rocra 0.0.1

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*~
+\#*
+.\#*
+

data/.travis.yml

@@ -0,0 +1,9 @@
+language: ruby
+rvm:
+  - "1.9.3"
+  - "1.9.2"
+  - "1.8.7"
+  #- jruby-18mode # JRuby in 1.8 mode
+  #- jruby-19mode # JRuby in 1.9 mode
+  #- rbx-18mode
+  #- rbx-19mode

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rocra.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 phil
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,59 @@
+[![Build Status](https://travis-ci.org/branch14/rocra.png?branch=master)](https://travis-ci.org/branch14/rocra)
+
+     _ __ ___   ___ _ __ __ _
+    | '__/ _ \ / __| '__/ _` |
+    | | | (_) | (__| | | (_| |
+    |_|  \___/ \___|_|  \__,_|
+
+# Welcome to rocra
+
+rocra is an OCRA (RFC 6287) implementation in Ruby.
+
+see http://tools.ietf.org/html/rfc6287
+
+It is based on the implementations found here https://github.com/SURFnet/ocra-implementations
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rocra'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rocra
+
+## Usage
+
+    suite     = 'OCRA-1:HOTP-SHA1-6:QN08' # string, mandatory
+    key       = "3132333435363738393031323334353637383930" # hex, mandatory
+    counter   = nil # hex, optional
+    question  = '12345678'.to_i.to_s(16) # hex, mandatory
+    password  = nil # hex, optional
+    session   = nil # hex, optional
+    timestamp = nil # optional
+    
+    Rocra.generate(suite, key, counter, question, password, session, timestamp)
+
+## Specs
+
+Run
+
+    rspec
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Todo
+
+- fix jruby issues
+- make api more rubyesque

