l0ve2hat3 Posted June 16, 2010 Share Posted June 16, 2010 this is a comment on http://php.net/manual/en/function.hash-hmac.php HOTP Algorithm that works according to the RCF http://tools.ietf.org/html/draft-mraihi-oath-hmac-otp-04 The test cases from the RCF document the ASCII string as "123456787901234567890". But the hex decoded to a string is "12345678901234567890". Secret="12345678901234567890"; Count: 0 755224 1 287082 <?php function oath_hotp($key,$counter) { // Convert to padded binary string $data = pack ('C*', $counter); $data = str_pad($data,8,chr(0),STR_PAD_LEFT); // HMAC return hash_hmac('sha1',$data,$key); } function oath_truncate($hash, $length = 6) { // Convert to dec foreach(str_split($hash,2) as $hex) { $hmac_result[]=hexdec($hex); } // Find offset $offset = $hmac_result[19] & 0xf; // Algorithm from RFC return ( (($hmac_result[$offset+0] & 0x7f) << 24 ) | (($hmac_result[$offset+1] & 0xff) << 16 ) | (($hmac_result[$offset+2] & 0xff) << 8 ) | ($hmac_result[$offset+3] & 0xff) ) % pow(10,$length); } print "<pre>"; print "Compare results with:" print " http://tools.ietf.org/html/draft-mraihi-oath-hmac-otp-04\n"; print "Count\tHash\t\t\t\t\t\tPin\n"; for($i=0;$i<10;$i++) print $i."\t".($a=oath_hotp("12345678901234567890",$i)) print "\t".oath_truncate($a)."\n"; How do they get "123456787901234567890" from "12345678901234567890"?? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.