Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
-
JavaME mobile phone platform and validation server.
Description
Hotp.java class implements RFC4226 "HOTP: An HMAC-Based One-Time Password Algorithm".
In that class,
hotp.generate(secret, counter, digits) uses
int offset = 0;
Section 5.4 from RFC
"The following code example describes the extraction of a dynamic
binary code given that hmac_result is a byte array with the HMACSHA-1 result:
int offset = hmac_result[19] & 0xf ;
int bin_code = (hmac_result[offset] & 0x7f) << 24
(hmac_result[offset+1] & 0xff) << 16 |
(hmac_result[offset+2] & 0xff) << 8 |
(hmac_result[offset+3] & 0xff) " |
that is, the offset is the least significant nibble from the last byte of
hotp.stepOne() output (the 20 bytes from hmac-sha1(k,c))
Solved by setting offset to this value
int offset = hmac_result[19] & 0xf;