6.1.1.3.1.5.1.11. linotp.lib.tokens.totptoken module

This file containes the dynamic time based hmac token implementation

class linotp.lib.tokens.totptoken.TimeHmacTokenClass(aToken)

Bases: linotp.lib.tokens.hmactoken.HmacTokenClass

autosync(hmac2Otp, anOtpVal)

auto - sync the token based on two otp values - internal method to realize the autosync within the checkOtp method

Parameters:

• hmac2Otp (hmac object) – the hmac object (with reference to the token secret)
• anOtpVal (string) – the actual otp value

Returns:

counter or -1 if otp does not exist

Return type:

int

checkOtp(anOtpVal, counter, window, options=None)

checkOtp - validate the token otp against a given otpvalue

Parameters:anOtpVal – the to be verified otpvalue

@type anOtpVal: string

Parameters:

• counter (int) – the counter state, that should be verified
• window (int) – the counter +window, which should be checked
• options (dict) – the dict, which could contain token specific info

Returns:

the counter state or -1

Return type:

int

check_otp_exist(otp, window=10)

checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.

Parameters:

• otp (string) – the to be verified otp value
• window (int) – the lookahead window for the counter

Returns:

counter or -1 if otp does not exist

Return type:

int

classmethod getClassInfo(key=None, ret='all')

getClassInfo - returns a subtree of the token definition

Parameters:

• key (string) – subsection identifier
• ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

s.o.

classmethod getClassPrefix()

classmethod getClassType()

getClassType - return the token type shortname

Returns:‘totp’ Return type:string

getOtp(curTime=None)

get the next OTP value

Returns:next otp value Return type:string

getSyncTimeOut()

get the token sync timeout value

Returns:timeout value in seconds Return type:int

get_multi_otp(count=0, epoch_start=0, epoch_end=0, curTime=None)

return a dictionary of multiple future OTP values of the HOTP/HMAC token

Parameters:count (int) – how many otp values should be returned Returns:tuple of status: boolean, error: text and the OTP dictionary

hKeyRequired = None

timeStep defines the granularity:

resync(otp1, otp2, options=None)

resync the token based on two otp values - external method to do the resync of the token

Parameters:

• otp1 (string) – the first otp value
• otp2 (string) – the second otp value
• options (dict or None) – optional token specific parameters

Returns:

counter or -1 if otp does not exist

Return type:

int

resyncDiffLimit = 3

time2float(curTime)

time2float - convert a datetime object or an datetime sting into a float s. http://bugs.python.org/issue12750

Parameters:curTime (datetime object) – time in datetime format Returns:time as float Return type:float

timeShift = None

we support various hashlib methods, but only on create which is effectively set in the update

timeStep = None

window size in seconds: 30 seconds with as step width of 30 seconds results in a window of 1 which is one attempt

timeWindow = None

the time shift is specified in seconds - and could be positive and negative

update(param)

update - process the initialization parameters

Parameters:param (dict) – dict of initialization parameters Returns:nothing

linotp.lib.tokens.totptoken.log = <logging.Logger object at 0x86c0550>

TOTP Algorithm

This variant of the HOTP algorithm specifies the calculation of a one-time password value, based on a representation of the counter as a time factor.

4.1. Notations

• X represents the time step in seconds (default value X = 30

seconds) and is a system parameter;

• T0 is the Unix time to start counting time steps (default value is

0, Unix epoch) and is also a system parameter.

4.2. Description

Basically, we define TOTP as TOTP = HOTP(K, T) where T is an integer and represents the number of time steps between the initial counter time T0 and the current Unix time (i.e. the number of seconds elapsed since midnight UTC of January 1, 1970).

More specifically T = (Current Unix time - T0) / X where:

• X represents the time step in seconds (default value X = 30

seconds) and is a system parameter;

• T0 is the Unix time to start counting time steps (default value is

0, Unix epoch) and is also a system parameter;

• The default floor function is used in the computation. For

example, with T0 = 0 and time step X = 30, T = 1 if the current Unix time is 59 seconds and T = 2 if the current Unix time is 60 seconds.

M’Raihi, et al. Expires March 12, 2011 [Page 5]

Internet-Draft HOTPTimeBased September 2010