Botan  2.19.1
Crypto and TLS for C++11
otp.h
Go to the documentation of this file.
1 /*
2 * HOTP/TOTP
3 * (C) 2017 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #ifndef BOTAN_ONE_TIME_PASSWORDS_H_
9 #define BOTAN_ONE_TIME_PASSWORDS_H_
10 
11 #include <botan/mac.h>
12 #include <chrono>
13 
14 namespace Botan {
15 
16 /**
17 * HOTP one time passwords (RFC 4226)
18 */
20  {
21  public:
22  /**
23  * @param key the secret key shared between client and server
24  * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
25  * @param digits the number of digits in the OTP (must be 6, 7, or 8)
26  */
27  HOTP(const SymmetricKey& key, const std::string& hash_algo = "SHA-1", size_t digits = 6) :
28  HOTP(key.begin(), key.size(), hash_algo, digits) {}
29 
30  /**
31  * @param key the secret key shared between client and server
32  * @param key_len length of key param
33  * @param hash_algo the hash algorithm to use, should be SHA-1 or SHA-256
34  * @param digits the number of digits in the OTP (must be 6, 7, or 8)
35  */
36  HOTP(const uint8_t key[], size_t key_len,
37  const std::string& hash_algo = "SHA-1",
38  size_t digits = 6);
39 
40  /**
41  * Generate the HOTP for a particular counter value
42  * @warning if the counter value is repeated the OTP ceases to be one-time
43  */
44  uint32_t generate_hotp(uint64_t counter);
45 
46  /**
47  * Check an OTP value using a starting counter and a resync range
48  * @param otp the client provided OTP
49  * @param starting_counter the server's guess as to the current counter state
50  * @param resync_range if 0 then only HOTP(starting_counter) is accepted
51  * If larger than 0, up to resync_range values after HOTP are also checked.
52  * @return (valid,next_counter). If the OTP does not validate, always
53  * returns (false,starting_counter). Otherwise returns (true,next_counter)
54  * where next_counter is at most starting_counter + resync_range + 1
55  */
56  std::pair<bool,uint64_t> verify_hotp(uint32_t otp, uint64_t starting_counter, size_t resync_range = 0);
57  private:
58  std::unique_ptr<MessageAuthenticationCode> m_mac;
59  uint32_t m_digit_mod;
60  };
61 
62 /**
63 * TOTP (time based) one time passwords (RFC 6238)
64 */
66  {
67  public:
68  /**
69  * @param key the secret key shared between client and server
70  * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
71  * @param digits the number of digits in the OTP (must be 6, 7, or 8)
72  * @param time_step granularity of OTP in seconds
73  */
74  TOTP(const SymmetricKey& key,
75  const std::string& hash_algo = "SHA-1",
76  size_t digits = 6, size_t time_step = 30) :
77  TOTP(key.begin(), key.size(), hash_algo, digits, time_step) {}
78 
79  /**
80  * @param key the secret key shared between client and server
81  * @param key_len length of key
82  * @param hash_algo the hash algorithm to use, should be SHA-1, SHA-256 or SHA-512
83  * @param digits the number of digits in the OTP (must be 6, 7, or 8)
84  * @param time_step granularity of OTP in seconds
85  */
86  TOTP(const uint8_t key[], size_t key_len,
87  const std::string& hash_algo = "SHA-1",
88  size_t digits = 6,
89  size_t time_step = 30);
90 
91  /**
92  * Convert the provided time_point to a Unix timestamp and call generate_totp
93  */
94  uint32_t generate_totp(std::chrono::system_clock::time_point time_point);
95 
96  /**
97  * Generate the OTP corresponding the the provided "Unix timestamp" (ie
98  * number of seconds since midnight Jan 1, 1970)
99  */
100  uint32_t generate_totp(uint64_t unix_time);
101 
102  bool verify_totp(uint32_t otp,
103  std::chrono::system_clock::time_point time,
104  size_t clock_drift_accepted = 0);
105 
106  bool verify_totp(uint32_t otp, uint64_t unix_time,
107  size_t clock_drift_accepted = 0);
108 
109  private:
110  HOTP m_hotp;
111  size_t m_time_step;
112  std::chrono::system_clock::time_point m_unix_epoch;
113  };
114 
115 }
116 
117 #endif
TOTP(const SymmetricKey &key, const std::string &hash_algo="SHA-1", size_t digits=6, size_t time_step=30)
Definition: otp.h:74
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: alg_id.cpp:13
AlgorithmIdentifier hash_algo
Definition: x509_obj.cpp:22
HOTP(const SymmetricKey &key, const std::string &hash_algo="SHA-1", size_t digits=6)
Definition: otp.h:27