CalculateResponse Method
This method calculates the response to the given challenge.
Syntax
ANSI (Cross Platform) int CalculateResponse(); Unicode (Windows) INT CalculateResponse();
- (void)calculateResponse;
#define MID_OCRA_CALCULATERESPONSE 2 IPWORKSAUTH_EXTERNAL int IPWORKSAUTH_CALL IPWorksAuth_OCRA_Do(void *lpObj, int methid, int cparam, void *param[], int cbparam[], int64 *lpllVal);
Remarks
This method calculates Response to the given Challenge.
Before calling this method set OCRASuite to the suite obtained from the other party and set Challenge to the received challenge.
After setting OCRASuite the following properties are populated, which provide requirements for the response:
- ChallengeFormat
- HashAlgorithm
- ResponseLength
- RequireCounter
- RequirePassword
- RequireTimeStamp
- PasswordHashAlgorithm
- RequireSessionInfo
- SessionInfoLength
- TimeStepSize
- TimeStepUnit
Inspect these properties to determine the requirements and provide any required values such as Counter or Password. Set Key to the key used during the HMAC computation. Set Challenge to the received challenge.
Call this method to calculate the response. After calling this method the Response property is populated. The response may then be transmitted to the other party for verification.
The following properties are applicable when calling this method:
- Challenge
- Counter
- HashAlgorithm
- Key
- OCRASuite
- Password
- ResponseLength
- CurrentTime
- SessionInfo
- TimeStepSize
- TimeStepUnit
- PasswordHashAlgorithm
Random Challenge Example
//First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctRandom; ocra.ChallengeLength = 10; ocra.ChallengeFormat = OcraChallengeFormats.cfNumeric; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "3891592139" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QN10" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verifiedSignature Challenge Example
//First create the challenge on machine A Ocra ocra = new Ocra(); ocra.ChallengeType = OcraChallengeTypes.ctSignature; ocra.ChallengeInput = "test input"; ocra.Key = "signature key"; ocra.ChallengeFormat = OcraChallengeFormats.cfHex; ocra.CreateChallenge(); string challenge = ocra.Challenge; //Value like "973131F0" string ocraSuite = ocra.OCRASuite; //Value "OCRA-1:HOTP-SHA1-6:QH08" //Send Challenge and OCRASuite to Machine B //Upon receiving the challenge on Machine B, calculate a response ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Received from other party ocra.Challenge = challenge; //Received from other party ocra.Key = "shared secret key"; ocra.CalculateResponse(); string response = ocra.Response; //Value like "574464" //Send Response back to Machine A //Upon receiving the response on Machine A, verify it ocra = new Ocra(); ocra.OCRASuite = ocraSuite; //Original OCRASuite saved before sending the original challenge ocra.Challenge = challenge; //Original challenge that was sent ocra.Response = response; //Received from other party ocra.Key = "shared secret key"; bool isValid = ocra.VerifyResponse(); //Returns True if verified
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)