diff options
| author | Damien Miller <djm@mindrot.org> | 2014-02-04 11:12:56 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-02-04 11:12:56 +1100 |
| commit | 7cc194f70d4a5ec9a82d19422eaf18db4a6624c6 (patch) | |
| tree | 8bf6b25f93b3ee74dc184349a45125738e89df5b /sshconnect2.c | |
| parent | b0f26544cf6f4feeb1a4f6db09fca834f5c9867d (diff) | |
- djm@cvs.openbsd.org 2014/01/29 06:18:35
[Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
[monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
[schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
remove experimental, never-enabled JPAKE code; ok markus@
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 293 |
1 files changed, 1 insertions, 292 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 8acffc5c3..8343db10e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.201 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.202 2014/01/29 06:18:35 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -70,8 +70,6 @@ | |||
| 70 | #include "pathnames.h" | 70 | #include "pathnames.h" |
| 71 | #include "uidswap.h" | 71 | #include "uidswap.h" |
| 72 | #include "hostfile.h" | 72 | #include "hostfile.h" |
| 73 | #include "schnorr.h" | ||
| 74 | #include "jpake.h" | ||
| 75 | 73 | ||
| 76 | #ifdef GSSAPI | 74 | #ifdef GSSAPI |
| 77 | #include "ssh-gss.h" | 75 | #include "ssh-gss.h" |
| @@ -289,18 +287,12 @@ void input_userauth_error(int, u_int32_t, void *); | |||
| 289 | void input_userauth_info_req(int, u_int32_t, void *); | 287 | void input_userauth_info_req(int, u_int32_t, void *); |
| 290 | void input_userauth_pk_ok(int, u_int32_t, void *); | 288 | void input_userauth_pk_ok(int, u_int32_t, void *); |
| 291 | void input_userauth_passwd_changereq(int, u_int32_t, void *); | 289 | void input_userauth_passwd_changereq(int, u_int32_t, void *); |
| 292 | void input_userauth_jpake_server_step1(int, u_int32_t, void *); | ||
| 293 | void input_userauth_jpake_server_step2(int, u_int32_t, void *); | ||
| 294 | void input_userauth_jpake_server_confirm(int, u_int32_t, void *); | ||
| 295 | 290 | ||
| 296 | int userauth_none(Authctxt *); | 291 | int userauth_none(Authctxt *); |
| 297 | int userauth_pubkey(Authctxt *); | 292 | int userauth_pubkey(Authctxt *); |
| 298 | int userauth_passwd(Authctxt *); | 293 | int userauth_passwd(Authctxt *); |
| 299 | int userauth_kbdint(Authctxt *); | 294 | int userauth_kbdint(Authctxt *); |
| 300 | int userauth_hostbased(Authctxt *); | 295 | int userauth_hostbased(Authctxt *); |
| 301 | int userauth_jpake(Authctxt *); | ||
| 302 | |||
| 303 | void userauth_jpake_cleanup(Authctxt *); | ||
| 304 | 296 | ||
| 305 | #ifdef GSSAPI | 297 | #ifdef GSSAPI |
| 306 | int userauth_gssapi(Authctxt *authctxt); | 298 | int userauth_gssapi(Authctxt *authctxt); |
| @@ -340,13 +332,6 @@ Authmethod authmethods[] = { | |||
| 340 | NULL, | 332 | NULL, |
| 341 | &options.pubkey_authentication, | 333 | &options.pubkey_authentication, |
| 342 | NULL}, | 334 | NULL}, |
| 343 | #ifdef JPAKE | ||
| 344 | {"jpake-01@openssh.com", | ||
| 345 | userauth_jpake, | ||
| 346 | userauth_jpake_cleanup, | ||
| 347 | &options.zero_knowledge_password_authentication, | ||
| 348 | &options.batch_mode}, | ||
| 349 | #endif | ||
| 350 | {"keyboard-interactive", | 335 | {"keyboard-interactive", |
| 351 | userauth_kbdint, | 336 | userauth_kbdint, |
| 352 | NULL, | 337 | NULL, |
| @@ -965,209 +950,6 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
| 965 | &input_userauth_passwd_changereq); | 950 | &input_userauth_passwd_changereq); |
| 966 | } | 951 | } |
| 967 | 952 | ||
| 968 | #ifdef JPAKE | ||
| 969 | static char * | ||
