HOTP 1.0.0

data/README

@@ -0,0 +1,76 @@
+Authors: Michael DeCandia <mdecandia@vonage.com> and Stephen Becker <sbecker@vonage.com>
+
+License: BSD License
+
+  Copyright (c) 2007, Vonage Holdings
+
+  All rights reserved.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions are met:
+
+      * Redistributions of source code must retain the above copyright
+  notice, this list of conditions and the following disclaimer.
+      * Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
+      * Neither the name of Vonage Holdings nor the names of its
+  contributors may be used to endorse or promote products derived from this
+  software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+  POSSIBILITY OF SUCH DAMAGE.
+
+= HOTP -- HMAC-Based One-Time Password Algorithm
+
+  * HOTP: Implements RFC 4226 using Ruby. (http://www.ietf.org/rfc/rfc4226.txt)  HOTP is an HMAC-SHA1 based algorithm
+
+== Download
+
+The latest version of hotp can be found at
+
+  * http://rubyforge.org/hotp/
+
+== Installation
+
+=== Normal Installation
+
+  Setup based installation is currently unsupported
+
+=== GEM Installation
+
+	% gem install hotp
+
+== Usage, ...
+
+=== HOTP
+	
+	The HOTP object can be used to calculate the HOTP value for any secret and count. The number of digits in the HOTP value is determined by an optional parameter.  The default HOTP value is 6 digits long.
+
+Creating an HOTP instance
+
+	h = HOTP.new()
+	h.secret="12345678901234567890" # 20 byte key
+	h.count=0                       # Where to start calculating
+	h.digits=6                      # How many digits to return (length of the HOTP value)
+	puts(h.hotp)                    # => "755224"
+	h.count=1                       # Change the count
+	puts(h.update)                  # => "287082"
+
+
+Using HOTP as a class method
+
+	secret = "12345678901234567890"
+	count = 0
+	puts(HOTP::hotp(secret,count))  # => "755224"
+
+

data/examples/HOTP/example1.rb

@@ -0,0 +1,48 @@
+#!/usr/local/bin/ruby
+=begin rdoc
+  Copyright (c) 2007, Vonage Holdings
+
+  All rights reserved.
+
+  Redistribution and use in source and binary forms, with or without
+  modification, are permitted provided that the following conditions are met:
+
+  * Redistributions of source code must retain the above copyright
+  notice, this list of conditions and the following disclaimer.
+  * Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
+  * Neither the name of Vonage Holdings nor the names of its
+  contributors may be used to endorse or promote products derived from this
+  software without specific prior written permission.
+
+  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+  POSSIBILITY OF SUCH DAMAGE.
+
+  Authors: Michael DeCandia <mdecandia@vonage.com> and Stephen Becker <sbecker@vonage.com>
+=end
+
+require 'rubygems'
+require 'HOTP'
+
+secret = "12345678901234567890"
+count = 30
+
+h = HOTP.new(secret, count)
+puts("[#{h.hotp}]")
+
+# Display the HOTP values for the secret starting at 0 up to 100
+(0..100).each{ |c|
+	h.count=c
+	puts("[#{h.update}]")
+}
+		

