2016-12-12 45 views
0

我已經實現了許多TOTP類,它們都生成錯誤的輸出。下面我發佈了我用於最簡單的代碼。基於時間的OTP生成錯誤密鑰C#

我希望它能夠得到實施,並像Google身份驗證器一樣運行 - 例如代碼https://gauth.apps.gbraad.nl/#main

所以我想要發生的是,在應用程序的前端,用戶將輸入他的祕密「BANANAKEY123」,它轉換爲base32字符串「IJAU4QKOIFFUKWJRGIZQ ====」。

現在在下面的構造函數中鍵將是「BANANAKEY123」。但由於某些原因,它不會像GAuth OTP工具那樣使用此代碼生成相同的OTP密鑰。

只有兩個合理的失誤將

var secretKeyBytes = Base32Encode(secretKey); 

是錯誤的,或者我的計時功能是錯誤的。我查了一下,也沒有找到任何這些錯誤。那麼有人可以幫助我在正確的方向嗎?謝謝!

public class Totp 
{ 
    private readonly int digits = 6; 
    private readonly HMACSHA1 hmac; 
    private readonly HMACSHA256 hmac256; 
    private readonly Int32 t1 = 30; 
    internal int mode; 

    private string secret; 

    private const string allowedCharacters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; 

    public Totp(string key, int mode) 
    { 
     secret = key; 
     this.mode = mode; 
    } 

    // defaults to SHA-1 
    public Totp(string key) 
    { 
     secret = key; 
     this.mode = 1; 
    } 


    public Totp(string base32string, Int32 t1, int digits) : this(base32string) 
    { 
     this.t1 = t1; 
     this.digits = digits; 
    } 

    public Totp(string base32string, Int32 t1, int digits, int mode) : this(base32string, mode) 
    { 
     this.t1 = t1; 
     this.digits = digits; 
    } 

    public String getCodeString() 
    { 
     return GetCode(this.secret, GetInterval(DateTime.UtcNow)); 
    } 

    private static long GetInterval(DateTime dateTime) 
    { 
     TimeSpan elapsedTime = dateTime.ToUniversalTime() - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); 
     return (long)elapsedTime.TotalSeconds/30; 
    } 

    private static string GetCode(string secretKey, long timeIndex) 
    { 
     var secretKeyBytes = Base32Encode(secretKey); 
     HMACSHA1 hmac = new HMACSHA1(secretKeyBytes); 
     byte[] challenge = BitConverter.GetBytes(timeIndex); 
     if (BitConverter.IsLittleEndian) Array.Reverse(challenge); 
     byte[] hash = hmac.ComputeHash(challenge); 
     int offset = hash[19] & 0xf; 
     int truncatedHash = hash[offset] & 0x7f; 
     for (int i = 1; i < 4; i++) 
     { 
      truncatedHash <<= 8; 
      truncatedHash |= hash[offset + i] & 0xff; 
     } 
     truncatedHash %= 1000000; 
     return truncatedHash.ToString("D6"); 
    } 

    private static byte[] Base32Encode(string source) 
    { 
     var bits = source.ToUpper().ToCharArray().Select(c => 
      Convert.ToString(allowedCharacters.IndexOf(c), 2).PadLeft(5, '0')).Aggregate((a, b) => a + b); 
     return Enumerable.Range(0, bits.Length/8).Select(i => Convert.ToByte(bits.Substring(i * 8, 8), 2)).ToArray(); 
    } 
} 
+3

順便說一句,你的'Base32Encode'方法是非常低效的(在'ToUpper的()'和'ToCharArray()'調用是不必要的),並使用'Aggregate'用'String'代替'StringBuilder'會導致過多的新字符串分配(並在O(n^n)時間運行)。 – Dai

+0

在這篇文章中,這是一個錯字,你的'祕密鑰匙'包含字符'1',但這不在'allowedCharacters'集合中嗎? –

回答

0

我一直在使用此代碼很長一段時間來生成基於時間的OTP,希望它有幫助。

TotpAuthenticationService.cs

using System; 
using System.Net; 
using System.Security.Cryptography; 
using System.Text; 

namespace Wteen.Infrastructure.Services 
{ 
    /// <summary> 
    /// An Time Based Implementation of RFC 6248, a variation from the OTP (One Time Password) with, a default code life time of 30 seconds. 
    /// </summary> 
    public sealed class TotpAuthenticationService 
    { 
     private readonly Encoding _encoding; 
     private readonly int _length; 
     private readonly TimeSpan _timestep; 
     private readonly DateTime _unixEpoch; 

