search

sec51 / twofactor

Golang two factor authentication library
ISC License
217 stars 66 forks source link

use it with go1.11 have a problem.twofactor.TOTPFromBytes(x,y) #22

Open leon20181119 opened 5 years ago

isuruceanu commented 5 years ago

Have same issue

To reproduce the issue please use convert/bigendian/convert.go previous version

func TestBigEndianConvertion(t *testing.T) {
    totp, err := NewTOTP("info@sec51.com", "Sec51", crypto.SHA256, 6)
    if err != nil {
        t.Fatal(err)
    }

    data, err := totp.ToBytes()
    if err != nil {
        t.Fatal(err)
    }

    newTotp, err := TOTPFromBytes(data, "Sec51")
    if err != nil {
        t.Fatal(err)
    }

    if totp.account != newTotp.account {
        t.Error("Fail: Received totp do not match origin")
    }
}

Fails with: panic: runtime error: slice bounds out of range [recovered] panic: runtime error: slice bounds out of range

This is because reading issuerSize returns 0 although the byte array is ok.

The issue is in the implementation of 

// helper function which converts a big endian []byte to a int
func FromInt(data [4]byte) int {
    i := (int(data[3]) << 0) | (int(data[2]) << 8) |
        (int(data[1]) << 16) | (int(data[0]) << 24)
    return int(i)
}

To Fix: just update latest version of convert library

The big question is why adding a Println of data in FromInt, makes the function to work fine

func FromInt(data [4]byte) int {
    fmt.Println(data)
    i := (int(data[3]) << 0) | (int(data[2]) << 8) |
        (int(data[1]) << 16) | (int(data[0]) << 24)
    return int(i)
}
leon20181119 commented 5 years ago

thanks.now already solve.just update convert library.https://github.com/sec51/convert