luckyimnotanigger/Aegis
1
0
Fork 0
mirror of https://github.com/beemdevelopment/Aegis.git synced 2025-05-14 14:02:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #869 from RandomRoot/feature-yandexotp

Browse source 
Feature: Add Yandex OTP support
This commit is contained in:
Alexander Bakker 2022-02-02 13:40:48 +01:00 committed by GitHub
commit 76c89f0fcc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 541 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

29
app/src/main/java/com/beemdevelopment/aegis/crypto/otp/HOTP.java
View file

@ -14,18 +14,7 @@ public class HOTP {
public static OTP generateOTP(byte[] secret, String algo, int digits, long counter)
throws NoSuchAlgorithmException, InvalidKeyException {
SecretKeySpec key = new SecretKeySpec(secret, "RAW");
// encode counter in big endian
byte[] counterBytes = ByteBuffer.allocate(8)
.order(ByteOrder.BIG_ENDIAN)
.putLong(counter)
.array();
// calculate the hash of the counter
Mac mac = Mac.getInstance(algo);
mac.init(key);
byte[] hash = mac.doFinal(counterBytes);
byte[] hash = getHash(secret, algo, counter);
// truncate hash to get the HTOP value
// http://tools.ietf.org/html/rfc4226#section-5.4
@ -37,4 +26,20 @@ public class HOTP {
return new OTP(otp, digits);
}
public static byte[] getHash(byte[] secret, String algo, long counter)
throws NoSuchAlgorithmException, InvalidKeyException {
SecretKeySpec key = new SecretKeySpec(secret, "RAW");
// encode counter in big endian
byte[] counterBytes = ByteBuffer.allocate(8)
.order(ByteOrder.BIG_ENDIAN)
.putLong(counter)
.array();
// calculate the hash of the counter
Mac mac = Mac.getInstance(algo);
mac.init(key);
return mac.doFinal(counterBytes);
}
}

83
app/src/main/java/com/beemdevelopment/aegis/crypto/otp/YAOTP.java Normal file
View file

@ -0,0 +1,83 @@
package com.beemdevelopment.aegis.crypto.otp;
import androidx.annotation.NonNull;
import com.beemdevelopment.aegis.util.YandexUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
public class YAOTP {
private static final int EN_ALPHABET_LENGTH = 26;
private final long _code;
private final int _digits;
private YAOTP(long code, int digits) {
_code = code;
_digits = digits;
}
public static YAOTP generateOTP(byte[] secret, byte[] pin, int digits, String otpAlgo, long period)
throws NoSuchAlgorithmException, InvalidKeyException, IOException {
long seconds = System.currentTimeMillis() / 1000;
return generateOTP(secret, pin, digits, otpAlgo, seconds, period);
}
public static YAOTP generateOTP(byte[] secret, byte[] pin, int digits, String otpAlgo, long seconds, long period)
throws NoSuchAlgorithmException, InvalidKeyException, IOException {
long counter = (long) Math.floor((double) seconds / period);
try (ByteArrayOutputStream pinWithHashStream =
new ByteArrayOutputStream(pin.length + secret.length)) {
pinWithHashStream.write(pin);
pinWithHashStream.write(secret, 0, YandexUtils.APPROVED_SECRET_LENGTH);
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] keyHash = md.digest(pinWithHashStream.toByteArray());
if (keyHash[0] == 0) {
keyHash = Arrays.copyOfRange(keyHash, 1, keyHash.length);
}
byte[] periodHash = HOTP.getHash(keyHash, otpAlgo, counter);
int offset = periodHash[periodHash.length - 1] & 0xf;
periodHash[offset] &= 0x7f;
long otp = ByteBuffer.wrap(periodHash)
.order(ByteOrder.BIG_ENDIAN)
.getLong(offset);
return new YAOTP(otp, digits);
}
}
public long getCode() {
return _code;
}
public int getDigits() {
return _digits;
}
@NonNull
@Override
public String toString() {
long code = _code % (long) Math.pow(EN_ALPHABET_LENGTH, _digits);
char[] chars = new char[_digits];
for (int i = _digits - 1; i >= 0; i--) {
chars[i] = (char) ('a' + (code % EN_ALPHABET_LENGTH));
code /= EN_ALPHABET_LENGTH;
}
return new String(chars);
}
}

