I am trying to build a algo trading bot. I need to connect with my broker which requires me to enter the totp code generated using the secret key. I have the secret key with me, but I am not able to generate the totp code from that in c++.
I have tried using the oath library https://www.nongnu.org/oath-toolkit/liboath-api/liboath-oath.h.html, openssl library for direct HMAC-SHA1 algorithm, in every case the totp generated is different from what is shown in google authenticator, and it does not work.
This is the openssl code i have used -
#include <iostream>
#include <cstring>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <ctime>
#include <cmath>
std::string generateTOTP(const std::string& secret, unsigned long timeStep, int digits) {
const unsigned char* key = reinterpret_cast<const unsigned char*>(secret.c_str());
int keyLen = secret.length();
// Get the current Unix time
unsigned long current_time = time(nullptr) / timeStep;
// Convert the time to big-endian
current_time = htobe64(current_time);
// Create the data to be hashed (current time)
unsigned char data[8];
memcpy(data, ¤t_time, sizeof(current_time));
// Calculate the HMAC-SHA1 hash
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned int hashLen;
HMAC(EVP_sha1(), key, keyLen, data, sizeof(data), hash, &hashLen);
// Calculate the offset
int offset = hash[hashLen - 1] & 0xf;
// Calculate the 4 bytes OTP
int binary = ((hash[offset] & 0x7f) << 24) |
((hash[offset + 1] & 0xff) << 16) |
((hash[offset + 2] & 0xff) << 8) |
(hash[offset + 3] & 0xff);
int otp = binary % static_cast<int>(std::pow(10, digits));
// Convert the OTP to a string with leading zeros if needed
return std::to_string(otp);
}
int main() {
const std::string secret_key = "###################";
const int digits = 6; // Number of OTP digits
std::string totp = generateTOTP(secret_key, 30, digits);
while (totp.length() < digits) {
totp = "0" + totp;
}
std::cout << "Generated TOTP: " << totp << std::endl;
return 0;
}
And this is the oath code i have tried. Oath code is also giving different output as compared to google authenticator.
#include <iostream>
#include <chrono>
#include <oath.h>
int main() {
const char* secret_key = "####################"; // Replace with your actual secret key
char otp[6];
int otp_len = sizeof(otp);
auto now = std::chrono::system_clock::now();
auto current_time = std::chrono::duration_cast<std::chrono::seconds>(now.time_since_epoch()).count();
unsigned long time_step = 30; // TOTP time step (usually 30 seconds)
if (oath_totp_generate2(
secret_key,
strlen(secret_key),
current_time,
OATH_TOTP_DEFAULT_TIME_STEP_SIZE,
OATH_TOTP_DEFAULT_START_TIME,
otp_len,
OATH_TOTP_HMAC_SHA256,
otp) == 0) {
// otp[otp_len] = '\0'; // Null-terminate the OTP
std::cout << "Generated TOTP: " << otp << std::endl;
} else {
std::cerr << "Error generating TOTP." << std::endl;
}
return 0;
}