summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NK_C_API.cc26
-rw-r--r--NK_C_API.h12
-rw-r--r--NitrokeyManager.cc30
-rw-r--r--include/NitrokeyManager.h9
-rw-r--r--unittest/test_pro.py74
5 files changed, 80 insertions, 71 deletions
diff --git a/NK_C_API.cc b/NK_C_API.cc
index 262a0a4..16099db 100644
--- a/NK_C_API.cc
+++ b/NK_C_API.cc
@@ -187,27 +187,33 @@ NK_C_API const char * NK_device_serial_number(){
});
}
-NK_C_API uint32_t NK_get_hotp_code(uint8_t slot_number) {
+NK_C_API const char * NK_get_hotp_code(uint8_t slot_number) {
return NK_get_hotp_code_PIN(slot_number, "");
}
-NK_C_API uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_temporary_password){
+NK_C_API const char * NK_get_hotp_code_PIN(uint8_t slot_number, const char *user_temporary_password){
auto m = NitrokeyManager::instance();
- return get_with_result([&](){
- return m->get_HOTP_code(slot_number, user_temporary_password);
+ return get_with_string_result([&](){
+ string && s = m->get_HOTP_code(slot_number, user_temporary_password);
+ char * rs = strdup(s.c_str());
+ clear_string(s);
+ return rs;
});
}
-NK_C_API uint32_t NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
- uint8_t last_interval){
+NK_C_API const char * NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
+ uint8_t last_interval){
return NK_get_totp_code_PIN(slot_number, challenge, last_totp_time, last_interval, "");
}
-NK_C_API uint32_t NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
- uint8_t last_interval, const char* user_temporary_password){
+NK_C_API const char * NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
+ uint8_t last_interval, const char *user_temporary_password){
auto m = NitrokeyManager::instance();
- return get_with_result([&](){
- return m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval, user_temporary_password);
+ return get_with_string_result([&](){
+ string && s = m->get_TOTP_code(slot_number, challenge, last_totp_time, last_interval, user_temporary_password);
+ char * rs = strdup(s.c_str());
+ clear_string(s);
+ return rs;
});
}
diff --git a/NK_C_API.h b/NK_C_API.h
index f52034a..97e9ea5 100644
--- a/NK_C_API.h
+++ b/NK_C_API.h
@@ -195,7 +195,7 @@ NK_C_API int NK_write_totp_slot(uint8_t slot_number, const char *slot_name, cons
* @param slot_number HOTP slot number, slot_number<3
* @return HOTP code
*/
-NK_C_API uint32_t NK_get_hotp_code(uint8_t slot_number);
+NK_C_API const char * NK_get_hotp_code(uint8_t slot_number);
/**
* Get HOTP code from the device (PIN protected)
@@ -204,7 +204,7 @@ NK_C_API uint32_t NK_get_hotp_code(uint8_t slot_number);
* otherwise should be set to empty string - ''
* @return HOTP code
*/
-NK_C_API uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_temporary_password);
+NK_C_API const char * NK_get_hotp_code_PIN(uint8_t slot_number, const char *user_temporary_password);
/**
* Get TOTP code from the device
@@ -214,7 +214,8 @@ NK_C_API uint32_t NK_get_hotp_code_PIN(uint8_t slot_number, const char* user_tem
* @param last_interval last interval
* @return TOTP code
*/
-NK_C_API uint32_t NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval);
+NK_C_API const char * NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
+ uint8_t last_interval);
/**
* Get TOTP code from the device (PIN protected)
@@ -226,8 +227,9 @@ NK_C_API uint32_t NK_get_totp_code(uint8_t slot_number, uint64_t challenge, uint
* otherwise should be set to empty string - ''
* @return TOTP code
*/
-NK_C_API uint32_t NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challenge,
- uint64_t last_totp_time, uint8_t last_interval, const char* user_temporary_password);
+NK_C_API const char * NK_get_totp_code_PIN(uint8_t slot_number, uint64_t challenge,
+ uint64_t last_totp_time, uint8_t last_interval,
+ const char *user_temporary_password);
/**
* Set time on the device (for TOTP requests)
diff --git a/NitrokeyManager.cc b/NitrokeyManager.cc
index 159d647..a4ce3a5 100644
--- a/NitrokeyManager.cc
+++ b/NitrokeyManager.cc
@@ -216,7 +216,13 @@ namespace nitrokey{
return response.data().dissect();
}
- uint32_t NitrokeyManager::get_HOTP_code(uint8_t slot_number, const char *user_temporary_password) {
+ string getFilledOTPCode(uint32_t code, bool use_8_digits){
+ stringstream s;
+ s << std::right << std::setw(use_8_digits ? 8 : 6) << std::setfill('0') << code;
+ return s.str();
+ }
+
+ string NitrokeyManager::get_HOTP_code(uint8_t slot_number, const char *user_temporary_password) {
