Use time stamp to prevent OTP phishing

2025-01-20 10:52:15 +01:00 · 2008-12-03 07:49:32 +00:00 · 2008-12-03 07:49:32 +00:00 · 150458a5ea
commit 150458a5ea
parent 1c9c717efd
2 changed files with 100 additions and 65 deletions
--- a/common.php
+++ b/common.php
@ -8,6 +8,9 @@ define('S_MISSING_PARAMETER', 'MISSING_PARAMETER');
 //define('S_NO_SUCH_CLIENT', 'NO_SUCH_CLIENT'); // Deprecated by paul 20080920
 define('S_OPERATION_NOT_ALLOWED', 'OPERATION_NOT_ALLOWED');
 define('S_BACKEND_ERROR', 'BACKEND_ERROR');
+define('S_SECURITY_ERROR', 'SECURITY_ERROR');
+define('TS_SEC', 0.1118);
+define('TS_TOLERANCE', 0.3);

 function debug($msg, $exit = false) {
 	global $trace;
--- a/verifyOTP.php
+++ b/verifyOTP.php
@ -1,10 +1,13 @@
-<?php require_once '../yubiphpbase/appinclude.php';
-	  require_once '../yubiphpbase/yubi_lib.php';
-	  require_once 'common.php';
+<?php
+require_once '../yubiphpbase/appinclude.php';
+require_once '../yubiphpbase/yubi_lib.php';
+require_once 'common.php';

 header("content-type: text/plain");

-if (!isset($trace)) { $trace = 0; }
+if (!isset ($trace)) {
+	$trace = 0;
+}

 $client = getHttpVal('id', 0);
 if ($client <= 0) {
@ -28,7 +31,7 @@ $devId = substr($otp, 0, 12);
 $ad = getAuthData($devId);

 if ($ad == null) {
-	debug('Invalid Yubikey '.$devId);
+	debug('Invalid Yubikey ' . $devId);
 	sendResp(S_BAD_OTP, $otp);
 	exit;
 } else {
@ -39,14 +42,14 @@ if ($ad == null) {
 //

 if ($ad['chk_owner'] && $ad['client_id'] != $client) {
-	debug('Client-'.$client.' is not the owner of the Yubikey!');
+	debug('Client-' . $client . ' is not the owner of the Yubikey!');
 	sendResp(S_BAD_CLIENT, 'Not owner of the Yubikey');
 	exit;
 }

 $k = b64ToModhex($ad['secret']);
 //debug('aes key in modhex = '.$k);
-$key16 = ModHex::Decode($k);
+$key16 = ModHex :: Decode($k);
 //debug('aes key in hex = ['.$key16.'], length = '.strlen($key16));
 $apiKey = base64_decode($ad['c_secret']);

@ -54,29 +57,29 @@ $apiKey = base64_decode($ad['c_secret']);
 //
 if ($ad['chk_sig']) {
 	// Create the signature using the API key
-	$a = array();
-	$a['id']=$client;
-	$a['otp']=$otp;
+	$a = array ();
+	$a['id'] = $client;
+	$a['otp'] = $otp;
 	$hmac = sign($a, $apiKey);

 	if (($h = getHttpVal('h', '')) == '') {
 		sendResp(S_MISSING_PARAMETER, 'h');
-		debug('signature missing, hmac='.$hmac);
+		debug('signature missing, hmac=' . $hmac);
 		exit;
-	} else if ($hmac != $h) {
-		sendResp(S_BAD_SIGNATURE);
-		debug('h='.$h.', hmac='.$hmac);
-		exit;
-	}
+	} else
+		if ($hmac != $h) {
+			sendResp(S_BAD_SIGNATURE);
+			debug('h=' . $h . ', hmac=' . $hmac);
+			exit;
+		}
 }

-
 //// Decode OTP from input
 //
 debug('From the OTP validation request:');
-$decoded_token = Yubikey::Decode($otp, $key16);
+$decoded_token = Yubikey :: Decode($otp, $key16);
 debug($decoded_token);
-if ( ! is_array($decoded_token) ) {
+if (!is_array($decoded_token)) {
 	sendResp(S_BAD_OTP, $otp);
 	exit;
 }
@ -97,18 +100,18 @@ if ($ad['c_active'] < 1) {

 //// Sanity check token ID
 //
-if (strlen($decoded_token["public_id"]) == 12 ) {
-	debug("Token ID OK (".$decoded_token["public_id"].")");
+if (strlen($decoded_token["public_id"]) == 12) {
+	debug("Token ID OK (" . $decoded_token["public_id"] . ")");
 } else {
-	debug("TOKEN ID FAILED, ".$decoded_token["public_id"]); 
+	debug("TOKEN ID FAILED, " . $decoded_token["public_id"]);
 	sendResp(S_BAD_OTP, $otp);
 	exit;
 }

 //// Sanity check the OTP
 //
-if ( strlen($decoded_token["token"]) != 32) {
-	debug("Wrong OTP length,".strlen($decoded_token["token"]));
+if (strlen($decoded_token["token"]) != 32) {
+	debug("Wrong OTP length," . strlen($decoded_token["token"]));
 	sendResp(S_BAD_OTP, $otp);
 	exit;
 }
@ -119,38 +122,68 @@ $sessionCounter = $decoded_token["session_counter"]; // From the req
 $seenSessionCounter = $ad['counter']; // From DB
 $scDiff = $seenSessionCounter - $sessionCounter;
 if ($scDiff > 0) {
-	debug("Replayed session counter=".$sessionCounter.', seen='.$seenSessionCounter);
+	debug("Replayed session counter=" . $sessionCounter . ', seen=' . $seenSessionCounter);
 	sendResp(S_REPLAYED_OTP);
 	exit;
 } else {
-	debug("Session counter OK (".$sessionCounter.")");
+	debug("Session counter OK (" . $sessionCounter . ")");
+}
+
+//// Check the time stamp
+//
+if ($scDiff == 0) { // Same use session, check time stamp diff
+	$ts = $decoded_token['timestamp'];
+	$seenTs = ($ad['high'] << 16) + $ad['low'];
+	$tsDiff = $ts - $seenTs;
+	if ($tsDiff <= 0) {
+		debug("Replayed time stamp=" . $ts . ', seen=' . $seenTs);
+		sendResp(S_REPLAYED_OTP);
+		exit;
+	} else {
+		$tsDelta = $tsDiff * TS_SEC;
+		debug("Timestamp OK (" . $ts . ") delta count=".$tsDiff.
+			'-> delta secs='.$tsDelta);
+	}
+
+	$lastTime = strtotime($ad['accessed']);
+	//$lastAccess = $ad['accessed'];
+	//echo 'Last accessed: '.$lastAccess.' '.date("F j, Y, g:i a", $lastTime)."\n";
+	$elapsed = time() - $lastTime;
+	debug('Elapsed time from last validation: '.$elapsed.' secs');
+	$deviation = abs($elapsed - $tsDelta);
+	debug("Key time deviation vs. real elapsed time=".$deviation.' secs');
+	if ($deviation > TS_TOLERANCE * $elapsed) {
+		debug("Is the OTP generated from a real crypto key?");
+		sendResp(S_SECURITY_ERROR);
+		exit;
+	}
 }

 //// Check the high counter
 //
-$hi = $decoded_token["high"]; // From the req
-$seenHi = $ad['high']; // From DB
-$hiDiff = $seenHi - $hi;
-if ($scDiff == 0 && $hiDiff > 0) {
-	debug("Replayed hi counter=".$hi.', seen='.$seenHi);
-	sendResp(S_REPLAYED_OTP);
-	exit;
-} else {
-	debug("Hi counter OK (".$hi.")");
-}
+//$hi = $decoded_token["high"]; // From the req
+//$seenHi = $ad['high']; // From DB
+//$hiDiff = $seenHi - $hi;
+//if ($scDiff == 0 && $hiDiff > 0) {
+//	debug("Replayed hi counter=".$hi.', seen='.$seenHi);
+//	sendResp(S_REPLAYED_OTP);
+//	exit;
+//} else {
+//	debug("Hi counter OK (".$hi.")");
+//}

 //// Check the low counter
 //
-$lo = $decoded_token["low"]; // From the req
-$seenLo = $ad['low']; // From DB
-$loDiff = $seenLo - $lo;
-if ($scDiff == 0 && $hiDiff == 0 && $loDiff >= 0) {
-	debug("Replayed low counter=".$lo.', seen='.$seenLo);
-	sendResp(S_REPLAYED_OTP);
-	exit;
-} else {
-	debug("Lo counter OK (".$lo.")");
-}
+//$lo = $decoded_token["low"]; // From the req
+//$seenLo = $ad['low']; // From DB
+//$loDiff = $seenLo - $lo;
+//if ($scDiff == 0 && $hiDiff == 0 && $loDiff >= 0) {
+//	debug("Replayed low counter=".$lo.', seen='.$seenLo);
+//	sendResp(S_REPLAYED_OTP);
+//	exit;
+//} else {
+//	debug("Lo counter OK (".$lo.")");
+//}

 //// Update the DB only upon validation success
 //
@ -166,41 +199,40 @@ if (updDB($ad['id'], $decoded_token, $client)) {
 // 		Functions
 //////////////////////////

-function sendResp($status, $info=null) {
+function sendResp($status, $info = null) {
 	global $ad, $apiKey;

 	if ($status == null) {
 		$status = S_BACKEND_ERROR;
 	}

-	echo 'status='.($a['status'] = $status).PHP_EOL;
+	echo 'status=' . ($a['status'] = $status) . PHP_EOL;
 	if ($info != null) {
-		echo 'info='.($a['info'] = $info).PHP_EOL;
+		echo 'info=' . ($a['info'] = $info) . PHP_EOL;
 	}
-	echo 't='.($a['t']=getUTCTimeStamp()).PHP_EOL;
+	echo 't=' . ($a['t'] = getUTCTimeStamp()) . PHP_EOL;
 	$h = sign($a, $apiKey);
-	echo 'h='.$h.PHP_EOL;
+	echo 'h=' . $h . PHP_EOL;
 	echo PHP_EOL;

 } // End sendResp

 function updDB($keyid, $new, $client) {
-	$stmt = 'UPDATE yubikeys SET '.
-		'accessed=NOW(),'.
-		'counter='.$new['session_counter'].','.
-		'low='.$new['low'].','.
-		'high='.$new['high'].
-		' WHERE id='.$keyid;
+	$stmt = 'UPDATE yubikeys SET ' .
+	'accessed=NOW(),' .
+	'counter=' . $new['session_counter'] . ',' .
+	'low=' . $new['low'] . ',' .
+	'high=' . $new['high'] .
+	' WHERE id=' . $keyid;
 	if (!query($stmt)) {
-		$err = 'Failed to update validation data of key: '.$keyid.' by '.$stmt;
+		$err = 'Failed to update validation data of key: ' . $keyid . ' by ' . $stmt;
 		debug($err);
 		writeLog($err);
 		return false;
 	}

-	addHist(0, $_SERVER['REMOTE_ADDR'] , $keyid, $client);
+	addHist(0, $_SERVER['REMOTE_ADDR'], $keyid, $client);

 	return true;
 }
-
 ?>