linotp.tokens.totptoken module

This file containes the dynamic time based hmac token implementation

class linotp.tokens.totptoken.TimeHmacTokenClass(aToken)

Bases: HmacTokenClass

autosync(hmac2Otp, anOtpVal)

auto - sync the token based on two otp values - internal method to realize the autosync within the checkOtp method

Parameters:

  • hmac2Otp (hmac object) – the hmac object (with reference to the token secret)

  • anOtpVal (string) – the actual otp value

Returns:

counter or -1 if otp does not exist

Return type:

int

checkOtp(anOtpVal, counter, window, options=None)

checkOtp - validate the token otp against a given otpvalue

Parameters:

anOtpVal – the to be verified otpvalue

@type anOtpVal: string

Parameters:

  • counter (int) – the counter state, that should be verified

  • window (int) – the counter +window, which should be checked

  • options (dict) – the dict, which could contain token specific info

Returns:

the counter state or -1

Return type:

int

check_otp_exist(otp, window=10, user=None, autoassign=False)

checks if the given OTP value is/are values of this very token. This is used to autoassign and to determine the serial number of a token.

Parameters:

  • otp (string) – the to be verified otp value

  • window (int) – the lookahead window for the counter

Returns:

counter or -1 if otp does not exist

Return type:

int

classmethod getClassInfo(key=None, ret='all')

getClassInfo - returns a subtree of the token definition

Parameters:

  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

s.o.

classmethod getClassPrefix()
classmethod getClassType()

getClassType - return the token type shortname

Returns:

‘totp’

Return type:

string

getOtp(curTime=None)

get the next OTP value

Returns:

next otp value

Return type:

string

getSyncTimeOut()

get the token sync timeout value

Returns:

timeout value in seconds

Return type:

int

get_multi_otp(count=0, epoch_start=0, epoch_end=0, curTime=None)

return a dictionary of multiple future OTP values of the HOTP/HMAC token

Parameters:

count (int) – how many otp values should be returned

Returns:

tuple of status: boolean, error: text and the OTP dictionary

get_otp_detail(otp, window='24h')

provide information belonging to one otp

Parameters:

  • otp – the otp for which the timestamp is searched

  • window – string, in human readable ‘2h’ or iso8601 format ‘PT2H’

resync(otp1, otp2, options=None)

resync the token based on two otp values - external method to do the resync of the token

Parameters:

  • otp1 (string) – the first otp value

  • otp2 (string) – the second otp value

  • options (dict or None) – optional token specific parameters

Returns:

counter or -1 if otp does not exist

Return type:

int

resyncDiffLimit = 3
set_new_timeshift(otp_match_counter)

calculate and set the new timeshift

Parameters:

otp_match_counter – the counter that matches the given otp

time2float(curTime)

time2float - convert a datetime object or an datetime string into a float s. http://bugs.python.org/issue12750

Parameters:

curTime (datetime object) – time in datetime format

Returns:

time as float

Return type:

float

property timeStep
update(param)

update - process the initialization parameters

Parameters:

param (dict) – dict of initialization parameters

Returns:

nothing

linotp.tokens.totptoken.counter2time(counter, timeStepping)
linotp.tokens.totptoken.log = <Logger linotp.tokens.totptoken (WARNING)>

TOTP Algorithm

This variant of the HOTP algorithm specifies the calculation of a one-time password value, based on a representation of the counter as a time factor.

4.1. Notations

  • X represents the time step in seconds (default value X = 30

seconds) and is a system parameter;

  • T0 is the Unix time to start counting time steps (default value is

0, Unix epoch) and is also a system parameter.

4.2. Description

Basically, we define TOTP as TOTP = HOTP(K, T) where T is an integer and represents the number of time steps between the initial counter time T0 and the current Unix time (i.e. the number of seconds elapsed since midnight UTC of January 1, 1970).

More specifically T = (Current Unix time - T0) / X where:

  • X represents the time step in seconds (default value X = 30

seconds) and is a system parameter;

  • T0 is the Unix time to start counting time steps (default value is

0, Unix epoch) and is also a system parameter;

  • The default floor function is used in the computation. For

example, with T0 = 0 and time step X = 30, T = 1 if the current Unix time is 59 seconds and T = 2 if the current Unix time is 60 seconds.

M’Raihi, et al. Expires March 12, 2011 [Page 5]

Internet-Draft HOTPTimeBased September 2010

linotp.tokens.totptoken.time2counter(T0: Union[float, int], timeStepping: int) int