def verify(self, otp_client):
with open("otp", "rb") as f:
key = f.read()
totp = TOTP(key, 8, hashes.SHA1(), 30, backend=default_backend())
tval = time.time()
otp_server = totp.generate(tval)
return otp_server == otp_client
def test_generate_sha512(self, backend, params):
secret = params["secret"]
time = int(params["time"])
totp_value = params["totp"]
totp = TOTP(secret, 8, hashes.SHA512(), 30, backend)
assert totp.generate(time) == totp_value
def test_floating_point_time_generate(self, backend):
secret = b"12345678901234567890"
time = 59.1
totp = TOTP(secret, 8, hashes.SHA1(), 30, backend)
assert totp.generate(time) == b"94287082"
def test_floating_point_time_generate(self, backend):
secret = b"12345678901234567890"
time = 59.1
totp = TOTP(secret, 8, hashes.SHA1(), 30, backend)
assert totp.generate(time) == b"94287082"
def test_generate_sha512(self, backend, params):
secret = params["secret"]
time = int(params["time"])
totp_value = params["totp"]
totp = TOTP(secret, 8, hashes.SHA512(), 30, backend)
assert totp.generate(time) == totp_value
def otp():
f = open('pass.txt', 'rb')
key = f.read()
#print(key)
totp = TOTP(key, 8, SHA1(), 30, backend=default_backend())
time_value = time.time()
totp_value = totp.generate(time_value)
return totp_value
def test_verify_totp_failure(skew):
secret = generate_totp_secret()
totp = TOTP(secret,
TOTP_LENGTH,
SHA1(),
TOTP_INTERVAL,
backend=default_backend())
value = totp.generate(time.time() + skew)
assert not verify_totp(secret, value)
def _get_mfa_token_pin(self):
totp_key = base64.b32decode(self._mfa_token_seed)
totp = TOTP(totp_key,
6,
SHA1(),
self._mfa_token_time_step,
backend=default_backend(),
enforce_key_length=False)
time_value = time.time()
return totp.generate(time_value)
def generate_secret():
totp = TOTP(
key=codecs.encode(string.ascii_letters, encoding="utf-8"),
length=8,
algorithm=SHA1(),
time_step=ONE_WEEK_IN_SECONDS,
backend=default_backend(),
)
seed = int(time.time())
token = codecs.decode(totp.generate(seed), encoding="utf-8")
return f"{token}-{seed}" # there are 2 small bugs below you'll have to fix before proceeding :)
def generate_secret():
totp = TOTP(
key=codecs.encode(string.ascii_letters, encoding="utf-8"),
length=8,
algorithm=SHA1(),
time_step=ONE_WEEK_IN_SECONDS,
backend=default_backend(),
)
seed = int(time.time())
token = codecs.decode(totp.generate(seed), encoding="utf-8")
return f"{token}-{seed}"
def FakeToken(seed, salt=b'', refresh=30, info=b"fake-rsa-token"):
kdf = PBKDF2HMAC(
algorithm=SHA256(),
length=32,
salt=salt,
iterations=100000,
)
key = kdf.derive(seed)
totp = TOTP(key, 8, SHA256(), refresh)
while True:
token_time = time.time()
cur_epoch = int(token_time/refresh)
next_time = (cur_epoch+1)*refresh
yield (next_time-int(token_time), totp.generate(token_time))
def generate_totp_passcode(secret):
"""Generate TOTP passcode.
