Keep track of when a TOTP key was last used and prevent reuse of the same
sequence number. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@729 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
Dag-Erling Smørgrav
parent
2cc13d4b85
commit
0446934acb
2 changed files with 3 additions and 6 deletions
|
|
@ -41,7 +41,7 @@ struct oath_key {
|
|||
unsigned int digits;
|
||||
uint64_t counter; /* HOTP only */
|
||||
unsigned int timestep; /* TOTP only - in seconds */
|
||||
uint64_t lastuse; /* TOTP only */
|
||||
uint64_t lastused; /* TOTP only */
|
||||
|
||||
/* housekeeping */
|
||||
unsigned int dummy:1; /* dummy key, always fail */
|
||||
|
|
|
|||
|
|
@ -88,14 +88,11 @@ oath_totp_match(struct oath_key *k, unsigned int response, int window)
|
|||
return (-1);
|
||||
seq = time(NULL) / k->timestep;
|
||||
for (int i = -window; i <= window; ++i) {
|
||||
#if OATH_TOTP_PREVENT_REUSE
|
||||
/* XXX disabled for now, should be a key parameter? */
|
||||
if (seq + i <= k->lastuse)
|
||||
if (seq + i <= k->lastused)
|
||||
continue;
|
||||
#endif
|
||||
code = oath_hotp(k->key, k->keylen, seq + i, k->digits);
|
||||
if (code == response && !k->dummy) {
|
||||
k->lastuse = seq;
|
||||
k->lastused = seq;
|
||||
return (1);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue