// Execute the mutulChallengeResponse server: in this example the ocra suite is predefined both for the client and the server
// 1. Wait for the client's randomly generated question
// 2. Send to the client both the calculated ocra value (based on the ocra suite and client's + server's questions) and the server's question
// 3. Get from the client the calculated ocra value based on the client's and server's questions
// 4. Calculate the expected ocra value based on both the client's and the server's questions
// 5. Comapre the calculated ocra value with the one recived from the client
// 6. If the values are equal: the client is authenticated
//    6.1. Send an OK message to the client
//    6.2. Increase the 'ocra used' counter (to prevent replay attacks)
// 7. Else (the values are not equal) send a NOK message to the client
func mutualChallengeResponseServer(key string, counter string) {
	QS := "Server 9879"

	QC := <-channel

	RS, err := ocra.GenerateOCRAAdvance(mutualOcraSuite, key, counter, QC+QS, mutualPassword, "", "")
	if err != nil {
		doneChannel <- fmt.Sprintf(failFmt, err)
	}

	channel <- RS
	channel <- QS

	RC := <-channel
	cOtp, err := ocra.GenerateOCRAAdvance(mutualOcraSuite, key, counter, QS+QC, mutualPassword, "", "")
	if err != nil {
		doneChannel <- fmt.Sprintf(failFmt, err)
	}

	if RC == cOtp {
		channel <- OKStr
		val, _ := strconv.Atoi(counter)
		counter = fmt.Sprintf("%06d", val+1)
	} else {
		channel <- NOKStr
	}
}
func mutualChallengeResponseClient(key string, counter string) {
	QC := "Client 1234"
	channel <- QC

	RS := <-channel
	QS := <-channel

	sOtp, err := ocra.GenerateOCRAAdvance(mutualOcraSuite, key, counter, QC+QS, mutualPassword, "", "")
	if err != nil {
		doneChannel <- fmt.Sprintf(failFmt, err)
	}

	RC, err := ocra.GenerateOCRAAdvance(mutualOcraSuite, key, counter, QS+QC, mutualPassword, "", "")
	if err != nil {
		doneChannel <- fmt.Sprintf(failFmt, err)
	}

	if RS == sOtp {
		channel <- RC
	} else {
		channel <- "0"
	}
	fmt.Printf("Client/Server otp: (%v,%v), Ocra suite: %v, Client/Server questions: ('%v','%v'), counter: %v, password: %v\n",
		RC, RS, mutualOcraSuite, QC, QS, counter, mutualPassword)
	ok := <-channel
	if ok == OKStr {
		val, _ := strconv.Atoi(counter)
		counter = fmt.Sprintf("%06d", val+1)
	}
	doneChannel <- ok
}
func TestOneWayChallengeResponse(t *testing.T) {
	userName := usersName[0]

	initAListOfUsers(t, usersName)

	url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityChallengeToken)
	res := exeCommandCheckRes(t, cr.GET_STR, url, http.StatusOK, "", cr.StringMessage{Str: getMessageStr})
	var OcraData OcraData
	err := json.Unmarshal([]byte(res), &OcraData)
	if err != nil {
		t.Errorf("Test fail: execute GET to '%v' expected to get ocra data but received: %v, error: %v",
			url, res, err)
	}
	//Calculate the cleint OTP
	otp, err := ocra.GenerateOCRAAdvance(OcraUserDataInfo.OcraSuite, secretCode,
		OcraData.Counter, OcraData.ServerQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
	logger.Info.Println("The calculated OTP for ocra data:", res, "is:", otp)
	if err != nil {
		t.Errorf("Test fail: Try to generate OCRA with the following parameters: %v, error: %v", res, err)
	}
	OcraData.Otp = otp
	data, _ := json.Marshal(OcraData)
	url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityOtpToken)
	exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusOK, string(data), cr.Match{Match: true, Message: ""})
}
Example #4
0
func (o ocraRestful) restVerifyOcraUserIdentityCheckOtp(request *restful.Request, response *restful.Response) {
	data := o.getOcra(request, response)
	if data == nil {
		return
	}
	var OcraData OcraData
	err := request.ReadEntity(&OcraData)
	if err != nil {
		str := fmt.Sprintf("Error while reading data '%v', error: %v", OcraData, err)
		o.setError(response, http.StatusNotFound, fmt.Errorf(str))
		return
	}
	// verify client OTP
	otp, err := ocra.GenerateOCRAAdvance(data.OcraSuite, string(data.Key), OcraData.Counter,
		OcraData.ServerQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
	response.WriteHeader(http.StatusOK)
	logger.Trace.Println("OcraData:", OcraData, "otp:", otp, "client otp:", OcraData.Otp)
	if OcraData.Otp == otp && err == nil {
		response.WriteEntity(cr.Match{Match: true, Message: "OTP match"})
		logger.Trace.Println("Server verify the OTP successfully")
	} else {
		logger.Trace.Println("Server calculated OTP:", otp, "is different from the one sent from the client", OcraData.Otp)
		response.WriteEntity(cr.Match{Match: false, Message: "OTP doesn't match"})
	}
}
// Execute the oneWayChallengeResponse client:
// 1. Wait for the ocra suite defined by the server (in this example)
//    and the server's randomly generated question
// 2. Send to the server the calculated ocra value (using the ocra suite and the server's question)
// 3. Send the server's approval to the "done channel"
func oneWayChallengeResponseClient(key string) {
	oneWayOcraSuite := <-channel
	question := <-channel

	otp, err := ocra.GenerateOCRAAdvance(oneWayOcraSuite, key, "", question, "", "", "")
	if err != nil {
		doneChannel <- fmt.Sprintf(failFmt, err)
	}
	fmt.Printf("Client otp: %v, Ocra suite: %v, Question: '%v'\n", otp, oneWayOcraSuite, question)
	channel <- otp
	ok := <-channel
	doneChannel <- ok
}
func TestMutualChallengeResponse(t *testing.T) {
	var OcraData OcraData
	userName := usersName[0]

	initAListOfUsers(t, usersName)

