Botan  2.19.1
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::HOTP Class Referencefinal

#include <otp.h>

Public Member Functions

uint32_t generate_hotp (uint64_t counter)
 
 HOTP (const SymmetricKey &key, const std::string &hash_algo="SHA-1", size_t digits=6)
 
 HOTP (const uint8_t key[], size_t key_len, const std::string &hash_algo="SHA-1", size_t digits=6)
 
std::pair< bool, uint64_t > verify_hotp (uint32_t otp, uint64_t starting_counter, size_t resync_range=0)
 

Detailed Description

HOTP one time passwords (RFC 4226)

Definition at line 19 of file otp.h.

Constructor & Destructor Documentation

Botan::HOTP::HOTP ( const SymmetricKey key,
const std::string &  hash_algo = "SHA-1",
size_t  digits = 6 
)
inline
Parameters
keythe secret key shared between client and server
hash_algothe hash algorithm to use, should be SHA-1 or SHA-256
digitsthe number of digits in the OTP (must be 6, 7, or 8)

Definition at line 27 of file otp.h.

27  :
28  HOTP(key.begin(), key.size(), hash_algo, digits) {}
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22
HOTP(const SymmetricKey &key, const std::string &hash_algo="SHA-1", size_t digits=6)
Definition: otp.h:27
Botan::HOTP::HOTP ( const uint8_t  key[],
size_t  key_len,
const std::string &  hash_algo = "SHA-1",
size_t  digits = 6 
)
Parameters
keythe secret key shared between client and server
key_lenlength of key param
hash_algothe hash algorithm to use, should be SHA-1 or SHA-256
digitsthe number of digits in the OTP (must be 6, 7, or 8)

Definition at line 14 of file hotp.cpp.

References BOTAN_ARG_CHECK, and Botan::MessageAuthenticationCode::create_or_throw().

16  {
17  BOTAN_ARG_CHECK(digits == 6 || digits == 7 || digits == 8, "Invalid HOTP digits");
18 
19  if(digits == 6)
20  m_digit_mod = 1000000;
21  else if(digits == 7)
22  m_digit_mod = 10000000;
23  else if(digits == 8)
24  m_digit_mod = 100000000;
25 
26  /*
27  RFC 4228 only supports SHA-1 but TOTP allows SHA-256 and SHA-512
28  and some HOTP libs support one or both as extensions
29  */
30  if(hash_algo == "SHA-1")
31  m_mac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-1)");
32  else if(hash_algo == "SHA-256")
33  m_mac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)");
34  else if(hash_algo == "SHA-512")
35  m_mac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
36  else
37  throw Invalid_Argument("Unsupported HOTP hash function");
38 
39  m_mac->set_key(key, key_len);
40  }
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:37
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:141

Member Function Documentation

uint32_t Botan::HOTP::generate_hotp ( uint64_t  counter)

Generate the HOTP for a particular counter value

Warning
if the counter value is repeated the OTP ceases to be one-time

Definition at line 42 of file hotp.cpp.

References Botan::load_be< uint32_t >().

Referenced by botan_hotp_generate(), Botan::TOTP::generate_totp(), verify_hotp(), and Botan::TOTP::verify_totp().

43  {
44  m_mac->update_be(counter);
45  const secure_vector<uint8_t> mac = m_mac->final();
46 
47  const size_t offset = mac[mac.size()-1] & 0x0F;
48  const uint32_t code = load_be<uint32_t>(mac.data() + offset, 0) & 0x7FFFFFFF;
49  return code % m_digit_mod;
50  }
uint32_t load_be< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:179
std::pair< bool, uint64_t > Botan::HOTP::verify_hotp ( uint32_t  otp,
uint64_t  starting_counter,
size_t  resync_range = 0 
)

Check an OTP value using a starting counter and a resync range

Parameters
otpthe client provided OTP
starting_counterthe server's guess as to the current counter state
resync_rangeif 0 then only HOTP(starting_counter) is accepted If larger than 0, up to resync_range values after HOTP are also checked.
Returns
(valid,next_counter). If the OTP does not validate, always returns (false,starting_counter). Otherwise returns (true,next_counter) where next_counter is at most starting_counter + resync_range + 1

Definition at line 52 of file hotp.cpp.

References generate_hotp().

Referenced by botan_hotp_check().

53  {
54  for(size_t i = 0; i <= resync_range; ++i)
55  {
56  if(generate_hotp(starting_counter + i) == otp)
57  return std::make_pair(true, starting_counter + i + 1);
58  }
59  return std::make_pair(false, starting_counter);
60  }
uint32_t generate_hotp(uint64_t counter)
Definition: hotp.cpp:42

The documentation for this class was generated from the following files: