Implement OCRA

.travis.yml

@@ -1,5 +1,8 @@
 language: node_js
 node_js:
+  - "16"
+  - "14"
+  - "12"
   - "10"
   - "8"
 script:

README.md

@@ -1,4 +1,5 @@
-# HOTP TOTP
+# HOTP - TOTP - OCRA
+
 [![npm](https://img.shields.io/npm/v/hotp.svg?style=flat-square)](https://npmjs.com/package/hotp)
 [![npm license](https://img.shields.io/npm/l/hotp.svg?style=flat-square)](https://npmjs.com/package/hotp)
 [![npm downloads](https://img.shields.io/npm/dm/hotp.svg?style=flat-square)](https://npmjs.com/package/hotp)
@@ -24,51 +25,80 @@ $ npm install --save hotp
 
 #### hotp( key, counter[, options] )
 
-- `key` {Buffer|String}
-- `counter` {Buffer|String|Number}
+- `key` {Buffer|string}
+- `counter` {Buffer|string|number}
 - `options` {Object}
-  - `algorithm` {Number} **Default:** `'sha1'`
-  - `digits` {Number} **Default:** `6`
-- Returns {String}
+  - `algorithm` {number} **Default:** `'sha1'`
+  - `digits` {number} **Default:** `6`
+- Returns {string}
 
 #### Example
 
 ```js
-var hotp = require( 'hotp' )
+const hotp = require("hotp");
 
-var key = 'a very secret key'
-var counter = 0
+const key = "a very secret key";
+const counter = 0;
 
-var token = hotp( key, counter, { digits: 8 })
+const token = hotp(key, counter, { digits: 8 });
 
-console.log( token ) // > '78035651'
+console.log(token); // > '78035651'
 ```
 
 ### TOTP
 
 #### hotp.totp( key[, options] )
 
-- `key` {Buffer|String}
+- `key` {Buffer|string}
 - `options` {Object}
-  - `algorithm` {Number} **Default:** `'sha1'`
-  - `digits` {Number} **Default:** `6`
-  - `time` {Number} **Default:** `(Date.now() / 1000)`
-  - `timeStep` {Number} **Default:** `30`
-  - `t0` {Number} **Default:** `0`
-- Returns {String}
+  - `algorithm` {number} **Default:** `'sha1'`
+  - `digits` {number} **Default:** `6`
+  - `time` {number} **Default:** `(Date.now() / 1000)`
+  - `timeStep` {number} **Default:** `30`
+  - `t0` {number} **Default:** `0`
+- Returns {string}
+
+#### Example
+
+```js
+const hotp = require("hotp");
+
+const key = "a very secret key";
+const token = hotp.totp(key, { digits: 8 });
+
+console.log(token); // > '86247382'
+```
+
+### OCRA
+
+#### ocra( key, counter[, options] )
+
+- `key` {Buffer|string}
+- `ocraSuite` {string}
+- `data` {Object}
+  - `counter` {number?}
+  - `question` {number|string}
+  - `password` {string?} (in hexadecimal)
+  - `sessionInfo` {string?}
+  - `timestamp` {number?} (in milliseconds)
+- Returns {string}
 
 #### Example
 
 ```js
-var hotp = require( 'hotp' )
+const hotp = require("hotp");
+
+const key = "a very secret key";
+const ocraSuite = "OCRA-1:HOTP-SHA512-8:QA10-T1M";
+const data = { question: "SIG1000000", timestamp: 1206446760000 };
 
-var key = 'a very secret key'
-var token = hotp.totp( key, { digits: 8 })
+const token = hotp.ocra(key, ocraSuite, data);
 
-console.log( token ) // > '86247382'
+console.log(token); // > '77537423'
 ```
 
 ## References
 
 - [RFC 4226, HOTP: An HMAC-Based One-Time Password Algorithm](https://tools.ietf.org/html/rfc4226)
 - [RFC 6238, TOTP: Time-Based One-Time Password Algorithm](https://tools.ietf.org/html/rfc6238)
+- [RFC 6287, OCRA: OATH Challenge-Response Algorithm](https://tools.ietf.org/html/rfc6287)

lib/hotp.js

@@ -1,61 +1,34 @@
-var crypto = require( 'crypto' )
+const { generateToken, zeropad } = require("./utils");
 
-function zeropad( value, digits = 16 ) {
-  var fill = '0'.repeat( digits )
-  return ( fill + value ).slice( -digits )
-}
+function getCounter(value) {
+  const buffer = Buffer.alloc(8);
 
-function getCounter( value ) {
-  var buffer = Buffer.alloc( 8 )
-  if( Number.isFinite( value ) || typeof value === 'bigint' ) {
-    buffer.write( zeropad( value.toString( 16 ) ), 0, 'hex' )
-  } else if( Buffer.isBuffer( value ) ) {
-    value.copy( buffer )
-  } else if( typeof value === 'string' ) {
-    buffer.write( zeropad( value ), 0, 'hex' )
+  if (Number.isFinite(value) || typeof value === "bigint") {
+    buffer.write(zeropad(value.toString(16)), 0, "hex");
+  } else if (Buffer.isBuffer(value)) {
+    value.copy(buffer);
+  } else if (typeof value === "string") {
+    buffer.write(zeropad(value), 0, "hex");
   } else {
-    throw new Error( `Unexpected counter value type ${typeof value}` )
+    throw new Error(`Unexpected counter value type ${typeof value}`);
   }
-  return buffer
+
+  return buffer;
 }
 
 /**
  * HMAC-Based One-Time Password (HOTP)
- * @param {Buffer|String} key
- * @param {Buffer|String|Number} counter
+ * @param {Buffer|string} key
+ * @param {Buffer|string|number} counter
  * @param {Object} [options]
- * @param {String} [options.algorithm='sha1']
+ * @param {string} [options.algorithm='sha1']
  * @param {Number} [options.digits=6]
- * @returns {String} token
- */
-function hotp( key, counter, options ) {
-
-  var algorithm = options && options.algorithm || 'sha1'
-  var digits = options && options.digits || 6
-
-  var hmac = crypto.createHmac( algorithm, key )
-    .update( getCounter( counter ) ).digest()
-
-  return zeropad( truncate( hmac, digits || 6 ), digits )
-
-}
-
-/**
- * HOTP truncate function
- * @param {Buffer} hmac
- * @param {Number} digits
- * @returns {Number}
+ * @returns {string} token
  */
-function truncate( hmac, digits ) {
-  var offset = hmac[ hmac.length - 1 ] & 0x0F
-  var value = ( hmac[ offset + 0 ] & 0x7F ) << 24 |
-    ( hmac[ offset + 1 ] & 0xFF ) << 16 |
-    ( hmac[ offset + 2 ] & 0xFF ) <<  8 |
-    ( hmac[ offset + 3 ] & 0xFF )
-  return value % ( 10 ** digits )
-  // return ( hmac.readUInt32BE( hmac[ hmac.length - 1 ] & 0x0F ) & 0x7FFFFFFF ) % ( 10 ** digits )
+function hotp(key, counter, options) {
+  return generateToken(key, getCounter(counter), options);
 }
 
-module.exports = hotp
-module.exports.truncate = truncate
-module.exports.totp = require( './totp' )
+module.exports = hotp;
+module.exports.totp = require("./totp");
+module.exports.ocra = require("./ocra");

lib/ocra.js

@@ -0,0 +1,63 @@
+const {
+  parseSuite,
+  convertQuestion,
+  convertTimestamp,
+  convertInt,
+} = require("./ocra_utils");
+const { generateToken } = require("./utils");
+
+/**
+ * @typedef {object} DataInput
+ * @properties {number?} counter
+ * @properties {number|string} question
+ * @properties {string?} password (in hexadecimal)
+ * @properties {string?} sessionInfo
+ * @properties {number?} timestamp (in milliseconds)
+ */
+
+/**
+ * Compute OCRA code.
+ * @param {Buffer} key
+ * @param {string} ocraSuite
+ * @param {DataInput} data
+ * @return {string} Generated OCRA code.
+ */
+function ocra(key, ocraSuite, data) {
+  const details = parseSuite(ocraSuite);
+  const dataInputDetails = details.dataInput;
+  // TODO: validate inputs
+
+  const counterBuffer = dataInputDetails.useCounter
+    ? convertInt(data.counter, 8)
+    : Buffer.alloc(0);
+
+  const questionBuffer = convertQuestion(data.question, dataInputDetails);
+
+  const passwordBuffer = dataInputDetails.usePassword
+    ? Buffer.from(data.password, "hex")
+    : Buffer.alloc(0);
+
+  const sessionBuffer = dataInputDetails.useSession
+    ? Buffer.from(data.sessionInfo)
+    : Buffer.alloc(0);
+
+  const timestampBuffer = convertTimestamp(data.timestamp, dataInputDetails);
+
+  const input = Buffer.concat([
+    counterBuffer,
+    questionBuffer,
+    passwordBuffer,
+    sessionBuffer,
+    timestampBuffer,
+  ]);
+
+  const dataInput = Buffer.concat([
+    Buffer.from(ocraSuite),
+    Buffer.from([0x00]),
+    input,
+  ]);
+
+  return generateToken(key, dataInput, details);
+}
+
+module.exports = ocra;