Port of the libcotp library which compiles on Windows using Visual Studio (32-bit and 64-bit)
Ported by Twilight under the same license.
The non-portable gcrypt library has been replaced by the cross-platform OpenSSL library (tested with versions 1.1 and 3.0)
Original README.md:
C library that generates TOTP and HOTP according to RFC-6238
- libbaseencode
- GCC/Clang and CMake to build the library
- libgcrypt
$ git clone https://github.com/paolostivanin/libcotp.git
$ cd libcotp
$ mkdir build && cd $_
$ cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr ../ # add -DBUILD_TESTING=ON if you want to compile also the tests
$ make
# make install
char *totp = get_totp (const char *base32_encoded_secret, int digits, int period, int algo, cotp_error_t *err);
free (totp);
char *steam_totp = get_steam_totp (const char *secret, int period, cotp_error_t *err)
char *hotp = get_hotp (const char *base32_encoded_secret, long counter, int digits, int algo, cotp_error_t *err);
free (hotp);
char *get_totp_at (const char *base32_encoded_secret, long target_date, int digits, int algo, cotp_error_t *err)
int is_valid = totp_verify (const har *base32_encoded_secret, const char *totp, int digits, int period, int algo, cotp_error_t *err);
int is_valid = hotp_verify (const char *base32_encoded_secret, long counter, digits, char *hotp, int algo, cotp_error_t *err);
where:
secret_keyis the base32 encoded secret. Usually, a website gives you the secret already base32 encoded, so you should pay attention to not encode the secret again. The format of the secret can either behxdm vjec jjwsorHXDMVJECJJWS. In the first case, the library will normalize the secret to second format before computing the OTP.digitsis between3and10inclusiveperiodis between1and120inclusivecounteris a value decided with the servertarget_dateis the target date specified as the unix epoch format in secondsalgois eitherSHA1,SHA256orSHA512
get_totp, get_hotp and get_totp_at return NULL if an error occurs and err is set accordingly. The following errors are currently supported:
GCRYPT_VERSION_MISMATCH, set if the installed Gcrypt library is too oldINVALID_B32_INPUT, set if the given input is not valid base32 textINVALID_ALGO, set if the given algo is not supported by the libraryINVALID_PERIOD, set ifperiodis<= 0or> 120secondsINVALID_DIGITS, set ifdigitsis< 3or> 10
totp_verify and hotp_verify can return, in addition to one of the previous code, also the error INVALID_OTP if the given OTP doesn't match the computed one.
In case of success, the value returned by get_totp, get_hotp and get_totp_at must be freed once no longer needed.