README
¶
ocra
Golang OATH OCRA implementation.
Status
Table of contents
Context
OCRA is an algorithm for challenge-response authentication developed by the Initiative for Open Authentication (OATH). The specified mechanisms leverage the HMAC-based One-Time Password (HOTP) algorithm and offer one-way and mutual authentication, and electronic signature capabilities.
The Initiative for Open Authentication (OATH) [OATH] has identified several use cases and scenarios that require an asynchronous variant to accommodate users who do not want to maintain a synchronized authentication system. A commonly accepted method for this is to use a challenge-response scheme.
Such a challenge-response mode of authentication is widely adopted in the industry. Several vendors already offer software applications and hardware devices implementing challenge-response -- but each of those uses vendor-specific proprietary algorithms. For the benefits of users there is a need for a standardized challenge-response algorithm that allows multi-sourcing of token purchases and validation systems to facilitate the democratization of strong authentication.
Additionally, this specification describes the means to create symmetric key-based short 'electronic signatures'. Such signatures are variants of challenge-response mode where the data to be signed becomes the challenge or is used to derive the challenge. Note that the term 'electronic signature' and 'signature' are used interchangeably in this document.
See complete RFC6287 documentation
Description
This is a native Golang implementation of the RFC6287 document.
Installation
To install the package symply run go install from the terminal (requires a correctly set GOPATH).
Contribution
The project is in the early development stages: contributors are welcome! Please before contributing read the issues. Thanks!
Contributors
Documentation
¶
Overview ¶
Package ocra implements a full OATH OCRA algorithm as defined in RFC6287 (https://tools.ietf.org/html/rfc6287). OCRA is an algorithm for challenge-response authentication developed by the Initiative for Open Authentication (OATH).
Index ¶
- type OCRA
- func (o *OCRA) OTP(key []byte, counter, timeStamp uint64, question, password []byte, ...) (*OTP, error)
- func (o *OCRA) PasswordEncoding(password []byte) ([]byte, error)
- func (o *OCRA) QuestionEncoding(value interface{}, otherPartyGenerated interface{}) ([]byte, error)
- func (o *OCRA) TimeStampEncoding(ts *time.Time) (uint64, error)
- type OTP
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type OCRA ¶
type OCRA struct {
// contains filtered or unexported fields
}
OCRA represent the basic tructure used to execute challenge and response ops.
func NewOCRA ¶
NewOCRA generate an OCRA struct from the available options that can be descrived in a RFC6287 standard OCRASuite. An OCRASuite value is a text string that captures one mode of operation for OCRA, completely specifying the various options for that computation. An OCRASuite value is represented as follows: <Algorithm>:<CryptoFunction>:<DataInput>
func (*OCRA) OTP ¶
func (o *OCRA) OTP( key []byte, counter, timeStamp uint64, question, password []byte, session string, ) (*OTP, error)
OTP implements RFC6287 to produce an OTP starting from a challenge shared with the server. All passed arguments will be validated considering the evaluated OCRA suite.
func (*OCRA) PasswordEncoding ¶
PasswordEncoding encode a binary password using the suite defined hashing algorithm.
func (*OCRA) QuestionEncoding ¶
func (o *OCRA) QuestionEncoding( value interface{}, otherPartyGenerated interface{}, ) ([]byte, error)
QuestionEncoding generate correctly encoded binary questions starting from OCRA suite and passed arguments. The function consider the use case of mutual authentication by accepting a otherPartyGenerated question that will be concatenated (if any) with the self targeted question.
Source Files