I have completed all requirements in this project regarding the project description.
To run the code, OpenSSL library and its sublibraries are a must. (EVP, HMac)
Must-have header files include:
- <stdio.h>
- <string.h>
- <time.h>
- <math.h>
- <openssl/evp.h>
- <openssl/hmac.h>
- <signal.h>
- <stdlib.h>
- <ctype.h>
- <openssl/rand.h>
This code was written and tested in Kali Linux with openssl version OpenSSL 3.0.10
run 'make'
Or
gcc -o totp totp.c -lm -lcrypto
run 'make clean' in the terminal
Run "./totp help"
./totp generateRandomKey
./totp
This will generate a TOTP with a default seeded key: "3132333435363738393031323334353637383930"
./totp key [your key] (e.g ./totp key 1234567890)
Recommended: Use generated random key instead of the default key.
./totp verify [your TOTP] (e.g ./totp verify 612212)
./totp verify [your key] [your TOTP] (e.g ./totp verify 1234567890 612212)
./totp test
This code is based on the rfc6238 paper.
See: https://datatracker.ietf.org/doc/html/rfc6238 for details
Time Step (X) is 30 seconds.
T0 initial time is 0.
Current unix time is based on seconds.
EVP's HMAC and sha3-512 algorithms are used for calculating the hash value.
For the test function sha1 is used for calculating the hash value.
This algorithm accepts one time-step backwards TOTPs in addition to the current TOTP.
For example if in time interval 0, the algorithm generates TOTP 123456, and in time interval 1, it generates 234567, both values are accepted at time interval 1.
Normally the securest way is to accept only one time interval's output. However, I decided to allow this because opening a second terminal or restarting the terminal to verify the code may take some time.
Use of a random key is important for security. Please generate a random key with ./totp generateRandomKey and store this key as a secret to ensure security.