blob: 7aff330fd53ce5a39198b2db3bd94575c5da73f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
.. hazmat::
HMAC-Based One-Time Password Algorithm
======================================
.. currentmodule:: cryptography.hazmat.oath.hotp
This module contains functions for generating and verifying one time password
values based on Hash-based message authentication codes (HMAC).
.. class:: HOTP(key, length, backend)
HOTP objects take a ``key`` and ``length`` parameter. The ``key``
should be randomly generated bytes and is recommended to be 160 bits in
length. The ``length`` parameter controls the length of the generated
one time password and must be >= 6.
This is an implementation of :rfc:`4226`.
.. doctest::
>>> import os
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.oath.hotp import HOTP
>>> key = b"12345678901234567890"
>>> hotp = HOTP(key, 6, backend=default_backend())
>>> hotp.generate(0)
'755224'
>>> hotp.verify(b"755224", 0)
:param bytes key: Secret key as ``bytes``. This value must be generated in a
cryptographically secure fashion and be at least 128 bits.
It is recommended that the key be 160 bits.
:param int length: Length of generated one time password as ``int``.
:param backend: A
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provider.
:raises ValueError: This is raised if the provided ``key`` or ``length``
parameters are shorter than required.
.. method:: generate(counter)
:param int counter: The counter value used to generate the one time password.
:return bytes: A one time password value.
.. method:: verify(hotp, counter)
:param bytes hotp: The one time password value to validate.
:param bytes counter: The counter value to validate against.
:raises cryptography.exceptions.InvalidToken: This is raised when the supplied HOTP
does not match the expected HOTP.
|
