Use time stamp to prevent OTP phishing

common.php

@@ -8,6 +8,9 @@ define('S_MISSING_PARAMETER', 'MISSING_PARAMETER');
 //define('S_NO_SUCH_CLIENT', 'NO_SUCH_CLIENT'); // Deprecated by paul 20080920
 define('S_OPERATION_NOT_ALLOWED', 'OPERATION_NOT_ALLOWED');
 define('S_BACKEND_ERROR', 'BACKEND_ERROR');
+define('S_SECURITY_ERROR', 'SECURITY_ERROR');
+define('TS_SEC', 0.1118);
+define('TS_TOLERANCE', 0.3);
 
 function debug($msg, $exit = false) {
 	global $trace;

verifyOTP.php

@@ -1,10 +1,13 @@
-<?php require_once '../yubiphpbase/appinclude.php';
+<?php
+require_once '../yubiphpbase/appinclude.php';
 require_once '../yubiphpbase/yubi_lib.php';
 require_once 'common.php';
 
 header("content-type: text/plain");
 
-if (!isset($trace)) { $trace = 0; }
+if (!isset ($trace)) {
+	$trace = 0;
+}
 
 $client = getHttpVal('id', 0);
 if ($client <= 0) {
@@ -63,14 +66,14 @@ if ($ad['chk_sig']) {
 		sendResp(S_MISSING_PARAMETER, 'h');
 		debug('signature missing, hmac=' . $hmac);
 		exit;
-	} else if ($hmac != $h) {
+	} else
+		if ($hmac != $h) {
 			sendResp(S_BAD_SIGNATURE);
 			debug('h=' . $h . ', hmac=' . $hmac);
 			exit;
 		}
 }
 
-
 //// Decode OTP from input
 //
 debug('From the OTP validation request:');
@@ -126,31 +129,61 @@ if ($scDiff > 0) {
 	debug("Session counter OK (" . $sessionCounter . ")");
 }
 
-//// Check the high counter
+//// Check the time stamp
 //
-$hi = $decoded_token["high"]; // From the req
-$seenHi = $ad['high']; // From DB
-$hiDiff = $seenHi - $hi;
-if ($scDiff == 0 && $hiDiff > 0) {
-	debug("Replayed hi counter=".$hi.', seen='.$seenHi);
+if ($scDiff == 0) { // Same use session, check time stamp diff
+	$ts = $decoded_token['timestamp'];
+	$seenTs = ($ad['high'] << 16) + $ad['low'];
+	$tsDiff = $ts - $seenTs;
+	if ($tsDiff <= 0) {
+		debug("Replayed time stamp=" . $ts . ', seen=' . $seenTs);
 		sendResp(S_REPLAYED_OTP);
 		exit;
 	} else {
-	debug("Hi counter OK (".$hi.")");
+		$tsDelta = $tsDiff * TS_SEC;
+		debug("Timestamp OK (" . $ts . ") delta count=".$tsDiff.
+			'-> delta secs='.$tsDelta);
 	}
 
+	$lastTime = strtotime($ad['accessed']);
+	//$lastAccess = $ad['accessed'];
+	//echo 'Last accessed: '.$lastAccess.' '.date("F j, Y, g:i a", $lastTime)."\n";
+	$elapsed = time() - $lastTime;
+	debug('Elapsed time from last validation: '.$elapsed.' secs');
+	$deviation = abs($elapsed - $tsDelta);
+	debug("Key time deviation vs. real elapsed time=".$deviation.' secs');
+	if ($deviation > TS_TOLERANCE * $elapsed) {
+		debug("Is the OTP generated from a real crypto key?");
+		sendResp(S_SECURITY_ERROR);
+		exit;
+	}
+}
+
+//// Check the high counter
+//
+//$hi = $decoded_token["high"]; // From the req
+//$seenHi = $ad['high']; // From DB
+//$hiDiff = $seenHi - $hi;
+//if ($scDiff == 0 && $hiDiff > 0) {
+//	debug("Replayed hi counter=".$hi.', seen='.$seenHi);
+//	sendResp(S_REPLAYED_OTP);
+//	exit;
+//} else {
+//	debug("Hi counter OK (".$hi.")");
+//}
+
 //// Check the low counter
 //
-$lo = $decoded_token["low"]; // From the req
-$seenLo = $ad['low']; // From DB
-$loDiff = $seenLo - $lo;
-if ($scDiff == 0 && $hiDiff == 0 && $loDiff >= 0) {
-	debug("Replayed low counter=".$lo.', seen='.$seenLo);
-	sendResp(S_REPLAYED_OTP);
-	exit;
-} else {
-	debug("Lo counter OK (".$lo.")");
-}
+//$lo = $decoded_token["low"]; // From the req
+//$seenLo = $ad['low']; // From DB
+//$loDiff = $seenLo - $lo;
+//if ($scDiff == 0 && $hiDiff == 0 && $loDiff >= 0) {
+//	debug("Replayed low counter=".$lo.', seen='.$seenLo);
+//	sendResp(S_REPLAYED_OTP);
+//	exit;
+//} else {
+//	debug("Lo counter OK (".$lo.")");
+//}
 
 //// Update the DB only upon validation success
 //
@@ -202,5 +235,4 @@ function updDB($keyid, $new, $client) {
 
 	return true;
 }
-
 ?>