data/Rakefile

@@ -0,0 +1,5 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec

data/lib/rocra.rb

@@ -0,0 +1,217 @@
+require 'openssl'
+
+require "rocra/version"
+
+class Rocra
+
+  class << self
+
+    # This method generates an OCRA HOTP value for the given set of
+    # parameters.
+    #
+    # @param ocraSuite    the OCRA Suite
+    # @param key          the shared secret, HEX encoded
+    # @param counter      the counter that changes
+    #                     on a per use basis,
+    #                     HEX encoded
+    # @param question     the challenge question, HEX encoded
+    # @param password     a password that can be used,
+    #                     HEX encoded
+    # @param sessionInformation
+    #                     Static information that identifies the
+    #                     current session, Hex encoded
+    # @param timestamp    a value that reflects a time
+    #
+    # @return A numeric String in base 10 that includes
+    # {@link truncationDigits} digits
+    def generate(ocra_suite, key, counter, question, password, session_information, timestamp)
+
+      code_digits = 0
+      crypto = ""
+      result = nil
+      ocra_suite_length = ocra_suite.length
+      counter_length = 0
+      question_length = 0
+      password_length = 0
+
+      session_information_length = 0
+      timestamp_length = 0
+
+      # How many digits should we return
+      components = ocra_suite.split(':')
+      cryptoFunction = components[1]
+      dataInput = components[2].downcase # lower here so we can do case insensitive comparisons
+
+      crypto = 'sha1'   if cryptoFunction.downcase.include?('sha1')
+      crypto = 'sha256' if cryptoFunction.downcase.include?('sha256')
+      crypto = 'sha512' if cryptoFunction.downcase.include?('sha512')
+
+      code_digits = cryptoFunction.split('-').last
+
+      # The size of the byte array message to be encrypted
+
+      # Counter
+      if dataInput[0,1] == "c"
+        # Fix the length of the HEX string
+        counter_length=8
+        counter = counter.rjust(16, '0')
+      end
+
+      # Question
+      if dataInput[0,1] == "q" || dataInput.include?('-q')
+        question = question.ljust(256, '0')
+        question_length = 128
+      end
+
+      # Password
+      if dataInput.include?("psha1")
+        password = password.ljust(40, '0')
+        password_length = 20
+      end
+
+      if dataInput.include?("psha256")
+        password = password.ljust(64, '0')
+        password_length = 32
+      end
+
+      if dataInput.include?("psha512")
+        password = password.ljust(128, '0')
+        password_length = 64
+      end
+
+      # session_information
+      if dataInput.include?("s064")
+        session_information = session_information.ljust(128, '0')
+        session_information_length = 64
+      end
+
+      if dataInput.include?("s128")
+        session_information = session_information.ljust(256, '0')
+        session_information_length = 128
+      end
+
+      if dataInput.include?("s256")
+        session_information = session_information.ljust(512, '0')
+        session_information_length = 256
+      end
+
+      if dataInput.include?("s512")
+        session_information = session_information.ljust(128, '0')
+        session_information_length = 64
+      end
+
+      # TimeStamp
+      if dataInput[0,1] == "t" || dataInput.include?("-t")
+        timestamp = timestamp.rjust(16, '0')
+        timestamp_length = 8
+      end
+
+      # Put the bytes of "ocra_suite" parameters into the message
+      length = ocra_suite_length +
+        counter_length +
+        question_length +
+        password_length +
+        session_information_length +
+        timestamp_length + 1
+      msg = "\0" * length
+      msg[0, ocra_suite.length] = ocra_suite
+
+      # Delimiter
+      # msg[ocra_suite.length] = hex2str("0")
+
+      # Put the bytes of "Counter" to the message
+      # Input is HEX encoded
+      if counter_length > 0
+        pos = ocra_suite_length + 1
+        msg[pos, counter.length] = hex2str(counter)
+      end
+
+      # Put the bytes of "question" to the message
+      # Input is text encoded
+      if question_length > 0
+        pos = ocra_suite_length + 1 + counter_length
+        msg[pos, question.length] = hex2str(question)
+      end
+
+      # Put the bytes of "password" to the message
+      # Input is HEX encoded
+      if password_length > 0
+        pos = ocra_suite_length + 1 + counter_length + question_length
+        msg[pos, password.length] = hex2str(password)
+      end
+
+      # Put the bytes of "session_information" to the message
+      # Input is text encoded
+      if session_information_length > 0
+        pos = ocra_suite_length + 1 + counter_length + question_length + password_length
+        msg[pos, session_information.length] = hex2str(session_information)
+      end
+
+      # Put the bytes of "time" to the message
+      # Input is text value of minutes
+      if timestamp_length > 0
+        pos = ocra_suite_length + 1 + counter_length + question_length +
+          password_length + session_information_length
+        msg[pos, timestamp.length] = hex2str(timestamp)
+      end
+
+      byteKey = hex2str(key)
+      hash = hmac_sha1(crypto, byteKey, msg)
+      oath_truncate(hash, code_digits)
+
+    end
+
+    private
+
+    # Truncate a result to a certain length
+    #
+    # - hash is a hex string
+    def oath_truncate(hash, length = 6)
+
+      # Convert to array of decimals
+      hmac_result = hash.scan(/../).map { |e| e.hex }
+
+      # Find offset
+      offset = hmac_result.last & 0xf
+
+      v =
+        (hmac_result[offset + 0] & 0x7f) << 24 |
+        (hmac_result[offset + 1] & 0xff) << 16 |
+        (hmac_result[offset + 2] & 0xff) << 8 |
+        (hmac_result[offset + 3] & 0xff)
+
+      r = v % 10 ** length.to_i
+
+      "%0#{length}d" % r
+    end
+
+    # This method uses the hmac_hash function to provide the crypto
+    # algorithm.
+    # HMAC computes a Hashed Message Authentication Code with the
+    # crypto hash algorithm as a parameter.
+    #
+    # @param String crypto     the crypto algorithm (sha1, sha256 or sha512)
+    # @param String keyBytes   the bytes to use for the HMAC key
+    # @param String text       the message or text to be authenticated.
+    #
+    def hmac_sha1(crypto, keyBytes, text)
+      digest = OpenSSL::Digest::Digest.new(crypto)
+      str2hex(OpenSSL::HMAC.digest(digest, keyBytes, text))
+    end
+
+    # This method converts HEX string to Byte[]
+    #
+    # @param String hex   the HEX string
+    #
+    # @return String a string with raw bytes
+    def hex2str(hex)
+      [hex].pack('H*')
+    end
+
+    def str2hex(str)
+      str.unpack('H*').first
+    end
+
+  end
+
+end

