Botan 3.9.0
Crypto and TLS for C&
otp.h
Go to the documentation of this file.
1/*
2* HOTP/TOTP
3* (C) 2017 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_ONE_TIME_PASSWORDS_H_
9#define BOTAN_ONE_TIME_PASSWORDS_H_
10
11#include <botan/mac.h>
12#include <botan/symkey.h>
13#include <chrono>
14
15namespace Botan {
16
17/**
18* HOTP one time passwords (RFC 4226)
19*/
20class BOTAN_PUBLIC_API(2, 2) HOTP final {
21 public:
22 /**
23 * @param key the secret key shared between client and server
24 * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
25 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
26 */
27 BOTAN_FUTURE_EXPLICIT HOTP(const SymmetricKey& key, std::string_view hash_algo = "SHA-1", size_t digits = 6) :
28 HOTP(key.begin(), key.size(), hash_algo, digits) {}
29
30 /**
31 * @param key the secret key shared between client and server
32 * @param key_len length of key param
33 * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
34 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
35 */
36 HOTP(const uint8_t key[], size_t key_len, std::string_view hash_algo = "SHA-1", size_t digits = 6);
37
38 /**
39 * Generate the HOTP for a particular counter value
40 * @warning if the counter value is repeated the OTP ceases to be one-time
41 */
42 uint32_t generate_hotp(uint64_t counter);
43
44 /**
45 * Check an OTP value using a starting counter and a resync range
46 * @param otp the client provided OTP
47 * @param starting_counter the server's guess as to the current counter state
48 * @param resync_range if 0 then only HOTP(starting_counter) is accepted
49 * If larger than 0, up to resync_range values after HOTP are also checked.
50 * @return (valid,next_counter). If the OTP does not validate, always
51 * returns (false,starting_counter). Otherwise returns (true,next_counter)
52 * where next_counter is at most starting_counter + resync_range + 1
53 */
54 std::pair<bool, uint64_t> verify_hotp(uint32_t otp, uint64_t starting_counter, size_t resync_range = 0);
55
56 private:
57 std::unique_ptr<MessageAuthenticationCode> m_mac;
58 uint32_t m_digit_mod;
59};
60
61/**
62* TOTP (time based) one time passwords (RFC 6238)
63*/
64class BOTAN_PUBLIC_API(2, 2) TOTP final {
65 public:
66 /**
67 * @param key the secret key shared between client and server
68 * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
69 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
70 * @param time_step granularity of OTP in seconds
71 */
73 std::string_view hash_algo = "SHA-1",
74 size_t digits = 6,
75 size_t time_step = 30) :
76 TOTP(key.begin(), key.size(), hash_algo, digits, time_step) {}
77
78 /**
79 * @param key the secret key shared between client and server
80 * @param key_len length of key
81 * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
82 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
83 * @param time_step granularity of OTP in seconds
84 */
85 TOTP(const uint8_t key[],
86 size_t key_len,
87 std::string_view hash_algo = "SHA-1",
88 size_t digits = 6,
89 size_t time_step = 30);
90
91 /**
92 * Convert the provided time_point to a Unix timestamp and call generate_totp
93 */
94 uint32_t generate_totp(std::chrono::system_clock::time_point time_point);
95
96 /**
97 * Generate the OTP corresponding the the provided "Unix timestamp" (ie
98 * number of seconds since midnight Jan 1, 1970)
99 */
100 uint32_t generate_totp(uint64_t unix_time);
101
102 bool verify_totp(uint32_t otp, std::chrono::system_clock::time_point time, size_t clock_drift_accepted = 0);
103
104 bool verify_totp(uint32_t otp, uint64_t unix_time, size_t clock_drift_accepted = 0);
105
106 private:
107 HOTP m_hotp;
108 size_t m_time_step;
109 std::chrono::system_clock::time_point m_unix_epoch;
110};
111
112} // namespace Botan
113
114#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
#define BOTAN_FUTURE_EXPLICIT
Definition api.h:52
BOTAN_FUTURE_EXPLICIT HOTP(const SymmetricKey &key, std::string_view hash_algo="SHA-1", size_t digits=6)
Definition otp.h:27
BOTAN_FUTURE_EXPLICIT TOTP(const SymmetricKey &key, std::string_view hash_algo="SHA-1", size_t digits=6, size_t time_step=30)
Definition otp.h:72
OctetString SymmetricKey
Definition symkey.h:140