RFC4226 HOTP Java Implementation
Asked Answered
L

2

14

I tried to copy the HOTPAlgorithm.java codes (HOTPAlgorithm.java) and compared it against the official HOTP RFC 4226's sample implementation (RFC4226 Page 27) found on Page 27 of the official RFC4226 document. Both the HOTPAlgorithm.java and the implementation in the RFC4226 are written by the same author whom is Loren Hart and set to version 1.0. Both codes are the same essnetially from my comparison.

I tried to run test vector for 6 digit HOTP codes (without modifying the HOTPAlgorithm.java script) and noticed that the source codes given in the RFC4226 and the HOTPAlgorithm.java produces different test vector results against the published RFC4226 results with exactly the same setting.

Is there a discrepancy in the Java codes published by RFC4226 sample Java codes and the HOTPAlogrithm.java when compared against the RFC4226 test vectors ?

Test Results from HOTPAlgorithm.java and RFC4226 Java codes (both produce the same results):

755224
030356
132975
957805
463120
994243
844697
570244
487336
025740

Test Vectors from RFC4226 Publication (RFC4226 Page 32)

755224
287082
359152
969429
338314
254676
287922
162583
399871
520489

Am I missing something or is there discrepancies between officially published sample codes and officially published results ?

Lenny answered 22/5, 2015 at 8:35 Comment(2)
Did you ever get the reference implementation to work? I've tried the same as you but for count=0 I get 882301 using the reference implementation. If you haven't gotten it to work, I suppose the question in whether the test vectors are wrong, or the implementation.Polak
It seems that the file is not available anymore. I found a similar file with the same code here: gist.github.com/ibnfirnas/27ff6ae47b2f60ed733cFootcloth
C
7

Change

int otp = binary % DIGITS_POWER[codeDigits];

To

int otp = (int) (binary % Math.pow(10, codeDigits));

Or

int otp = binary % 1000000;
Cyanic answered 22/5, 2015 at 11:13 Comment(0)
C
5

The change to Math.pow() didn't make any difference, but I think you might be making the call to generateOTP() with 0 as the truncationOffset parameter value. Trying this with -1 gives the reference test vectors.

Calceolaria answered 31/8, 2016 at 14:39 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.