1 Reply Latest reply on May 5, 2011 6:33 PM by Daniel Jimenez Becerra

    HMAC_SHA1 encryption using TOTP (javax.crypto.MAC) performance problems in SPARC

    Daniel Jimenez Becerra Newbie

      Hi, I'm trying to implement a method to synchronize TOTP cards. In case the server clock and the card clock were different. So I generate a lot of TOTP keys in case to compare it with the real key so at the end I get both of the times in the server. That works in x86 (Sunfire x2200) perfectly and does not take a lot of time doing that (like 2 minutes generating 800000 keys). But when I test it on Oracle BM SPARC (T1000 LDOM 1.1) takes I lot of time. I did all kind of profiling stuff but all point to the method of the generation the TOTP in the HMAC_SHA1.

       

      here is the code (based on JBoss 6 OTP implementation)

       


      public synchronized static String generateTOTP(String key, String time,  int returnDigits, String crypto) throws GeneralSecurityException {

                          String result = null;

                          byte[] hash;

                          // Using the counter

                          // First 8 bytes are for the movingFactor

                          // Complaint with base RFC 4226 (HOTP)

                          while(time.length() < 16 ) {

                                    time = "0" + time;

                          }

                          // Get the HEX in a Byte[]

                          byte[] msg = hexStr2Bytes(time);

                          // Adding one byte to get the right conversion

                          byte[] k = hexStr2Bytes(key);

                          hash = hmac_sha1(crypto, k, msg);

                          // put selected bytes into result int

                          int offset = hash[hash.length - 1] & 0xf;

                          int binary =

                                    ((hash[offset] & 0x7f) << 24) |

                                    ((hash[offset + 1] & 0xff) << 16) |

                                    ((hash[offset + 2] & 0xff) << 8) |

                                    (hash[offset + 3] & 0xff);

                          int otp = binary % DIGITS_POWER[ returnDigits ];

                          result = Integer.toString(otp);

                          while (result.length() < returnDigits ) {

                                    result = "0" + result;

                          }

                          return result;

                }

       

       

       

      private static byte[] hmac_sha1(String crypto, byte[] keyBytes, byte[] text) throws GeneralSecurityException {

                          Mac hmac;

                          hmac = Mac.getInstance(crypto);

                          SecretKeySpec macKey = new SecretKeySpec(keyBytes, "RAW");

                          hmac.init(macKey);

                          return hmac.doFinal(text);

                }

       

       

      I need help either to use another library or finding the right configuration for the SPARC.

       

       

      It is supposed the code runs max. one time per user in production, that depends in the synchronization between the server clock and the OTP card clock.

      Basically the algorithm takes two consecutive keys (each 30 seconds the password changes) from the user, saving the time (server clock) for each one when the user clicks next. With both keys the server look up at what time (in server clock) the key has been generated. Performing a simple subtraction I can get the difference of times when the user generates the otp and when the server generates it.

       

      The algorithm simply look up five days ago, and five days further the same key each 30 simulated seconds, and reports the time when it founds an equal key. It's a brute force search, but in this case I really don't know how to do it differently.

       

      So the problem is in the type of server, because in the x86 runs the synchronization in 3 minutes or less, but in the SPARC takes 30 minutes or maybe more. It should be some native code that has problems with this implementation of javax.crypto.Mac

       

      Hope I do make my self clear

       

      Thanks in advance to everybody.