:param bytes secret: A base32 encoded secret for TOTP authentication
:returns: totp passcode as bytes
"""
if isinstance(secret, six.text_type):
secret = secret.encode('utf-8')
while len(secret) % 8 != 0:
secret = secret + b'='
decoded = base64.b32decode(secret)
totp = TOTP(
decoded, 6, SHA1(), 30, backend=default_backend())
return totp.generate(timegm(datetime.utcnow().utctimetuple())).decode()
def test_2fa(self):
# Disable 2FA even if already disabled
data_request = {'operation': 'disable_2fa', 'args': {}}
handler = self.request(data_request, role='receiver')
yield handler.put()
# Start enrollment for @FA
data_request = {'operation': 'enable_2fa_step1', 'args': {}}
handler = self.request(data_request, role='receiver')
totp_secret = yield handler.put()
# Attempt enrolling for 2FA with an invalid token
data_request = {
'operation': 'enable_2fa_step2',
'args': {
'value': 'invalid_token'
}
}
handler = self.request(data_request, role='receiver')
self.assertFailure(handler.put(), errors.InvalidTwoFactorAuthCode)
# Attempt enrolling for 2FA with a valid token
totp = TOTP(base64.b32decode(totp_secret), 6, SHA1(), 30,
default_backend())
current_token = totp.generate(time.time()).decode()
data_request = {
'operation': 'enable_2fa_step2',
'args': {
'value': current_token
}
}
handler = self.request(data_request, role='receiver')
yield handler.put()
data_request = {'operation': 'disable_2fa', 'args': {}}
handler = self.request(data_request, role='receiver')
yield handler.put()
def get_otp(key):
"""
Generate One-Time Password from key
"""
missing_padding = len(key) % 8
if missing_padding != 0:
key += '=' * (8 - missing_padding)
try:
byte_key = b32decode(key, casefold=True)
except:
return None
totp = TOTP(byte_key,
6,
SHA1(),
30,
backend=default_backend(),
enforce_key_length=False)
return totp.generate(time()).decode()
def generate_totp_code(secret):
""" Generate a Google authenticator compatible TOTP code
Args:
secret: 16 character base32 secret
Return:
code: 8 digit code that expires in 30 seconds
"""
if isinstance(secret, unicode):
secret = secret.encode('utf-8')
try:
key = base64.b32decode(secret)
totp = TOTP(key, 8, SHA1(), 30, backend=default_backend(), enforce_key_length=False)
time_value = int(time.time())
totp_value = totp.generate(time_value)
return totp_value
except (ValueError, TypeError):
pass
return None
def get_otps(self):
"""
Calculate current OTPs for all accounts
"""
otps = {}
for account, key in self._otp_keys.items():
missing_padding = len(key) % 8
if missing_padding != 0:
key += '=' * (8 - missing_padding)
try:
byte_key = b32decode(key, casefold=True)
except binascii.Error:
otps[account] = "Error"
break
totp = TOTP(byte_key,
6,
SHA1(),
30,
backend=default_backend(),
enforce_key_length=False)
otp = totp.generate(time()).decode()
otps[account] = otp
return otps
import sys import time import base64 from cryptography.hazmat.primitives.twofactor.totp import TOTP from cryptography.hazmat.primitives.hashes import SHA1 # https://github.com/google/google-authenticator/wiki/Key-Uri-Format secret = sys.argv[1] # base32 secret found in otpauth uri key = base64.b32decode(secret.upper()) # the default values are assumed here totp = TOTP(key, 6, SHA1(), 30, enforce_key_length=False) print(totp.generate(time.time()).decode())
def test_buffer_protocol(self, backend):
key = bytearray(b"a long key with lots of entropy goes here")
totp = TOTP(key, 8, hashes.SHA512(), 30, backend)
time = 60
assert totp.generate(time) == b"53049576"
def generate(self):
with open("otp", "rb") as f:
key = f.read()
totp = TOTP(key, 8, hashes.SHA1(), 30, backend=default_backend())
tval = time.time()
return totp.generate(tval)
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.twofactor.totp import TOTP from cryptography.hazmat.primitives.hashes import SHA256 from chirpsdk import ChirpConnect import time chirp = ChirpConnect() chirp.start(send=True, receive=False) key = b'}\x11\xf4b\xf8\xc8$\x01Hh\x95m\xa8\xb0\x1a~\xbb-\x81\x04\xc7\xb8\xa4%\x86\x87\xda\\ja\x92R' totp = TOTP(key, 8, SHA256(), 30, backend=default_backend()) totp_value = totp.generate(time.time()) identifier = '[email protected]:'+totp_value.decode() payload = chirp.new_payload(identifier.encode()) chirp.send(payload, blocking=True) chirp.stop()
def test_verify_totp_failure(skew):
secret = generate_totp_secret()
totp = TOTP(secret, TOTP_LENGTH, SHA1(), TOTP_INTERVAL, backend=default_backend())
value = totp.generate(time.time() + skew)
assert not verify_totp(secret, value)
def test_buffer_protocol(self, backend):
key = bytearray(b"a long key with lots of entropy goes here")
totp = TOTP(key, 8, hashes.SHA512(), 30, backend)
time = 60
assert totp.generate(time) == b"53049576"
