Botan 3.8.1
Crypto and TLS for C&
otp.h
Go to the documentation of this file.
1/*
2* HOTP/TOTP
3* (C) 2017 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_ONE_TIME_PASSWORDS_H_
9#define BOTAN_ONE_TIME_PASSWORDS_H_
10
11#include <botan/mac.h>
12#include <botan/symkey.h>
13#include <chrono>
14
15namespace Botan {
16
17/**
18* HOTP one time passwords (RFC 4226)
19*/
20class BOTAN_PUBLIC_API(2, 2) HOTP final {
21 public:
22 /**
23 * @param key the secret key shared between client and server
24 * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
25 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
26 */
27 HOTP(const SymmetricKey& key, std::string_view hash_algo = "SHA-1", size_t digits = 6) :
28 HOTP(key.begin(), key.size(), hash_algo, digits) {}
29
30 /**
31 * @param key the secret key shared between client and server
32 * @param key_len length of key param
33 * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
34 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
35 */
36 HOTP(const uint8_t key[], size_t key_len, std::string_view hash_algo = "SHA-1", size_t digits = 6);
37
38 /**
39 * Generate the HOTP for a particular counter value
40 * @warning if the counter value is repeated the OTP ceases to be one-time
41 */
42 uint32_t generate_hotp(uint64_t counter);
43
44 /**
45 * Check an OTP value using a starting counter and a resync range
46 * @param otp the client provided OTP
47 * @param starting_counter the server's guess as to the current counter state
48 * @param resync_range if 0 then only HOTP(starting_counter) is accepted
49 * If larger than 0, up to resync_range values after HOTP are also checked.
50 * @return (valid,next_counter). If the OTP does not validate, always
51 * returns (false,starting_counter). Otherwise returns (true,next_counter)
52 * where next_counter is at most starting_counter + resync_range + 1
53 */
54 std::pair<bool, uint64_t> verify_hotp(uint32_t otp, uint64_t starting_counter, size_t resync_range = 0);
55
56 private:
57 std::unique_ptr<MessageAuthenticationCode> m_mac;
58 uint32_t m_digit_mod;
59};
60
61/**
62* TOTP (time based) one time passwords (RFC 6238)
63*/
64class BOTAN_PUBLIC_API(2, 2) TOTP final {
65 public:
66 /**
67 * @param key the secret key shared between client and server
68 * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
69 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
70 * @param time_step granularity of OTP in seconds
71 */
72 TOTP(const SymmetricKey& key, std::string_view hash_algo = "SHA-1", size_t digits = 6, size_t time_step = 30) :
73 TOTP(key.begin(), key.size(), hash_algo, digits, time_step) {}
74
75 /**
76 * @param key the secret key shared between client and server
77 * @param key_len length of key
78 * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
79 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
80 * @param time_step granularity of OTP in seconds
81 */
82 TOTP(const uint8_t key[],
83 size_t key_len,
84 std::string_view hash_algo = "SHA-1",
85 size_t digits = 6,
86 size_t time_step = 30);
87
88 /**
89 * Convert the provided time_point to a Unix timestamp and call generate_totp
90 */
91 uint32_t generate_totp(std::chrono::system_clock::time_point time_point);
92
93 /**
94 * Generate the OTP corresponding the the provided "Unix timestamp" (ie
95 * number of seconds since midnight Jan 1, 1970)
96 */
97 uint32_t generate_totp(uint64_t unix_time);
98
99 bool verify_totp(uint32_t otp, std::chrono::system_clock::time_point time, size_t clock_drift_accepted = 0);
100
101 bool verify_totp(uint32_t otp, uint64_t unix_time, size_t clock_drift_accepted = 0);
102
103 private:
104 HOTP m_hotp;
105 size_t m_time_step;
106 std::chrono::system_clock::time_point m_unix_epoch;
107};
108
109} // namespace Botan
110
111#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:19
HOTP(const SymmetricKey &key, std::string_view hash_algo="SHA-1", size_t digits=6)
Definition otp.h:27
TOTP(const SymmetricKey &key, std::string_view hash_algo="SHA-1", size_t digits=6, size_t time_step=30)
Definition otp.h:72
OctetString SymmetricKey
Definition symkey.h:140