Skip to content
Browse files

New helper method to generate OATH-HOTP AEAD

- Updated unit tests to reflect the change
  • Loading branch information...
1 parent 54831a8 commit 6f0e590875ba257879418036c697d6fd7f086717 @Ratler committed Aug 17, 2011
View
22 src/main/java/org/unitedid/yhsm/YubiHSM.java
@@ -133,6 +133,28 @@ public String infoToString() throws YubiHSMErrorException {
}
/**
+ * Generate AEAD block which can be used for OATH-HOTP OTP validation, see <code>validateOathHOTP</code>.
+ *
+ * @param nonce the nonce
+ * @param keyHandle the key handle with permission to generateBufferAEAD
+ * @param tokenSeed the OATH HOTP token seed
+ * @return returns an AEAD
+ * @throws YubiHSMInputException thrown if an argument fail to validate
+ * @throws YubiHSMErrorException thrown if an error have occurred
+ * @throws YubiHSMCommandFailedException thrown if the YubiHSM fail to execute a command
+ */
+ public String generateOathHotpAEAD(String nonce, int keyHandle, String tokenSeed) throws YubiHSMInputException, YubiHSMErrorException, YubiHSMCommandFailedException {
+ if (tokenSeed.length() != 40)
+ throw new YubiHSMInputException("Seed is not of required length, got " + tokenSeed.length() + " but expected 40");
+
+ byte[] seed = Utils.hexToByteArray(tokenSeed);
+ byte[] flag = Utils.leIntToBA(0x10000); // Generate HMAC SHA1 Flag
+ loadBufferData(Utils.concatAllArrays(seed, flag), 0);
+
+ return generateBufferAEAD(nonce, keyHandle).get("aead");
+ }
+
+ /**
* Validate an AEAD using the YubiHSM, matching it against some known plain text.
* Matching is done inside the YubiHSM so the decrypted AEAD is never exposed.
*
View
10 src/test/java/org/unitedid/yhsm/internal/AEADCmdTest.java
@@ -68,4 +68,14 @@ public void testGenerateRandomAEADException() throws Exception {
thrown.expect(YubiHSMCommandFailedException.class);
AEADCmd.generateRandomAEAD(deviceHandler, nonce, 4, 255).get("aead");
}
+
+ @Test
+ public void testGenerateOathHotpAEAD() throws YubiHSMCommandFailedException, YubiHSMErrorException, YubiHSMInputException {
+ String nonce = "f1f2f3f4f5f6";
+ String seed = "3132333435363738393031323334353637383930";
+ String expected = "ab9ee1ea245fd11bdfe3fc8a5255de4e8d90b3f6f1f7c97692e0979599de95c5";
+ String result = hsm.generateOathHotpAEAD(nonce, 8192, seed);
+
+ assertEquals(expected, result);
+ }
}
View
8 src/test/java/org/unitedid/yhsm/internal/OathHOTPCmdTest.java
@@ -46,10 +46,8 @@
public void setUp() throws Exception {
super.setUp();
- byte[] key = Utils.hexToByteArray("3132333435363738393031323334353637383930");
-
- hsm.loadBufferData(Utils.concatAllArrays(key, Utils.leIntToBA(0x10000)), 0);
- aead = hsm.generateBufferAEAD(nonce, keyHandle).get("aead");
+ String seed = "3132333435363738393031323334353637383930";
+ aead = hsm.generateOathHotpAEAD(nonce, keyHandle, seed);
assertTrue(hsm.loadTemporaryKey(nonce, keyHandle, aead));
}
@@ -150,4 +148,4 @@ public String getOtp() {
public int getLookAhead() {
return lookAhead;
}
-}
+}

0 comments on commit 6f0e590

Please sign in to comment.
Something went wrong with that request. Please try again.