Copyright	Dong Han AnJie Dong 2021
License	BSD
Maintainer	winterland1989@gmail.com
Stability	experimental
Portability	non-portable
Safe Haskell	None
Language	Haskell2010

Z.Crypto.OTP

Contents

HOTP
TOTP
constants

Description

One time password schemes are a user authentication method that relies on a fixed secret key which is used to derive a sequence of short passwords, each of which is accepted only once. Commonly this is used to implement two-factor authentication (2FA), where the user authenticates using both a conventional password (or a public key signature) and an OTP generated by a small device such as a mobile phone.

Botan implements the HOTP and TOTP schemes from RFC 4226 and 6238.

Since the range of possible OTPs is quite small, applications must rate limit OTP authentication attempts to some small number per second. Otherwise an attacker could quickly try all 1000000 6-digit OTPs in a brief amount of time.

Synopsis

data HOTP
newHOTP :: HasCallStack => Bytes -> OTPAlgo -> OTPDigitLen -> IO HOTP
genHOTP :: HasCallStack => HOTP -> Word64 -> IO Word32
checkHOTP :: HasCallStack => HOTP -> Word32 -> Word64 -> Int -> IO (Bool, Word64)
data TOTP
newTOTP :: HasCallStack => Bytes -> OTPAlgo -> OTPDigitLen -> Int -> IO TOTP
genTOTP :: HasCallStack => TOTP -> Word64 -> IO Word32
checkTOTP :: HasCallStack => TOTP -> Word32 -> Word64 -> Int -> IO Bool
type OTPAlgo = HashType
pattern OTP_SHA1 :: OTPAlgo
pattern OTP_SHA256 :: OTPAlgo
pattern OTP_SHA512 :: OTPAlgo
type OTPDigitLen = Int
pattern OTP_DIGIT_6 :: OTPDigitLen
pattern OTP_DIGIT_7 :: OTPDigitLen
pattern OTP_DIGIT_8 :: OTPDigitLen

HOTP

data HOTP Source #

HOTP generates OTPs that are a short numeric sequence, between 6 and 8 digits (most applications use 6 digits), created using the HMAC of a 64-bit counter value. If the counter ever repeats the OTP will also repeat, thus both parties must assure the counter only increments and is never repeated or decremented. Thus both client and server must keep track of the next counter expected. Anyone with access to the client-specific secret key can authenticate as that client, so it should be treated with the same security consideration as would be given to any other symmetric key or plaintext password.

Instances

Instances details

Show HOTP Source #
Instance details Defined in Z.Crypto.OTP Methods showsPrec :: Int -> HOTP -> ShowS # show :: HOTP -> String # showList :: [HOTP] -> ShowS #
Generic HOTP Source #
Instance details Defined in Z.Crypto.OTP Associated Types type Rep HOTP :: Type -> Type # Methods from :: HOTP -> Rep HOTP x # to :: Rep HOTP x -> HOTP #
Print HOTP Source #
Instance details Defined in Z.Crypto.OTP Methods toUTF8BuilderP :: Int -> HOTP -> Builder () #
type Rep HOTP Source #
Instance details Defined in Z.Crypto.OTP type Rep HOTP = D1 ('MetaData "HOTP" "Z.Crypto.OTP" "Z-Botan-0.3.0.0-A7CYDOzUZjP9PeT4WTwYc" 'True) (C1 ('MetaCons "HOTP" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 BotanStruct)))

newHOTP :: HasCallStack => Bytes -> OTPAlgo -> OTPDigitLen -> IO HOTP Source #

genHOTP Source #

Arguments

:: HasCallStack
=> HOTP	the HOTP object
-> Word64	HOTP counter
-> IO Word32

Generate a HOTP code for the provided counter.

checkHOTP Source #

Arguments

:: HasCallStack
=> HOTP	the HOTP object
-> Word32	the presented HOTP code
-> Word64	the HOTP counter
-> Int	resync range
-> IO (Bool, Word64)

Verify a HOTP code.

TOTP

data TOTP Source #

TOTP is based on the same algorithm as HOTP, but instead of a counter a timestamp is used.

Instances

Instances details

Show TOTP Source #
Instance details Defined in Z.Crypto.OTP Methods showsPrec :: Int -> TOTP -> ShowS # show :: TOTP -> String # showList :: [TOTP] -> ShowS #
Generic TOTP Source #
Instance details Defined in Z.Crypto.OTP Associated Types type Rep TOTP :: Type -> Type # Methods from :: TOTP -> Rep TOTP x # to :: Rep TOTP x -> TOTP #
Print TOTP Source #
Instance details Defined in Z.Crypto.OTP Methods toUTF8BuilderP :: Int -> TOTP -> Builder () #
type Rep TOTP Source #
Instance details Defined in Z.Crypto.OTP type Rep TOTP = D1 ('MetaData "TOTP" "Z.Crypto.OTP" "Z-Botan-0.3.0.0-A7CYDOzUZjP9PeT4WTwYc" 'True) (C1 ('MetaCons "TOTP" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 BotanStruct)))

newTOTP :: HasCallStack => Bytes -> OTPAlgo -> OTPDigitLen -> Int -> IO TOTP Source #

genTOTP Source #

Arguments

:: HasCallStack
=> TOTP	the TOTP object
-> Word64	the current local timestamp
-> IO Word32

Generate a TOTP code for the provided timestamp.

checkTOTP Source #

Arguments

:: HasCallStack
=> TOTP	the TOTP object
-> Word32	the presented OTP
-> Word64	timestamp the current local timestamp
-> Int	specifies the acceptable amount of clock drift (in terms of time steps) between the two hosts.
-> IO Bool

Verify a TOTP code.

constants

type OTPAlgo = HashType Source #

pattern OTP_SHA1 :: OTPAlgo Source #

pattern OTP_SHA256 :: OTPAlgo Source #

pattern OTP_SHA512 :: OTPAlgo Source #

type OTPDigitLen = Int Source #

pattern OTP_DIGIT_6 :: OTPDigitLen Source #

pattern OTP_DIGIT_7 :: OTPDigitLen Source #

pattern OTP_DIGIT_8 :: OTPDigitLen Source #