108
app/src/main/java/com/beemdevelopment/aegis/otp/GoogleAuthInfo.java
View file

@ -26,42 +26,6 @@ public class GoogleAuthInfo implements Serializable {
_issuer = issuer;
}
public OtpInfo getOtpInfo() {
return _info;
}
public Uri getUri() {
Uri.Builder builder = new Uri.Builder();
builder.scheme(SCHEME);
if (_info instanceof TotpInfo) {
if (_info instanceof SteamInfo) {
builder.authority("steam");
} else {
builder.authority("totp");
}
builder.appendQueryParameter("period", Integer.toString(((TotpInfo)_info).getPeriod()));
} else if (_info instanceof HotpInfo) {
builder.authority("hotp");
builder.appendQueryParameter("counter", Long.toString(((HotpInfo)_info).getCounter()));
} else {
throw new RuntimeException(String.format("Unsupported OtpInfo type: %s", _info.getClass()));
}
builder.appendQueryParameter("digits", Integer.toString(_info.getDigits()));
builder.appendQueryParameter("algorithm", _info.getAlgorithm(false));
builder.appendQueryParameter("secret", Base32.encode(_info.getSecret()));
if (_issuer != null && !_issuer.equals("")) {
builder.path(String.format("%s:%s", _issuer, _accountName));
builder.appendQueryParameter("issuer", _issuer);
} else {
builder.path(_accountName);
}
return builder.build();
}
public static GoogleAuthInfo parseUri(String s) throws GoogleAuthInfoException {
Uri uri = Uri.parse(s);
if (uri == null) {
@ -84,12 +48,13 @@ public class GoogleAuthInfo implements Serializable {
byte[] secret;
try {
secret = parseSecret(encodedSecret);
secret = uri.getHost().equals(YandexInfo.OTP_SCHEMA_ID) ? parseYandexSecret(encodedSecret) : parseSecret(encodedSecret);
} catch (EncodingException e) {
throw new GoogleAuthInfoException(uri, "Bad secret", e);
}
OtpInfo info;
String issuer = "";
try {
String type = uri.getHost();
if (type == null) {
@ -122,10 +87,15 @@ public class GoogleAuthInfo implements Serializable {
hotpInfo.setCounter(Long.parseLong(counter));
info = hotpInfo;
break;
case YandexInfo.OTP_SCHEMA_ID:
String pinValue = uri.getQueryParameter("pin");
info = pinValue != null ? new YandexInfo(secret, parseSecret(pinValue)) : new YandexInfo(secret);
issuer = info.getType();
break;
default:
throw new GoogleAuthInfoException(uri, String.format("Unsupported OTP type: %s", type));
}
} catch (OtpInfoException | NumberFormatException e) {
} catch (OtpInfoException | NumberFormatException | EncodingException e) {
throw new GoogleAuthInfoException(uri, e);
}
@ -134,7 +104,6 @@ public class GoogleAuthInfo implements Serializable {
String label = path != null && path.length() > 0 ? path.substring(1) : "";
String accountName = "";
String issuer = "";
if (label.contains(":")) {
// a label can only contain one colon
@ -151,7 +120,9 @@ public class GoogleAuthInfo implements Serializable {
// label only contains the account name
// grab the issuer's info from the 'issuer' parameter if it's present
String issuerParam = uri.getQueryParameter("issuer");
issuer = issuerParam != null ? issuerParam : "";
if (issuer.isEmpty()) {
issuer = issuerParam != null ? issuerParam : "";
}
accountName = label;
}
@ -180,6 +151,19 @@ public class GoogleAuthInfo implements Serializable {
return Base32.decode(s);
}
/**
* When arrives from Yandex site QR code - there will always be 26 symbols (secret only)
* If it arrives from Aegis Export - it can be 42 (if was manually created)
* Just to be sure, let's check secret length (until final RFC comes up)
*/
public static byte[] parseYandexSecret(String s) throws EncodingException {
if (s.length() == YandexInfo.SECRET_LENGTH || s.length() == YandexInfo.SECRET_FULL_LENGTH) {
return parseSecret(s);
} else {
throw new EncodingException(new Throwable("Length differs from expected"));
}
}
public static Export parseExportUri(String s) throws GoogleAuthInfoException {
Uri uri = Uri.parse(s);
if (uri == null) {
@ -260,7 +244,7 @@ public class GoogleAuthInfo implements Serializable {
default:
throw new GoogleAuthInfoException(uri, String.format("Unsupported algorithm: %d", params.getType().ordinal()));
}
} catch (OtpInfoException e){
} catch (OtpInfoException e) {
throw new GoogleAuthInfoException(uri, e);
}
@ -279,6 +263,48 @@ public class GoogleAuthInfo implements Serializable {
return new Export(infos, payload.getBatchId(), payload.getBatchIndex(), payload.getBatchSize());
}
public OtpInfo getOtpInfo() {
return _info;
}
public Uri getUri() {
Uri.Builder builder = new Uri.Builder();
builder.scheme(SCHEME);
if (_info instanceof TotpInfo) {
if (_info instanceof SteamInfo) {
builder.authority("steam");
} else if (_info instanceof YandexInfo) {
builder.authority(YandexInfo.OTP_SCHEMA_ID);
} else {
builder.authority("totp");
}
builder.appendQueryParameter("period", Integer.toString(((TotpInfo) _info).getPeriod()));
} else if (_info instanceof HotpInfo) {
builder.authority("hotp");
builder.appendQueryParameter("counter", Long.toString(((HotpInfo) _info).getCounter()));
} else {
throw new RuntimeException(String.format("Unsupported OtpInfo type: %s", _info.getClass()));
}
builder.appendQueryParameter("digits", Integer.toString(_info.getDigits()));
builder.appendQueryParameter("algorithm", _info.getAlgorithm(false));
builder.appendQueryParameter("secret", Base32.encode(_info.getSecret()));
if (_info instanceof YandexInfo) {
builder.appendQueryParameter("pin", Base32.encode(((YandexInfo) _info).getPinBytes()));
}
if (_issuer != null && !_issuer.equals("")) {
builder.path(String.format("%s:%s", _issuer, _accountName));
builder.appendQueryParameter("issuer", _issuer);
} else {
builder.path(_accountName);
}
return builder.build();
}
public String getIssuer() {
return _issuer;
}