data/lib/HOTP.rb

@@ -0,0 +1,163 @@
+=begin rdoc
+	Copyright (c) 2007, Vonage Holdings
+
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	* Redistributions of source code must retain the above copyright
+	notice, this list of conditions and the following disclaimer.
+	* Redistributions in binary form must reproduce the above copyright
+	notice, this list of conditions and the following disclaimer in the
+	documentation and/or other materials provided with the distribution.
+	* Neither the name of Vonage Holdings nor the names of its
+	contributors may be used to endorse or promote products derived from this
+	software without specific prior written permission.
+
+	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+	AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+	ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+
+	Authors: Michael DeCandia <mdecandia@vonage.com> and Stephen Becker <sbecker@vonage.com>
+
+=== HOTP
+
+  The HOTP object can be used to calculate the HOTP value for any secret and count. The number of digits in the HOTP value is determined by an optional parameter.  The default HOTP value is 6 digits long.
+
+Creating an HOTP instance
+
+  h = HOTP.new()
+  h.secret="12345678901234567890" # 20 byte key
+  h.count=0                       # Where to start calculating
+  h.digits=6                      # How many digits to return (length of the HOTP value)
+  puts(h.hotp)                    # => "755224"
+  h.count=1                       # Change the count
+  puts(h.update)                  # => "287082"
+
+
+Using HOTP as a class method
+
+  secret = "12345678901234567890"
+  count = 0
+  puts(HOTP::hotp(secret,count))  # => "755224"
+
+=end
+require 'openssl'
+require 'logger'
+
+#This implements HOTP: An HMAC-Based One-Time Password Algorithm as described in RFC 4226 (http://www.ietf.org/rfc/rfc4226.txt)
+class HOTP
+#The secret key in ascii (K)
+	attr_accessor :secret
+#The count used to start the calculation (C)
+	attr_accessor	:count
+#The length of the HOTP value (Digit) (Defaults to 6)
+	attr_accessor :digits
+#The default logger to use when reporting an error. (Defaults to STDERR)
+	@@logger = Logger.new(STDERR)
+#Creates an HOTP object
+#* :secret is your secret key
+#* :count is where to start your calculation
+#* :digits is the length of the HOTP value
+#
+#Creating an HOTP instance
+#
+#  h = HOTP.new()
+#  h.secret="12345678901234567890" # 20 byte key
+#  h.count=0                       # Where to start calculating
+#  h.digits=6                      # How many digits to return (length of the HOTP value)
+#  puts(h.hotp)                    # => "755224"
+#  h.count=1                       # Change the count
+#  puts(h.update)                  # => "287082"
+#
+#
+#Using HOTP as a class method
+#
+#  secret = "12345678901234567890"
+#  count = 0
+#  puts(HOTP::hotp(secret,count))  # => "755224"
+#
+	def initialize(secret=nil,count=nil,digits=6)
+		begin
+			@secret = secret
+			@count = count
+			@digits = digits
+		rescue Exception => e
+			@@logger.fatal{"Unable to initialize HOTP properly. Reason: #{e}"}
+		end
+	end
+#Returns the HOTP value as a string
+	def update
+		begin
+			return calculate_hotp(@secret, @count, @digits)
+		rescue Exception => e
+			@@logger.fatal{"Unable to update. Reason #{e}"}
+		end
+	end
+	alias_method :hotp, :update
+#Returns the HOTP value as a string
+	def calculate_hotp(secret,count,digits=6)
+		return HOTP::hotp(secret,count,digits)
+	end
+#Set the Logger object.  By default this logs to STDERR
+	def self.logger=(logger)
+		@@logger = logger
+	end
+#Class method that returns the HOTP value as a string
+	def self.hotp(secret,count,digits=6)
+		begin
+			# The secret is plain text
+			# i.e "1234567891234567890"
+			# The count needs to be in hex so we need to convert it into a padded hex string
+			# i.e. 10 = "\x00\x00\x00\x00\x00\x00\x00\x0a"
+			# The digits are the number of digits to use when calculating the HOTP. (defaults to 6)
+			sha1_hash = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new("SHA1"), secret, string_to_hex_value(count,8))
+			#the last hex value is the offset
+			offset = sha1_hash[-1].chr.hex
+			#get the string in the offset range
+			dbc1 = sha1_hash[(offset*2)...((offset*2)+8)]
+			#31bits
+			dbc2 = dbc1.hex & "7fffffff".hex
+			hotp = dbc2%(10**digits.to_i)
+			hotp = sprintf("%0#{digits}d", hotp)
+			return hotp
+		rescue Exception => e
+			@@logger.fatal{"Unable to calculate the HOTP value. Reason: #{e}"}
+		end
+	end
+
+	private
+#Private class method that converts a string to a padded hex value
+	def self.string_to_hex_value(count,padding=nil,pad_char="0")
+		begin
+			return_string = ""
+			# Change count to an integer then base 16 convert to a string
+			# i.e. 10.to_s(16)  = a
+			hex_count = count.to_i.to_s(16) #string
+
+			# Pad the resulting string with the pad_charater ("0" by default)
+			# i.e. Takes "a" and makes it "000000a"
+			# We multiply the padding by two since we evaluate the hex as two characters
+			# i.e. "a" in hex is "0a"
+			((padding.to_i*2) - hex_count.size).times{hex_count.insert(0,pad_char)} if padding
+			hex_count = "0"+hex_count if hex_count.size%2==1
+			temp_char = "0"
+			hex_count.scan(/../).each { |hexs|
+				temp_char[0]= hexs.hex
+				return_string << temp_char
+			}
+			return return_string
+		rescue Exception => e
+			@@logger.fatal{"Unable to convert string to hex. Reason #{e}"}
+		end
+	end
+end