data/lib/rocra/version.rb

@@ -0,0 +1,3 @@
+class Rocra
+  VERSION = "0.0.1"
+end

data/rocra.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rocra/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "rocra"
+  gem.version       = Rocra::VERSION
+  gem.authors       = ["Phil Hofmann"]
+  gem.email         = ["phil@branch14.org"]
+  gem.description   = %q{An OCRA (RFC 6287) implementation in Ruby}
+  gem.summary       = %q{An OCRA (RFC 6287) implementation in Ruby}
+  gem.homepage      = "https://github.com/branch14/rocra"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec'
+end

data/spec/rocra_spec.rb

@@ -0,0 +1,86 @@
+require File.expand_path('../../lib/rocra', __FILE__)
+
+describe Rocra do
+
+  it 'should nicely translate binary strings into hex strings' do
+    Rocra.send(:str2hex, 'ab').should == '6162'
+  end
+ 
+  it 'should nicely translate hex strings into binary strings' do
+    Rocra.send(:hex2str, '6162').should == 'ab'
+  end
+
+  # examples from http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
+  it 'should nicely calculate hmac_sha1' do
+    Rocra.send(:hmac_sha1, 'sha1', '', '').should == 'fbdb1d1b18aa6c08324b7d64b71fb76370690e1d'
+    Rocra.send(:hmac_sha1, 'sha1', "key", "The quick brown fox jumps over the lazy dog").should ==
+      'de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9'
+  end
+
+  KEY_20 = "3132333435363738393031323334353637383930"
+  KEY_32 = "3132333435363738393031323334353637383930313233343536373839303132"
+  KEY_64 = "3132333435363738393031323334353637383930313233343536373839303132"+
+    "3334353637383930313233343536373839303132333435363738393031323334"
+  PIN_1234_HASH = "7110eda4d09e062aa5e4a390b0a572ac0d2c0220"
+
+  it 'should work for OCRA-1:HOTP-SHA1-6:QN08' do
+    suite = "OCRA-1:HOTP-SHA1-6:QN08"
+    Rocra.generate(suite, KEY_20, nil, '00000000'.to_i.to_s(16), nil, nil, nil).should == '237653'
+    Rocra.generate(suite, KEY_20, nil, '11111111'.to_i.to_s(16), nil, nil, nil).should == '243178'
+    Rocra.generate(suite, KEY_20, nil, '22222222'.to_i.to_s(16), nil, nil, nil).should == '653583'
+    Rocra.generate(suite, KEY_20, nil, '33333333'.to_i.to_s(16), nil, nil, nil).should == '740991'
+    Rocra.generate(suite, KEY_20, nil, '44444444'.to_i.to_s(16), nil, nil, nil).should == '608993'
+    Rocra.generate(suite, KEY_20, nil, '55555555'.to_i.to_s(16), nil, nil, nil).should == '388898'
+    Rocra.generate(suite, KEY_20, nil, '66666666'.to_i.to_s(16), nil, nil, nil).should == '816933'
+    Rocra.generate(suite, KEY_20, nil, '77777777'.to_i.to_s(16), nil, nil, nil).should == '224598'
+    Rocra.generate(suite, KEY_20, nil, '88888888'.to_i.to_s(16), nil, nil, nil).should == '750600'
+    Rocra.generate(suite, KEY_20, nil, '99999999'.to_i.to_s(16), nil, nil, nil).should == '294470'
+  end
+
+  it 'should work with counter' do
+    suite = "OCRA-1:HOTP-SHA256-8:C-QN08-PSHA1"
+    Rocra.generate(suite, KEY_32, "0", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "65347737"
+    Rocra.generate(suite, KEY_32, "1", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "86775851"
+    Rocra.generate(suite, KEY_32, "2", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "78192410"
+    Rocra.generate(suite, KEY_32, "3", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "71565254"
+    Rocra.generate(suite, KEY_32, "4", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "10104329"
+    Rocra.generate(suite, KEY_32, "5", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "65983500"
+    Rocra.generate(suite, KEY_32, "6", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "70069104"
