def get_otp(self, current_time=None, do_truncation=True, time_seconds=None, challenge=None): """ get the next OTP value :param current_time: the current time, for which the OTP value should be calculated for. :type current_time: datetime object :param time_seconds: the current time, for which the OTP value should be calculated for (date +%s) :type: time_seconds: int, unix system time seconds :return: next otp value, and PIN, if possible :rtype: tuple """ otplen = int(self.token.otplen) secretHOtp = self.token.get_otpkey() hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(), otplen, self.get_hashlib(self.hashlib)) if time_seconds is None: time_seconds = self._time2float(datetime.datetime.now()) if current_time: time_seconds = self._time2float(current_time) # we don't need to round here as we have already float counter = int(((time_seconds - self.timeshift) / self.timestep)) otpval = hmac2Otp.generate(counter=counter, inc_counter=False, do_truncation=do_truncation, challenge=challenge) pin = self.token.get_pin() combined = "%s%s" % (otpval, pin) if get_from_config("PrependPin") == "True": combined = "%s%s" % (pin, otpval) return 1, pin, otpval, combined
def get_multi_otp(self, count=0, epoch_start=0, epoch_end=0, curTime=None, timestamp=None): """ return a dictionary of multiple future OTP values of the HOTP/HMAC token :param count: how many otp values should be returned :type count: int :param epoch_start: not implemented :param epoch_end: not implemented :param curTime: Simulate the servertime :type curTime: datetime :param timestamp: Simulate the servertime :type timestamp: epoch time :return: tuple of status: boolean, error: text and the OTP dictionary """ otp_dict = {"type": "TOTP", "otp": {}} ret = False error = "No count specified" otplen = int(self.token.otplen) secretHOtp = self.token.get_otpkey() hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(), otplen, self.get_hashlib(self.hashlib)) if curTime: # datetime object provided for simulation tCounter = self._time2float(curTime) elif timestamp: # epoch time provided for simulation tCounter = int(timestamp) else: # use the current server time tCounter = self._time2float(datetime.datetime.now()) # we don't need to round here as we have alread float counter = int(((tCounter - self.timeshift) / self.timestep)) otp_dict["shift"] = self.timeshift otp_dict["timeStepping"] = self.timeshift if count > 0: error = "OK" for i in range(0, count): otpval = hmac2Otp.generate(counter=counter + i, inc_counter=False) timeCounter = ((counter + i) * self.timestep) + self.timeshift val_time = datetime.datetime.\ fromtimestamp(timeCounter).strftime("%Y-%m-%d %H:%M:%S") otp_dict["otp"][counter + i] = {'otpval': otpval, 'time': val_time} ret = True return ret, error, otp_dict
def get_multi_otp(self, count=0, epoch_start=0, epoch_end=0, curTime=None, timestamp=None): """ return a dictionary of multiple future OTP values of the HOTP/HMAC token :param count: how many otp values should be returned :type count: int :param epoch_start: not implemented :param epoch_end: not implemented :param curTime: Simulate the servertime :type curTime: datetime :param timestamp: Simulate the servertime :type timestamp: epoch time :return: tuple of status: boolean, error: text and the OTP dictionary """ otp_dict = {"type": "TOTP", "otp": {}} ret = False error = "No count specified" otplen = int(self.token.otplen) secretHOtp = self.token.get_otpkey() hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(), otplen, self.get_hashlib(self.hashlib)) if curTime: # datetime object provided for simulation tCounter = self._time2float(curTime) elif timestamp: # epoch time provided for simulation tCounter = int(timestamp) else: # use the current server time tCounter = self._time2float(datetime.datetime.now()) # we don't need to round here as we have alread float counter = int(((tCounter - self.timeshift) / self.timestep)) otp_dict["shift"] = self.timeshift otp_dict["timeStepping"] = self.timeshift if count > 0: error = "OK" for i in range(0, count): otpval = hmac2Otp.generate(counter=counter + i, inc_counter=False) timeCounter = ((counter + i) * self.timestep) + self.timeshift val_time = datetime.datetime.\ fromtimestamp(timeCounter).strftime("%Y-%m-%d %H:%M:%S") otp_dict["otp"][counter + i] = {'otpval': otpval, 'time': val_time} ret = True return ret, error, otp_dict
