From 451b46e08731ed28e57833006f0d984ddd16f6bf Mon Sep 17 00:00:00 2001 From: TheArrayser Date: Sun, 18 Jun 2023 21:16:24 +0200 Subject: [PATCH] Add a base32 class; change secret default type to base32 encoded; tested TOTP.java -> it works --- .../cringe_authenticator_library/OTP.java | 12 +- .../impl/Base32.java | 231 ++++++++++++++++++ .../impl/TOTP.java | 40 ++- 3 files changed, 256 insertions(+), 27 deletions(-) create mode 100644 src/com/cringe_studios/cringe_authenticator_library/impl/Base32.java diff --git a/src/com/cringe_studios/cringe_authenticator_library/OTP.java b/src/com/cringe_studios/cringe_authenticator_library/OTP.java index d36ae1d..9153b7a 100644 --- a/src/com/cringe_studios/cringe_authenticator_library/OTP.java +++ b/src/com/cringe_studios/cringe_authenticator_library/OTP.java @@ -1,10 +1,13 @@ package com.cringe_studios.cringe_authenticator_library; +import com.cringe_studios.cringe_authenticator_library.impl.Base32; + public abstract class OTP { //TOTP //HOTP - protected String secret; + protected byte[] secret; + protected String base32Secret; protected OTPType type; protected OTPAlgorithm algorithm; protected int digits; @@ -13,7 +16,8 @@ public abstract class OTP { protected boolean checksum; protected OTP(OTPType nType, String nSecret, OTPAlgorithm nAlgorithm, int nDigits, long nCounter, long nPeriodInSeconds, boolean nChecksum) { - this.secret = nSecret; + this.secret = Base32.decode(nSecret); + base32Secret = nSecret; type = nType; algorithm = nAlgorithm; digits = nDigits; @@ -22,7 +26,7 @@ public abstract class OTP { checksum = nChecksum; } - //secret: required + //secret: required - base32 encoded //algorithm: optional (default SHA1) //digits: optional (default 6) //OTPType: required @@ -37,7 +41,7 @@ public abstract class OTP { public abstract String getPin(); public String getSecret() { - return this.secret; + return this.base32Secret; } public OTPType getOTPType() { diff --git a/src/com/cringe_studios/cringe_authenticator_library/impl/Base32.java b/src/com/cringe_studios/cringe_authenticator_library/impl/Base32.java new file mode 100644 index 0000000..548a363 --- /dev/null +++ b/src/com/cringe_studios/cringe_authenticator_library/impl/Base32.java @@ -0,0 +1,231 @@ +package com.cringe_studios.cringe_authenticator_library.impl; + +public final class Base32 { + /* lookup table used to encode() groups of 5 bits of data */ + private static final String base32Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; + /* lookup table used to decode() characters in Base32 strings */ + private static final byte[] base32Lookup = { 26, 27, 28, 29, 30, 31, -1, -1, -1, -1, -1, -1, -1, -1, // 23456789:;<=>? + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, // @ABCDEFGHIJKLMNO + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, // PQRSTUVWXYZ[\]^_ + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, // `abcdefghijklmno + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 // pqrstuvwxyz + }; + /* Messsages for Illegal Parameter Exceptions in decode() */ + private static final String errorCanonicalLength = "non canonical Base32 string length"; + private static final String errorCanonicalEnd = "non canonical bits at end of Base32 string"; + private static final String errorInvalidChar = "invalid character in Base32 string"; + + /** + * Decode a Base32 string into an array of binary bytes. May fail if the + * parameter is a non canonical Base32 string (the only other possible exception + * is that the returned array cannot be allocated in memory) + */ + static public byte[] decode(final String base32) throws IllegalArgumentException { + // Note that the code below detects could detect non canonical + // Base32 length within the loop. However canonical Base32 length + // can be tested before entering the loop. + // A canonical Base32 length modulo 8 cannot be: + // 1 (aborts discarding 5 bits at STEP n=0 which produces no byte), + // 3 (aborts discarding 7 bits at STEP n=2 which produces no byte), + // 6 (aborts discarding 6 bits at STEP n=1 which produces no byte) + // So these tests could be avoided within the loop. + switch (base32.length() % 8) { // test the length of last subblock + case 1: // 5 bits in subblock: 0 useful bits but 5 discarded + case 3: // 15 bits in subblock: 8 useful bits but 7 discarded + case 6: // 30 bits in subblock: 24 useful bits but 6 discarded + throw new IllegalArgumentException(errorCanonicalLength); + } + byte[] bytes = new byte[base32.length() * 5 / 8]; + int offset = 0, i = 0, lookup; + byte nextByte, digit; + // Also the code below does test