4
app/src/main/java/com/beemdevelopment/aegis/otp/OtpInfo.java
View file

@ -115,6 +115,10 @@ public abstract class OtpInfo implements Serializable {
case HotpInfo.ID:
info = new HotpInfo(secret, algo, digits, obj.getLong("counter"));
break;
case YandexInfo.ID:
byte[] pin = Base32.decode(obj.getString("pin"));
info = new YandexInfo(secret, pin);
break;
default:
throw new OtpInfoException("unsupported otp type: " + type);
}

89
app/src/main/java/com/beemdevelopment/aegis/otp/YandexInfo.java Normal file
View file

@ -0,0 +1,89 @@
package com.beemdevelopment.aegis.otp;
import com.beemdevelopment.aegis.crypto.otp.YAOTP;
import com.beemdevelopment.aegis.encoding.Base32;
import org.json.JSONException;
import org.json.JSONObject;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Locale;
public class YandexInfo extends TotpInfo {
public static final String DEFAULT_ALGORITHM = "SHA256";
public static final int DIGITS = 8;
public static final int SECRET_LENGTH = 26;
public static final int SECRET_FULL_LENGTH = 42;
public static final String ID = "yandex";
public static final String OTP_SCHEMA_ID = "yaotp";
private byte[] _pin;
public YandexInfo(byte[] secret) throws OtpInfoException {
super(secret, DEFAULT_ALGORITHM, DIGITS, TotpInfo.DEFAULT_PERIOD);
}
public YandexInfo(byte[] secret, byte[] pin) throws OtpInfoException {
super(secret, DEFAULT_ALGORITHM, DIGITS, TotpInfo.DEFAULT_PERIOD);
this._pin = pin;
}
@Override
public String getOtp() {
try {
YAOTP otp = YAOTP.generateOTP(getSecret(), _pin, getDigits(), getAlgorithm(true), getPeriod());
return otp.toString();
} catch (InvalidKeyException | NoSuchAlgorithmException | IOException e) {
throw new RuntimeException(e);
}
}
public String getPin() {
return _pin != null ? new String(_pin, StandardCharsets.UTF_8) : "";
}
public byte[] getPinBytes() {
return _pin;
}
@Override
public String getTypeId() {
return ID;
}
@Override
public String getType() {
String id = getTypeId();
return id.substring(0, 1).toUpperCase(Locale.ROOT) + id.substring(1);
}
@Override
public JSONObject toJson() {
JSONObject result = super.toJson();
try {
result.put("pin", Base32.encode(getPinBytes()));
} catch (JSONException e) {
throw new RuntimeException(e);
}
return result;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof YandexInfo)) return false;
YandexInfo that = (YandexInfo) o;
return super.equals(o) && Arrays.equals(_pin, that._pin);
}
@Override
public int hashCode() {
return super.hashCode() + Arrays.hashCode(_pin);
}
}

