motp 1.0.2

data/.gitignore

@@ -0,0 +1,3 @@
+pkg/*
+*.gem
+.bundle

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in motp.gemspec
+gemspec

data/README.md

@@ -0,0 +1,66 @@
+MOTP
+====
+
+This RubyGem implements the [Mobile-OTP standard](http://motp.sourceforge.net/) in Ruby,
+allowing you to write Ruby (and Rails) powered servers and client implementations. This
+enables you, for example, to implement strong two-factor authentication into your web
+application, where your users use their mobile phones as a remote token.
+
+Installation
+------------
+
+    gem install motp
+
+Server Implementation
+---------------------
+
+For each user, come up with a secret and allow them to specify their PIN. Store both.
+When they use your system, ask them for the One-Time Pad. They can get this by using
+their mobile phone (which they've already configured with the secret) and entering their
+PIN.
+
+    require 'motp'
+    
+    MOTP::check(secret, pin, otp)
+
+Returns true if the otp is valid for the specified secret and PIN, false otherwise.
+
+OTPs are based on the UTC clock and are valid (by default) for three minutes before and
+three minutes after they were requested, in order to accomodate the time taken to type
+in the OTP, and possible variations in the accuracy of the system clocks on the server
+and the client (mobile phone) devices.
+
+Optional parameters (appended to the end):
+
+* :time => specifies the time for which the OTP must be valid; defaults to "now"
+* :max_period => specifies the number of seconds of leeway, ahead and behind, during which an OTP is considered valid - defaults to 3 * 60 (3 minutes)
+
+Client Implementation
+---------------------
+
+If you want to write a mobile MOTP client in Ruby, go ahead! The MOTP RubyGem supports
+this too.
+
+    require 'motp'
+    
+    MOTP::otp(secret, pin)
+
+Returns the OTP for the current time. As with the server implementation, you can pass an
+optional :time parameter to specify the time for wich you want to generate, but you
+shouldn't ever need to do this unless you *know* the device clock to be incorrect.
+
+License
+-------
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see http://www.gnu.org/licenses/.

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/lib/motp.rb

@@ -0,0 +1,14 @@
+require 'digest/md5'
+
+module Motp
+  def self.otp(secret, pin, options = {})
+    options = {:time => Time::now}.merge(options)
+    Digest::MD5::hexdigest("#{options[:time].utc.tv_sec.to_s[0...-1]}#{secret}#{pin}")[0,6]
+  end
+
+  def self.check(secret, pin, otp, options = {})
+    options = {:time => Time::now, :max_period => (3 * 60)}.merge(options)
+    range = ((options[:time] - options[:max_period])..(options[:time] + options[:max_period]))
+    return range.any?{|time| otp == self.otp(secret, pin, :time => time)}
+  end
+end

data/lib/motp/version.rb

@@ -0,0 +1,3 @@
+module Motp
+  VERSION = "1.0.2"
+end

data/motp.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "motp/version"
+
+Gem::Specification.new do |s|
+  s.name        = "motp"
+  s.version     = Motp::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Dan Q"]
+  s.email       = ["dan@scatmania.org"]
+  s.homepage    = "http://www.scatmania.org/projects/motp"
+  s.summary     = %q{Methods for implementing a Mobile One-Time Pad client or server in Ruby.}
+  s.description = %q{Methods for implementing a Mobile One-Time Pad client or server in Ruby.}
+
+  s.rubyforge_project = "motp"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/test/motp_test.rb

@@ -0,0 +1,58 @@
+require 'test/unit'
+require 'lib/motp'
+
+class MOTP_Test < Test::Unit::TestCase
+  def setup
+    @secret = 'secret12345'
+    @pin = '1234'
+    @valid_otp_regex = /^[\da-f]{6}$/
+  end
+
+  # def teardown
+  # end
+
+  def test_otp_matches_regex
+    otp_now = MOTP::otp(@secret, @pin)
+    assert(otp_now =~ @valid_otp_regex)
+  end
+
+  def test_now
+    otp_now = MOTP::otp(@secret, @pin)
+    assert(MOTP::check(@secret, @pin, otp_now))
+  end
+
+  def test_2min_ago
+    otp = MOTP::otp(@secret, @pin, :time => Time::now - (2*60))
+    assert(MOTP::check(@secret, @pin, otp))
+  end
+
+  def test_4min_ago_fails
+    otp = MOTP::otp(@secret, @pin, :time => Time::now - (4*60))
+    assert(!MOTP::check(@secret, @pin, otp))
+  end
+
+  def test_2min_ahead
+    otp = MOTP::otp(@secret, @pin, :time => Time::now + (2*60))
+    assert(MOTP::check(@secret, @pin, otp))
+  end
+
+  def test_4min_ahead_fails
+    otp = MOTP::otp(@secret, @pin, :time => Time::now + (4*60))
+    assert(!MOTP::check(@secret, @pin, otp))
+  end
+
+  def test_various_random_otps_fail
+    ['', '123456', 'abcdef', 'alpha' 'letmein!'].each do |otp|
+      assert(!MOTP::check(@secret, @pin, otp))
+    end
+  end
+
+  def test_specific_known_good_case
+    time = Time::utc(2011, 1, 20, 14, 28, 23)
+    secret, pin = 'abcd1234', '1234'
+    valid_otp = '6f8af8'
+    invalid_otp = '5d60af'
+    assert(MOTP::check(secret, pin, valid_otp, :time => time))
+    assert(!MOTP::check(secret, pin, invalid_otp, :time => time))
+  end
+end

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification 
+name: motp
+version: !ruby/object:Gem::Version 
+  hash: 19
+  prerelease: 
+  segments: 
+  - 1
+  - 0
+  - 2
+  version: 1.0.2
+platform: ruby
+authors: 
+- Dan Q
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-01-30 00:00:00 Z
+dependencies: []
+
+description: Methods for implementing a Mobile One-Time Pad client or server in Ruby.
+email: 
+- dan@scatmania.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- lib/motp.rb
+- lib/motp/version.rb
+- motp.gemspec
+- test/motp_test.rb
+homepage: http://www.scatmania.org/projects/motp
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: motp
+rubygems_version: 1.8.11
+signing_key: 
+specification_version: 3
+summary: Methods for implementing a Mobile One-Time Pad client or server in Ruby.
+test_files: 
+- test/motp_test.rb