that other discarded bits + // (1 to 4 bits at end) are effectively 0. + while (i < base32.length()) { + // Read the 1st char in a 8-chars subblock + // check that chars are not outside the lookup table and valid + lookup = base32.charAt(i++) - '2'; + if (lookup < 0 || lookup >= base32Lookup.length) { + throw new IllegalArgumentException(errorInvalidChar); + } + digit = base32Lookup[lookup]; + if (digit == -1) { + throw new IllegalArgumentException(errorInvalidChar); + } + // // STEP n = 0: leave 5 bits + nextByte = (byte) (digit << 3); + // Assert(i < base32.length) // tested before loop + // Read the 2nd char in a 8-chars subblock + // Check that chars are not outside the lookup table and valid + lookup = base32.charAt(i++) - '2'; + if (lookup < 0 || lookup >= base32Lookup.length) { + throw new IllegalArgumentException(errorInvalidChar); + } + digit = base32Lookup[lookup]; + if (digit == -1) { + throw new IllegalArgumentException(errorInvalidChar); + } + // // STEP n = 5: insert 3 bits, leave 2 bits + bytes[offset++] = (byte) (nextByte | (digit >> 2)); + nextByte = (byte) ((digit & 3) << 6); + if (i >= base32.length()) { + if (nextByte != (byte) 0) { + throw new IllegalArgumentException(errorCanonicalEnd); + } + break; // discard the remaining 2 bits + } + // Read the 3rd char in a 8-chars subblock + // Check that chars are not outside the lookup table and valid + lookup = base32.charAt(i++) - '2'; + if (lookup < 0 || lookup >= base32Lookup.length) { + throw new IllegalArgumentException(errorInvalidChar); + } + digit = base32Lookup[lookup]; + if (digit == -1) { + throw new IllegalArgumentException(errorInvalidChar); + } + // // STEP n = 2: leave 7 bits + nextByte |= (byte) (digit << 1); + // Assert(i < base32.length) // tested before loop + // Read the 4th char in a 8-chars subblock + // Check that chars are not outside the lookup table and valid + lookup = base32.charAt(i++) - '2'; + if (lookup < 0 || lookup >= base32Lookup.length) { + throw new IllegalArgumentException(errorInvalidChar); + } + digit = base32Lookup[lookup]; + if (digit == -1) { + throw new IllegalArgumentException(errorInvalidChar); + } + // // STEP n = 7: insert 1 bit, leave 4 bits + bytes[offset++] = (byte) (nextByte | (digit >> 4)); + nextByte = (byte) ((digit & 15) << 4); + if (i >= base32.length()) { + if (nextByte != (byte) 0) { + throw new IllegalArgumentException(errorCanonicalEnd); + } + break; // discard the remaining 4 bits + } + // Read the 5th char in a 8-chars subblock + // Assert that chars are not outside the lookup table and valid + lookup = base32.charAt(i++) - '2'; + if (lookup < 0 || lookup >= base32Lookup.length) { + throw new IllegalArgumentException(errorInvalidChar); + } + digit = base32Lookup[lookup]; + if (digit == -1) { + throw new IllegalArgumentException(errorInvalidChar); + } + // // STEP n = 4: insert 4 bits, leave 1 bit + bytes[offset++] = (byte) (nextByte | (digit >> 1)); + nextByte = (byte) ((digit & 1) << 7); + if (i >= base32.length()) { + if (nextByte != (byte) 0) { + throw new IllegalArgumentException(errorCanonicalEnd); + } + break; // discard the remaining 1 bit + } + // Read the 6th char in a 8-chars subblock + // Check that chars are not outside the lookup table and valid + lookup = base32.charAt(i++) - '2'; + if (lookup < 0 || lookup >= base32Lookup.length) { + throw new IllegalArgumentException(errorInvalidChar); + } + digit = base32Lookup[lookup]; + if (digit == -1) { + throw new IllegalArgumentException(errorInvalidChar); + } + // // STEP n = 1: leave 6 bits + nextByte |= (byte) (digit << 2); + // Assert(i < base32.length) // tested before loop + // Read the 7th char in a 8-chars subblock + // Check that chars are not outside the lookup table and valid + lookup = base32.charAt(i++) - '2'; + if (lookup < 0 || lookup >= base32Lookup.length) { + throw new IllegalArgumentException(errorInvalidChar); + } + digit = base32Lookup[lookup]; + if (digit == -1) { + throw new IllegalArgumentException(errorInvalidChar); + } + // // STEP n = 6: insert 2 bits, leave 3 bits + bytes[offset++] = (byte) (nextByte | (digit >> 3)); + nextByte = (byte) ((digit & 7) << 5); + if (i >= base32.length()) { + if (nextByte != (byte) 0) { + throw new IllegalArgumentException(errorCanonicalEnd); + } + break; // discard the remaining 3 bits + } + // Read the 8th char in a 8-chars subblock + // Check that chars are not outside the lookup table and valid + lookup = base32.charAt(i++) - '2'; + if (lookup < 0 || lookup >= base32Lookup.length) { + throw new IllegalArgumentException(errorInvalidChar); + } + digit = base32Lookup[lookup]; + if (digit == -1) { + throw new IllegalArgumentException(errorInvalidChar); + } + // // STEP n = 3: insert 5 bits, leave 0 bit + bytes[offset++] = (byte) (nextByte | digit); + // // possible end of string here with no trailing bits + } + // On loop exit, discard trialing n bits. + return bytes; + } + + /** + * Encode an array of binary bytes into a Base32 string. Should not fail (the + * only possible exception is that the returned string cannot be allocated in + * memory) + */ + static public String encode(final byte[] bytes) { + StringBuffer base32 = new StringBuffer((bytes.length * 8 + 4) / 5); + int currByte, digit, i = 0; + while (i < bytes.length) { + // INVARIANTS FOR EACH STEP n in [0..5[; digit in [0..31[; + // The remaining n bits are already aligned on top positions + // of the 5 least bits of digit, the other bits are 0. + // //// STEP n = 0; insert new 5 bits, leave 3 bits + currByte = bytes[i++] & 255; + base32.append(base32Chars.charAt(currByte >> 3)); + digit = (currByte & 7) << 2; + if (i >= bytes.length) { // put the last 3 bits + base32.append(base32Chars.charAt(digit)); + break; + } + // //// STEP n = 3: insert 2 new bits, then 5 bits, leave 1 bit + currByte = bytes[i++] & 255; + base32.append(base32Chars.charAt(digit | (currByte >> 6))); + base32.append(base32Chars.charAt((currByte >> 1) & 31)); + digit = (currByte & 1) << 4; + if (i >= bytes.length) { // put the last 1 bit + base32.append(base32Chars.charAt(digit)); + break; + } + // //// STEP n = 1: insert 4 new bits, leave 4 bit + currByte = bytes[i++] & 255; + base32.append(base32Chars.charAt(digit | (currByte >> 4))); + digit = (currByte & 15) << 1; + if (i >= bytes.length) { // put the last 4 bits + base32.append(base32Chars.charAt(digit)); + break; + } + // //// STEP n = 4: insert 1 new bit, then 5 bits, leave 2 bits + currByte = bytes[i++] & 255; + base32.append(base32Chars.charAt(digit | (currByte >> 7))); + base32.append(base32Chars.charAt((currByte >> 2) & 31)); + digit = (currByte & 3) << 3; + if (i >= bytes.length) { // put the last 2 bits + base32.append(base32Chars.charAt(digit)); + break; + } + // /// STEP n = 2: insert 3 new bits, then 5 bits, leave 0 bit + currByte = bytes[i++] & 255; + base32.append(base32Chars.charAt(digit | (currByte >> 5))); + base32.append(base32Chars.charAt(currByte & 31)); + // // This point is reached for bytes.length multiple of 5 + } + return base32.toString(); + } +} \ No newline at end of file diff --git a/src/com/cringe_studios/cringe_authenticator_library/impl/TOTP.java b/src/com/cringe_studios/cringe_authenticator_library/impl/TOTP.java index a34ee29..9233287 100644 --- a/src/com/cringe_studios/cringe_authenticator_library/impl/TOTP.java +++ b/src/com/cringe_studios/cringe_authenticator_library/impl/TOTP.java @@ -1,6 +1,7 @@ package com.cringe_studios.cringe_authenticator_library.impl; import java.math.BigInteger; +import java.nio.ByteBuffer; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; @@ -30,39 +31,32 @@ public class TOTP extends HOTP { @Override public String getPin() { // TODO Auto-generated method stub + try { + return getPinAt(Instant.now().getEpochSecond()); + } catch (InvalidKeyException e) { + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return null; } @Override public long getCounter() { - return Instant.now().getEpochSecond() / this.getPeriod(); - + return getCounterAt(Instant.now().getEpochSecond()); + } + + private long getCounterAt(long unixSecond) { + return unixSecond / this.getPeriod(); } - private static byte[] hexStr2Bytes(String hex) { - // Adding one byte to get the right conversion - // Values starting with "0" can be converted - byte[] bArray = new BigInteger("10" + hex, 16).toByteArray(); - - // Copy all the REAL bytes, not the "first" - byte[] ret = new byte[bArray.length - 1]; - for (int i = 0; i < ret.length; i++) - ret[i] = bArray[i + 1]; - return ret; - } - - public String getPinAt(String key, String time) throws InvalidKeyException, NoSuchAlgorithmException { + public String getPinAt(long time) throws InvalidKeyException, NoSuchAlgorithmException { int codeDigits = this.getDigits(); - // Using the counter - // First 8 bytes are for the movingFactor - // Compliant with base RFC 4226 (HOTP) - while (time.length() < 16) - time = "0" + time; - // Get the HEX in a Byte[] - byte[] msg = hexStr2Bytes(time); - byte[] k = hexStr2Bytes(key); + byte[] msg = ByteBuffer.allocate(Long.BYTES).putLong(this.getCounterAt(time)).array(); + byte[] k = this.secret; byte[] hash = this.getAlgorithm().hash(k, msg); // put selected bytes into result int