54
app/src/main/java/com/beemdevelopment/aegis/ui/EditEntryActivity.java
View file

@ -32,6 +32,7 @@ import androidx.documentfile.provider.DocumentFile;
import com.amulyakhare.textdrawable.TextDrawable;
import com.avito.android.krop.KropView;
import com.beemdevelopment.aegis.R;
import com.beemdevelopment.aegis.crypto.CryptoUtils;
import com.beemdevelopment.aegis.encoding.Base32;
import com.beemdevelopment.aegis.encoding.EncodingException;
import com.beemdevelopment.aegis.helpers.DropdownHelper;
@ -46,6 +47,7 @@ import com.beemdevelopment.aegis.otp.OtpInfo;
import com.beemdevelopment.aegis.otp.OtpInfoException;
import com.beemdevelopment.aegis.otp.SteamInfo;
import com.beemdevelopment.aegis.otp.TotpInfo;
import com.beemdevelopment.aegis.otp.YandexInfo;
import com.beemdevelopment.aegis.ui.dialogs.Dialogs;
import com.beemdevelopment.aegis.ui.dialogs.IconPickerDialog;
import com.beemdevelopment.aegis.ui.glide.IconLoader;
@ -53,6 +55,7 @@ import com.beemdevelopment.aegis.ui.tasks.ImportFileTask;
import com.beemdevelopment.aegis.ui.views.IconAdapter;
import com.beemdevelopment.aegis.util.Cloner;
import com.beemdevelopment.aegis.util.IOUtils;
import com.beemdevelopment.aegis.util.YandexUtils;
import com.beemdevelopment.aegis.vault.VaultEntry;
import com.beemdevelopment.aegis.vault.VaultManager;
import com.bumptech.glide.Glide;
@ -101,6 +104,8 @@ public class EditEntryActivity extends AegisActivity {
private TextInputEditText _textDigits;
private TextInputLayout _textDigitsLayout;
private TextInputEditText _textSecret;
private TextInputEditText _textYandexPin;
private LinearLayout _textYandexPinLayout;
private TextInputEditText _textUsageCount;
private TextInputEditText _textNote;
@ -153,6 +158,8 @@ public class EditEntryActivity extends AegisActivity {
_textDigits = findViewById(R.id.text_digits);
_textDigitsLayout = findViewById(R.id.text_digits_layout);
_textSecret = findViewById(R.id.text_secret);
_textYandexPin = findViewById(R.id.text_yandex_pin);
_textYandexPinLayout = findViewById(R.id.layout_yandex_pin);
_textUsageCount = findViewById(R.id.text_usage_count);
_textNote = findViewById(R.id.text_note);
_dropdownType = findViewById(R.id.dropdown_type);
@ -166,12 +173,20 @@ public class EditEntryActivity extends AegisActivity {
// if this is NOT a manually entered entry, move the "Secret" field from basic to advanced settings
if (!_isNew || (_isNew && !_isManual)) {
int secretIndex = 0;
LinearLayout layoutSecret = findViewById(R.id.layout_secret);
LinearLayout layoutBasic = findViewById(R.id.layout_basic);
LinearLayout layoutAdvanced = findViewById(R.id.layout_advanced);
layoutBasic.removeView(layoutSecret);
layoutAdvanced.addView(layoutSecret, 0);
((LinearLayout.LayoutParams) layoutSecret.getLayoutParams()).topMargin = 0;
if (!_isNew) {
secretIndex = 1;
layoutBasic.removeView(_textYandexPinLayout);
layoutAdvanced.addView(_textYandexPinLayout, 0);
((LinearLayout.LayoutParams) _textYandexPinLayout.getLayoutParams()).topMargin = 0;
} else {
((LinearLayout.LayoutParams) layoutSecret.getLayoutParams()).topMargin = 0;
}
layoutAdvanced.addView(layoutSecret, secretIndex);
