Added a max limit of 8 on length parameter. Updated documentation.
diff --git a/cryptography/hazmat/oath/hotp.py b/cryptography/hazmat/oath/hotp.py
index a1f6274..9f5a0f1 100644
--- a/cryptography/hazmat/oath/hotp.py
+++ b/cryptography/hazmat/oath/hotp.py
@@ -25,8 +25,8 @@
if len(key) < 16:
raise ValueError("Key length has to be at least 128 bits.")
- if length < 6:
- raise ValueError("Length of HOTP has to be at least 6.")
+ if length < 6 or length > 8:
+ raise ValueError("Length of HOTP has to be between 6 to 8.")
self._key = key
self._length = length
diff --git a/docs/exceptions.rst b/docs/exceptions.rst
index 1e31e31..8ca9df2 100644
--- a/docs/exceptions.rst
+++ b/docs/exceptions.rst
@@ -36,3 +36,9 @@
This is raised when the verify method of a key derivation function's
computed key does not match the expected key.
+
+
+.. class:: InvalidToken
+
+ This is raised when the verify method of a one time password function's
+ computed token does not match the expected token.
diff --git a/docs/hazmat/oath/hotp.rst b/docs/hazmat/oath.rst
similarity index 76%
rename from docs/hazmat/oath/hotp.rst
rename to docs/hazmat/oath.rst
index 7aff330..b936f0e 100644
--- a/docs/hazmat/oath/hotp.rst
+++ b/docs/hazmat/oath.rst
@@ -1,19 +1,25 @@
.. hazmat::
-HMAC-Based One-Time Password Algorithm
-======================================
+OATH
+====
+
+.. currentmodule:: cryptography.hazmat.oath
+
+This module contains algorithms under the umbrella of the
+Initiative for Open Authentication (OATH).
+
+Currently, it contains an algorithm for generating and verifying
+one time password values based on Hash-based message authentication
+codes (HMAC).
.. currentmodule:: cryptography.hazmat.oath.hotp
-This module contains functions for generating and verifying one time password
-values based on Hash-based message authentication codes (HMAC).
-
.. class:: HOTP(key, length, backend)
HOTP objects take a ``key`` and ``length`` parameter. The ``key``
should be randomly generated bytes and is recommended to be 160 bits in
length. The ``length`` parameter controls the length of the generated
- one time password and must be >= 6.
+ one time password and must be >= 6 and <= 8.
This is an implementation of :rfc:`4226`.
@@ -36,8 +42,8 @@
:param backend: A
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provider.
- :raises ValueError: This is raised if the provided ``key`` or ``length``
- parameters are shorter than required.
+ :raises ValueError: This is raised if the provided ``key`` is shorter 128 bits
+ or if the ``length`` parameter is not between 6 to 8.
.. method:: generate(counter)
diff --git a/docs/index.rst b/docs/index.rst
index 7d6e618..40c418b 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -75,7 +75,7 @@
hazmat/primitives/index
hazmat/backends/index
hazmat/bindings/index
- hazmat/oath/hotp
+ hazmat/oath
The ``cryptography`` open source project
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/tests/hazmat/oath/test_hotp.py b/tests/hazmat/oath/test_hotp.py
index 4729265..7b1db93 100644
--- a/tests/hazmat/oath/test_hotp.py
+++ b/tests/hazmat/oath/test_hotp.py
@@ -35,15 +35,13 @@
secret = os.urandom(10)
with pytest.raises(ValueError):
- hotp = HOTP(secret, 6, backend)
- hotp.generate(0)
+ HOTP(secret, 6, backend)
def test_invalid_hotp_length(self, backend):
secret = os.urandom(16)
with pytest.raises(ValueError):
- hotp = HOTP(secret, 4, backend)
- hotp.generate(0)
+ HOTP(secret, 4, backend)
@pytest.mark.parametrize("params", vectors)
def test_truncate(self, backend, params):