+    Rocra.generate(suite, KEY_32, "7", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "91771096"
+    Rocra.generate(suite, KEY_32, "8", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "75011558"
+    Rocra.generate(suite, KEY_32, "9", "12345678".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "08522129"
+  end
+
+  it 'should work for OCRA-1:HOTP-SHA256-8:QN08-PSHA1' do
+    suite = "OCRA-1:HOTP-SHA256-8:QN08-PSHA1"
+    Rocra.generate(suite, KEY_32, nil, "00000000".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "83238735"
+    Rocra.generate(suite, KEY_32, nil, "11111111".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "01501458"
+    Rocra.generate(suite, KEY_32, nil, "22222222".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "17957585"
+    Rocra.generate(suite, KEY_32, nil, "33333333".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "86776967"
+    Rocra.generate(suite, KEY_32, nil, "44444444".to_i.to_s(16), PIN_1234_HASH, nil, nil).should == "86807031"
+  end
+        
+  it 'should work for OCRA-1:HOTP-SHA512-8:C-QN08' do
+    suite = "OCRA-1:HOTP-SHA512-8:C-QN08"
+    Rocra.generate(suite, KEY_64, "00000", "00000000".to_i.to_s(16), nil, nil, nil).should == "07016083"
+    Rocra.generate(suite, KEY_64, "00001", "11111111".to_i.to_s(16), nil, nil, nil).should == "63947962"
+    Rocra.generate(suite, KEY_64, "00002", "22222222".to_i.to_s(16), nil, nil, nil).should == "70123924"
+    Rocra.generate(suite, KEY_64, "00003", "33333333".to_i.to_s(16), nil, nil, nil).should == "25341727"
+    Rocra.generate(suite, KEY_64, "00004", "44444444".to_i.to_s(16), nil, nil, nil).should == "33203315"
+    Rocra.generate(suite, KEY_64, "00005", "55555555".to_i.to_s(16), nil, nil, nil).should == "34205738"
+    Rocra.generate(suite, KEY_64, "00006", "66666666".to_i.to_s(16), nil, nil, nil).should == "44343969"
+    Rocra.generate(suite, KEY_64, "00007", "77777777".to_i.to_s(16), nil, nil, nil).should == "51946085"
+    Rocra.generate(suite, KEY_64, "00008", "88888888".to_i.to_s(16), nil, nil, nil).should == "20403879"
+    Rocra.generate(suite, KEY_64, "00009", "99999999".to_i.to_s(16), nil, nil, nil).should == "31409299"
+  end
+  
+  it 'should work for OCRA-1:HOTP-SHA512-8:QN08-T1M' do
+    suite = "OCRA-1:HOTP-SHA512-8:QN08-T1M"
+    Rocra.generate(suite, KEY_64, nil, "00000000".to_i.to_s(16), nil, nil, "132d0b6").should == "95209754"
+    Rocra.generate(suite, KEY_64, nil, "11111111".to_i.to_s(16), nil, nil, "132d0b6").should == "55907591"
+    Rocra.generate(suite, KEY_64, nil, "22222222".to_i.to_s(16), nil, nil, "132d0b6").should == "22048402"
+    Rocra.generate(suite, KEY_64, nil, "33333333".to_i.to_s(16), nil, nil, "132d0b6").should == "24218844"
+    Rocra.generate(suite, KEY_64, nil, "44444444".to_i.to_s(16), nil, nil, "132d0b6").should == "36209546"
+  end
+
+end

metadata

@@ -0,0 +1,78 @@
+--- !ruby/object:Gem::Specification
+name: rocra
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Phil Hofmann
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &82726890 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *82726890
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &82726670 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *82726670
+description: An OCRA (RFC 6287) implementation in Ruby
+email:
+- phil@branch14.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/rocra.rb
+- lib/rocra/version.rb
+- rocra.gemspec
+- spec/rocra_spec.rb
+homepage: https://github.com/branch14/rocra
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: An OCRA (RFC 6287) implementation in Ruby
+test_files:
+- spec/rocra_spec.rb