def get_otp(self, current_time=None, do_truncation=True, time_seconds=None, challenge=None): """ get the next OTP value :param current_time: the current time, for which the OTP value should be calculated for. :type current_time: datetime object :param time_seconds: the current time, for which the OTP value should be calculated for (date +%s) :type: time_seconds: int, unix system time seconds :return: next otp value, and PIN, if possible :rtype: tuple """ otplen = int(self.token.otplen) secretHOtp = self.token.get_otpkey() hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(), otplen, self.get_hashlib(self.hashlib)) if time_seconds is None: time_seconds = self._time2float(datetime.datetime.now()) if current_time: time_seconds = self._time2float(current_time) # we don't need to round here as we have already float counter = int(((time_seconds - self.timeshift) / self.timestep)) otpval = hmac2Otp.generate(counter=counter, inc_counter=False, do_truncation=do_truncation, challenge=challenge) pin = self.token.get_pin() combined = "{0!s}{1!s}".format(otpval, pin) if get_from_config("PrependPin") == "True": combined = "{0!s}{1!s}".format(pin, otpval) return 1, pin, otpval, combined
class OCRA(object): def __init__(self, ocrasuite, key=None, security_object=None): """ Creates an OCRA Object that can be used to calculate OTP response or verify a response. :param ocrasuite: The ocrasuite description :type ocrasuite: str :param security_object: A privacyIDEA security object, that can be used to look up the key in the database :type security_object: secObject as defined in privacyidea.lib.crypto :param key: The HMAC Key :type key: binary :return: OCRA Object """ self.ocrasuite_obj = OCRASuite(ocrasuite) self.ocrasuite = ocrasuite self.key = key self.security_obj = security_object digits = self.ocrasuite_obj.truncation self.hmac_obj = HmacOtp(secObj=self.security_obj, digits=digits, hashfunc=SHA_FUNC.get(self.ocrasuite_obj.sha)) def create_data_input(self, question, pin=None, pin_hash=None, counter=None, timesteps=None): """ Create the data_input to be used in the HMAC function In case of QN the question would be "111111" In case of QA the question would be "123ASD" In case of QH the question would be "BEEF" The question is transformed internally. :param question: The question can be :type question: str :param pin_hash: The hash of the pin :type pin_hash: basestring (hex) :param timesteps: timestemps :type timesteps: hex string :return: data_input :rtype: bytes """ # In case the ocrasuite comes as a unicode (like from the webui) we # need to convert it! data_input = to_bytes(self.ocrasuite) + b'\0' # Check for counter if self.ocrasuite_obj.counter == "C": if counter: counter = int(counter) counter = struct.pack('>Q', int(counter)) data_input += counter else: raise Exception( "The ocrasuite {0!s} requires a counter".format( self.ocrasuite)) # Check for Question if self.ocrasuite_obj.challenge_type == "QN": # question contains only numeric values hex_q = '{0:x}'.format(int(question)) hex_q += '0' * (len(hex_q) % 2) bin_q = binascii.unhexlify(hex_q) bin_q += b'\x00' * (128 - len(bin_q)) data_input += bin_q elif self.ocrasuite_obj.challenge_type == "QA": # question contains alphanumeric characters bin_q = to_bytes(question) bin_q += b'\x00' * (128 - len(bin_q)) data_input += bin_q elif self.ocrasuite_obj.challenge_type == "QH": # qustion contains hex values bin_q = binascii.unhexlify(question) bin_q += b'\x00' * (128 - len(bin_q)) data_input += bin_q # in case of PIN if self.ocrasuite_obj.signature_type == "P": if pin_hash: data_input += binascii.unhexlify(pin_hash) elif pin: pin_hash = SHA_FUNC.get(self.ocrasuite_obj.signature_hash)( to_bytes(pin)).digest() data_input += pin_hash else: raise Exception("The ocrasuite {0!s} requires a PIN!".format( self.ocrasuite)) elif self.ocrasuite_obj.signature_type == "T": if not timesteps: raise Exception( "The ocrasuite {0!s} requires timesteps".format( self.ocrasuite)) # In case of Time timesteps = int(timesteps, 16) timesteps = struct.pack('>Q', int(timesteps)) data_input += timesteps elif self.ocrasuite_obj.signature_type == "S": # pragma: no cover # In case of session # TODO: Session not yet implemented raise NotImplementedError("OCRA Session not implemented, yet.") return data_input def get_response(self, question, pin=None, pin_hash=None, counter=None, timesteps=None): """ Create an OTP response from the given input values. :param question: :param pin: :param pin_hash: :param counter: :return: """ data_input = self.create_data_input(question, pin=pin, pin_hash=pin_hash, counter=counter, timesteps=timesteps) r = self.hmac_obj.generate(key=self.key, challenge=binascii.hexlify(data_input)) return r def check_response(self, response, question=None, pin=None, pin_hash=None, counter=None, timesteps=None): """ Check the given *response* if it is the correct response to the challenge/question. :param response: :param question: :param pin: :param pin_hash: :param counter: :param timesteps: :return: """ r = self.get_response(question, pin=pin, pin_hash=pin_hash, counter=counter, timesteps=timesteps) if r == response: return 1 else: return -1