data/tests/HOTP/tests.rb

@@ -0,0 +1,163 @@
+#!/usr/bin/env ruby
+require 'runit/testcase'
+require 'runit/cui/testrunner'
+require 'HOTP'
+class TestHOPT < RUNIT::TestCase
+#example from http://www.rfc-editor.org/rfc/rfc4226.txt
+#We would love more examples
+  def test_instance_no_params
+      h = HOTP.new
+      h.secret = "12345678901234567890"
+      h.count = "0"
+      h.digits = 6
+      assert_equal(h.update,"755224")
+      h.count = "30"
+      #make sure you get back 6 digits in the string.
+      assert_equal(h.update,"026920")
+  end
+  def test_instance_no_digits_params
+      h = HOTP.new("12345678901234567890","0")
+      assert_equal(h.update,"755224")
+      h.count = "30"
+      #make sure you get back 6 digits in the string.
+      assert_equal(h.update,"026920")
+  end
+  def test_instance_6_digits
+      h = HOTP.new("12345678901234567890","0",6)
+      assert_equal(h.update,"755224")
+      h.count = "30"
+      #make sure you get back 6 digits in the string.
+      assert_equal(h.update,"026920")
+  end
+  def test_instance_8_digits
+      h = HOTP.new("12345678901234567890","0",8)
+      assert_equal(h.update,"84755224")
+      h.count = "1"
+      assert_equal(h.update,"94287082")
+  end
+  def test_instance_8_digits_string
+      h = HOTP.new("12345678901234567890","0","8")
+      assert_equal(h.update,"84755224")
+      h.count = "1"
+      assert_equal(h.update,"94287082")
+  end
+  def test_class
+      #you can call the class with key,count and digits
+      assert_equal(HOTP::hotp("12345678901234567890","0"),"755224")
+      assert_equal(HOTP::hotp("12345678901234567890","0",6),"755224")
+      #make sure you get back 6 digits in the string.
+      assert_equal(HOTP::hotp("12345678901234567890","30",6),"026920")
+  end
+	def test_class_100_loop
+      #first 100 values. as calclated from Perl's Authen::HOTP 0.02
+			results = [
+			"755224",
+			"287082",
+			"359152",
+			"969429",
+			"338314",
+			"254676",
+			"287922",
+			"162583",
+			"399871",
+			"520489",
+			"403154",
+			"481090",
+			"868912",
+			"736127",
+			"229903",
+			"436521",
+			"186581",
+			"447589",
+			"903435",
+			"578337",
+			"328281",
+			"191635",
+			"184416",
+			"574561",
+			"797908",
+			"396619",
+			"122382",
+			"939082",
+			"908316",
+			"316591",
+			"026920",
+			"523596",
+			"370250",
+			"841346",
+			"749439",
+			"037211",
+			"003784",
+			"520231",
+			"521952",
+			"619416",
+			"268376",
+			"471723",
+			"435478",
+			"303194",
+			"000152",
+			"287422",
+			"318298",
+			"098238",
+			"039329",
+			"710717",
+			"528155",
+			"980838",
+			"249088",
+			"354406",
+			"399156",
+			"478026",
+			"294892",
+			"941415",
+			"964363",
+			"083773",
+			"864257",
+			"719632",
+			"005080",
+			"925505",
+			"317632",
+			"088627",
+			"024418",
+			"954526",
+			"036679",
+			"864060",
+			"569881",
+			"029459",
+			"486963",
+			"559613",
+			"202372",
+			"705686",
+			"272974",
+			"379493",
+			"839877",
+			"393669",
+			"863623",
+			"198167",
+			"935444",
+			"108405",
+			"305499",
+			"563707",
+			"447439",
+			"332099",
+			"087812",
+			"032830",
+			"811649",
+			"190372",
+			"458549",
+			"202468",
+			"722946",
+			"047817",
+			"229689",
+			"430056",
+			"289357",
+			"516516" ]
+			(0...100).each do |c|
+      	assert_equal(HOTP::hotp("12345678901234567890",c,6), results[c])
+			end
+	end
+end
+if $0 == __FILE__
+  suite = RUNIT::TestSuite.new
+  suite.add_test(TestHOPT.suite)
+  RUNIT::CUI::TestRunner.run(suite)
+end

metadata

@@ -0,0 +1,55 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.9.2
+specification_version: 1
+name: HOTP
+version: !ruby/object:Gem::Version 
+  version: 1.0.0
+date: 2007-10-24 00:00:00 -04:00
+summary: "This implements HOTP: An HMAC-Based One-Time Password Algorithm as described in RFC 4226"
+require_paths: 
+- lib
+email: 
+- mdecandia@vonage.com
+- sbecker@vonage.com
+homepage: http://www.vonage.com/
+rubyforge_project: 
+description: 
+autorequire: HOTP
+default_executable: 
+bindir: bin
+has_rdoc: true
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: ruby
+signing_key: 
+cert_chain: 
+post_install_message: 
+authors: 
+- Michael DeCandia
+- Stephen Becker
+files: 
+- examples/HOTP
+- examples/HOTP/example1.rb
+- lib/HOTP.rb
+- tests/HOTP
+- tests/HOTP/tests.rb
+- README
+test_files: 
+- tests/HOTP
+- tests/HOTP/tests.rb
+rdoc_options: []
+
+extra_rdoc_files: 
+- README
+executables: []
+
+extensions: []
+
+requirements: []
+
+dependencies: []
+