aboutsummaryrefslogtreecommitdiff
path: root/src/challenge.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/challenge.c')
-rw-r--r--src/challenge.c51
1 files changed, 35 insertions, 16 deletions
diff --git a/src/challenge.c b/src/challenge.c
index f269313..f0b02ad 100644
--- a/src/challenge.c
+++ b/src/challenge.c
@@ -46,6 +46,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
+#include <assert.h>
#include "challenge.h"
#include "options.h"
@@ -55,48 +56,66 @@
/* generate_challenge: Generates a random challenge, incorporating the current
* local timestamp to avoid replay attacks.
*/
-challenge_t* generate_challenge(void) {
+challenge_t *generate_challenge(void) {
struct timeval tt;
challenge_t *c;
int i;
c = (challenge_t *) calloc(1, sizeof(challenge_t));
+ assert(c != NULL);
gettimeofday(&tt, 0);
- c->sec = tt.tv_sec;
- c->usec_rnd = tt.tv_usec + pt_random();
+ c->plain.sec = tt.tv_sec;
+ c->plain.usec_rnd = tt.tv_usec + pt_random();
for (i=0;i<6;i++)
- c->random[i] = pt_random();
+ c->plain.random[i] = pt_random();
return c;
}
-/* generate_response: Generates a response to the given challenge. The response
+/* generate_response_md5: Generates a response to the given challenge. The response
* is generated by combining the concatenating the challenge data with the
* md5 digest of the password, and then calculating the MD5 digest of the
* entire buffer. The result is stored in the passed-in challenge, overwriting
* the challenge data.
*/
-void generate_response(challenge_t *challenge) {
- md5_byte_t buf[sizeof(challenge_t)+kMD5_digest_size];
+void generate_response_md5(challenge_plain_t *plain, challenge_digest_t *digest) {
+ md5_byte_t buf[sizeof(*plain) + kMD5_digest_size];
md5_state_t state;
- memcpy(buf, challenge, sizeof(challenge_t));
- memcpy(&buf[sizeof(challenge_t)], opts.password_digest, kMD5_digest_size);
- memset(challenge, 0, sizeof(challenge_t));
+ digest->hash_type = HT_MD5;
+ memcpy(buf, plain, sizeof(*plain));
+ memcpy(&buf[sizeof(*plain)], opts.md5_password_digest, kMD5_digest_size);
+ memset(plain, 0, sizeof(*plain));
+
md5_init(&state);
- md5_append(&state, buf, sizeof(challenge_t)+kMD5_digest_size);
- md5_finish(&state, (md5_byte_t*)challenge);
+ md5_append(&state, buf, sizeof(*plain) + kMD5_digest_size);
+ md5_finish(&state, (md5_byte_t *) &digest->md5[0]);
}
-/* validate_challenge: Checks whether a given response matches the expected
+/* validate_challenge_md5: Checks whether a given response matches the expected
* response, returning 1 if validation succeeded, and 0 otherwise. Note that
* overwriting the local challenge with the challenge result is not a problem,
* as the data will not be used again anyway (authentication either succeeds,
* or the connection is closed down).
*/
-int validate_challenge(challenge_t *local, challenge_t *remote) {
- generate_response(local);
- if (memcmp(local, remote, sizeof(challenge_t)) == 0)
+int validate_challenge_md5(challenge_t *local, challenge_digest_t *remote) {
+ generate_response_md5(&local->plain, &local->digest);
+ if (remote->hash_type == HT_MD5 &&
+ memcmp(&local->digest.md5[0], &remote->md5[0], sizeof(local->digest.md5)) == 0)
+ {
return 1;
+ }
return 0;
}
+
+#ifdef ENABLE_SHA512
+void generate_response_sha512(challenge_t *challenge)
+{
+ /* TODO: Implement me! */
+}
+
+int validate_challenge_sha512(challenge_t *local, challenge_t *remote)
+{
+ /* TODO: Implement me! */
+}
+#endif /* ENABLE_SHA512 */
Powered by cgit, Themed by Ted Yin.