Finished OTP implementation #5

Author: julianschmuckli

.idea/caches/build_file_checksums.ser

@@ -20,7 +20,7 @@ android {
 
 dependencies {
     implementation fileTree(dir: 'libs', include: ['*.jar'])
-    implementation 'com.android.support:appcompat-v7:27.0.0'
+    implementation 'com.android.support:appcompat-v7:27.1.1'
     implementation 'com.android.support.constraint:constraint-layout:1.1.2'
     implementation 'com.android.support:support-v4:27.1.1'
     implementation 'com.journeyapps:zxing-android-embedded:3.6.0'

app/build.gradle

@@ -4,6 +4,7 @@
 import android.app.Dialog;
 import android.content.Context;
 import android.content.DialogInterface;
+import android.content.SharedPreferences;
 import android.content.pm.ActivityInfo;
 import android.os.Bundle;
 import android.view.KeyEvent;
@@ -13,6 +14,9 @@
 import android.view.WindowManager;
 import android.webkit.WebView;
 import android.widget.Button;
+import android.widget.Toast;
+
+import com.coderbunker.kioskapp.lib.TOTP;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -43,6 +47,8 @@ public class KioskActivity extends Activity {
 
     private Timer timerLock, timerNav;
 
+    private SharedPreferences prefs;
+
     @Override
     public void onBackPressed() {
         //Do nothing...
@@ -87,6 +93,9 @@ public boolean onTouch(View view, MotionEvent motionEvent) {
             }
         });
 
+        prefs = this.getSharedPreferences(
+                "com.coderbunker.kioskapp", Context.MODE_PRIVATE);
+
         TimerTask lock = new TimerTask() {
             @Override
             public void run() {
@@ -180,13 +189,18 @@ public void enterNumber(String number) {
     }
 
     private void checkPwd() {
-        String pwd = b1.getText().toString() + b2.getText().toString() + b3.getText().toString() + b4.getText().toString();
-        if (password.equals(pwd)) {
-            finish();
+        String otp = prefs.getString("otp", null);
+        String pwd = b1.getText().toString() + b2.getText().toString() + b3.getText().toString() + b4.getText().toString() + b5.getText().toString() + b6.getText().toString();
+        String generated_number = TOTP.generateCurrentNumber(otp, System.currentTimeMillis());
+        String previous_generated_number = TOTP.generateCurrentNumber(otp, System.currentTimeMillis() - 30000);
 
+        if (pwd.equals(generated_number) || pwd.equals(previous_generated_number)) {
+            Toast.makeText(context, "PIN correct", Toast.LENGTH_SHORT).show();
+            finish();
         } else {
             dialog.dismiss();
             dialogPrompted = false;
+            Toast.makeText(context, "Wrong PIN", Toast.LENGTH_SHORT).show();
         }
 
         cptPwd = 0;
@@ -205,8 +219,10 @@ public boolean dispatchKeyEvent(KeyEvent event) {
 
     @Override
     public boolean onKeyDown(int keyCode, KeyEvent event) {
+        Toast.makeText(context, "Clicked", Toast.LENGTH_SHORT).show();
         if (blockedKeys.contains(event.getKeyCode())) {
-            return true;
+            Toast.makeText(context, "Blocked", Toast.LENGTH_SHORT).show();
+            return false;
         }
         return super.onKeyDown(keyCode, event);
     }

app/src/main/java/com/coderbunker/kioskapp/KioskActivity.java

@@ -16,8 +16,8 @@ protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
         setContentView(R.layout.activity_main);
 
-        kioskmode = (Button) findViewById(R.id.button_kioskmode);
-        settings = (Button) findViewById(R.id.button_settings);
+        kioskmode = findViewById(R.id.button_kioskmode);
+        settings = findViewById(R.id.button_settings);
 
         kioskmode.setOnClickListener(new View.OnClickListener() {
             @Override

app/src/main/java/com/coderbunker/kioskapp/MainActivity.java

@@ -85,7 +85,7 @@ public void onClick(View view) {
             editor.apply();
         }
 
-        otp_uri = "otpauth://totp/Admin:coderbunker.com?secret=" + otp + "&issuer=Coderbunker";
+        otp_uri = "otpauth://totp/Admin?secret=" + otp + "&issuer=Coderbunker";
 
         generateQRCode(otp_uri);
     }

app/src/main/java/com/coderbunker/kioskapp/SettingsActivity.java

@@ -0,0 +1,88 @@
+package com.coderbunker.kioskapp.lib;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+public class TOTP {
+
+    private static int TIME_STEP_SECONDS = 30, NUM_DIGITS_OUTPUT = 6;
+
+    //Source: https://github.com/airG/java-totp/blob/master/src/main/java/com/j256/totp/TwoFactorAuthUtil.java
+
+    public static String generateCurrentNumber(String secret, long currentTimeMillis) {
+
+        byte[] key = new byte[0];
+        try {
+            key = Base32.decode(secret);
+        } catch (Base32.DecodingException e) {
+            e.printStackTrace();
+        }
+
+        byte[] data = new byte[8];
+        long value = currentTimeMillis / 1000 / TIME_STEP_SECONDS;
+        for (int i = 7; value > 0; i--) {
+            data[i] = (byte) (value & 0xFF);
+            value >>= 8;
+        }
+
+        // encrypt the data with the key and return the SHA1 of it in hex
+        SecretKeySpec signKey = new SecretKeySpec(key, "HmacSHA1");
+        // if this is expensive, could put in a thread-local
+        Mac mac = null;
+        try {
+            mac = Mac.getInstance("HmacSHA1");
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
+        try {
+            mac.init(signKey);
+        } catch (InvalidKeyException e) {
+            e.printStackTrace();
+        }
+        byte[] hash = mac.doFinal(data);
+
+        // take the 4 least significant bits from the encrypted string as an offset
+        int offset = hash[hash.length - 1] & 0xF;
+
+        // We're using a long because Java hasn't got unsigned int.
+        long truncatedHash = 0;
+        for (int i = offset; i < offset + 4; ++i) {
+            truncatedHash <<= 8;
+            // get the 4 bytes at the offset
+            truncatedHash |= (hash[i] & 0xFF);
+        }
+        // cut off the top bit
+        truncatedHash &= 0x7FFFFFFF;
+
+        // the token is then the last 6 digits in the number
+        truncatedHash %= 1000000;
+
+        return zeroPrepend(truncatedHash, NUM_DIGITS_OUTPUT);
+    }
+
+    private static String zeroPrepend(long num, int digits) {
+        String hashStr = Long.toString(num);
+        if (hashStr.length() >= digits) {
+            return hashStr;
+        } else {
+            StringBuilder sb = new StringBuilder(digits);
+            int zeroCount = digits - hashStr.length();
+            sb.append(blockOfZeros, 0, zeroCount);
+            sb.append(hashStr);
+            return sb.toString();
+        }
+    }
+
+    private static String blockOfZeros = null;
+
+    {
+        StringBuilder sb = new StringBuilder(NUM_DIGITS_OUTPUT);
+        for (int i = 0; i < NUM_DIGITS_OUTPUT; i++) {
+            sb.append('0');
+        }
+        blockOfZeros = sb.toString();
+    }
+}