Skip to content

TOTP integration#375

Open
ricoandreaslepp wants to merge 41 commits intomrash:masterfrom
ricoandreaslepp:master
Open

TOTP integration#375
ricoandreaslepp wants to merge 41 commits intomrash:masterfrom
ricoandreaslepp:master

Conversation

@ricoandreaslepp
Copy link
Copy Markdown

@ricoandreaslepp ricoandreaslepp commented Jun 8, 2025

#354

An attempt to integrate the Time-based One-Time Passwords (TOTP) with fwknop. The implementation was done according to RFC 6238, tested with common authenticator applications such as Google Authenticator. Parameters (time-step value and TOTP digits) are not currently configurable, but could be done.

To validate the TOTP, an optional field was added inside the SPA packet, that is sent to the server from the client. If the client's access.conf file contains the TOTP_BASE32 parameter on the server, then the code is calculated and compared to the one obtained from the SPA packet data (after the HMAC verification and blob decryption).

Base32 utility functions were added into the libfko library based on RFC 4648.

All the work was done as part of a Bachelor's thesis on Single Packet Authorization at the University of Tartu.

@ricoandreaslepp
initial todos for client TOTP implementation
c82615d
@ricoandreaslepp
initial todos for server TOTP implementation
2a43ba9
@ricoandreaslepp
additional client TODOs
9938840
@ricoandreaslepp
todo for client TOTP input
b91508c
@ricoandreaslepp
client-side and library additions
8853228
@ricoandreaslepp
add totp code, header and export from the libfko
0ce3058
@ricoandreaslepp
client TOTP todos for cmdline parsing
1761257
@ricoandreaslepp
totp function refactoring and using time test vector
e129eca
@ricoandreaslepp
pass secret by reference, basic temporary key-derivation, debug logging
48d04cf
@ricoandreaslepp
function signatures to export out of libfko
f850d26
@ricoandreaslepp
bump TOTP to 6 digits
81d2267
@ricoandreaslepp
TOTP base32 & secret generation TODOs
5174631
@ricoandreaslepp
implement fko_totp_key_derivation, leverage time-step window in fko_t…
b767c84 
…otp_from_secret
@ricoandreaslepp
user input, int to char buf, key derivation, some debug logging to be…
162d7bc 
… removed later
@ricoandreaslepp
read TOTP secrets from file and populate in memory, TODO for freeing …
ecb0729 
…memory, allow client to use GPG, Rijndael or TOTP
@ricoandreaslepp
struct variables from TOTP access file
f482968
@ricoandreaslepp
TOTP decryption branch and function, TOTP window from RFC6238, refact…
08b5e8c 
…oring and check TODOs
@ricoandreaslepp
remove openssl import, add totp.h to source files
459e189
@ricoandreaslepp
refactor use_totp, fixed cmd_exec_success, fixed TOTP decryption proc…
d5bd97e 
…ess overwriting keys
@ricoandreaslepp
client cmdline options + key_gen base32
2ceda35
@ricoandreaslepp
cli options struct TOTP additions
b10132e
@ricoandreaslepp
refactored TOTP prompt into get_totp()
c24d907
@ricoandreaslepp
refactor client TOTP flow
e158651
@ricoandreaslepp
insert TOTP into debug buf printing
c256c43
@ricoandreaslepp
compile base32 files
d679711
@ricoandreaslepp
export base32 functions and get/set totp from libfko
ac0ac92
@ricoandreaslepp
add totp field to ctx struct
50027b8
@ricoandreaslepp
add totp encoding on the client, and decoding + parsing on the sever
5babc93
@ricoandreaslepp
totp secret key generation
269a09b
@ricoandreaslepp
totp fko ctx functions
a80f569
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ricoandreaslepp