ptunnel-ng:

	* source refactoring
	* challenge response exported to module

4 files changed, 63 insertions, 54 deletions

diff --git a/Makefile b/Makefile
index 1ea871e..be3f7b2 100644
--- a/Makefile
+++ b/Makefile
@@ -5,12 +5,12 @@
 CC			= gcc
 CFLAGS		= -Wall -g -fstrict-aliasing -Os
 LDOPTS		= -lpthread -lpcap
-PT_OBJS		= utils.o options.o pkt.o pdesc.o ptunnel.o md5.o base64.o
+PT_OBJS		= utils.o options.o pkt.o challenge.o pdesc.o ptunnel.o md5.o base64.o
 
 WIN32_CC      = mingw32-gcc
 WIN32_CFLAGS  = -g -Wall -DWIN32 -I"c:\Program Files\WpdPack\Include"
 WIN32_LDOPTS  = -lwpcap -lwsock32 -L"c:\Program Files\WpdPack\Lib"
-WIN32_PT_OBJS = utils.obj options.obj pkt.obj pdesc.obj ptunnel.obj md5.obj base64.obj
+WIN32_PT_OBJS = utils.obj options.obj pkt.obj challenge.obj pdesc.obj ptunnel.obj md5.obj base64.obj
 
 prefix		= $(DESTDIR)/usr
 bindir		= $(prefix)/sbin
diff --git a/challenge.c b/challenge.c
new file mode 100644
index 0000000..4d8bf65
--- /dev/null
+++ b/challenge.c
@@ -0,0 +1,56 @@
+#include <stdlib.h>
+#include <string.h>
+#include <sys/time.h>
+
+#include "challenge.h"
+#include "options.h"
+#include "md5.h"
+
+/* generate_challenge: Generates a random challenge, incorporating the current
+ * local timestamp to avoid replay attacks.
+ */
+challenge_t* generate_challenge(void) {
+	struct timeval  tt;
+	challenge_t     *c;
+	int             i;
+
+	c = (challenge_t *) calloc(1, sizeof(challenge_t));
+	gettimeofday(&tt, 0);
+	c->sec      = tt.tv_sec;
+	c->usec_rnd = tt.tv_usec + rand();
+	for (i=0;i<6;i++)
+		c->random[i] = rand();
+
+	return c;
+}
+
+/* generate_response: Generates a response to the given challenge. The response
+ * is generated by combining the concatenating the challenge data with the
+ * md5 digest of the password, and then calculating the MD5 digest of the
+ * entire buffer. The result is stored in the passed-in challenge, overwriting
+ * the challenge data.
+ */
+void generate_response(challenge_t *challenge) {
+	md5_byte_t  buf[sizeof(challenge_t)+kMD5_digest_size];
+	md5_state_t state;
+
+	memcpy(buf, challenge, sizeof(challenge_t));
+	memcpy(&buf[sizeof(challenge_t)], opts.password_digest, kMD5_digest_size);
+	memset(challenge, 0, sizeof(challenge_t));
+	md5_init(&state);
+	md5_append(&state, buf, sizeof(challenge_t)+kMD5_digest_size);
+	md5_finish(&state, (md5_byte_t*)challenge);
+}
+
+/* validate_challenge: Checks whether a given response matches the expected
+ * response, returning 1 if validation succeeded, and 0 otherwise. Note that
+ * overwriting the local challenge with the challenge result is not a problem,
+ * as the data will not be used again anyway (authentication either succeeds,
+ * or the connection is closed down).
+ */
+int validate_challenge(challenge_t *local, challenge_t *remote) {
+	generate_response(local);
+	if (memcmp(local, remote, sizeof(challenge_t)) == 0)
+		return 1;
+	return 0;
+}
diff --git a/challenge.h b/challenge.h
index 7bfd68c..4863782 100644
--- a/challenge.h
+++ b/challenge.h
@@ -15,4 +15,9 @@ typedef struct challenge_t {
 	uint32_t random[6];
 } __attribute__ ((packed)) challenge_t;
 
+
+challenge_t* generate_challenge(void);
+void generate_response(challenge_t *challenge);
+int validate_challenge(challenge_t *local, challenge_t *remote);
+
 #endif
diff --git a/ptunnel.c b/ptunnel.c
index c16338a..9ad526d 100644
--- a/ptunnel.c
+++ b/ptunnel.c
@@ -1021,58 +1021,6 @@ uint16_t	calc_icmp_checksum(uint16_t *data, int bytes) {
 }
 
 
-/*	generate_challenge: Generates a random challenge, incorporating the current
-	local timestamp to avoid replay attacks.
-*/
-challenge_t*	generate_challenge(void) {
-	struct timeval	tt;
-	challenge_t		*c;
-	int				i;
-	
-	c	= calloc(1, sizeof(challenge_t));
-	gettimeofday(&tt, 0);
-	c->sec		= tt.tv_sec;
-	c->usec_rnd	= tt.tv_usec + rand();
-	for (i=0;i<6;i++)
-		c->random[i]	= rand();
-	
-	return c;
-}
-
-
-/*	generate_response: Generates a response to the given challenge. The response
-	is generated by combining the concatenating the challenge data with the
-	md5 digest of the password, and then calculating the MD5 digest of the
-	entire buffer. The result is stored in the passed-in challenge, overwriting
-	the challenge data.
-*/
-void			generate_response(challenge_t *challenge) {
-	md5_byte_t	buf[sizeof(challenge_t)+kMD5_digest_size];
-	md5_state_t	state;
-	
-	memcpy(buf, challenge, sizeof(challenge_t));
-	memcpy(&buf[sizeof(challenge_t)], opts.password_digest, kMD5_digest_size);
-	memset(challenge, 0, sizeof(challenge_t));
-	md5_init(&state);
-	md5_append(&state, buf, sizeof(challenge_t)+kMD5_digest_size);
-	md5_finish(&state, (md5_byte_t*)challenge);
-}
-
-
-/*	validate_challenge: Checks whether a given response matches the expected
-	response, returning 1 if validation succeeded, and 0 otherwise. Note that
-	overwriting the local challenge with the challenge result is not a problem,
-	as the data will not be used again anyway (authentication either succeeds,
-	or the connection is closed down).
-*/
-int				validate_challenge(challenge_t *local, challenge_t *remote) {
-	generate_response(local);
-	if (memcmp(local, remote, sizeof(challenge_t)) == 0)
-		return 1;
-	return 0;
-}
-
-
 /*	send_termination_msg: Sends two packets to the remote end, informing it that
 	the tunnel is being closed down.
 */