     /// <summary> 
     /// Create a new Instance of <see cref="TotpAuthenticationService"/> 
     /// </summary> 
     /// <param name="length">The length of the OTP</param> 
     /// <param name="duration">The peried of time in which the genartion of a OTP with the result with the same value</param> 
     public TotpAuthenticationService(int length, int duration = 30) 
     { 
      _length = length; 
      _encoding = new UTF8Encoding(false, true); 
      _timestep = TimeSpan.FromSeconds(duration); 
      _unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); 
     } 

     /// <summary> 
     /// The current time step number 
     /// </summary> 
     private ulong CurrentTimeStepNumber => (ulong)(TimeElapsed.Ticks/_timestep.Ticks); 

     /// <summary> 
     /// The number of seconds elapsed since midnight UTC of January 1, 1970. 
     /// </summary> 
     private TimeSpan TimeElapsed => DateTime.UtcNow - _unixEpoch; 

     /// <summary> 
     /// 
     /// </summary> 
     /// <param name="securityToken"></param> 
     /// <param name="modifier"></param> 
     /// <returns></returns> 
     public int GenerateCode(byte[] securityToken, string modifier = null) 
     { 
      if (securityToken == null) 
       throw new ArgumentNullException(nameof(securityToken)); 

      using (var hmacshA1 = new HMACSHA1(securityToken)) 
      { 
       return ComputeTotp(hmacshA1, CurrentTimeStepNumber, modifier); 
      } 
     } 

     /// <summary> 
     /// Validating for codes generated during the current and past code generation <see cref="timeSteps"/> 
     /// </summary> 
     /// <param name="securityToken">User's secerct</param> 
     /// <param name="code">The code to validate</param> 
     /// <param name="timeSteps">The number of time steps the <see cref="code"/> could be validated for.</param> 
     /// <param name="channel">Possible channels could be user's email or mobile number where the code will be sent to</param> 
     /// <returns></returns> 
     public bool ValidateCode(byte[] securityToken, int code, int timeSteps, string channel = null) 
     { 
      if (securityToken == null) 
       throw new ArgumentNullException(nameof(securityToken)); 

      using (var hmacshA1 = new HMACSHA1(securityToken)) 
      { 
       for (var index = -timeSteps; index <= timeSteps; ++index) 
        if (ComputeTotp(hmacshA1, CurrentTimeStepNumber + (ulong)index, channel) == code) 
         return true; 
      } 

      return false; 
     } 

     private byte[] ApplyModifier(byte[] input, string modifier) 
     { 
      if (string.IsNullOrEmpty(modifier)) 
       return input; 

      var bytes = _encoding.GetBytes(modifier); 
      var numArray = new byte[checked(input.Length + bytes.Length)]; 
      Buffer.BlockCopy(input, 0, numArray, 0, input.Length); 
      Buffer.BlockCopy(bytes, 0, numArray, input.Length, bytes.Length); 
      return numArray; 
     } 

     private int ComputeTotp(HashAlgorithm algorithm, ulong timestepNumber, string modifier) 
     { 
      var bytes = BitConverter.GetBytes(IPAddress.HostToNetworkOrder((long)timestepNumber)); 
      var hash = algorithm.ComputeHash(ApplyModifier(bytes, modifier)); 
      var index = hash[hash.Length - 1] & 15; 
      return (((hash[index] & sbyte.MaxValue) << 24) | ((hash[index + 1] & byte.MaxValue) << 16) | ((hash[index + 2] & byte.MaxValue) << 8) | (hash[index + 3] & byte.MaxValue)) % (int)Math.Pow(10, _length); 
     } 
    } 
} 
+0

是否可以添加更多鏈接?以防萬一鏈路壞了,這會讓你的答案不再有用。 – Chillie

+0

謝謝@Chillie指出,我是新手,今後我會考慮你的建議。 –