blob: 1dee26b06446f44172c8ec9780250d63b1c7185f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
.. hazmat::
HMAC-Based One-Time Password Algorithm
======================================
.. currentmodule:: cryptography.hazmat.oath.hotp
This module contains functions for generating and verifying one time password
values based on Hash-based message authentication codes (HMAC).
.. class:: HOTP(secret, length, backend)
HOTP objects take a ``secret`` and ``length`` parameter. The ``secret``
should be randomly generated bytes and is recommended to be 160 bits in
length. The ``length`` parameter controls the length of the generated
one time password and is recommended to be at least a 6 digit value.
This is an implementation of :rfc:`4226`.
.. doctest::
>>> import os
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.oath.hotp import HOTP
>>> key = "12345678901234567890"
>>> hotp = HOTP(key, 6, backend=default_backend())
>>> hotp.generate(0)
'755224'
>>> hotp.verify("755224", 0)
:param bytes secret: Secret key as ``bytes``.
:param int length: Length of generated one time password as ``int``.
:param backend: A
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provider.
.. method:: generate(counter)
:param int counter: The counter value used to generate the one time password.
:return bytes: A one time password value.
.. method:: verify(hotp, counter)
:param bytes hotp: The one time password value to validate.
:param bytes counter: The counter value to validate against.
:return: ``True`` if the one time password value is valid. ``False`` if otherwise.
|