The core algorithm/TOTP implementation used by GAuth
Ref: http://blog.tinisles.com/2011/10/google-authenticator-one-time-password-algorithm-in-javascript/
Last active
September 7, 2023 11:57
-
-
Save gbraad/2885828 to your computer and use it in GitHub Desktop.
The core algorithm/TOTP implementation used by GAuth: http://github.com/gbraad/gauth/, https://gauth.apps.gbraad.nl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // http://blog.tinisles.com/2011/10/google-authenticator-one-time-password-algorithm-in-javascript/ | |
| function dec2hex(s) { | |
| return (s < 15.5 ? '0' : '') + Math.round(s).toString(16); | |
| } | |
| function hex2dec(s) { | |
| return parseInt(s, 16); | |
| } | |
| function base32tohex(base32) { | |
| var base32chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; | |
| var bits = ""; | |
| var hex = ""; | |
| for (var i = 0; i < base32.length; i++) { | |
| var val = base32chars.indexOf(base32.charAt(i).toUpperCase()); | |
| bits += leftpad(val.toString(2), 5, '0'); | |
| } | |
| for (var i = 0; i+4 <= bits.length; i+=4) { | |
| var chunk = bits.substr(i, 4); | |
| hex = hex + parseInt(chunk, 2).toString(16) ; | |
| } | |
| return hex; | |
| } | |
| function leftpad(str, len, pad) { | |
| if (len + 1 >= str.length) { | |
| str = Array(len + 1 - str.length).join(pad) + str; | |
| } | |
| return str; | |
| } | |
| function updateOtp(secret) { | |
| var key = base32tohex(secret); | |
| var epoch = Math.round(new Date().getTime() / 1000.0); | |
| var time = leftpad(dec2hex(Math.floor(epoch / 30)), 16, '0'); | |
| var hmacObj = new jsSHA(time, 'HEX'); | |
| var hmac = hmacObj.getHMAC(key, 'HEX', 'SHA-1', "HEX"); | |
| //qrImg = https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=otpauth://totp/' + account + '3Fsecret%3D' + secret; | |
| //var keyLength = (key.length * 4); | |
| var offset = hex2dec(hmac.substring(hmac.length - 1)); | |
| //var part1 = hmac.substr(0, offset * 2); | |
| //var part2 = hmac.substr(offset * 2, 8); | |
| //var part3 = hmac.substr(offset * 2 + 8, hmac.length - offset); | |
| var otp = (hex2dec(hmac.substr(offset * 2, 8)) & hex2dec('7fffffff')) + ''; | |
| return (otp).substr(otp.length - 6, 6); | |
| } | |
| function timer() { | |
| var epoch = Math.round(new Date().getTime() / 1000.0); | |
| var countDown = 30 - (epoch % 30); | |
| if (epoch % 30 == 0) { | |
| updateOtp("JBSWY3DPEHPK3PXP"); | |
| } | |
| return countDown; | |
| } |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Link is in the gist.
Yes, that is actually my extension. I suggest you to read more carefully, as the gist says this is the core of the GAuth tool.