6.1.1.3.1.5.1.11. linotp.lib.tokens.totptoken module¶
This file containes the dynamic time based hmac token implementation
- class linotp.lib.tokens.totptoken.TimeHmacTokenClass(aToken)[source]¶
Bases: linotp.lib.tokens.hmactoken.HmacTokenClass
- autosync(hmac2Otp, anOtpVal)[source]¶
auto - sync the token based on two otp values - internal method to realize the autosync within the checkOtp method
Parameters: - hmac2Otp (hmac object) – the hmac object (with reference to the token secret)
- anOtpVal (string) – the actual otp value
Returns: counter or -1 if otp does not exist
Return type: int
- checkOtp(anOtpVal, counter, window, options=None)[source]¶
checkOtp - validate the token otp against a given otpvalue
Parameters: anOtpVal – the to be verified otpvalue @type anOtpVal: string
Parameters: - counter (int) – the counter state, that should be verified
- window (int) – the counter +window, which should be checked
- options (dict) – the dict, which could contain token specific info
Returns: the counter state or -1
Return type: int
- check_otp_exist(otp, window=10)[source]¶
checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.
Parameters: - otp (string) – the to be verified otp value
- window (int) – the lookahead window for the counter
Returns: counter or -1 if otp does not exist
Return type: int
- classmethod getClassInfo(key=None, ret='all')[source]¶
getClassInfo - returns a subtree of the token definition
Parameters: - key (string) – subsection identifier
- ret (user defined) – default return value, if nothing is found
Returns: subsection if key exists or user defined
Return type: s.o.
- classmethod getClassType()[source]¶
getClassType - return the token type shortname
Returns: ‘totp’ Return type: string
- getSyncTimeOut()[source]¶
get the token sync timeout value
Returns: timeout value in seconds Return type: int
- get_multi_otp(count=0, epoch_start=0, epoch_end=0, curTime=None)[source]¶
return a dictionary of multiple future OTP values of the HOTP/HMAC token
Parameters: count (int) – how many otp values should be returned Returns: tuple of status: boolean, error: text and the OTP dictionary
- hKeyRequired = None¶
timeStep defines the granularity:
- resync(otp1, otp2, options=None)[source]¶
resync the token based on two otp values - external method to do the resync of the token
Parameters: - otp1 (string) – the first otp value
- otp2 (string) – the second otp value
- options (dict or None) – optional token specific parameters
Returns: counter or -1 if otp does not exist
Return type: int
- resyncDiffLimit = 3¶
- time2float(curTime)[source]¶
time2float - convert a datetime object or an datetime sting into a float s. http://bugs.python.org/issue12750
Parameters: curTime (datetime object) – time in datetime format Returns: time as float Return type: float
- timeShift = None¶
we support various hashlib methods, but only on create which is effectively set in the update
- timeStep = None¶
window size in seconds: 30 seconds with as step width of 30 seconds results in a window of 1 which is one attempt
- timeWindow = None¶
the time shift is specified in seconds - and could be positive and negative
- linotp.lib.tokens.totptoken.log = <logging.Logger object at 0x86c0550>¶
TOTP Algorithm
This variant of the HOTP algorithm specifies the calculation of a one-time password value, based on a representation of the counter as a time factor.4.1. Notations
- X represents the time step in seconds (default value X = 30
seconds) and is a system parameter;
- T0 is the Unix time to start counting time steps (default value is
0, Unix epoch) and is also a system parameter.
4.2. Description
Basically, we define TOTP as TOTP = HOTP(K, T) where T is an integer and represents the number of time steps between the initial counter time T0 and the current Unix time (i.e. the number of seconds elapsed since midnight UTC of January 1, 1970).
More specifically T = (Current Unix time - T0) / X where:
- X represents the time step in seconds (default value X = 30
seconds) and is a system parameter;
- T0 is the Unix time to start counting time steps (default value is
0, Unix epoch) and is also a system parameter;
- The default floor function is used in the computation. For
example, with T0 = 0 and time step X = 30, T = 1 if the current Unix time is 59 seconds and T = 2 if the current Unix time is 60 seconds.
M’Raihi, et al. Expires March 12, 2011 [Page 5]
Internet-Draft HOTPTimeBased September 2010