if (_isNew && !_isManual) {
setViewEnabled(layoutAdvanced, false);
@ -206,6 +221,7 @@ public class EditEntryActivity extends AegisActivity {
_textNote.setText(_origEntry.getNote());
OtpInfo info = _origEntry.getInfo();
if (info instanceof TotpInfo) {
_textPeriodCounterLayout.setHint(R.string.period_hint);
_textPeriodCounter.setText(Integer.toString(((TotpInfo) info).getPeriod()));
@ -225,7 +241,13 @@ public class EditEntryActivity extends AegisActivity {
_dropdownType.setText(_origEntry.getInfo().getType(), false);
_dropdownAlgo.setText(_origEntry.getInfo().getAlgorithm(false), false);
if (info instanceof YandexInfo) {
_textYandexPin.setText(((YandexInfo) info).getPin());
}
updateAdvancedFieldStatus(_origEntry.getInfo().getTypeId());
updatePinFieldVisibility(_origEntry.getInfo().getTypeId());
String group = _origEntry.getGroup();
setGroup(group);
@ -254,11 +276,18 @@ public class EditEntryActivity extends AegisActivity {
_textPeriodCounter.setText(String.valueOf(HotpInfo.DEFAULT_COUNTER));
_textDigits.setText(String.valueOf(OtpInfo.DEFAULT_DIGITS));
break;
case YandexInfo.ID:
_dropdownAlgo.setText(YandexInfo.DEFAULT_ALGORITHM, false);
_textPeriodCounterLayout.setHint(R.string.period_hint);
_textPeriodCounter.setText(String.valueOf(TotpInfo.DEFAULT_PERIOD));
_textDigits.setText(String.valueOf(YandexInfo.DIGITS));
break;
default:
throw new RuntimeException(String.format("Unsupported OTP type: %s", type));
}
updateAdvancedFieldStatus(type);
updatePinFieldVisibility(type);
});
_iconView.setOnClickListener(v -> {
@ -290,12 +319,17 @@ public class EditEntryActivity extends AegisActivity {
}
private void updateAdvancedFieldStatus(String otpType) {
boolean enabled = !otpType.equals(SteamInfo.ID) && (!_isNew || _isManual);
boolean enabled = !otpType.equals(SteamInfo.ID) && !otpType.equals(YandexInfo.ID) && (!_isNew || _isManual);
_textDigitsLayout.setEnabled(enabled);
_textPeriodCounterLayout.setEnabled(enabled);
_dropdownAlgoLayout.setEnabled(enabled);
}
private void updatePinFieldVisibility(String otpType) {
boolean visible = otpType.equals(YandexInfo.ID);
_textYandexPinLayout.setVisibility(visible ? View.VISIBLE : View.GONE);
}
private void setGroup(String groupName) {
int pos = 0;
if (groupName != null) {
@ -627,6 +661,14 @@ public class EditEntryActivity extends AegisActivity {
String type = _dropdownType.getText().toString();
String algo = _dropdownAlgo.getText().toString();
String lowerCasedType = type.toLowerCase(Locale.ROOT);
if (lowerCasedType.equals(YandexInfo.ID)) {
int pinLength = _textYandexPin.length();
if (pinLength < 4) {
throw new ParseException("PIN is a required field. Min 4 digits.");
}
}
int digits;
try {
@ -664,6 +706,12 @@ public class EditEntryActivity extends AegisActivity {
}
info = new HotpInfo(secret, algo, digits, counter);
break;
case YandexInfo.OTP_SCHEMA_ID:
case YandexInfo.ID:
YandexUtils.validateSecret(secret);
byte[] pin = CryptoUtils.toBytes(_textYandexPin.getText().toString().toCharArray());
info = new YandexInfo(secret, pin);
break;
default:
throw new RuntimeException(String.format("Unsupported OTP type: %s", type));
}

