搜索:
晴天视野 / php-totp
rfc6238的PHP TOTP实现
2.0.0
2021-05-07 09:54 UTC
Requires
- php: >=5.6
Requires (Dev)
- phpunit/phpunit: ^8.0
This package is not auto-updated.
Last update: 2024-09-22 09:49:02 UTC
README
重要通知
对于PHP 8.0或更高版本,请使用^2.0。对于8.0以下的PHP版本,请使用^1.0。
这个库是PHP中totp(rfc6238)的实现(目前仅支持sha1)
功能
- PSR-4自动加载兼容结构
- 使用PHPUnit进行单元测试
- 易于在任何框架中使用,甚至是一个普通的PHP文件
- 支持HOTPTimeBased的SHA1
安装
使用composer(推荐)
$ composer require greymich/php-totp
单独的包
require "path/to/lib/src/TOTP.php"
示例
开始随机化一个base32密钥或从ASCII字符串创建一个
// ASCII to base32
$secret = Greymich\TOTP\TOTP::base32Encode("12345678901234567890");
// Random
$secret = Greymich\TOTP\TOTP::genSecret(32);
// Initiate totp instance by secret
$otp = new Greymich\TOTP\TOTP($secret);
验证OTP
$userInput = "<get from input>";
$secret = "<get from database>";
$otp = new Greymich\TOTP\TOTP($secret);
// To mitigate possible timing attacks
if(hash_equals( $otp->get(), $userInput )) {
// Correct
}
生成OTP注册URI(用于二维码扫描)
$secret = Greymich\TOTP\TOTP::base32Encode("12345678901234567890");
$otp = new Greymich\TOTP\TOTP($secret);
$uri = $otp->uri("[Platform] h.y.michael@icloud.com");
测试
composer test
TOTP
✔ Should be true
✔ Should be free of syntax error
✔ Should encode and decode base 32
✔ Should generate totp with sha 1
✔ Should generate google authenticator compatible uri
测试针对rfc6238建议的测试向量的SHA1进行运行
+-------------+--------------+------------------+----------+--------+
| Time (sec) | UTC Time | Value of T (hex) | TOTP | Mode |
+-------------+--------------+------------------+----------+--------+
| 59 | 1970-01-01 | 0000000000000001 | 94287082 | SHA1 |
| | 00:00:59 | | | |
| 59 | 1970-01-01 | 0000000000000001 | 46119246 | SHA256 |
| | 00:00:59 | | | |
| 59 | 1970-01-01 | 0000000000000001 | 90693936 | SHA512 |
| | 00:00:59 | | | |
| 1111111109 | 2005-03-18 | 00000000023523EC | 07081804 | SHA1 |
| | 01:58:29 | | | |
| 1111111109 | 2005-03-18 | 00000000023523EC | 68084774 | SHA256 |
| | 01:58:29 | | | |
| 1111111109 | 2005-03-18 | 00000000023523EC | 25091201 | SHA512 |
| | 01:58:29 | | | |
| 1111111111 | 2005-03-18 | 00000000023523ED | 14050471 | SHA1 |
| | 01:58:31 | | | |
| 1111111111 | 2005-03-18 | 00000000023523ED | 67062674 | SHA256 |
| | 01:58:31 | | | |
| 1111111111 | 2005-03-18 | 00000000023523ED | 99943326 | SHA512 |
| | 01:58:31 | | | |
| 1234567890 | 2009-02-13 | 000000000273EF07 | 89005924 | SHA1 |
| | 23:31:30 | | | |
| 1234567890 | 2009-02-13 | 000000000273EF07 | 91819424 | SHA256 |
| | 23:31:30 | | | |
| 1234567890 | 2009-02-13 | 000000000273EF07 | 93441116 | SHA512 |
| | 23:31:30 | | | |
| 2000000000 | 2033-05-18 | 0000000003F940AA | 69279037 | SHA1 |
| | 03:33:20 | | | |
| 2000000000 | 2033-05-18 | 0000000003F940AA | 90698825 | SHA256 |
| | 03:33:20 | | | |
| 2000000000 | 2033-05-18 | 0000000003F940AA | 38618901 | SHA512 |
| | 03:33:20 | | | |
| 20000000000 | 2603-10-11 | 0000000027BC86AA | 65353130 | SHA1 |
| | 11:33:20 | | | |
| 20000000000 | 2603-10-11 | 0000000027BC86AA | 77737706 | SHA256 |
| | 11:33:20 | | | |
| 20000000000 | 2603-10-11 | 0000000027BC86AA | 47863826 | SHA512 |
| | 11:33:20 | | | |
+-------------+--------------+------------------+----------+--------+