DeterministicESPAsyncWebServer v6.28.0
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
totp.h
Go to the documentation of this file.
1// Copyright (C) 2026 Douglas Quigg (dstroy0) <dquigg123@gmail.com>
2// SPDX-License-Identifier: AGPL-3.0-or-later
3
4/**
5 * @file totp.h
6 * @brief TOTP two-factor auth (RFC 6238) (DETWS_ENABLE_TOTP).
7 *
8 * Time-based one-time passwords over HMAC-SHA1 (the existing software SHA-1) -
9 * Google Authenticator / Authy compatible. Compute the current code from a shared
10 * secret and the Unix time, verify a submitted code within a +/- step window (for
11 * clock skew), and decode the base32 secret a provisioning QR/app gives the user.
12 * Pure, no heap, host-tested against the RFC 6238 test vectors.
13 *
14 * @author Douglas Quigg (dstroy0)
15 * @date 2026
16 */
17
18#ifndef DETERMINISTICESPASYNCWEBSERVER_TOTP_H
19#define DETERMINISTICESPASYNCWEBSERVER_TOTP_H
20
21#include "ServerConfig.h"
22#include <stddef.h>
23#include <stdint.h>
24
25#if DETWS_ENABLE_TOTP
26
27/**
28 * @brief HOTP / TOTP code for @p counter (RFC 4226 dynamic truncation).
29 * @param key shared secret bytes.
30 * @param keylen secret length.
31 * @param counter moving factor (TOTP: floor(unix_time / period)).
32 * @param digits code length (6 or 8).
33 * @return the @p digits-digit code (zero-padded by the caller when formatting).
34 */
35uint32_t detws_hotp(const uint8_t *key, size_t keylen, uint64_t counter, uint8_t digits);
36
37/**
38 * @brief TOTP code (RFC 6238) at @p unix_time.
39 * @param period time step in seconds (30 is standard).
40 */
41uint32_t detws_totp(const uint8_t *key, size_t keylen, uint64_t unix_time, uint32_t period, uint8_t digits);
42
43/**
44 * @brief Verify @p code against the current step +/- @p window steps (clock skew).
45 * @return true if @p code matches any step in the window.
46 */
47bool detws_totp_verify(const uint8_t *key, size_t keylen, uint64_t unix_time, uint32_t code, uint32_t period,
48 uint8_t digits, int window);
49
50/**
51 * @brief Decode a base32 (RFC 4648) secret into @p out; ignores padding/spaces/dashes.
52 * @return decoded byte count, or -1 on an invalid character / overflow.
53 */
54int detws_base32_decode(const char *b32, uint8_t *out, size_t cap);
55
56#endif // DETWS_ENABLE_TOTP
57#endif // DETERMINISTICESPASYNCWEBSERVER_TOTP_H
User-facing configuration for DeterministicESPAsyncWebServer.