3
app/src/main/java/com/beemdevelopment/aegis/ui/views/EntryHolder.java
View file

@ -22,6 +22,7 @@ import com.beemdevelopment.aegis.otp.HotpInfo;
import com.beemdevelopment.aegis.otp.OtpInfo;
import com.beemdevelopment.aegis.otp.SteamInfo;
import com.beemdevelopment.aegis.otp.TotpInfo;
import com.beemdevelopment.aegis.otp.YandexInfo;
import com.beemdevelopment.aegis.ui.glide.IconLoader;
import com.beemdevelopment.aegis.vault.VaultEntry;
import com.bumptech.glide.Glide;
@ -238,7 +239,7 @@ public class EntryHolder extends RecyclerView.ViewHolder {
OtpInfo info = _entry.getInfo();
String otp = info.getOtp();
if (!(info instanceof SteamInfo)) {
if (!(info instanceof SteamInfo || info instanceof YandexInfo)) {
otp = formatCode(otp);
}

89
app/src/main/java/com/beemdevelopment/aegis/util/YandexUtils.java Normal file
View file

@ -0,0 +1,89 @@
package com.beemdevelopment.aegis.util;
import com.beemdevelopment.aegis.otp.OtpInfoException;
import com.beemdevelopment.aegis.otp.YandexInfo;
public class YandexUtils {
private static final char CHECKSUM_POLY = 0b1_1000_1111_0011;
public static final int APPROVED_SECRET_LENGTH = 16;
private YandexUtils() {
}
private static int getNumberOfLeadingZeros(char value) {
if (value == 0) return 16;
int n = 0;
if ((value & 0xFF00) == 0) {
n += 8;
value <<= 8;
}
if ((value & 0xF000) == 0) {
n += 4;
value <<= 4;
}
if ((value & 0xC000) == 0) {
n += 2;
value <<= 2;
}
if ((value & 0x8000) == 0) {
n++;
}
return n;
}
/**
* Java implementation of ChecksumIsValid
* from https://github.com/norblik/KeeYaOtp/blob/dev/KeeYaOtp/Core/Secret.cs
*/
public static void validateSecret(byte[] secret) throws OtpInfoException {
/*
When secret comes from QR code - we can't test it,
cause it's only 16 byte long.
*/
if (secret.length == APPROVED_SECRET_LENGTH) return;
if (secret.length != YandexInfo.SECRET_LENGTH)
throw new OtpInfoException("Wrong secret size");
char originalChecksum = (char) ((secret[secret.length - 2] & 0x0F) << 8 | secret[secret.length - 1] & 0xff);
char accum = 0;
int accumBits = 0;
int inputTotalBitsAvailable = secret.length * 8 - 12;
int inputIndex = 0;
int inputBitsAvailable = 8;
while (inputTotalBitsAvailable > 0) {
int requiredBits = 13 - accumBits;
if (inputTotalBitsAvailable < requiredBits) requiredBits = inputTotalBitsAvailable;
while (requiredBits > 0) {
int curInput = (secret[inputIndex] & (1 << inputBitsAvailable) - 1) & 0xff;
int bitsToRead = Math.min(requiredBits, inputBitsAvailable);
curInput >>= inputBitsAvailable - bitsToRead;
accum = (char) (accum << bitsToRead | curInput);
inputTotalBitsAvailable -= bitsToRead;
requiredBits -= bitsToRead;
inputBitsAvailable -= bitsToRead;
accumBits += bitsToRead;
if (inputBitsAvailable == 0) {
inputIndex += 1;
inputBitsAvailable = 8;
}
}
if (accumBits == 13) accum ^= CHECKSUM_POLY;
accumBits = 16 - getNumberOfLeadingZeros(accum);
}
if (accum != originalChecksum) {
throw new OtpInfoException("Secret is corrupted. Checksum is not valid");
}
}
}