Botan 3.5.0
Crypto and TLS for C&
otp.h
Go to the documentation of this file.
1/*
2* HOTP/TOTP
3* (C) 2017 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_ONE_TIME_PASSWORDS_H_
9#define BOTAN_ONE_TIME_PASSWORDS_H_
10
11#include <botan/mac.h>
12#include <chrono>
13
14namespace Botan {
15
16/**
17* HOTP one time passwords (RFC 4226)
18*/
20 public:
21 /**
22 * @param key the secret key shared between client and server
23 * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
24 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
25 */
26 HOTP(const SymmetricKey& key, std::string_view hash_algo = "SHA-1", size_t digits = 6) :
27 HOTP(key.begin(), key.size(), hash_algo, digits) {}
28
29 /**
30 * @param key the secret key shared between client and server
31 * @param key_len length of key param
32 * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
33 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
34 */
35 HOTP(const uint8_t key[], size_t key_len, std::string_view hash_algo = "SHA-1", size_t digits = 6);
36
37 /**
38 * Generate the HOTP for a particular counter value
39 * @warning if the counter value is repeated the OTP ceases to be one-time
40 */
41 uint32_t generate_hotp(uint64_t counter);
42
43 /**
44 * Check an OTP value using a starting counter and a resync range
45 * @param otp the client provided OTP
46 * @param starting_counter the server's guess as to the current counter state
47 * @param resync_range if 0 then only HOTP(starting_counter) is accepted
48 * If larger than 0, up to resync_range values after HOTP are also checked.
49 * @return (valid,next_counter). If the OTP does not validate, always
50 * returns (false,starting_counter). Otherwise returns (true,next_counter)
51 * where next_counter is at most starting_counter + resync_range + 1
52 */
53 std::pair<bool, uint64_t> verify_hotp(uint32_t otp, uint64_t starting_counter, size_t resync_range = 0);
54
55 private:
56 std::unique_ptr<MessageAuthenticationCode> m_mac;
57 uint32_t m_digit_mod;
58};
59
60/**
61* TOTP (time based) one time passwords (RFC 6238)
62*/
64 public:
65 /**
66 * @param key the secret key shared between client and server
67 * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
68 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
69 * @param time_step granularity of OTP in seconds
70 */
71 TOTP(const SymmetricKey& key, std::string_view hash_algo = "SHA-1", size_t digits = 6, size_t time_step = 30) :
72 TOTP(key.begin(), key.size(), hash_algo, digits, time_step) {}
73
74 /**
75 * @param key the secret key shared between client and server
76 * @param key_len length of key
77 * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
78 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
79 * @param time_step granularity of OTP in seconds
80 */
81 TOTP(const uint8_t key[],
82 size_t key_len,
83 std::string_view hash_algo = "SHA-1",
84 size_t digits = 6,
85 size_t time_step = 30);
86
87 /**
88 * Convert the provided time_point to a Unix timestamp and call generate_totp
89 */
90 uint32_t generate_totp(std::chrono::system_clock::time_point time_point);
91
92 /**
93 * Generate the OTP corresponding the the provided "Unix timestamp" (ie
94 * number of seconds since midnight Jan 1, 1970)
95 */
96 uint32_t generate_totp(uint64_t unix_time);
97
98 bool verify_totp(uint32_t otp, std::chrono::system_clock::time_point time, size_t clock_drift_accepted = 0);
99
100 bool verify_totp(uint32_t otp, uint64_t unix_time, size_t clock_drift_accepted = 0);
101
102 private:
103 HOTP m_hotp;
104 size_t m_time_step;
105 std::chrono::system_clock::time_point m_unix_epoch;
106};
107
108} // namespace Botan
109
110#endif
HOTP(const SymmetricKey &key, std::string_view hash_algo="SHA-1", size_t digits=6)
Definition otp.h:26
TOTP(const SymmetricKey &key, std::string_view hash_algo="SHA-1", size_t digits=6, size_t time_step=30)
Definition otp.h:71
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31