Libcotp Save

C library that generates TOTP and HOTP

Project README

libcotp

C library that generates TOTP and HOTP according to RFC-6238

Requirements

GCC/Clang and CMake to build the library
libgcrypt >= 1.8.0 or openssl >= 3.0.0

Build and Install

$ git clone https://github.com/paolostivanin/libcotp.git
$ cd libcotp
$ mkdir build && cd $_
$ cmake -DCMAKE_INSTALL_PREFIX=/usr ..
$ make
# make install

Available options you can pass to cmake:

-DBUILD_TESTS=ON: if you want to compile also the tests (default OFF, requires criterion)
-DBUILD_SHARED_LIBS=ON: if you want to build libcotp as a shared library (default ON)
-DHMAC_WRAPPER="<gcrypt|openssl>": you can choose between GCrypt and OpenSSL (default Gcrypt)

How To Use It

char *totp        = get_totp       (const char   *base32_encoded_secret,
                                    int           digits,
                                    int           period,
                                    int           algo,
                                    cotp_error_t *err);

char *steam_totp  = get_steam_totp (const char   *secret,
                                    int           period,
                                    cotp_error_t *err);

char *hotp        = get_hotp       (const char   *base32_encoded_secret,
                                    long          counter,
                                    int           digits,
                                    int           algo,
                                    cotp_error_t *err);

char *totp_at     = get_totp_at    (const char   *base32_encoded_secret,
                                    long          target_date,
                                    int           digits,
                                    int           algo,
                                    cotp_error_t *err);

int64_t otp_i     = otp_to_int     (const char   *otp,
                                    cotp_error_t *err_code);

where:

secret_key is the base32 encoded secret. Usually, a website gives you the secret already base32 encoded, so you should pay attention to not encode the secret again. The format of the secret can either be hxdm vjec jjws or HXDMVJECJJWS. In the first case, the library will normalize the secret to second format before computing the OTP.
digits is between 3 and 10 inclusive
period is between 1 and 120 inclusive
counter is a value decided with the server
target_date is the target date specified as the unix epoch format in seconds
algo is either SHA1, SHA256 or SHA512

Return values

get_totp, get_hotp and get_totp_at return NULL if an error occurs and err is set to one of the following values:

Errors:

GCRYPT_VERSION_MISMATCH, set if the installed Gcrypt library is too old
INVALID_B32_INPUT, set if the given input is not valid base32 text
INVALID_ALGO, set if the given algo is not supported by the library
INVALID_PERIOD, set if period is <= 0 or > 120 seconds
INVALID_DIGITS, set if digits is < 4 or > 10
MEMORY_ALLOCATION_ERROR, set if an error happened during memory allocation
INVALID_USER_INPUT, set if the given input is not valid
INVALID_COUNTER, set if counter is < 0

All good:

NO_ERROR, set if no error occurred
VALID, set if the given OTP is valid

The function otp_to_int:

returns -1 if an error occurs and sets err to INVALID_USER_INPUT.
warns the user if the leading zero is missing. For example, since the otp string "012345" can't be returned as the integer 012345 (because it would be interpreted as octal number), the function returns 12345 and sets err to MISSING_LEADING_ZERO)

In case of success, the value returned by get_totp, get_hotp, get_totp_at and get_steam_totp must be freed once no longer needed.

Base32 encoding and decoding

Since release 2.0.0, libbaseencode has been merged with libcotp. This means that you can now use base32 functions by just including cotp.h:

char  *base32_encode (const uchar  *user_data,
                      size_t        data_len,
                      cotp_error_t *err_code);

uchar *base32_decode (const char   *user_data,
                      size_t        data_len,
                      cotp_error_t *err_code);

bool   is_string_valid_b32 (const char *user_data);

where:

user_data is the data to be encoded or decoded
data_len is the length of the data to be encoded/decoded
err_code is where the error is stored

base32_encode returns NULL if an error occurs and err_code is set to one of the following values:

INVALID_USER_INPUT, set if the given input is not valid
MEMORY_ALLOCATION_ERROR, set if an error happened during memory allocation
INVALID_USER_INPUT, set if the given input is not valid

base32_decode returns NULL if an error occurs and err_code is set to one of the following values:

INVALID_USER_INPUT, set if the given input is not valid
MEMORY_ALLOCATION_ERROR, set if an error happened during memory allocation
INVALID_B32_INPUT, set if the given input is not valid base32 text
INVALID_USER_INPUT, set if the given input is not valid

Both functions return and empty string if the input is an empty string. In such a case, err is set to EMPTY_STRING.

is_string_valid_b32 returns true if user_data is a valid base32 encoded string, false otherwise. Please note that user_data can contain spaces, since the fucntion will also take care of trimming those.

Open Source Agenda is not affiliated with "Libcotp" Project. README Source: paolostivanin/libcotp

Stars

Open Issues

Last Commit

1 month ago

Repository

paolostivanin/libcotp

License

Apache-2.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/libcotp"><img src="https://www.opensourceagenda.com/projects/libcotp/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022