Re: TOTP

Posted: Thu Aug 08, 2024 5:18 pm
by Caronte3D
Works very well, thanks :wink:

Re: TOTP

Posted: Sat Aug 10, 2024 2:35 am
by idle
That will be very useful. Thanks

Re: TOTP

Posted: Sat Aug 10, 2024 8:22 am
by infratec
If you combine it with my qrcode decoder pbi, you can easy build a full working 2FA program.

https://www.purebasic.fr/english/viewtopic.php?t=76669

Re: TOTP

Posted: Sat Aug 10, 2024 8:33 am
by Fred
I agree than 40MB programs for very simple stuffs are more and more common which is a shame. It takes a lot of bandwidth to download, memory when executed, space on disk and so on. In world wanting to be greener on the IT side it's quite the opposite happening. Purebasic, an eco friendly compiler ? 8)

Re: TOTP

Posted: Sat Aug 10, 2024 9:35 am
by Rinzwind
Fred wrote: Sat Aug 10, 2024 8:33 am I agree than 40MB programs for very simple stuffs are more and more common which is a shame. It takes a lot of bandwidth to download, memory when executed, space on disk and so on. In world wanting to be greener on the IT side it's quite the opposite happening. Purebasic, an eco friendly compiler ? 8)
Help by adding the now because of above common used hash algorithms HMAC and base32 to PB lib ;

Re: TOTP

Posted: Sat Aug 10, 2024 10:09 am
by infratec
Rinzwind wrote: Sat Aug 10, 2024 9:35 am Help by adding the now because of above common used hash algorithms HMAC and base32 to PB lib ;
I don't understand what you mean.
I provided the links to the implementations of Base32.pbi and HMAC.pbi

Re: TOTP

Posted: Sat Aug 10, 2024 7:12 pm
by Rinzwind
It was @fred. Buildin PB support out of dabox.
Anyway, thanks for this useful lib.

Re: TOTP

Posted: Sun Aug 11, 2024 4:44 am
by BarryG
I saw "TOTP" and thought this topic was about Top of the Pops :lol:

Re: TOTP

Posted: Sun Aug 11, 2024 7:48 am
by Ajm
BarryG wrote: Sun Aug 11, 2024 4:44 am I saw "TOTP" and thought this topic was about Top of the Pops :lol:
:lol: :lol: :lol:
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited