From 14bc884b105926ea75efa6d521699cb1802d9882 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Sun, 17 Dec 2017 18:16:46 +0100 Subject: ptunnel-ng: * source refactoring * challenge response exported to module --- challenge.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 challenge.c (limited to 'challenge.c') diff --git a/challenge.c b/challenge.c new file mode 100644 index 0000000..4d8bf65 --- /dev/null +++ b/challenge.c @@ -0,0 +1,56 @@ +#include +#include +#include + +#include "challenge.h" +#include "options.h" +#include "md5.h" + +/* generate_challenge: Generates a random challenge, incorporating the current + * local timestamp to avoid replay attacks. + */ +challenge_t* generate_challenge(void) { + struct timeval tt; + challenge_t *c; + int i; + + c = (challenge_t *) calloc(1, sizeof(challenge_t)); + gettimeofday(&tt, 0); + c->sec = tt.tv_sec; + c->usec_rnd = tt.tv_usec + rand(); + for (i=0;i<6;i++) + c->random[i] = rand(); + + return c; +} + +/* generate_response: Generates a response to the given challenge. The response + * is generated by combining the concatenating the challenge data with the + * md5 digest of the password, and then calculating the MD5 digest of the + * entire buffer. The result is stored in the passed-in challenge, overwriting + * the challenge data. + */ +void generate_response(challenge_t *challenge) { + md5_byte_t buf[sizeof(challenge_t)+kMD5_digest_size]; + md5_state_t state; + + memcpy(buf, challenge, sizeof(challenge_t)); + memcpy(&buf[sizeof(challenge_t)], opts.password_digest, kMD5_digest_size); + memset(challenge, 0, sizeof(challenge_t)); + md5_init(&state); + md5_append(&state, buf, sizeof(challenge_t)+kMD5_digest_size); + md5_finish(&state, (md5_byte_t*)challenge); +} + +/* validate_challenge: Checks whether a given response matches the expected + * response, returning 1 if validation succeeded, and 0 otherwise. Note that + * overwriting the local challenge with the challenge result is not a problem, + * as the data will not be used again anyway (authentication either succeeds, + * or the connection is closed down). + */ +int validate_challenge(challenge_t *local, challenge_t *remote) { + generate_response(local); + if (memcmp(local, remote, sizeof(challenge_t)) == 0) + return 1; + return 0; +} -- cgit v1.2.3