Keep track of when a TOTP key was last used and prevent reuse of the same

sequence number. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@729 185d5e19-27fe-0310-9dcf-9bff6b9f3609
2013-08-21 15:32:14 +00:00 · 2013-08-21 15:32:14 +00:00 · 0446934acb
parent 2cc13d4b85
commit 0446934acb
2 changed files with 3 additions and 6 deletions
--- a/include/security/oath_types.h
+++ b/include/security/oath_types.h
@ -41,7 +41,7 @@ struct oath_key {
 	unsigned int	 digits;
 	uint64_t	 counter;  /* HOTP only */
 	unsigned int	 timestep; /* TOTP only - in seconds */
-	uint64_t	 lastuse; /* TOTP only */
+	uint64_t	 lastused; /* TOTP only */

 	/* housekeeping */
 	unsigned int	 dummy:1;  /* dummy key, always fail */
--- a/lib/liboath/oath_totp.c
+++ b/lib/liboath/oath_totp.c
@ -88,14 +88,11 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
 		return (-1);
 	seq = time(NULL) / k->timestep;
 	for (int i = -window; i <= window; ++i) {
-#if OATH_TOTP_PREVENT_REUSE
-		/* XXX disabled for now, should be a key parameter? */
-		if (seq + i <= k->lastuse)
+		if (seq + i <= k->lastused)
 			continue;
-#endif
 		code = oath_hotp(k->key, k->keylen, seq + i, k->digits);
 		if (code == response && !k->dummy) {
-			k->lastuse = seq;
+			k->lastused = seq;
 			return (1);
 		}
 	}