if (!is_valid_hotp_slot_number(slot_number)) throw InvalidSlotException(slot_number);
if (is_authorization_command_supported()){
@@ -226,7 +232,7 @@ namespace nitrokey{
authorize_packet<GetHOTP, UserAuthorize>(gh, user_temporary_password, device);
}
auto resp = GetHOTP::CommandTransaction::run(device, gh);
- return resp.data().code;
+ return getFilledOTPCode(resp.data().code, resp.data().use_8_digits);
} else {
auto gh = get_payload<stick10_08::GetHOTP>();
gh.slot_number = get_internal_slot_number_for_hotp(slot_number);
@@ -234,19 +240,21 @@ namespace nitrokey{
strcpyT(gh.temporary_user_password, user_temporary_password);
}
auto resp = stick10_08::GetHOTP::CommandTransaction::run(device, gh);
- return resp.data().code;
+ return getFilledOTPCode(resp.data().code, resp.data().use_8_digits);
}
+ return "";
}
-
bool NitrokeyManager::is_valid_hotp_slot_number(uint8_t slot_number) const { return slot_number < 3; }
bool NitrokeyManager::is_valid_totp_slot_number(uint8_t slot_number) const { return slot_number < 0x10-1; } //15
uint8_t NitrokeyManager::get_internal_slot_number_for_totp(uint8_t slot_number) const { return (uint8_t) (0x20 + slot_number); }
uint8_t NitrokeyManager::get_internal_slot_number_for_hotp(uint8_t slot_number) const { return (uint8_t) (0x10 + slot_number); }
- uint32_t NitrokeyManager::get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
- uint8_t last_interval,
- const char *user_temporary_password) {
+
+
+ string NitrokeyManager::get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
+ uint8_t last_interval,
+ const char *user_temporary_password) {
if(!is_valid_totp_slot_number(slot_number)) throw InvalidSlotException(slot_number);
slot_number = get_internal_slot_number_for_totp(slot_number);
@@ -261,15 +269,15 @@ namespace nitrokey{
authorize_packet<GetTOTP, UserAuthorize>(gt, user_temporary_password, device);
}
auto resp = GetTOTP::CommandTransaction::run(device, gt);
- return resp.data().code;
+ return getFilledOTPCode(resp.data().code, resp.data().use_8_digits);
} else {
auto gt = get_payload<stick10_08::GetTOTP>();
strcpyT(gt.temporary_user_password, user_temporary_password);
gt.slot_number = slot_number;
auto resp = stick10_08::GetTOTP::CommandTransaction::run(device, gt);
- return resp.data().code;
+ return getFilledOTPCode(resp.data().code, resp.data().use_8_digits);
}
-
+ return "";
}
bool NitrokeyManager::erase_slot(uint8_t slot_number, const char *temporary_password) {
@@ -830,7 +838,7 @@ namespace nitrokey{
}
}
- uint32_t NitrokeyManager::get_TOTP_code(uint8_t slot_number, const char *user_temporary_password) {
+ string NitrokeyManager::get_TOTP_code(uint8_t slot_number, const char *user_temporary_password) {
return get_TOTP_code(slot_number, 0, 0, 0, user_temporary_password);
}
diff --git a/include/NitrokeyManager.h b/include/NitrokeyManager.h
index 7550998..a815571 100644
--- a/include/NitrokeyManager.h
+++ b/include/NitrokeyManager.h
@@ -29,10 +29,11 @@ namespace nitrokey {
bool write_TOTP_slot(uint8_t slot_number, const char *slot_name, const char *secret, uint16_t time_window,
bool use_8_digits, bool use_enter, bool use_tokenID, const char *token_ID,
const char *temporary_password);
- uint32_t get_HOTP_code(uint8_t slot_number, const char *user_temporary_password);
- uint32_t get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time, uint8_t last_interval,
- const char *user_temporary_password);
- uint32_t get_TOTP_code(uint8_t slot_number, const char *user_temporary_password);
+ string get_HOTP_code(uint8_t slot_number, const char *user_temporary_password);
+ string get_TOTP_code(uint8_t slot_number, uint64_t challenge, uint64_t last_totp_time,
+ uint8_t last_interval,
+ const char *user_temporary_password);
+ string get_TOTP_code(uint8_t slot_number, const char *user_temporary_password);
stick10::ReadSlot::ResponsePayload get_TOTP_slot_data(const uint8_t slot_number);
stick10::ReadSlot::ResponsePayload get_HOTP_slot_data(const uint8_t slot_number);
diff --git a/unittest/test_pro.py b/unittest/test_pro.py
index 0140994..3f1f0a3 100644
--- a/unittest/test_pro.py
+++ b/unittest/test_pro.py
@@ -295,7 +295,7 @@ def check_HOTP_RFC_codes(C, func, prep=None, use_8_digits=False):
prep()
r = func(1)
code = str(code)[-8:] if use_8_digits else str(code)[-6:]
- assert int(code) == r
+ assert code == r
@pytest.mark.parametrize("use_8_digits", [False, True, ])
