LibreAuth is a collection of tools for user authentication.
- Password / passphrase authentication
- no character-set limitation
- reasonable length limit (security vs. DOS)
- strong, evolutive and retro-compatible password hashing functions
- NFKC normalization for Unicode passwords
- optional NIST Special Publication 800-63B compatibility
- optional additional HMAC with an external salt before or after hashing the password
- HOTP - HMAC-based One-time Password Algorithm
(OATH - RFC
4226)
- the key can be passed as bytes, an ASCII string, an hexadicimal string, a base32 string or a base64 string
- customizable counter
- customizable hash function (sha1, full sha2 family, sha3/Keccak fixed-size families)
- customizable output length
- customizable output alphabet
- TOTP - Time-based One-time Password Algorithm
(OATH - RFC
6238)
- the key can be passed as bytes, an ASCII string, an hexadicimal string, a base32 string or a base64 string
- customizable timestamp
- customizable period
- customizable initial time (T0)
- customizable hash function (sha1, full sha2 family, sha3/Keccak fixed-size families)
- customizable output length
- customizable output alphabet
- customizable positive and negative period tolerance
- Random key generation
- uses the platform's secure entropy source
- customizable size
- customizable output format (Vec, hexadecimal string, base32 string, base64 string)
The project itself is still in development and therefore should not be used in production before version 1.0.0. Below is the list of features that will be present in the first stable version and their individual status.
- OATH HOTP/TOTP: almost ready!
- ✅ lot of features
- ✅ stable API
⚠️ lack of peer review
- Password / passphrase authentication: almost ready!
- ✅ sane defaults
- ✅ stable API
⚠️ lack of peer review
- Random key generation: almost ready!
- ✅ stable API
⚠️ lack of peer review
You can find LibreAuth on crates.io and
include it in your Cargo.toml:
cargo add libreauth
Modules can be cherry-picked using --no-default-features and then using only
the features you want.
cargo add libreauth --no-default-features --features key,oath,pass
In order to build LibreAuth, you will need the Rust compiler and its package manager, Cargo.
$ make
$ make installMore examples are available in the documentation.
use libreauth::oath::TOTPBuilder;
fn main() {
let key = "GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ".to_string();
let code = TOTPBuilder::new()
.base32_key(&key)
.finalize()
.unwrap()
.generate();
assert_eq!(code.len(), 6);
}#include <stdio.h>
#include <libreauth.h>
int main(void) {
struct libreauth_totp_cfg cfg;
char code[7], key[] = "12345678901234567890";
if (libreauth_totp_init(&cfg) != LIBREAUTH_OTP_SUCCESS) {
return 1;
}
cfg.key = key;
cfg.key_len = strlen(key);
if (libreauth_totp_generate(&cfg, code) != LIBREAUTH_OTP_SUCCESS) {
return 2;
}
printf("%s\n", code);
return 0;
}$ cc -o totp totp.c -llibreauth
$ ./totp
848085LibreAuth is a free software available either under the CeCILL-C or the CeCILL 2.1 license. For a quick summary of those licenses, you can read the frequently asked questions on the licenses' website.
Some file that are not directly part of the source code itself are distributed under the CC0-1.0 license.
This project is REUSE compliant. You will therefore find a copy of
every license in the LICENSES directory and more details on the applicable
license of every file in the REUSE.toml file.