open-vault/sdk/helper/roottoken/otp.go

44 lines
1.2 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package roottoken
import (
"crypto/rand"
"encoding/base64"
"fmt"
"github.com/hashicorp/go-secure-stdlib/base62"
)
// DefaultBase64EncodedOTPLength is the number of characters that will be randomly generated
// before the Base64 encoding process takes place.
const defaultBase64EncodedOTPLength = 16
// GenerateOTP generates a random token and encodes it as a Base64 or as a Base62 encoded string.
// Returns 0 if the generation completed without any error, 2 otherwise, along with the error.
func GenerateOTP(otpLength int) (string, error) {
switch otpLength {
case 0:
// This is the fallback case
buf := make([]byte, defaultBase64EncodedOTPLength)
readLen, err := rand.Read(buf)
if err != nil {
return "", fmt.Errorf("error reading random bytes: %s", err)
}
if readLen != defaultBase64EncodedOTPLength {
return "", fmt.Errorf("read %d bytes when we should have read 16", readLen)
}
return base64.StdEncoding.EncodeToString(buf), nil
default:
otp, err := base62.Random(otpLength)
if err != nil {
return "", fmt.Errorf("error reading random bytes: %w", err)
}
return otp, nil
}
}