@@ -306,11 +306,11 @@ def test_HOTP_RFC_use8digits_usepin(C, use_8_digits, use_pin_protection):
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
if use_pin_protection:
check_HOTP_RFC_codes(C,
- lambda x: C.NK_get_hotp_code_PIN(x, DefaultPasswords.USER_TEMP),
+ lambda x: gs(C.NK_get_hotp_code_PIN(x, DefaultPasswords.USER_TEMP)),
lambda: C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP),
use_8_digits=use_8_digits)
else:
- check_HOTP_RFC_codes(C, C.NK_get_hotp_code, use_8_digits=use_8_digits)
+ check_HOTP_RFC_codes(C, lambda x: gs(C.NK_get_hotp_code(x)), use_8_digits=use_8_digits)
def test_HOTP_token(C):
@@ -326,8 +326,8 @@ def test_HOTP_token(C):
assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, False, True, token_ID,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
for i in range(5):
- hotp_code = C.NK_get_hotp_code(1)
- assert hotp_code != 0
+ hotp_code = gs(C.NK_get_hotp_code(1))
+ assert hotp_code != ""
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
@@ -349,9 +349,9 @@ def test_HOTP_counters(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(slot_number, 'python_test', RFC_SECRET, counter, use_8_digits, False, False, "",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- r = C.NK_get_hotp_code(slot_number)
+ r = gs(C.NK_get_hotp_code(slot_number))
code = str(code)[-8:] if use_8_digits else str(code)[-6:]
- assert int(code) == r
+ assert code == r
INT32_MAX = 2 ** 31 - 1
@@ -373,8 +373,7 @@ def test_HOTP_64bit_counter(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(slot_number, 'python_test', RFC_SECRET, t, use_8_digits, False, False, "",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- code_device = str(C.NK_get_hotp_code(slot_number))
- code_device = '0'+code_device if len(code_device) < 6 else code_device
+ code_device = gs(C.NK_get_hotp_code(slot_number))
dev_res += (t, code_device)
lib_res += (t, lib_at(t))
assert dev_res == lib_res
@@ -399,8 +398,7 @@ def test_TOTP_64bit_time(C):
for t in range(INT32_MAX - 5, INT32_MAX + 5, 1):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_totp_set_time(t) == DeviceErrorCode.STATUS_OK
- code_device = str((C.NK_get_totp_code(slot_number, T, 0, 30)))
- code_device = '0'+code_device if len(code_device) < 6 else code_device
+ code_device = gs((C.NK_get_totp_code(slot_number, T, 0, 30)))
dev_res += (t, code_device)
lib_res += (t, lib_at(t))
assert dev_res == lib_res
@@ -425,9 +423,9 @@ def test_TOTP_RFC_usepin(C, PIN_protection):
get_func = None
if PIN_protection:
- get_func = lambda x, y, z, r: C.NK_get_totp_code_PIN(x, y, z, r, DefaultPasswords.USER_TEMP)
+ get_func = lambda x, y, z, r: gs(C.NK_get_totp_code_PIN(x, y, z, r, DefaultPasswords.USER_TEMP))
else:
- get_func = C.NK_get_totp_code
+ get_func = lambda x: gs(C.NK_get_totp_code)
# Mode: Sha1, time step X=30
test_data = [
@@ -476,13 +474,13 @@ def test_get_OTP_codes(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
for i in range(15):
- code = C.NK_get_totp_code(i, 0, 0, 0)
- if code == 0:
+ code = gs(C.NK_get_totp_code(i, 0, 0, 0))
+ if code == "":
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
for i in range(3):
- code = C.NK_get_hotp_code(i)
- if code == 0:
+ code = gs(C.NK_get_hotp_code(i))
+ if code == "":
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
@@ -494,12 +492,12 @@ def test_get_OTP_code_from_not_programmed_slot(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_erase_totp_slot(0, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- code = C.NK_get_hotp_code(0)
- assert code == 0
+ code = gs(C.NK_get_hotp_code(0))
+ assert code == ""
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
- code = C.NK_get_totp_code(0, 0, 0, 0)
- assert code == 0
+ code = gs(C.NK_get_totp_code(0, 0, 0, 0))
+ assert code == ""
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
@@ -512,14 +510,14 @@ def test_get_code_user_authorize(C):
# TODO create convinience function on C API side to enable/disable OTP USER_PIN protection
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- code = C.NK_get_totp_code(0, 0, 0, 0)
- assert code == 0
+ code = gs(C.NK_get_totp_code(0, 0, 0, 0))
+ assert code == ""
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED
# disable PIN protection with write_config
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- code = C.NK_get_totp_code(0, 0, 0, 0)
- assert code != 0
+ code = gs(C.NK_get_totp_code(0, 0, 0, 0))
+ assert code != ""
assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
