# # Copyright (c) 2017- Shohei Tanaka(@xcir) # # File layout and configuration based on libvmod-example # Copyright (c) 2011 Varnish Software AS # hmac-sha1 based on libvmod-digest( https://github.com/varnish/libvmod-digest ) # $Module otp 3 Otp VMOD DESCRIPTION =========== Generate one-time password(HOTP/TOTP) token. $Event event_function $Function STRING hotp(STRING b32_secret, INT count, INT digit=6, ENUM { md4, md5, sha1, sha256, sha512 } alg="sha1") Prototype :: hotp(STRING b32_secret, INT count, INT digit=6, ENUM { md4, md5, sha1, sha256, sha512 } alg="sha1") Return value STRING Description Generate HOTP(RFC4226) token. Example :: if(req.http.x-example-otp != otp.hotp( b32_secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ", //base32 encoded secret value count = 1, //counter value digit = 6, //number of digits alg = sha1 //hash algorithm )){ return (synth(401)); } $Function STRING totp(STRING b32_secret, INT step=30, INT digit=6, ENUM { md4, md5, sha1, sha256, sha512 } alg="sha1") Prototype :: totp(STRING b32_secret, INT step=30, INT digit=6, ENUM { md4, md5, sha1, sha256, sha512 } alg="sha1") Return value STRING Description Generate TOTP(RFC6238) token. Require time sync.(use ntp...) Example :: if(req.http.x-example-otp != otp.totp( b32_secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ", //base32 encoded secret value step = 30, //time step in seconds digit = 6, //number of digits alg = sha1 //hash algorithm )){ return (synth(401)); } $Function STRING totp_settime(STRING b32_secret, REAL time, INT step=30, INT digit=6, ENUM { md4, md5, sha1, sha256, sha512 } alg="sha1") Prototype :: totp_settime(STRING b32_secret, REAL time, INT step=30, INT digit=6, ENUM { md4, md5, sha1, sha256, sha512 } alg="sha1") Return value STRING Description Generate TOTP(RFC6238) token. This function used for tests. Example :: if(req.http.x-example-otp != otp.totp( b32_secret = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ", //base32 encoded secret value time = 1502380366.0, //unixtime step = 30, //time step in seconds digit = 6, //number of digits alg = sha1 //hash algorithm )){ return (synth(401)); }