You are here

Home » API reference » Google Authenticator login 7 » ga_login_test.module

class Google2FA in Google Authenticator login 7

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

PHP Google two-factor authentication module.

@author Phil

Hierarchy

Expanded class hierarchy of Google2FA

See also

http://www.idontplaydarts.com/2011/07/google-totp-two-factor-authenticat...

File

tests/ga_login_test/ga_login_test.module, line 59
ga_login_test module.

View source 
class Google2FA {

  // Interval between key regeneration.
  const KEYREGENERATION = 30;

  // Length of the Token generated.
  const OTPLENGTH = 6;

  // Lookup needed for Base32 encoding.
  private static $lut = array(
    "A" => 0,
    "B" => 1,
    "C" => 2,
    "D" => 3,
    "E" => 4,
    "F" => 5,
    "G" => 6,
    "H" => 7,
    "I" => 8,
    "J" => 9,
    "K" => 10,
    "L" => 11,
    "M" => 12,
    "N" => 13,
    "O" => 14,
    "P" => 15,
    "Q" => 16,
    "R" => 17,
    "S" => 18,
    "T" => 19,
    "U" => 20,
    "V" => 21,
    "W" => 22,
    "X" => 23,
    "Y" => 24,
    "Z" => 25,
    "2" => 26,
    "3" => 27,
    "4" => 28,
    "5" => 29,
    "6" => 30,
    "7" => 31,
  );

  /**
   * Generates a 16 digit secret key in base32 format.
   *
   * @param int $length
   *   Length of the key
   *
   * @return string
   *   Secret key
   */
  public static function generateSecretKey($length = 16) {
    $b32 = "234567QWERTYUIOPASDFGHJKLZXCVBNM";
    $s = "";
    for ($i = 0; $i < $length; $i++) {
      $s .= $b32[rand(0, 31)];
    }
    return $s;
  }

  /**
   * Returns the current ts devided by the KEYREGENERATION period.
   *
   * @return int
   *   Timestamp
   */
  public static function getTimestamp() {
    return floor(microtime(TRUE) / self::KEYREGENERATION);
  }

  /**
   * Decodes a base32 string into a binary string.
   */
  public static function base32Decode($b32) {
    $b32 = strtoupper($b32);
    if (!preg_match('/^[ABCDEFGHIJKLMNOPQRSTUVWXYZ234567]+$/', $b32, $match)) {
      throw new Exception('Invalid characters in the base32 string.');
    }
    $l = strlen($b32);
    $n = 0;
    $j = 0;
    $binary = "";
    for ($i = 0; $i < $l; $i++) {

      // Move buffer left by 5 to make room.
      $n = $n << 5;

      // Add value into buffer.
      $n = $n + self::$lut[$b32[$i]];

      // Keep track of number of bits in buffer.
      $j = $j + 5;
      if ($j >= 8) {
        $j = $j - 8;
        $binary .= chr(($n & 0xff << $j) >> $j);
      }
    }
    return $binary;
  }

  /**
   * Takes the secret key and the timestamp and returns the OTP.
   *
   * @param binary $key
   *   Secret key in binary form.
   * @param int $counter
   *   Timestamp as returned by getTimestamp.
   *
   * @return string
   *   The OTP
   */
  public static function oathHotp($key, $counter) {
    if (strlen($key) < 8) {
      throw new Exception('Secret key is too short. Must be at least 16 base 32 characters');
    }

    // Counter must be 64-bit int.
    $bin_counter = pack('N*', 0) . pack('N*', $counter);
    $hash = hash_hmac('sha1', $bin_counter, $key, TRUE);
    return str_pad(self::oathTruncate($hash), self::OTPLENGTH, '0', STR_PAD_LEFT);
  }

  /**
   * Verifys a key against the current timestamp.
   *
   * @param string $b32seed
   *   Seed to use
   * @param string $key
   *   User specified key
   * @param int $window
   *   How many windows to use.
   * @param bool $use_timestamp
   *   Use the timestamp.
   *
   * @return bool
   *   TRUE is key is valid.
   */
  public static function verifyKey($b32seed, $key, $window = 4, $use_timestamp = TRUE) {
    $timestamp = self::getTimestamp();
    if ($use_timestamp !== TRUE) {
      $timestamp = (int) $use_timestamp;
    }
    $binary_seed = self::base32Decode($b32seed);
    for ($ts = $timestamp - $window; $ts <= $timestamp + $window; $ts++) {
      if (self::oathHotp($binary_seed, $ts) == $key) {
        return TRUE;
      }
    }
    return FALSE;
  }

  /**
   * Extracts the OTP from the SHA1 hash.
   *
   * @param binary $hash
   *   Hash to extract OTP from.
   *
   * @return int
   *   OTP.
   */
  public static function oathTruncate($hash) {
    $offset = ord($hash[19]) & 0xf;
    return ((ord($hash[$offset + 0]) & 0x7f) << 24 | (ord($hash[$offset + 1]) & 0xff) << 16 | (ord($hash[$offset + 2]) & 0xff) << 8 | ord($hash[$offset + 3]) & 0xff) % pow(10, self::OTPLENGTH);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
Google2FA::$lut private static property
Google2FA::base32Decode public static function Decodes a base32 string into a binary string.
Google2FA::generateSecretKey public static function Generates a 16 digit secret key in base32 format.
Google2FA::getTimestamp public static function Returns the current ts devided by the KEYREGENERATION period.
Google2FA::KEYREGENERATION constant
Google2FA::oathHotp public static function Takes the secret key and the timestamp and returns the OTP.
Google2FA::oathTruncate public static function Extracts the OTP from the SHA1 hash.
Google2FA::OTPLENGTH constant
Google2FA::verifyKey public static function Verifys a key against the current timestamp.