[KEYPROV] OCRA without truncation
Simon Josefsson <simon@josefsson.org> Tue, 17 September 2013 20:27 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: keyprov@ietfa.amsl.com
Delivered-To: keyprov@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C24611E8563 for <keyprov@ietfa.amsl.com>; Tue, 17 Sep 2013 13:27:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.299
X-Spam-Level:
X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_41=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cI3IJQvlUBrQ for <keyprov@ietfa.amsl.com>; Tue, 17 Sep 2013 13:27:44 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) by ietfa.amsl.com (Postfix) with ESMTP id 876F111E8198 for <keyprov@ietf.org>; Tue, 17 Sep 2013 13:27:39 -0700 (PDT)
Received: from latte.josefsson.org (static-213-115-179-130.sme.bredbandsbolaget.se [213.115.179.130]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id r8HKRR3l021724 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <keyprov@ietf.org>; Tue, 17 Sep 2013 22:27:30 +0200
X-Hashcash: 1:22:130917:keyprov@ietf.org::IIBirVVniDil4dPg:6Hiq
From: Simon Josefsson <simon@josefsson.org>
To: keyprov@ietf.org
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Date: Tue, 17 Sep 2013 22:27:26 +0200
Message-ID: <87d2o7xkgh.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: clamav-milter 0.97.8 at duva.sjd.se
X-Virus-Status: Clean
Subject: [KEYPROV] OCRA without truncation
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 20:27:47 -0000
Hi, I'm merging OCRA support into my OATH Toolkit implementation (<http://www.nongnu.org/oath-toolkit/>) and we are discussing how OCRA without truncation is supposed to work. I haven't been able to figure out from the RFC what the output should be when t=0. There are no test vectors for that case. A naive reader would notice this definition in section 5: In a nutshell, OCRA = CryptoFunction(K, DataInput) together with this from section 4.1: As a reminder: HOTP(K,C) = Truncate(HMAC-SHA1(K,C)) and section 5.2 which specify the CryptoFunction: We define the HOTP family of functions as an extension to HOTP: 1. HOTP-H-t: these are the different possible truncated versions of HOTP, using the dynamic truncation method for extracting an HOTP value from the HMAC output 2. We will denote HOTP-H-t as the realization of an HOTP function that uses an HMAC function with the hash function H, and the dynamic truncation as described in [RFC4226] to extract a t-digit value 3. t=0 means that no truncation is performed and the full HMAC value is used for authentication purposes so one could interpret this as when t=0, the Truncate function is not invoked at all, and instead OCRA takes on the output value of the HMAC-SHA1 function, which is a binary string. Are there any implementation of OCRA with t=0? What encoding, if any, of the HMAC output is used? Decimal, hex, binary? The sample code in the RFC will always output the static code "1" as the OCRA code for t=0, if I read the code correctly, which seems like a bug. /Simon
- [KEYPROV] OCRA without truncation Simon Josefsson