oath_totp_validate4_callback - API function
#include <oath.h>
int oath_totp_validate4_callback(const char * secret, size_t
secret_length, time_t now, unsigned
time_step_size, time_t start_offset, unsigned
digits, size_t window, int *
otp_pos, uint64_t * otp_counter, int
flags, oath_validate_strcmp_function strcmp_otp,
void * strcmp_handle);
- const char * secret
- the shared secret string
- size_t secret_length
- length of secret
- time_t now
- Unix time value to compute TOTP for
- unsigned time_step_size
- time step system parameter (typically 30)
- time_t start_offset
- Unix time of when to start counting time steps (typically 0)
- unsigned digits
- number of requested digits in the OTP
- size_t window
- how many OTPs after start counter to test
- int * otp_pos
- output search position in search window (may be NULL).
- uint64_t * otp_counter
- counter value used to calculate OTP value (may be NULL).
- int flags
- flags indicating mode, one of oath_totp_flags
- oath_validate_strcmp_function strcmp_otp
- function pointer to a strcmp-like function.
- void * strcmp_handle
- caller handle to be passed on to strcmp_otp.
Validate an OTP according to OATH TOTP algorithm per RFC 6238.
Validation is implemented by generating a number of potential OTPs and
performing a call to the
strcmp_otp function, to compare the potential
OTP against the given
otp. It has the following prototype:
int (*oath_validate_strcmp_function) (void *handle, const char *test_otp);
The function should be similar to strcmp in that it return 0 only on matches. It
differs by permitting use of negative return codes as indication of internal
failures in the callback. Positive values indicate OTP mismatch.
This callback interface is useful when you cannot compare OTPs directly using
normal strcmp, but instead for example only have a hashed OTP. You would then
typically pass in the hashed OTP in the
strcmp_handle and let your
implementation of
strcmp_otp hash the test_otp OTP using the same hash,
and then compare the results.
Currently only OTP lengths of 6, 7 or 8 digits are supported. This restrictions
may be lifted in future versions, although some limitations are inherent in
the protocol.
The
flags parameter may be used to change the MAC function, for example
OATH_TOTP_HMAC_SHA256 or
OATH_TOTP_HMAC_SHA512.
Returns absolute value of position in OTP window (zero is first position), or
OATH_INVALID_OTP if no OTP was found in OTP window, or an error code.
2.6.0
Report bugs to <oath-toolkit-help@nongnu.org>. liboath home page:
http://www.gnu.org/software/liboath/ General help using GNU software:
http://www.gnu.org/gethelp/
Copyright © 2009-2016 Simon Josefsson.
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and this
notice are preserved.