From deff4e9fd182c5a5418ae82b7379b34711014b7f Mon Sep 17 00:00:00 2001
From: Dan Shepherd <dan@yayfor.me.uk>
Date: Fri, 3 Jan 2020 15:59:14 +0000
Subject: [PATCH] minor fix (#134)

Changed hash_hmac to return raw binary, removing the need for hex2bin
Changed result of unpack() to be 0 based for better code readability
---
 src/OTP.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/OTP.php b/src/OTP.php
index cf91c98..d117ae6 100644
--- a/src/OTP.php
+++ b/src/OTP.php
@@ -16,7 +16,6 @@ namespace OTPHP;
 use Assert\Assertion;
 use ParagonIE\ConstantTime\Base32;
 use RuntimeException;
-use function Safe\hex2bin;
 use function Safe\ksort;
 use function Safe\sprintf;
 
@@ -43,11 +42,11 @@ abstract class OTP implements OTPInterface
      */
     protected function generateOTP(int $input): string
     {
-        $hash = hash_hmac($this->getDigest(), $this->intToByteString($input), $this->getDecodedSecret());
+        $hash = hash_hmac($this->getDigest(), $this->intToByteString($input), $this->getDecodedSecret(), true);
 
-        $hmac = unpack('C*', hex2bin($hash));
+        $hmac = array_values(unpack('C*', $hash));
 
-        $offset = ($hmac[\count($hmac)] & 0xF) + 1;
+        $offset = ($hmac[\count($hmac) - 1] & 0xF);
         $code = ($hmac[$offset + 0] & 0x7F) << 24 | ($hmac[$offset + 1] & 0xFF) << 16 | ($hmac[$offset + 2] & 0xFF) << 8 | ($hmac[$offset + 3] & 0xFF);
         $otp = $code % (10 ** $this->getDigits());
 
-- 
GitLab