Ocra not working with session.

bdauvergne / python-oath

Python implementation of HOTP, TOTP and OCRA algorithms from OATH

BSD 3-Clause "New" or "Revised" License

128 stars 35 forks source link

Ocra not working with session. #39

Closed StephanGocht closed 1 year ago

StephanGocht commented 1 year ago

I tried using the ocra implementation with tiqr. However, the generated responses do not match. The reason is that this implementation uses the session string directly (via tobytes) instead of as hex encoded string (via fromhex). This is not discussed in the RFC, however the implementation in the RFC also views the session as hexencoded string and additionally applies padding to the front, hence it might be good to change that in this implementation.

bdauvergne commented 1 year ago

I do not think I need padding since length is checked and mismatch is an error :

            if S is None or len(S) != self.S:

if you need to pass already encoded content, just pass bytes.

StephanGocht commented 1 year ago

Ah, yes sorry. I didn't notice that I could pass in bytes directly. Thanks!