Mac M1/M2 bug on uint64 representation of negative values

[profclems]

On Mac M1/M2, otp validation fails for dates in any year before 1970. This can be associated to this bug golang/go#62725 as uint64 cannot represent negative values and converting floats to uint64s is implementation defined; which is related to the float to uint64 conversion in totp.ValidateCustom:

otp/totp/totp.go

Line 84 in bd63651

counter := uint64(math.Floor(float64(t.Unix()) / float64(opts.Period)))

Example 1

Passes for any year from 1970

package main

import (
	"log"
	"time"

	"github.com/pquerna/otp"
	"github.com/pquerna/otp/totp"
)

func main() {
	t := time.Date(1970, 1, 1, 0, 0, 0, 0, time.UTC)
	secretKey := "5F5FKHNJPUEP5QXIBIRQZHTY4JJOO3GL"

	passcode, err := totp.GenerateCodeCustom(secretKey, t, newMFAValidationOpts())
	if err != nil {
		log.Fatal(err)
	}

	valid, err := totp.ValidateCustom(passcode, secretKey, t, newMFAValidationOpts())
	if err != nil {
		log.Fatal(err)
	}

	log.Println(valid)
}

func newMFAValidationOpts() totp.ValidateOpts {
	return totp.ValidateOpts{
		Period:    30,
		Skew:      1,
		Digits:    6,
		Algorithm: otp.AlgorithmSHA1,
	}
}

Output

 $ go run ./totp
2023/09/21 12:12:13 true

Example 2

Fails for any year before 1970

package main

import (
	"log"
	"time"

	"github.com/pquerna/otp"
	"github.com/pquerna/otp/totp"
)

func main() {
	t := time.Time{}
	secretKey := "5F5FKHNJPUEP5QXIBIRQZHTY4JJOO3GL"

	passcode, err := totp.GenerateCodeCustom(secretKey, t, newMFAValidationOpts())
	if err != nil {
		log.Fatal(err)
	}

	valid, err := totp.ValidateCustom(passcode, secretKey, t, newMFAValidationOpts())
	if err != nil {
		log.Fatal(err)
	}

	log.Println(valid)
}

func newMFAValidationOpts() totp.ValidateOpts {
	return totp.ValidateOpts{
		Period:    30,
		Skew:      1,
		Digits:    6,
		Algorithm: otp.AlgorithmSHA1,
	}
}

Output

$ go run ./totp
2023/09/21 12:14:58 false

[profclems]

Closing based on this comment #86 (comment)