package rfc6287

  1. Overview
  2. Docs
package rfc6287
Legend:
Library
Module
Module type
Parameter
Class
Class type

RFC6287 (OCRA)

type t

The abstract OCRA suite type

type err =
  1. | Invalid_suite_string
  2. | DataInput of string
  3. | Window of string
val t_of_string : string -> (t, err) Rresult.result
val string_of_t : t -> string
type di = {
  1. c : bool;
    (*

    C

    *)
  2. q : [ `A | `N | `H ] * int;
    (*

    Q

    *)
  3. p : [ `SHA1 | `SHA256 | `SHA512 ] option;
    (*

    P

    *)
  4. s : int option;
    (*

    S

    *)
  5. t : int option;
    (*

    T

    *)
}
val di_of_t : t -> di
  • returns

    DataInput spec

val challenge : t -> string
  • returns

    random challenge string q with format and length as specified in suite

type pinhash = [
  1. | `String of string
  2. | `Digest of Cstruct.t
]

if pinhash is `String x, gen and verify will apply the Pin Hash algorithm specified in suite to calculate the digest of x.

if pinhash is `Digest d, its length must equal digests size of Pin Hash function (as specified in suite)

type timestamp = [
  1. | `Now
  2. | `Int64 of int64
]

if timestamp is `Now, gen and verify will use Unix.time and the timestep specified in suite to calculate the timestamp value

val gen : ?time:int64 -> ?c:int64 -> ?p:pinhash -> ?s:Cstruct.t -> ?t:timestamp -> key:Cstruct.t -> q:string -> t -> (Cstruct.t, err) Rresult.result

Generate OCRA(K, {[C] | Q | [P | S | T]}).

  • returns
    • Ok a the response
    • Error (DataInput error_message) if parameters do not match suite
  • parameter c

    DataInput C: Counter

  • parameter p

    DataInput P: Pin Hash

  • parameter s

    DataInput S: Session; length must equal session size (as specified in suite)

  • parameter t

    DataInput T: Timestamp

  • parameter key

    CryptoFunction key K

  • parameter q

    DataInput Q: Challenge

val gen1 : ?time:int64 -> c:int64 option -> p:pinhash option -> s:Cstruct.t option -> t:timestamp option -> key:Cstruct.t -> q:string -> t -> (Cstruct.t, err) Rresult.result
val verify : ?time:int64 -> ?c:int64 -> ?p:pinhash -> ?s:Cstruct.t -> ?t:timestamp -> ?cw:int -> ?tw:int -> key:Cstruct.t -> q:string -> a:Cstruct.t -> t -> (bool * int64 option, err) Rresult.result

Verify OCRA Response.

  • returns
    • Ok (true, None) upon successful verification for suite without C DataInput
    • Ok (true, Some next_counter) upon successful verification for suite with C DataInput
    • Ok (false, None) if verification failed
    • Error (DataInput error_message) if parameters do not match suite
    • Error (Window error_message) on invalid cw and tw parameters
  • parameter c

    DataInput C: Counter

  • parameter p

    DataInput P: Pin Hash

  • parameter s

    DataInput S: Session; length must equal session size (as specified in suite)

  • parameter t

    DataInput T: Timestamp

  • parameter cw

    Counter Window

  • parameter tw

    Timestamp Window

  • parameter key

    CryptoFunction key K

  • parameter q

    DataInput Q: Challenge

  • parameter a

    Response to check against

val verify1 : ?time:int64 -> c:int64 option -> p:pinhash option -> s:Cstruct.t option -> t:timestamp option -> cw:int option -> tw:int option -> key:Cstruct.t -> q:string -> a:Cstruct.t -> t -> (bool * int64 option, err) Rresult.result