doxygen/hotp_8cpp_source.html

/*

* HOTP

* (C) 2017,2026 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/otp.h>


#include <botan/exceptn.h>

#include <botan/internal/loadstor.h>


namespace Botan {


namespace {


// Use compile-time constant divisors to ensure the compiler emits a

// multiply+shift sequence instead of a variable-time division instruction

uint32_t hotp_truncate(uint32_t code, size_t digits) {

   switch(digits) {

      case 6:

         return code % 1000000;

      case 7:

         return code % 10000000;

      case 8:

         return code % 100000000;

      default:

         BOTAN_ASSERT_UNREACHABLE();

   }

}


}  // namespace


HOTP::HOTP(const uint8_t key[], size_t key_len, std::string_view hash_algo, size_t digits) : m_digits(digits) {

   BOTAN_ARG_CHECK(m_digits == 6 || m_digits == 7 || m_digits == 8, "Invalid HOTP digits");


   /*

   RFC 4228 only supports SHA-1 but TOTP allows SHA-256 and SHA-512

   and some HOTP libs support one or both as extensions

   */

   if(hash_algo == "SHA-1") {

      m_mac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-1)");

   } else if(hash_algo == "SHA-256") {

      m_mac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)");

   } else if(hash_algo == "SHA-512") {

      m_mac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");

   } else {

      throw Invalid_Argument("Unsupported HOTP hash function");

   }


   m_mac->set_key(key, key_len);

}


uint32_t HOTP::generate_hotp(uint64_t counter) {

   m_mac->update_be(counter);

   const secure_vector<uint8_t> mac = m_mac->final();


   const size_t offset = mac[mac.size() - 1] & 0x0F;

   const uint32_t code = load_be<uint32_t>(mac.data() + offset, 0) & 0x7FFFFFFF;

   return hotp_truncate(code, m_digits);

}


std::pair<bool, uint64_t> HOTP::verify_hotp(uint32_t otp, uint64_t starting_counter, size_t resync_range) {

   for(size_t i = 0; i <= resync_range; ++i) {

      if(generate_hotp(starting_counter + i) == otp) {

         return std::make_pair(true, starting_counter + i + 1);

      }

   }

   return std::make_pair(false, starting_counter);

}


}  // namespace Botan

BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33

BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:163

Botan::HOTP::generate_hotp
uint32_t generate_hotp(uint64_t counter)
Definition hotp.cpp:54

Botan::HOTP::verify_hotp
std::pair< bool, uint64_t > verify_hotp(uint32_t otp, uint64_t starting_counter, size_t resync_range=0)
Definition hotp.cpp:63

Botan::HOTP::HOTP
BOTAN_FUTURE_EXPLICIT HOTP(const SymmetricKey &key, std::string_view hash_algo="SHA-1", size_t digits=6)
Definition otp.h:28

Botan::Invalid_Argument
Definition exceptn.h:132

Botan::MessageAuthenticationCode::create_or_throw
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:147

Botan
Definition alg_id.cpp:13

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

Botan::load_be
constexpr auto load_be(ParamTs &&... params)
Definition loadstor.h:504