class OCRA(object): def __init__(self, ocrasuite, key=None, security_object=None): """ Creates an OCRA Object that can be used to calculate OTP response or verify a response. :param ocrasuite: The ocrasuite description :type ocrasuite: basestring :param security_object: A privacyIDEA security object, that can be used to look up the key in the database :type security_object: secObject as defined in privacyidea.lib.crypto :param key: The HMAC Key :type key: binary :return: OCRA Object """ self.ocrasuite_obj = OCRASuite(ocrasuite) self.ocrasuite = str(ocrasuite) self.key = key self.security_obj = security_object digits = self.ocrasuite_obj.truncation self.hmac_obj = HmacOtp(secObj=self.security_obj, digits=digits, hashfunc=SHA_FUNC.get(self.ocrasuite_obj.sha)) def create_data_input(self, question, pin=None, pin_hash=None, counter=None, timesteps=None): """ Create the data_input to be used in the HMAC function In case of QN the question would be "111111" In case of QA the question would be "123ASD" In case of QH the question would be "BEEF" The question is transformed internally. :param question: The question can be :type question: basestring :param pin_hash: The hash of the pin :type pin_hash: basestring (hex) :param timesteps: timestemps :type timesteps: hex string :return: data_input :rytpe: binary """ # In case the ocrasuite comes as a unicode (like from the webui) we # need to convert it! data_input = str(self.ocrasuite) + b'\0' # Check for counter if self.ocrasuite_obj.counter == "C": if counter: counter = int(counter) counter = struct.pack('>Q', int(counter)) data_input += counter else: raise Exception("The ocrasuite {0!s} requires a counter".format( self.ocrasuite)) # Check for Question if self.ocrasuite_obj.challenge_type == "QN": # In case of QN question = '{0:x}'.format(int(question)) question += '0' * (len(question) % 2) question = binascii.unhexlify(question) question += '\0' * (128-len(question)) data_input += question elif self.ocrasuite_obj.challenge_type == "QA": question += '\0' * (128-len(question)) data_input += question elif self.ocrasuite_obj.challenge_type == "QH": # pragma: no cover question = binascii.unhexlify(question) question += '\0' * (128-len(question)) data_input += question # in case of PIN if self.ocrasuite_obj.signature_type == "P": if pin_hash: data_input += binascii.unhexlify(pin_hash) elif pin: pin_hash = SHA_FUNC.get(self.ocrasuite_obj.signature_hash)( pin).digest() data_input += pin_hash else: raise Exception("The ocrasuite {0!s} requires a PIN!".format( self.ocrasuite)) elif self.ocrasuite_obj.signature_type == "T": if not timesteps: raise Exception("The ocrasuite {0!s} requires timesteps".format( self.ocrasuite)) # In case of Time timesteps = int(timesteps, 16) timesteps = struct.pack('>Q', int(timesteps)) data_input += timesteps elif self.ocrasuite_obj.signature_type == "S": # pragma: no cover # In case of session # TODO: Session not yet implemented raise NotImplementedError("OCRA Session not implemented, yet.") return data_input def get_response(self, question, pin=None, pin_hash=None, counter=None, timesteps=None): """ Create an OTP response from the given input values. :param question: :param pin: :param pin_hash: :param counter: :return: """ data_input = self.create_data_input(question, pin=pin, pin_hash=pin_hash, counter=counter, timesteps=timesteps) r = self.hmac_obj.generate(key=self.key, challenge=binascii.hexlify(data_input)) return r def check_response(self, response, question=None, pin=None, pin_hash=None, counter=None, timesteps=None): """ Check the given *response* if it is the correct response to the challenge/question. :param response: :param question: :param pin: :param pin_hash: :param counter: :param timesteps: :return: """ r = self.get_response(question, pin=pin, pin_hash=pin_hash, counter=counter, timesteps=timesteps) if r == response: return 1 else: return -1