Copyright	(c) Leo D 2023
License	BSD-3-Clause
Maintainer	leo@apotheca.io
Stability	experimental
Portability	POSIX
Safe Haskell	Safe-Inferred
Language	Haskell2010

Botan.Bindings.HOTP

Description

One time password schemes are a user authentication method that relies on a fixed secret key which is used to derive a sequence of short passwords, each of which is accepted only once. Commonly this is used to implement two-factor authentication (2FA), where the user authenticates using both a conventional password (or a public key signature) and an OTP generated by a small device such as a mobile phone.

Botan implements the HOTP and TOTP schemes from RFC 4226 and 6238.

Since the range of possible OTPs is quite small, applications must rate limit OTP authentication attempts to some small number per second. Otherwise an attacker could quickly try all 1000000 6-digit OTPs in a brief amount of time.

HOTP generates OTPs that are a short numeric sequence, between 6 and 8 digits (most applications use 6 digits), created using the HMAC of a 64-bit counter value. If the counter ever repeats the OTP will also repeat, thus both parties must assure the counter only increments and is never repeated or decremented. Thus both client and server must keep track of the next counter expected.

Anyone with access to the client-specific secret key can authenticate as that client, so it should be treated with the same security consideration as would be given to any other symmetric key or plaintext password.

Synopsis

data BotanHOTPStruct
newtype BotanHOTP = MkBotanHOTP {
- runBotanHOTP :: Ptr BotanHOTPStruct
}
botan_hotp_destroy :: FinalizerPtr BotanHOTPStruct
botan_hotp_init :: Ptr BotanHOTP -> ConstPtr Word8 -> CSize -> ConstPtr CChar -> CSize -> IO CInt
botan_hotp_generate :: BotanHOTP -> Ptr Word32 -> Word64 -> IO CInt
botan_hotp_check :: BotanHOTP -> Ptr Word64 -> Word32 -> Word64 -> CSize -> IO CInt

Documentation

data BotanHOTPStruct Source #

Opaque HOTP struct

newtype BotanHOTP Source #

Botan HOTP object

Constructors

MkBotanHOTP
Fields runBotanHOTP :: Ptr BotanHOTPStruct

Instances

Instances details

Storable BotanHOTP Source #
Instance details Defined in Botan.Bindings.HOTP Methods sizeOf :: BotanHOTP -> Int # alignment :: BotanHOTP -> Int # peekElemOff :: Ptr BotanHOTP -> Int -> IO BotanHOTP # pokeElemOff :: Ptr BotanHOTP -> Int -> BotanHOTP -> IO () # peekByteOff :: Ptr b -> Int -> IO BotanHOTP # pokeByteOff :: Ptr b -> Int -> BotanHOTP -> IO () # peek :: Ptr BotanHOTP -> IO BotanHOTP # poke :: Ptr BotanHOTP -> BotanHOTP -> IO () #
Eq BotanHOTP Source #
Instance details Defined in Botan.Bindings.HOTP Methods (==) :: BotanHOTP -> BotanHOTP -> Bool # (/=) :: BotanHOTP -> BotanHOTP -> Bool #
Ord BotanHOTP Source #
Instance details Defined in Botan.Bindings.HOTP Methods compare :: BotanHOTP -> BotanHOTP -> Ordering # (<) :: BotanHOTP -> BotanHOTP -> Bool # (<=) :: BotanHOTP -> BotanHOTP -> Bool # (>) :: BotanHOTP -> BotanHOTP -> Bool # (>=) :: BotanHOTP -> BotanHOTP -> Bool # max :: BotanHOTP -> BotanHOTP -> BotanHOTP # min :: BotanHOTP -> BotanHOTP -> BotanHOTP #

botan_hotp_destroy :: FinalizerPtr BotanHOTPStruct Source #

Destroy a HOTP instance

botan_hotp_init Source #

Arguments

:: Ptr BotanHOTP	hotp
-> ConstPtr Word8	key[]
-> CSize	key_len
-> ConstPtr CChar	hash_algo
-> CSize	digits
-> IO CInt

Initialize a HOTP instance

botan_hotp_generate Source #

Arguments

:: BotanHOTP	hotp
-> Ptr Word32	hotp_code
-> Word64	hotp_counter
-> IO CInt

Generate a HOTP code for the provided counter

botan_hotp_check Source #

Arguments

:: BotanHOTP	hotp
-> Ptr Word64	next_hotp_counter
-> Word32	hotp_code
-> Word64	hotp_counter
-> CSize	resync_range
-> IO CInt

Verify a HOTP code