ocra_gen.c

Generates an OCRA (OATH Algorithm) value in accordance with RFC 6287.

Parameters

[in]	hSession	Context acquired through the DOpenSession() function.
[in]	dwSetup	Flags that enable the optional fields in the OCRA calculation. The following table is accepted. Value Meaning DN_OATH_OCRA_USE_CTR Include the pbCounter field in the calculation. DN_OATH_OCRA_USE_PH20 Includes the SHA-1 hash of the password in pbPinHash (20 bytes). DN_OATH_OCRA_USE_PH32 Includes the SHA-256 hash of the password in pbPinHash (32 bytes). DN_OATH_OCRA_USE_PH64 Includes the SHA-512 hash of the password in pbPinHash (64 bytes). DN_OATH_OCRA_USE_TS Include the timestamp in pbTimestamp in the calculation.
[in]	bOTPLen	The length of the generated OTP in digits, between ISSUE_OATH_MIN_OTP_LEN and ISSUE_OATH_MAX_OTP_LEN.
[in]	szSK	Name of the HMAC key (SHA-1, SHA-256, or SHA-512) in the HSM used in the calculation. Maximum size: MAX_OBJ_ID_FQN_LEN.
[in]	szSuite	OCRA suite string as defined in RFC 6287. Maximum length: DN_OATH_OCRA_MAX_SUITE_LEN.
[in]	pbCounter	DN_OATH_OCRA_CTR_LEN-byte counter. Required when DN_OATH_OCRA_USE_CTR is set in dwSetup; otherwise ignored. May be NULL.
[in]	pbQuestion	Challenge with a size defined by bQuestionLen. Required.
[in]	bQuestionLen	Size of pbQuestion in bytes. Must be greater than 0 and no more than DN_OATH_OCRA_MAX_Q_LEN.
[in]	pbPinHash	Hash of the user's password. The size must be compatible with the hash flag set in dwSetup (DN_OATH_OCRA_USE_PH20, DN_OATH_OCRA_USE_PH32, or DN_OATH_OCRA_USE_PH64). It can be NULL if no hash flag is active.
[in]	szSession	Client session information with a maximum length of DN_OATH_OCRA_CSESS_MAX_LEN. May be NULL.
[in]	pbTimestamp	Timestamp of DN_OATH_OCRA_TIME_STEPS_LEN bytes. Required when DN_OATH_OCRA_USE_TS is set in dwSetup; otherwise, it is ignored. May be NULL.
[out]	szOTP	Buffer that will receive the generated OTP. It must have a minimum size of bOTPLen + 1 (null terminator).
[in]	dwFlags	Reserved for future use (must be 0).

Return

0 (ZERO) if the function is successful.
See the Return Codes section for other values.

#include <string.h>
#include <stdlib.h>
#include <stdio.h>
 
#include "dinamo.h" /* header do Dinamo */
 
#define HOST_ADDR       "127.0.0.1"
#define USER_ID         "master"
#define USER_PWD        "12345678"
 
#define SK_ID           "ocra_hmac_key"
 
int main()
{
    int nRet = 0;
    struct AUTH_PWD authPwd;
    HSESSIONCTX hSession = NULL;
    HKEYCTX hKey = NULL;
 
    char szOTP[ISSUE_OATH_MAX_OTP_LEN + 1] = {0};
 
    //Inicializa as bibliotecas do Dinamo
    nRet = DInitialize(0);
    if (nRet) {
        printf("Falha na funcao: DInitialize \nCodigo de erro: %d\n", nRet);
        goto clean;
    }
 
    printf("Bibliotecas inicializadas.\n");
 
    //Inicializa a estrutura para conexao com o HSM
    strncpy(authPwd.szAddr,     HOST_ADDR, sizeof(authPwd.szAddr));
    strncpy(authPwd.szUserId,   USER_ID,   sizeof(authPwd.szUserId));
    strncpy(authPwd.szPassword, USER_PWD,  sizeof(authPwd.szPassword));
    authPwd.nPort = DEFAULT_PORT;
 
    nRet = DOpenSession(&hSession, SS_USER_PWD, (BYTE *)&authPwd,
                        sizeof(authPwd), ENCRYPTED_CONN);
    if (nRet) {
        printf("Falha na funcao: DOpenSession \nCodigo de erro: %d\n", nRet);
        goto clean;
    }
 
    printf("Sessao com o Dinamo estabelecida.\n");
 
    /*
     * Importa a chave HMAC-SHA1 de 20 bytes usada no calculo OCRA.
     * Suite OCRA-1:HOTP-SHA1-6:QN08 (RFC 6287 Apendice B.1).
     * Chave de teste: "12345678901234567890" (20 bytes ASCII).
     */
    BYTE key[] = {
        0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30,
        0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x30
    };
 
    nRet = DImportKey(hSession, SK_ID, NULL, PLAINTEXTKEY_BLOB,
                      ALG_HMAC_SHA1, EXPORTABLE_KEY,
                      key, sizeof(key), &hKey);
    if (nRet) {
        printf("Falha na funcao: DImportKey \nCodigo de erro: %d\n", nRet);
        goto clean;
    }
 
    printf("Chave HMAC-SHA1 importada com sucesso.\n");
 
    /*
     * Desafio numerico Q=12345678 codificado em big-endian sem nibbles zeros
     * a esquerda (RFC 6287): 12345678 = 0xBC614E -> {0xBC, 0x61, 0x4E}.
     */
    BYTE question[] = {0xBC, 0x61, 0x4E};
 
    //Gera o OTP OCRA sem campos opcionais (sem contador, senha ou timestamp)
    nRet = DOATHOcraGen(hSession,
                        0,                           /* dwSetup: sem campos opcionais */
                        6,                           /* bOTPLen: OTP de 6 digitos */
                        SK_ID,                       /* szSK: nome da chave no HSM */
                        "OCRA-1:HOTP-SHA1-6:QN08",  /* szSuite */
                        NULL,                        /* pbCounter: nao utilizado */
                        question, sizeof(question),  /* pbQuestion, bQuestionLen */
                        NULL, NULL, NULL,             /* pbPinHash, szSession, pbTimestamp */
                        szOTP, 0);
    if (nRet) {
        printf("Falha na funcao: DOATHOcraGen \nCodigo de erro: %d\n", nRet);
        goto clean;
    }
 
    printf("OTP OCRA gerado com sucesso: %s\n", szOTP);
 
    clean:
 
    if (hKey) {
        DDestroyKey(&hKey, REMOVE_FROM_HSM);
        printf("Chave removida com sucesso.\n");
    }
 
    if (hSession) {
        DCloseSession(&hSession, 0);
        printf("Sessao encerrada.\n");
    }
 
    DFinalize();
    printf("Bibliotecas finalizadas.\n");
 
    return nRet;
}