From 0446934acbc0429598f367a17c16c2fcd5f588dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Wed, 21 Aug 2013 15:32:14 +0000 Subject: [PATCH] Keep track of when a TOTP key was last used and prevent reuse of the same sequence number. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@729 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- include/security/oath_types.h | 2 +- lib/liboath/oath_totp.c | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/include/security/oath_types.h b/include/security/oath_types.h index 94ae46f..d11d864 100644 --- a/include/security/oath_types.h +++ b/include/security/oath_types.h @@ -41,7 +41,7 @@ struct oath_key { unsigned int digits; uint64_t counter; /* HOTP only */ unsigned int timestep; /* TOTP only - in seconds */ - uint64_t lastuse; /* TOTP only */ + uint64_t lastused; /* TOTP only */ /* housekeeping */ unsigned int dummy:1; /* dummy key, always fail */ diff --git a/lib/liboath/oath_totp.c b/lib/liboath/oath_totp.c index c033ed7..195b3ae 100644 --- a/lib/liboath/oath_totp.c +++ b/lib/liboath/oath_totp.c @@ -88,14 +88,11 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window) return (-1); seq = time(NULL) / k->timestep; for (int i = -window; i <= window; ++i) { -#if OATH_TOTP_PREVENT_REUSE - /* XXX disabled for now, should be a key parameter? */ - if (seq + i <= k->lastuse) + if (seq + i <= k->lastused) continue; -#endif code = oath_hotp(k->key, k->keylen, seq + i, k->digits); if (code == response && !k->dummy) { - k->lastuse = seq; + k->lastused = seq; return (1); } }