This merges Fabian's TOTP fix. I'm hoping the next major release will implement OCRA, Fabian has been busy working on that...
Happy hacking, Simon ** liboath: Add new API methods for validating TOTP OTPs The new methods (oath_totp_validate3 and oath_totp_validate3_callback) introduce a new parameter *otp_counter, which is set to the actual counter used to calculate the OTP (unless it is a NULL pointer). This allows for easier OTP replay detection in applications using liboath. Patch from Fabian Grünbichler <[email protected]>. The OATH Toolkit makes it easy to build one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization that specify the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported. The components included in the package is: * liboath: A shared and static C library for OATH handling. * oathtool: A command line tool for generating and validating OTPs. * pam_oath: A PAM module for pluggable login authentication for OATH. * libpskc: A shared and static C library for PSKC handling. * pskctool: A command line tool for manipulating PSKC data. The project's web page is available at: http://www.nongnu.org/oath-toolkit/ Documentation for the command line tools oathtool and pskctool: http://www.nongnu.org/oath-toolkit/oathtool.1.html http://www.nongnu.org/oath-toolkit/pskctool.1.html http://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial-pskctool.html Manual for PAM module: http://git.savannah.gnu.org/cgit/oath-toolkit.git/tree/pam_oath/README Liboath manual: http://www.nongnu.org/oath-toolkit/liboath-api/liboath-oath.html Libpskc Tutorial & Manual http://www.nongnu.org/oath-toolkit/libpskc-api/pskc-tutorial-quickstart.html http://www.nongnu.org/oath-toolkit/libpskc-api/pskc-reference.html If you need help to use the OATH Toolkit, or want to help others, you are invited to join our oath-toolkit-help mailing list, see: https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help Here are the compressed sources of the entire package: http://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.4.0.tar.gz (4.0MB) http://download.savannah.nongnu.org/releases/oath-toolkit/oath-toolkit-2.4.0.tar.gz.sig (OpenPGP) The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2014-05-11] uid Simon Josefsson <[email protected]> uid Simon Josefsson <[email protected]> sub 2048R/105E722E 2012-03-13 [expires: 2013-07-26] sub 2048R/728AB82C 2012-03-13 [expires: 2013-07-26] sub 2048R/9394F626 2012-03-13 [expires: 2013-07-26] sub 1280R/4D5D40AE 2002-05-05 [expires: 2014-05-11] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: 89d2cd30dd401a3f6973ec3c2b26f1cb737764a7 oath-toolkit-2.4.0.tar.gz 1c165a851a76c3e308ab18c61d1a22b19b93f04b1197ba1dae2e1ec6 oath-toolkit-2.4.0.tar.gz General information on contributing: http://www.nongnu.org/oath-toolkit/contrib.html Savannah developer's home page: https://savannah.nongnu.org/projects/oath-toolkit/ Code coverage charts: http://www.nongnu.org/oath-toolkit/coverage/ Clang code analysis: http://www.nongnu.org/oath-toolkit/clang-analyzer/ Daily snapshots: http://daily.josefsson.org/oath-toolkit/ Autobuild statistics: http://autobuild.josefsson.org/oath-toolkit/
signature.asc
Description: PGP signature
