Added a max limit of 8 on length parameter. Updated documentation.

2026-05-14 20:37:55 +00:00 · 2014-02-13 18:52:31 +08:00 · 2014-02-13 18:52:31 +08:00 · b5189afaf1
commit b5189afaf1
parent 25b1d21b40
5 changed files with 25 additions and 15 deletions
--- a/cryptography/hazmat/oath/hotp.py
+++ b/cryptography/hazmat/oath/hotp.py
@ -25,8 +25,8 @@ class HOTP(object):
        if len(key) < 16:
            raise ValueError("Key length has to be at least 128 bits.")

-        if length < 6:
-            raise ValueError("Length of HOTP has to be at least 6.")
+        if length < 6 or length > 8:
+            raise ValueError("Length of HOTP has to be between 6 to 8.")

        self._key = key
        self._length = length
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@ -36,3 +36,9 @@ Exceptions

    This is raised when the verify method of a key derivation function's
    computed key does not match the expected key.
+
+
+.. class:: InvalidToken
+
+    This is raised when the verify method of a one time password function's
+    computed token does not match the expected token.
--- a/docs/hazmat/oath/hotp.rst
+++ b/docs/hazmat/oath/hotp.rst
@ -1,19 +1,25 @@
 .. hazmat::

-HMAC-Based One-Time Password Algorithm
-======================================
+OATH
+====
+
+.. currentmodule:: cryptography.hazmat.oath
+
+This module contains algorithms under the umbrella of the
+Initiative for Open Authentication (OATH).
+
+Currently, it contains an algorithm for generating and verifying
+one time password values based on Hash-based message authentication
+codes (HMAC).

 .. currentmodule:: cryptography.hazmat.oath.hotp

-This module contains functions for generating and verifying one time password
-values based on Hash-based message authentication codes (HMAC).
-
 .. class:: HOTP(key, length, backend)

    HOTP objects take a ``key`` and ``length`` parameter. The ``key``
    should be randomly generated bytes and is recommended to be 160 bits in
    length. The ``length`` parameter controls the length of the generated
-    one time password and must be >= 6.
+    one time password and must be >= 6 and <= 8.

    This is an implementation of :rfc:`4226`.

@ -36,8 +42,8 @@ values based on Hash-based message authentication codes (HMAC).
    :param backend: A
        :class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
        provider.
-    :raises ValueError: This is raised if the provided ``key`` or ``length``
-                        parameters are shorter than required.
+    :raises ValueError: This is raised if the provided ``key`` is shorter 128 bits
+                        or if the ``length`` parameter is not between 6 to 8.


    .. method:: generate(counter)
--- a/docs/index.rst
+++ b/docs/index.rst
@ -75,7 +75,7 @@ The hazardous materials layer
    hazmat/primitives/index
    hazmat/backends/index
    hazmat/bindings/index
-    hazmat/oath/hotp
+    hazmat/oath

 The ``cryptography`` open source project
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- a/tests/hazmat/oath/test_hotp.py
+++ b/tests/hazmat/oath/test_hotp.py
@ -35,15 +35,13 @@ class TestHOTP(object):
        secret = os.urandom(10)

        with pytest.raises(ValueError):
-            hotp = HOTP(secret, 6, backend)
-            hotp.generate(0)
+            HOTP(secret, 6, backend)

    def test_invalid_hotp_length(self, backend):
        secret = os.urandom(16)

        with pytest.raises(ValueError):
-            hotp = HOTP(secret, 4, backend)
-            hotp.generate(0)
+            HOTP(secret, 4, backend)

    @pytest.mark.parametrize("params", vectors)
    def test_truncate(self, backend, params):