Good morning Marco,

I wrote code addition in of_copylongtobytes() function (see below), and counterbytes[] array that it returns by ref looks exactly as it looks in the working variant. And this fixed the problem! Pin and token began match one another as in C/S as in web application.

Thank you a lot for all your help!

George 

long li_number
integer i = 1, j, li_byte[], li_ibyte[], li_data[]
string ls_msg = ''

li_number = al_number

Do While Truncate(li_number / 256, 0) > 0
li_byte[i] = Mod(li_number, 256)
i++
li_number = Truncate(li_number/256, 0)
Loop
li_byte[i] = Mod(li_number, 256)

//Copy over data in inverse order

for i = 4 to 1 STEP -1
j ++
li_ibyte[j] = li_byte[i]
next

For i = 1 To 4
li_data[i] = 0
Next
For i = 5 To 8
li_data[i] = li_ibyte[i - 4]
Next

For j = 1 to 8
a_byte[j] += Byte(String(li_data[j]))
Next

Hi Marco,

First of all, sorry for the mistake in my previous message. I sent you one the modified codes that I tried. Original version was

of_copylongtobytes( counter, counterBytes )
counterBlob = of_blob ( counterBytes )

and it didn't work, either. I didn't debug the codes before, because thought that all the numbers are random and, in any case, they will be different in working and not working variants.

After your recommendation, however, I decided to debug both options and found one difference. Huhushbytes[] array contained 20 random numbers in both variants (2nd and 4th screenshots in the attached document). But counterbytes[] array had 8 elements in the working variant, first 4 of which were zeros and remained 4 were random numbers (1st  screenshots), while in the not working variant this array had only 4 elements without any zeros (3rd screenshot). 

Can this make the difference?  What do you think?

Tomorrow, I will try to rewrite code of of_copylongtobytes() function making it to return array of 8 elements with first 4 zeros. But you wrote that this function works for you as it is now. How many elements counterbytes[] has in your application?

Thank you a lot!

George

Hi George,

your code

of_copylongtobytes( counter, counterBytes )
counterBlob = Blob ( counterBytes )

should be 

of_copylongtobytes( counter, counterBytes )
counterBlob = of_blob ( counterBytes )

When I deployed 2FA to my PowerServer I remember I went through a line-by-line debug comparison between PB and PS execution. I suggest you do the same.

Best,

.m

Hi Marco,
Thank you for your help. Unfortunately, I still didn't solve my problem. Code of my of_copylongtobytes() function is exactly the same as you provide in my message. Code in my of_blob() function is following:

Integer i
Blob lblb

lblb = Blob ( Space(UpperBound(a_byte)), EncodingUTF8! )
for i = 1 to UpperBound(a_byte)
SetByte(lblb, i, a_byte[i])
Next
Return lblb

I called these functions in generatepin() function:

byte hashBytes[], counterBytes[], offset, selectedByte
blob counterHashBlob, counterBlob, keyBlob
string counterHash, pin
integer li_count, i, pinLen
long selectedLong
long selectedMod
CrypterObject co

//Convert the counter to byte array and then to blob
of_copylongtobytes( counter, counterBytes )
counterBlob = Blob ( counterBytes )

//Convert key to blob and has counter
keyBlob= Blob ( key, EncodingUTF8! )
co = create CrypterObject
counterHashBlob = co.Hmac( HMACSHA1! , counterBlob, keyBlob )
Destroy co

//Convert result back to byte array
hashBytes = GetByteArray ( counterHashBlob )

//Get the last byte
li_count = UpperBound ( hashBytes )

//And use that to determine the offset into the byte array that we'll start with
offset = bitwiseand ( hashBytes[li_count], 15 )

//Calculate the selectedLong value using the selected bytes
for i = 1 to 4
selectedByte = hashBytes[offset + i]
CHOOSE CASE i
CASE 1
//Strip the most significant bit
selectedByte = bitwiseand ( selectedByte, 127 )
selectedLong = selectedLong + selectedByte * 2^24
CASE 2
selectedLong = selectedLong + selectedByte * 2^16
CASE 3
selectedLong = selectedLong + selectedByte * 2^8
CASE 4
selectedLong = selectedLong + selectedByte
END CHOOSE
next

selectedMod = Mod ( selectedLong, 1000000 )

pin = String ( selectedMod )
pinLen = Len ( pin )
pin = Fill ( '0', 6 - pinLen ) + pin

Return pin

However, the returned pin doesn't match to one returned on mu IPhone by DuoMobile application. I tried to call of_blob() before of_copylongtobytes() function but this didn't help, either.

Do you see errors in my code? Or, if your code works, can you please send me all the changes you made to Bruce's code?

I would really appreciate any help,

George

Hi George,

I have also started from Bruce's article and, by fixing two unsupported features, I can use 2FA from PowerServer.

As you said, they are:

- of_blob: you must convert blob into byte array

- CopyLongToBytes: you must loop in the byte array and do the mathematics below:

long li_number
integer i = 1, j, li_byte[]
string ls_msg = ''

li_number = al_number

Do While Truncate(li_number / 256, 0) > 0
li_byte[i] = Mod(li_number, 256)
i++
li_number = Truncate(li_number/256, 0)
Loop
li_byte[i] = Mod(li_number, 256)

For j = 1 to i
a_byte[j] += Byte(String(li_byte[j]))
Next

Best,

.m

There must be some unsupported feature.  Anything showing up in the unsupported features analysis report?

We are enhancing PowerServer in the next version to natively support all PowerBuilder features so this should work fine in next version without having to “massage” the code.