STOTP is an implementation of the time based one time pad (TOTP) written in SPARK. It currently only supports SHA-1 but since it is based on the libsparkcrypto further algorithms can be added.

The library includes a toolset to generate tokens for twe factor authentication from provided base32 keys:

• Base32 encoder/decoder (without padding support)
• HOTP implementation (RFC 4226)
• TOTP implementation (RFC 6238)
• OTP Value generator for different lengths

The code proves for the absence of runtime errors and the correctness of its dependencies.

To build the project the GNAT GPL toolchain is required.

• $ git clone --recursive https://github.com/jklmnn/STOTP.git
• $ cd STOTP
• $ gprbuild -P stotp.gpr

• $ gnatprove -P stotp.gpr

The project file builds an example application that takes a base32 key and generates the current TOTP token:

• $ ./build/generate_2fa_token <base32 key>

The project also builds some simple tests to check the outputs of core packages. These are executables in the build directory prefixed with test_ and all of them should only output TRUE one or multiple times.

To get a basic understanding in how to use the library take a look at the files in examples and tests. Also all specifications in src are annotated. Further documentation might probably follow