Copyright	(c) Leo D 2023
License	BSD-3-Clause
Maintainer	leo@apotheca.io
Stability	experimental
Portability	POSIX
Safe Haskell	Safe-Inferred
Language	Haskell2010

Botan.Bindings.TOTP

Description

One time password schemes are a user authentication method that relies on a fixed secret key which is used to derive a sequence of short passwords, each of which is accepted only once. Commonly this is used to implement two-factor authentication (2FA), where the user authenticates using both a conventional password (or a public key signature) and an OTP generated by a small device such as a mobile phone.

Botan implements the HOTP and TOTP schemes from RFC 4226 and 6238.

Since the range of possible OTPs is quite small, applications must rate limit OTP authentication attempts to some small number per second. Otherwise an attacker could quickly try all 1000000 6-digit OTPs in a brief amount of time.

HOTP generates OTPs that are a short numeric sequence, between 6 and 8 digits (most applications use 6 digits), created using the HMAC of a 64-bit counter value. If the counter ever repeats the OTP will also repeat, thus both parties must assure the counter only increments and is never repeated or decremented. Thus both client and server must keep track of the next counter expected.

Anyone with access to the client-specific secret key can authenticate as that client, so it should be treated with the same security consideration as would be given to any other symmetric key or plaintext password.

TOTP is based on the same algorithm as HOTP, but instead of a counter a timestamp is used.

Synopsis

data BotanTOTPStruct
newtype BotanTOTP = MkBotanTOTP {
- runBotanTOTP :: Ptr BotanTOTPStruct
}
botan_totp_destroy :: FinalizerPtr BotanTOTPStruct
botan_totp_init :: Ptr BotanTOTP -> ConstPtr Word8 -> CSize -> ConstPtr CChar -> CSize -> CSize -> IO CInt
botan_totp_generate :: BotanTOTP -> Ptr Word32 -> Word64 -> IO CInt
botan_totp_check :: BotanTOTP -> Word32 -> Word64 -> CSize -> IO CInt

Documentation

data BotanTOTPStruct Source #

Opaque TOTP struct

newtype BotanTOTP Source #

Botan TOTP object

Constructors

MkBotanTOTP
Fields runBotanTOTP :: Ptr BotanTOTPStruct

Instances

Instances details

Storable BotanTOTP Source #
Instance details Defined in Botan.Bindings.TOTP Methods sizeOf :: BotanTOTP -> Int # alignment :: BotanTOTP -> Int # peekElemOff :: Ptr BotanTOTP -> Int -> IO BotanTOTP # pokeElemOff :: Ptr BotanTOTP -> Int -> BotanTOTP -> IO () # peekByteOff :: Ptr b -> Int -> IO BotanTOTP # pokeByteOff :: Ptr b -> Int -> BotanTOTP -> IO () # peek :: Ptr BotanTOTP -> IO BotanTOTP # poke :: Ptr BotanTOTP -> BotanTOTP -> IO () #
Eq BotanTOTP Source #
Instance details Defined in Botan.Bindings.TOTP Methods (==) :: BotanTOTP -> BotanTOTP -> Bool # (/=) :: BotanTOTP -> BotanTOTP -> Bool #
Ord BotanTOTP Source #
Instance details Defined in Botan.Bindings.TOTP Methods compare :: BotanTOTP -> BotanTOTP -> Ordering # (<) :: BotanTOTP -> BotanTOTP -> Bool # (<=) :: BotanTOTP -> BotanTOTP -> Bool # (>) :: BotanTOTP -> BotanTOTP -> Bool # (>=) :: BotanTOTP -> BotanTOTP -> Bool # max :: BotanTOTP -> BotanTOTP -> BotanTOTP # min :: BotanTOTP -> BotanTOTP -> BotanTOTP #

botan_totp_destroy :: FinalizerPtr BotanTOTPStruct Source #

Destroy a TOTP instance

botan_totp_init Source #

Arguments

:: Ptr BotanTOTP	totp
-> ConstPtr Word8	key[]
-> CSize	key_len
-> ConstPtr CChar	hash_algo
-> CSize	digits
-> CSize	time_step
-> IO CInt

Initialize a TOTP instance

botan_totp_generate Source #

Arguments

:: BotanTOTP	totp: the TOTP object
-> Ptr Word32	totp_code: the OTP code will be written here
-> Word64	timestamp: the current local timestamp
-> IO CInt

Generate a TOTP code for the provided timestamp

botan_totp_check Source #

Arguments

:: BotanTOTP	totp: the TOTP object
-> Word32	totp_code: the presented OTP
-> Word64	timestamp: the current local timestamp
-> CSize	acceptable_clock_drift: specifies the acceptable amount of clock drift (in terms of time steps) between the two hosts.
-> IO CInt

Verify a TOTP code