OpenPAM/OpenPAM
OpenPAM/OpenPAM
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Keep track of when a TOTP key was last used and prevent reuse of the same

Browse source 
sequence number.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@729 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
Dag-Erling Smørgrav 2013-08-21 15:32:14 +00:00
parent 2cc13d4b85
commit 0446934acb
2 changed files with 3 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/security/oath_types.h
View file

@ -41,7 +41,7 @@ struct oath_key {
unsigned int digits; unsigned int digits;
uint64_t counter; /* HOTP only */ uint64_t counter; /* HOTP only */
unsigned int timestep; /* TOTP only - in seconds */ unsigned int timestep; /* TOTP only - in seconds */
uint64_t lastuse; /* TOTP only */ uint64_t lastused; /* TOTP only */
/* housekeeping */ /* housekeeping */
unsigned int dummy:1; /* dummy key, always fail */ unsigned int dummy:1; /* dummy key, always fail */

7
lib/liboath/oath_totp.c
View file

@ -88,14 +88,11 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
return (-1); return (-1);
seq = time(NULL) / k->timestep; seq = time(NULL) / k->timestep;
for (int i = -window; i <= window; ++i) { for (int i = -window; i <= window; ++i) {
#if OATH_TOTP_PREVENT_REUSE if (seq + i <= k->lastused)
/* XXX disabled for now, should be a key parameter? */
if (seq + i <= k->lastuse)
continue; continue;
#endif
code = oath_hotp(k->key, k->keylen, seq + i, k->digits); code = oath_hotp(k->key, k->keylen, seq + i, k->digits);
if (code == response && !k->dummy) { if (code == response && !k->dummy) {
k->lastuse = seq; k->lastused = seq;
return (1); return (1);
} }
} }