From b5189afaf1dd1c06edd0efe3d6791ea7c40e31c7 Mon Sep 17 00:00:00 2001 From: Ayrx Date: Thu, 13 Feb 2014 18:52:31 +0800 Subject: Added a max limit of 8 on length parameter. Updated documentation. --- docs/hazmat/oath.rst | 59 +++++++++++++++++++++++++++++++++++++++++++++++ docs/hazmat/oath/hotp.rst | 53 ------------------------------------------ 2 files changed, 59 insertions(+), 53 deletions(-) create mode 100644 docs/hazmat/oath.rst delete mode 100644 docs/hazmat/oath/hotp.rst (limited to 'docs/hazmat') diff --git a/docs/hazmat/oath.rst b/docs/hazmat/oath.rst new file mode 100644 index 00000000..b936f0e5 --- /dev/null +++ b/docs/hazmat/oath.rst @@ -0,0 +1,59 @@ +.. hazmat:: + +OATH +==== + +.. currentmodule:: cryptography.hazmat.oath + +This module contains algorithms under the umbrella of the +Initiative for Open Authentication (OATH). + +Currently, it contains an algorithm for generating and verifying +one time password values based on Hash-based message authentication +codes (HMAC). + +.. currentmodule:: cryptography.hazmat.oath.hotp + +.. class:: HOTP(key, length, backend) + + HOTP objects take a ``key`` and ``length`` parameter. The ``key`` + should be randomly generated bytes and is recommended to be 160 bits in + length. The ``length`` parameter controls the length of the generated + one time password and must be >= 6 and <= 8. + + This is an implementation of :rfc:`4226`. + + .. doctest:: + + >>> import os + >>> from cryptography.hazmat.backends import default_backend + >>> from cryptography.hazmat.oath.hotp import HOTP + + >>> key = b"12345678901234567890" + >>> hotp = HOTP(key, 6, backend=default_backend()) + >>> hotp.generate(0) + '755224' + >>> hotp.verify(b"755224", 0) + + :param bytes key: Secret key as ``bytes``. This value must be generated in a + cryptographically secure fashion and be at least 128 bits. + It is recommended that the key be 160 bits. + :param int length: Length of generated one time password as ``int``. + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` + provider. + :raises ValueError: This is raised if the provided ``key`` is shorter 128 bits + or if the ``length`` parameter is not between 6 to 8. + + + .. method:: generate(counter) + + :param int counter: The counter value used to generate the one time password. + :return bytes: A one time password value. + + .. method:: verify(hotp, counter) + + :param bytes hotp: The one time password value to validate. + :param bytes counter: The counter value to validate against. + :raises cryptography.exceptions.InvalidToken: This is raised when the supplied HOTP + does not match the expected HOTP. diff --git a/docs/hazmat/oath/hotp.rst b/docs/hazmat/oath/hotp.rst deleted file mode 100644 index 7aff330f..00000000 --- a/docs/hazmat/oath/hotp.rst +++ /dev/null @@ -1,53 +0,0 @@ -.. hazmat:: - -HMAC-Based One-Time Password Algorithm -====================================== - -.. currentmodule:: cryptography.hazmat.oath.hotp - -This module contains functions for generating and verifying one time password -values based on Hash-based message authentication codes (HMAC). - -.. class:: HOTP(key, length, backend) - - HOTP objects take a ``key`` and ``length`` parameter. The ``key`` - should be randomly generated bytes and is recommended to be 160 bits in - length. The ``length`` parameter controls the length of the generated - one time password and must be >= 6. - - This is an implementation of :rfc:`4226`. - - .. doctest:: - - >>> import os - >>> from cryptography.hazmat.backends import default_backend - >>> from cryptography.hazmat.oath.hotp import HOTP - - >>> key = b"12345678901234567890" - >>> hotp = HOTP(key, 6, backend=default_backend()) - >>> hotp.generate(0) - '755224' - >>> hotp.verify(b"755224", 0) - - :param bytes key: Secret key as ``bytes``. This value must be generated in a - cryptographically secure fashion and be at least 128 bits. - It is recommended that the key be 160 bits. - :param int length: Length of generated one time password as ``int``. - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.HMACBackend` - provider. - :raises ValueError: This is raised if the provided ``key`` or ``length`` - parameters are shorter than required. - - - .. method:: generate(counter) - - :param int counter: The counter value used to generate the one time password. - :return bytes: A one time password value. - - .. method:: verify(hotp, counter) - - :param bytes hotp: The one time password value to validate. - :param bytes counter: The counter value to validate against. - :raises cryptography.exceptions.InvalidToken: This is raised when the supplied HOTP - does not match the expected HOTP. -- cgit v1.2.3