	OcraData.ClientQuestion = "The client 1"
	url := listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityMutualChallengeStep1Token)
	data, _ := json.Marshal(cr.StringMessage{Str: OcraData.ClientQuestion})
	res := exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusOK, string(data), cr.StringMessage{Str: getMessageStr})
	err := json.Unmarshal([]byte(res), &OcraData)
	if err != nil {
		t.Errorf("Test fail: execute GET to '%v' expected to get ocra data but received: %v, error: %v",
			url, res, err)
		t.FailNow()
	}
	clientOtp, err := ocra.GenerateOCRAAdvance(OcraUserDataInfo.OcraSuite, secretCode,
		OcraData.Counter, OcraData.ServerQuestion+OcraData.ClientQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
	serverOtp, _ := ocra.GenerateOCRAAdvance(OcraUserDataInfo.OcraSuite, secretCode,
		OcraData.Counter, OcraData.ClientQuestion+OcraData.ServerQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
	logger.Info.Println("The calculated client OTP for ocra data:", res, "and client question:", OcraData.ClientQuestion, "is:", clientOtp, "the server otp:", serverOtp)
	if err != nil {
		t.Errorf("Test fail: Try to generate OCRA with the following parameters: %v, error: %v", res, err)
		t.FailNow()
	}

	if OcraData.Otp != serverOtp {
		t.Errorf("Test fail: The calculated server OTP: %v is not as the received OTP: %v", serverOtp, OcraData.Otp)
		t.FailNow()
	}

	url = listener + ServicePath + fmt.Sprintf(cr.ConvertCommandToRequest(urlCommands[verifyUserIdentityCommand]), usersPath, userName, verifyUserIdentityMutualChallengeStep2Token)
	OcraData.Otp = clientOtp
	data, _ = json.Marshal(OcraData)
	exeCommandCheckRes(t, cr.PUT_STR, url, http.StatusOK, string(data), cr.Match{Match: true, Message: ""})
}
// In this example, The oneWayOcraSuite is defined by the server and sent to the client
// 1. Send the ocra suite and the "random" question to the client
// 2. Comapre the expected calculated ocra value with the one recived from the client
// 3. Based on the result of the comparison, send either an 'OK' or a 'NOK' message to the client
func oneWayChallengeResponseServer(key string) {
	oneWayOcraSuite := "OCRA-1:HOTP-SHA1-6:QA08"
	question := "abcd1234"

	channel <- oneWayOcraSuite
	channel <- question

	refOtp, err := ocra.GenerateOCRAAdvance(oneWayOcraSuite, key, "", question, "", "", "")
	if err != nil {
		doneChannel <- fmt.Sprintf(failFmt, err)
	}
	otp := <-channel
	if otp == refOtp {
		channel <- OKStr
	} else {
		channel <- NOKStr
	}
}
Example #8
0
func (o ocraRestful) restVerifyOcraUserIdentityMutualChallengeStep2(request *restful.Request, response *restful.Response) {
	data := o.getOcra(request, response)
	if data == nil {
		return
	}
	var OcraData OcraData
	err := request.ReadEntity(&OcraData)
	clientOtp, err := ocra.GenerateOCRAAdvance(data.OcraSuite, string(data.Key),
		OcraData.Counter, OcraData.ServerQuestion+OcraData.ClientQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
	response.WriteHeader(http.StatusOK)
	logger.Trace.Println("OcraData:", OcraData, "client otp:", OcraData.Otp, "calculated client otp:", clientOtp)
	if OcraData.Otp == clientOtp && err == nil {
		response.WriteEntity(cr.Match{Match: true, Message: "OTP match"})
		logger.Trace.Println("Server verify the OTP successfully")
	} else {
		logger.Trace.Println("Server calculated OTP:", clientOtp, "is different from the one sent from the client", OcraData.Otp)
		response.WriteEntity(cr.Match{Match: false, Message: "Client OTP doesn't match"})
	}
}
Example #9
0
func (o ocraRestful) restVerifyOcraUserIdentityMutualChallengeStep1(request *restful.Request, response *restful.Response) {
	data := o.getOcra(request, response)
	if data == nil {
		return
	}
	var OcraData OcraData
	err := request.ReadEntity(&OcraData)
	logger.Trace.Println("Server received data:", OcraData, "Error:", err)
	OcraData.ServerQuestion = o.getRandString(OcraQuestionLen)
	serverOtp, err := ocra.GenerateOCRAAdvance(data.OcraSuite, string(data.Key),
		OcraData.Counter, OcraData.ClientQuestion+OcraData.ServerQuestion, OcraData.Password, OcraData.SessionId, OcraData.TimeStamp)
	if err != nil {
		o.setError(response, http.StatusNotFound, err)
		return
	}
	response.WriteHeader(http.StatusOK)
	logger.Trace.Println("OcraData:", OcraData, "server otp:", serverOtp)
	OcraData.Otp = serverOtp
	response.WriteEntity(OcraData)
}