@@ -556,10 +554,10 @@ def test_factory_reset(C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(1, 'python_test', RFC_SECRET, 0, False, False, False, "",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- assert C.NK_get_hotp_code(1) == 755224
+ assert gs(C.NK_get_hotp_code(1)) == "755224"
assert C.NK_factory_reset(DefaultPasswords.ADMIN) == DeviceErrorCode.STATUS_OK
wait(10)
- assert C.NK_get_hotp_code(1) != 287082
+ assert gs(C.NK_get_hotp_code(1)) != "287082"
assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
# restore AES key
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
@@ -608,8 +606,7 @@ def test_OTP_secret_started_from_null(C, secret):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(slot_number, 'null_secret', secret, t, use_8_digits, False, False, "",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- code_device = str(C.NK_get_hotp_code(slot_number))
- code_device = '0'+code_device if len(code_device) < 6 else code_device
+ code_device = gs(C.NK_get_hotp_code(slot_number))
dev_res += (t, code_device)
lib_res += (t, lib_at(t))
assert dev_res == lib_res
@@ -641,8 +638,7 @@ def test_HOTP_slots_read_write_counter(C, counter):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(slot_number, 'HOTP rw' + str(slot_number), secret, counter, use_8_digits, False, False, "",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- code_device = str(C.NK_get_hotp_code(slot_number))
- code_device = '0'+code_device if len(code_device) < 6 else code_device
+ code_device = gs(C.NK_get_hotp_code(slot_number))
dev_res += (counter, code_device)
lib_res += (counter, lib_at(counter))
assert dev_res == lib_res
@@ -672,8 +668,7 @@ def test_TOTP_slots_read_write_at_time_period(C, time, period):
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_totp_set_time(time) == DeviceErrorCode.STATUS_OK
- code_device = str(C.NK_get_totp_code(slot_number, T, 0, period))
- code_device = '0'+code_device if len(code_device) < 6 else code_device
+ code_device = gs(C.NK_get_totp_code(slot_number, T, 0, period))
dev_res += (time, code_device)
lib_res += (time, lib_at(time))
assert dev_res == lib_res
@@ -705,8 +700,7 @@ def test_TOTP_secrets(C, secret):
assert C.NK_write_totp_slot(slot_number, 'secret' + str(len(secret)), secret, period, use_8_digits, False, False, "",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_totp_set_time(time) == DeviceErrorCode.STATUS_OK
- code_device = str(C.NK_get_totp_code(slot_number, T, 0, period))
- code_device = '0'+code_device if len(code_device) < 6 else code_device
+ code_device = gs(C.NK_get_totp_code(slot_number, T, 0, period))
dev_res += (time, code_device)
lib_res += (time, lib_at(time))
assert dev_res == lib_res
@@ -735,8 +729,7 @@ def test_HOTP_secrets(C, secret):
lib_res = []
assert C.NK_write_hotp_slot(slot_number, 'secret' + str(len(secret)), secret, counter, use_8_digits, False, False, "",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- code_device = str(C.NK_get_hotp_code(slot_number))
- code_device = '0'+code_device if len(code_device) < 6 else code_device
+ code_device = gs(C.NK_get_hotp_code(slot_number))
dev_res += (counter, code_device)
lib_res += (counter, lib_at(counter))
assert dev_res == lib_res
@@ -784,13 +777,13 @@ def test_edit_OTP_slot(C):
assert gs(C.NK_get_hotp_slot_name(slot_number)) == first_name
- first_code = C.NK_get_hotp_code(slot_number)
+ first_code = gs(C.NK_get_hotp_code(slot_number))
changed_name = 'changedname'
empty_secret = ''
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_hotp_slot(slot_number, changed_name, empty_secret, counter, use_8_digits, False, False, "",
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- second_code = C.NK_get_hotp_code(slot_number)
+ second_code = gs(C.NK_get_hotp_code(slot_number))
assert first_code == second_code
assert gs(C.NK_get_hotp_slot_name(slot_number)) == changed_name
@@ -808,8 +801,7 @@ def test_TOTP_codes_from_nitrokeyapp(secret, C):
assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
assert C.NK_write_config(255, 255, 255, PIN_protection, not PIN_protection,
DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
- code_device = str(C.NK_get_totp_code(slot_number, 0, 0, period))
- code_device = '0'+code_device if len(code_device) < 6 else code_device
+ code_device = gs(C.NK_get_totp_code(slot_number, 0, 0, period))
oath = pytest.importorskip("oath")
lib_at = lambda : oath.totp(secret, period=period)