Add support for SHA256 and SHA512

const.go

@@ -2,14 +2,23 @@ package otp
 
 // Default settings for all generators
 const (
-	DefaultLength             = 6   // Default length of the generated tokens
-	DefaultPeriod             = 30  // Default time period for TOTP tokens, in seconds
-	DefaultRandomSecretLength = 100 // Default random secret length
-	DefaultWindowBack         = 1   // Default TOTP verification window back steps
-	DefaultWindowForward      = 1   // Default TOTP verification window forward steps
+	DefaultHashAlgo			  = SHA1 // Default hash algorithm to SHA1
+	DefaultLength             = 6    // Default length of the generated tokens
+	DefaultPeriod             = 30   // Default time period for TOTP tokens, in seconds
+	DefaultRandomSecretLength = 100  // Default random secret length
+	DefaultWindowBack         = 1    // Default TOTP verification window back steps
+	DefaultWindowForward      = 1    // Default TOTP verification window forward steps
 )
 
 // Maximum values for all generators
 const (
 	MaxLength = 10 // Maximum token length
 )
+
+// Valid hash algorithm
+type Hash int
+const (
+	SHA1 	Hash = iota
+	SHA256
+	SHA512
+)

hotp.go

@@ -18,6 +18,7 @@ import (
 // the Counter, for future token verifications. Check this package constants to see the
 // current default values.
 type HOTP struct {
+	HashAlgo	   Hash  // The chosen hash algorithm
 	Secret         string // The secret used to generate the token
 	Length         uint8  // The token size, with a maximum determined by MaxLength
 	Counter        uint64 // The counter used as moving factor
@@ -47,9 +48,9 @@ func (h *HOTP) Get() string {
 	var hash []byte
 	if h.IsBase32Secret {
 		secretBytes, _ := base32.StdEncoding.DecodeString(h.Secret)
-		hash = hmacSHA1(secretBytes, text)
+		hash = hmacSHA(h.HashAlgo, secretBytes, text)
 	} else {
-		hash = hmacSHA1([]byte(h.Secret), text)
+		hash = hmacSHA(h.HashAlgo, []byte(h.Secret), text)
 	}
 	binary := truncate(hash)
 	otp := int64(binary) % int64(math.Pow10(int(h.Length)))

misc.go

@@ -4,6 +4,8 @@ import (
 	"crypto/hmac"
 	"crypto/rand"
 	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/sha512"
 	"encoding/base32"
 )
 
@@ -29,8 +31,17 @@ func counterToBytes(counter uint64) (text []byte) {
 	return
 }
 
-func hmacSHA1(key, text []byte) []byte {
-	H := hmac.New(sha1.New, key)
+func hmacSHA(hash Hash, key, text []byte) []byte {
+	h := sha1.New
+	if hash != DefaultHashAlgo {
+		switch(hash) {
+		case SHA256:
+			h = sha256.New
+		case SHA512:
+			h = sha512.New
+		}
+	}
+	H := hmac.New(h, key)
 	H.Write([]byte(text))
 	return H.Sum(nil)
 }

totp.go

@@ -16,6 +16,7 @@ import "time"
 //
 // Check this package constants to see the current default values.
 type TOTP struct {
+	HashAlgo	   Hash      // The chosen hash algorithm
 	Secret         string    // The secret used to generate a token
 	Length         uint8     // The token length
 	Time           time.Time // The time used to generate the token
@@ -57,7 +58,13 @@ func (t *TOTP) Get() string {
 	t.setDefaults()
 	t.normalize()
 	ts := uint64(t.Time.Unix() / int64(t.Period))
-	hotp := &HOTP{Secret: t.Secret, Counter: ts, Length: t.Length, IsBase32Secret: t.IsBase32Secret}
+	hotp := &HOTP {
+				HashAlgo: t.HashAlgo,
+				Secret: t.Secret,
+				Counter: ts,
+				Length: t.Length,
+				IsBase32Secret: t.IsBase32Secret,
+			}
 	return hotp.Get()
 }