diff options
| -rw-r--r-- | cryptography/hazmat/oath/hotp.py | 4 | ||||
| -rw-r--r-- | docs/exceptions.rst | 6 | ||||
| -rw-r--r-- | docs/hazmat/oath.rst (renamed from docs/hazmat/oath/hotp.rst) | 22 | ||||
| -rw-r--r-- | docs/index.rst | 2 | ||||
| -rw-r--r-- | tests/hazmat/oath/test_hotp.py | 6 |
5 files changed, 25 insertions, 15 deletions
diff --git a/cryptography/hazmat/oath/hotp.py b/cryptography/hazmat/oath/hotp.py index a1f62746..9f5a0f13 100644 --- a/cryptography/hazmat/oath/hotp.py +++ b/cryptography/hazmat/oath/hotp.py @@ -25,8 +25,8 @@ class HOTP(object): if len(key) < 16: raise ValueError("Key length has to be at least 128 bits.") - if length < 6: - raise ValueError("Length of HOTP has to be at least 6.") + if length < 6 or length > 8: + raise ValueError("Length of HOTP has to be between 6 to 8.") self._key = key self._length = length diff --git a/docs/exceptions.rst b/docs/exceptions.rst index 1e31e31c..8ca9df29 100644 --- a/docs/exceptions.rst +++ b/docs/exceptions.rst @@ -36,3 +36,9 @@ Exceptions This is raised when the verify method of a key derivation function's computed key does not match the expected key. + + +.. class:: InvalidToken + + This is raised when the verify method of a one time password function's + computed token does not match the expected token. diff --git a/docs/hazmat/oath/hotp.rst b/docs/hazmat/oath.rst index 7aff330f..b936f0e5 100644 --- a/docs/hazmat/oath/hotp.rst +++ b/docs/hazmat/oath.rst @@ -1,19 +1,25 @@ .. hazmat:: -HMAC-Based One-Time Password Algorithm -====================================== +OATH +==== -.. currentmodule:: cryptography.hazmat.oath.hotp +.. currentmodule:: cryptography.hazmat.oath + +This module contains algorithms under the umbrella of the +Initiative for Open Authentication (OATH). -This module contains functions for generating and verifying one time password -values based on Hash-based message authentication codes (HMAC). +Currently, it contains an algorithm for generating and verifying +one time password values based on Hash-based message authentication +codes (HMAC). + +.. currentmodule:: cryptography.hazmat.oath.hotp .. class:: HOTP(key, length, backend) HOTP objects take a ``key`` and ``length`` parameter. The ``key`` should be randomly generated bytes and is recommended to be 160 bits in length. The ``length`` parameter controls the length of the generated - one time password and must be >= 6. + one time password and must be >= 6 and <= 8. This is an implementation of :rfc:`4226`. @@ -36,8 +42,8 @@ values based on Hash-based message authentication codes (HMAC). :param backend: A :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` provider. - :raises ValueError: This is raised if the provided ``key`` or ``length`` - parameters are shorter than required. + :raises ValueError: This is raised if the provided ``key`` is shorter 128 bits + or if the ``length`` parameter is not between 6 to 8. .. method:: generate(counter) diff --git a/docs/index.rst b/docs/index.rst index 7d6e618c..40c418b0 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -75,7 +75,7 @@ The hazardous materials layer hazmat/primitives/index hazmat/backends/index hazmat/bindings/index - hazmat/oath/hotp + hazmat/oath The ``cryptography`` open source project ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/tests/hazmat/oath/test_hotp.py b/tests/hazmat/oath/test_hotp.py index 47292654..7b1db93d 100644 --- a/tests/hazmat/oath/test_hotp.py +++ b/tests/hazmat/oath/test_hotp.py @@ -35,15 +35,13 @@ class TestHOTP(object): secret = os.urandom(10) with pytest.raises(ValueError): - hotp = HOTP(secret, 6, backend) - hotp.generate(0) + HOTP(secret, 6, backend) def test_invalid_hotp_length(self, backend): secret = os.urandom(16) with pytest.raises(ValueError): - hotp = HOTP(secret, 4, backend) - hotp.generate(0) + HOTP(secret, 4, backend) @pytest.mark.parametrize("params", vectors) def test_truncate(self, backend, params): |