RFC Errata
RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 3899
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Marcus Bring
Date Reported: 2014-02-24
Section Appendix A. says:
// Put the bytes of "time" to the message // Input is text value of minutes if(timeStampLength > 0){ bArray = hexStr2Bytes(timeStamp); System.arraycopy(bArray, 0, msg, ocraSuiteLength + 1 + counterLength + questionLength + passwordLength + sessionInformationLength, bArray.length); }
It should say:
// Put the bytes of "time" to the message // Input is HEX encoded value of minutes if(timeStampLength > 0){ bArray = hexStr2Bytes(timeStamp); System.arraycopy(bArray, 0, msg, ocraSuiteLength + 1 + counterLength + questionLength + passwordLength + sessionInformationLength, bArray.length); }
Notes:
The timestamp should be HEX encoded since hexStr2Bytes() is used. Otherwise it will fail to generate the correct OTP