Two-factor authentication and HMACs. Applications to both generate and validate one-time passwords that are compatible with Google Authenticator
GenerateQRCode.c: Deals with generating QR code. Based on the provided library of “lib/encoding.h”, multiple encoding functions were called. The user had to provide an issuer, account name and a secret key. The secret key is in hex so it has been passed into the base32_encode () function after being converted to a byte array, using a helper converter() function. As the hex key is 20 hex characters so it took up 10 bytes. User account name and the issuer were passed into the url_encode () to be encoded. Once all the provided parameters were encoded, they were added to the path providing URI (otpauth:// URI) and then passed onto the displayQRcode () function twice. It has displayed as a HOTP using a counter and TOPT separately using a period of 30 seconds.
ValidateQRCode.c: This part validates the HOTP and TOTP values. It starts off with creating a HMAC function. The provided secret key is converted to 10 bytes from 20 HEX characters. It is padded to 64 bytes and then XOR-ed with inner (0x5c) and outer pads (0x36) to generate inner and outer keys respectively. The inner key has been hashed with SHA1 algorithm and then the result is hashed again with the outer key using SHA1 algorithm. HOTP takes the result of the hashed value and then truncates to 6 digits. Once the truncation is complete it mods the truncated value with 10^6. It passes a value of C == 1, which is the counter value. TOTP uses the HTOP function but rather than passing in 1 (which is the counter) it passes in a value of time/30, which gives a period of 30 seconds.