2019-07-09 10:34:45 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (s *OpenVpnMgt) GenerateOTP(user string) ([]string, error) {
|
|
|
|
return s.GenerateOTPGeneric(user, 30, "sha1", 10, 6)
|
|
|
|
}
|
|
|
|
|
|
|
|
// alternative OTP generator, not used at the moment
|
2019-07-09 21:37:37 +00:00
|
|
|
// func (s *OpenVpnMgt) GenerateSlackOTP(user string) ([]string, error) {
|
|
|
|
// return s.GenerateOTPGeneric(user, 60, "sha256", 30, 8)
|
|
|
|
// }
|
2019-07-09 10:34:45 +00:00
|
|
|
|
2019-07-10 13:47:55 +00:00
|
|
|
func (s *OpenVpnMgt) TokenPassword(c *vpnSession) (bool, string) {
|
2019-07-10 16:40:15 +00:00
|
|
|
now := time.Now().Unix()
|
|
|
|
if len(c.password) > 40 {
|
|
|
|
salt := c.password[:4]
|
|
|
|
for i := 0; i < 3; i++ {
|
|
|
|
test := encode64(ComputeHmac256(c.baseHash(salt, now/30-int64(i)), s.otpMasterSecrets[0]))
|
|
|
|
if salt+test == c.password {
|
|
|
|
return true, c.password
|
|
|
|
}
|
|
|
|
}
|
2019-07-10 13:47:55 +00:00
|
|
|
}
|
2019-07-10 16:40:15 +00:00
|
|
|
|
|
|
|
salt := NewSalt()
|
|
|
|
return false, salt + encode64(ComputeHmac256(c.baseHash(salt, now/30), s.otpMasterSecrets[0]))
|
2019-07-10 13:47:55 +00:00
|
|
|
}
|
|
|
|
|
2019-07-09 10:34:45 +00:00
|
|
|
func (s *OpenVpnMgt) GenerateOTPGeneric(user string, period int, algo string, secretLen int, digits int) ([]string, error) {
|
|
|
|
codes := []string{}
|
|
|
|
now := time.Now()
|
|
|
|
|
|
|
|
secret := encodeSecret(ComputeHmac256(user, s.otpMasterSecrets[0])[:secretLen])
|
|
|
|
code, err := GenericTotpCode(secret, now, algo, digits, period)
|
|
|
|
if err != nil {
|
|
|
|
return codes, err
|
|
|
|
}
|
|
|
|
// the first code is the generic one
|
|
|
|
codes = append(codes, code)
|
|
|
|
|
|
|
|
for i := 1; i < 3; i++ {
|
|
|
|
code, _ = GenericTotpCode(secret, now.Add(-1*time.Second*time.Duration(period*i)), algo, digits, period)
|
|
|
|
codes = append(codes, code)
|
|
|
|
}
|
|
|
|
|
|
|
|
for j := 1; j < len(s.otpMasterSecrets); j++ {
|
|
|
|
secret = encodeSecret(ComputeHmac256(user, s.otpMasterSecrets[j])[:secretLen])
|
|
|
|
for i := 0; i < 3; i++ {
|
|
|
|
code, _ = GenericTotpCode(secret, now.Add(-1*time.Second*time.Duration(period*i)), algo, digits, period)
|
|
|
|
codes = append(codes, code)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return codes, nil
|
|
|
|
}
|