网上论坛上看到的域外某大神实现的google 二次验证动态码。这个之间在其他应用上我也有应用过,包括本站在好多年前也已用上该技术,不过通过golang来实现一直没了解,刚好手头的一个小工具,想加上该功能,就先找到了如下代码:
package main import ( "crypto/hmac" "crypto/sha1" "encoding/base32" "fmt" "os" "strings" "time" ) func toBytes(value int64) []byte { var result []byte mask := int64(0xFF) shifts := [8]uint16{56, 48, 40, 32, 24, 16, 8, 0} for _, shift := range shifts { result = append(result, byte((value>>shift)&mask)) } return result } func toUint32(bytes []byte) uint32 { return (uint32(bytes[0]) << 24) + (uint32(bytes[1]) << 16) + (uint32(bytes[2]) << 8) + uint32(bytes[3]) } func oneTimePassword(key []byte, value []byte) uint32 { // sign the value using HMAC-SHA1 hmacSha1 := hmac.New(sha1.New, key) hmacSha1.Write(value) hash := hmacSha1.Sum(nil) // We're going to use a subset of the generated hash. // Using the last nibble (half-byte) to choose the index to start from. // This number is always appropriate as it's maximum decimal 15, the hash will // have the maximum index 19 (20 bytes of SHA1) and we need 4 bytes. offset := hash[len(hash)-1] & 0x0F // get a 32-bit (4-byte) chunk from the hash starting at offset hashParts := hash[offset : offset+4] // ignore the most significant bit as per RFC 4226 hashParts[0] = hashParts[0] & 0x7F number := toUint32(hashParts) // size to 6 digits // one million is the first number with 7 digits so the remainder // of the division will always return < 7 digits pwd := number % 1000000 return pwd } // all []byte in this program are treated as Big Endian func main() { if len(os.Args) < 2 { fmt.Fprintln(os.Stderr, "must specify key to use") os.Exit(1) } input := os.Args[1] // decode the key from the first argument inputNoSpaces := strings.Replace(input, " ", "", -1) inputNoSpacesUpper := strings.ToUpper(inputNoSpaces) key, err := base32.StdEncoding.DecodeString(inputNoSpacesUpper) if err != nil { fmt.Fprintln(os.Stderr, err.Error()) os.Exit(1) } // generate a one-time password using the time at 30-second intervals epochSeconds := time.Now().Unix() pwd := oneTimePassword(key, toBytes(epochSeconds/30)) secondsRemaining := 30 - (epochSeconds % 30) fmt.Printf("%06d (%d second(s) remaining)\n", pwd, secondsRemaining) }
上面的代码虽然已经很经典了,但在使用时,可能还需要改动下oneTimePassword函数,因为其返回的默认是一个 uint32 类型的值。经常我们通过屏幕输入获取到的是字符串值,这就需要转化为同样类型的值才容易进行比较和调用。修改方式如下:
func oneTimePassword(key []byte, value []byte) string { hmacSha1 := hmac.New(sha1.New, key) hmacSha1.Write(value) hash := hmacSha1.Sum(nil) offset := hash[len(hash)-1] & 0x0F hashParts := hash[offset : offset+4] hashParts[0] = hashParts[0] & 0x7F number := toUint32(hashParts) pwd := number % 1000000 return strconv.Itoa(int(pwd))
具体效果如下: