.\" DO NOT MODIFY THIS FILE! It was generated by gdoc. .TH "oath_hotp_validate_callback" 3 "2.6.11" "liboath" "liboath" .SH NAME oath_hotp_validate_callback \- API function .SH SYNOPSIS .B #include .sp .BI "int oath_hotp_validate_callback(const char * " secret ", size_t " secret_length ", uint64_t " start_moving_factor ", size_t " window ", unsigned " digits ", oath_validate_strcmp_function " strcmp_otp ", void * " strcmp_handle ");" .SH ARGUMENTS .IP "const char * secret" 12 the shared secret string .IP "size_t secret_length" 12 length of \fIsecret\fP .IP "uint64_t start_moving_factor" 12 start counter in OTP stream .IP "size_t window" 12 how many OTPs after start counter to test .IP "unsigned digits" 12 number of requested digits in the OTP .IP "oath_validate_strcmp_function strcmp_otp" 12 function pointer to a strcmp\-like function. .IP "void * strcmp_handle" 12 caller handle to be passed on to \fIstrcmp_otp\fP. .SH "DESCRIPTION" Validate an OTP according to OATH HOTP algorithm per RFC 4226. Validation is implemented by generating a number of potential OTPs and performing a call to the \fIstrcmp_otp\fP function, to compare the potential OTP against the given \fIotp\fP. It has the following prototype: int (*oath_validate_strcmp_function) (void *handle, const char *test_otp); The function should be similar to strcmp in that it return 0 only on matches. It differs by permitting use of negative return codes as indication of internal failures in the callback. Positive values indicate OTP mismatch. This callback interface is useful when you cannot compare OTPs directly using normal strcmp, but instead for example only have a hashed OTP. You would then typically pass in the hashed OTP in the \fIstrcmp_handle\fP and let your implementation of \fIstrcmp_otp\fP hash the test_otp OTP using the same hash, and then compare the results. Currently only OTP lengths of 6, 7 or 8 digits are supported. This restrictions may be lifted in future versions, although some limitations are inherent in the protocol. .SH "RETURNS" Returns position in OTP window (zero is first position), or \fBOATH_INVALID_OTP\fP if no OTP was found in OTP window, or an error code. .SH "SINCE" 1.4.0 .SH "REPORTING BUGS" Report bugs to . liboath home page: https://www.nongnu.org/oath-toolkit/ General help using GNU software: http://www.gnu.org/gethelp/ .SH COPYRIGHT Copyright \(co 2009-2020 Simon Josefsson. .br Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.