Botan 2.19.2
Crypto and TLS for C&
otp.h
Go to the documentation of this file.
1/*
2* HOTP/TOTP
3* (C) 2017 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#ifndef BOTAN_ONE_TIME_PASSWORDS_H_
9#define BOTAN_ONE_TIME_PASSWORDS_H_
10
11#include <botan/mac.h>
12#include <chrono>
13
14namespace Botan {
15
16/**
17* HOTP one time passwords (RFC 4226)
18*/
20 {
21 public:
22 /**
23 * @param key the secret key shared between client and server
24 * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
25 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
26 */
27 HOTP(const SymmetricKey& key, const std::string& hash_algo = "SHA-1", size_t digits = 6) :
28 HOTP(key.begin(), key.size(), hash_algo, digits) {}
29
30 /**
31 * @param key the secret key shared between client and server
32 * @param key_len length of key param
33 * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
34 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
35 */
36 HOTP(const uint8_t key[], size_t key_len,
37 const std::string& hash_algo = "SHA-1",
38 size_t digits = 6);
39
40 /**
41 * Generate the HOTP for a particular counter value
42 * @warning if the counter value is repeated the OTP ceases to be one-time
43 */
44 uint32_t generate_hotp(uint64_t counter);
45
46 /**
47 * Check an OTP value using a starting counter and a resync range
48 * @param otp the client provided OTP
49 * @param starting_counter the server's guess as to the current counter state
50 * @param resync_range if 0 then only HOTP(starting_counter) is accepted
51 * If larger than 0, up to resync_range values after HOTP are also checked.
52 * @return (valid,next_counter). If the OTP does not validate, always
53 * returns (false,starting_counter). Otherwise returns (true,next_counter)
54 * where next_counter is at most starting_counter + resync_range + 1
55 */
56 std::pair<bool,uint64_t> verify_hotp(uint32_t otp, uint64_t starting_counter, size_t resync_range = 0);
57 private:
58 std::unique_ptr<MessageAuthenticationCode> m_mac;
59 uint32_t m_digit_mod;
60 };
61
62/**
63* TOTP (time based) one time passwords (RFC 6238)
64*/
66 {
67 public:
68 /**
69 * @param key the secret key shared between client and server
70 * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
71 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
72 * @param time_step granularity of OTP in seconds
73 */
74 TOTP(const SymmetricKey& key,
75 const std::string& hash_algo = "SHA-1",
76 size_t digits = 6, size_t time_step = 30) :
77 TOTP(key.begin(), key.size(), hash_algo, digits, time_step) {}
78
79 /**
80 * @param key the secret key shared between client and server
81 * @param key_len length of key
82 * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
83 * @param digits the number of digits in the OTP (must be 6, 7, or 8)
84 * @param time_step granularity of OTP in seconds
85 */
86 TOTP(const uint8_t key[], size_t key_len,
87 const std::string& hash_algo = "SHA-1",
88 size_t digits = 6,
89 size_t time_step = 30);
90
91 /**
92 * Convert the provided time_point to a Unix timestamp and call generate_totp
93 */
94 uint32_t generate_totp(std::chrono::system_clock::time_point time_point);
95
96 /**
97 * Generate the OTP corresponding the the provided "Unix timestamp" (ie
98 * number of seconds since midnight Jan 1, 1970)
99 */
100 uint32_t generate_totp(uint64_t unix_time);
101
102 bool verify_totp(uint32_t otp,
103 std::chrono::system_clock::time_point time,
104 size_t clock_drift_accepted = 0);
105
106 bool verify_totp(uint32_t otp, uint64_t unix_time,
107 size_t clock_drift_accepted = 0);
108
109 private:
110 HOTP m_hotp;
111 size_t m_time_step;
112 std::chrono::system_clock::time_point m_unix_epoch;
113 };
114
115}
116
117#endif
HOTP(const SymmetricKey &key, const std::string &hash_algo="SHA-1", size_t digits=6)
Definition: otp.h:27
TOTP(const SymmetricKey &key, const std::string &hash_algo="SHA-1", size_t digits=6, size_t time_step=30)
Definition: otp.h:74
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:13
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22