| 970 | pw_encrypt(const char *password, const char *crypt_scheme, const char *salt) | ||
| 971 | { | ||
| 972 | /* OpenBSD crypt(3) handles all of these */ | ||
| 973 | if (strcmp(crypt_scheme, "crypt") == 0 || | ||
| 974 | strcmp(crypt_scheme, "bcrypt") == 0 || | ||
| 975 | strcmp(crypt_scheme, "md5crypt") == 0 || | ||
| 976 | strcmp(crypt_scheme, "crypt-extended") == 0) | ||
| 977 | return xstrdup(crypt(password, salt)); | ||
| 978 | error("%s: unsupported password encryption scheme \"%.100s\"", | ||
| 979 | __func__, crypt_scheme); | ||
| 980 | return NULL; | ||
| 981 | } | ||
| 982 | |||
| 983 | static BIGNUM * | ||
| 984 | jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme, | ||
| 985 | const char *salt) | ||
| 986 | { | ||
| 987 | char prompt[256], *password, *crypted; | ||
| 988 | u_char *secret; | ||
| 989 | u_int secret_len; | ||
| 990 | BIGNUM *ret; | ||
| 991 | |||
| 992 | snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ", | ||
| 993 | authctxt->server_user, authctxt->host); | ||
| 994 | password = read_passphrase(prompt, 0); | ||
| 995 | |||
| 996 | if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) { | ||
| 997 | logit("Disabling %s authentication", authctxt->method->name); | ||
| 998 | authctxt->method->enabled = NULL; | ||
| 999 | /* Continue with an empty password to fail gracefully */ | ||
| 1000 | crypted = xstrdup(""); | ||
| 1001 | } | ||
| 1002 | |||
| 1003 | #ifdef JPAKE_DEBUG | ||
| 1004 | debug3("%s: salt = %s", __func__, salt); | ||
| 1005 | debug3("%s: scheme = %s", __func__, crypt_scheme); | ||
| 1006 | debug3("%s: crypted = %s", __func__, crypted); | ||
| 1007 | #endif | ||
| 1008 | |||
| 1009 | if (hash_buffer(crypted, strlen(crypted), SSH_DIGEST_SHA1, | ||
| 1010 | &secret, &secret_len) != 0) | ||
| 1011 | fatal("%s: hash_buffer", __func__); | ||
| 1012 | |||
| 1013 | bzero(password, strlen(password)); | ||
| 1014 | bzero(crypted, strlen(crypted)); | ||
| 1015 | free(password); | ||
| 1016 | free(crypted); | ||
| 1017 | |||
| 1018 | if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) | ||
| 1019 | fatal("%s: BN_bin2bn (secret)", __func__); | ||
| 1020 | bzero(secret, secret_len); | ||
| 1021 | free(secret); | ||
| 1022 | |||
| 1023 | return ret; | ||
| 1024 | } | ||
| 1025 | |||
| 1026 | /* ARGSUSED */ | ||
| 1027 | void | ||
| 1028 | input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt) | ||
| 1029 | { | ||
| 1030 | Authctxt *authctxt = ctxt; | ||
| 1031 | struct jpake_ctx *pctx = authctxt->methoddata; | ||
| 1032 | u_char *x3_proof, *x4_proof, *x2_s_proof; | ||
| 1033 | u_int x3_proof_len, x4_proof_len, x2_s_proof_len; | ||
| 1034 | char *crypt_scheme, *salt; | ||
| 1035 | |||
| 1036 | /* Disable this message */ | ||
| 1037 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL); | ||
| 1038 | |||
| 1039 | if ((pctx->g_x3 = BN_new()) == NULL || | ||
| 1040 | (pctx->g_x4 = BN_new()) == NULL) | ||
| 1041 | fatal("%s: BN_new", __func__); | ||
| 1042 | |||
| 1043 | /* Fetch step 1 values */ | ||
| 1044 | crypt_scheme = packet_get_string(NULL); | ||
| 1045 | salt = packet_get_string(NULL); | ||
| 1046 | pctx->server_id = packet_get_string(&pctx->server_id_len); | ||
| 1047 | packet_get_bignum2(pctx->g_x3); | ||
| 1048 | packet_get_bignum2(pctx->g_x4); | ||
| 1049 | x3_proof = packet_get_string(&x3_proof_len); | ||
| 1050 | x4_proof = packet_get_string(&x4_proof_len); | ||
| 1051 | packet_check_eom(); | ||
| 1052 | |||
| 1053 | JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__)); | ||
| 1054 | |||
| 1055 | /* Obtain password and derive secret */ | ||
| 1056 | pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); | ||
| 1057 | bzero(crypt_scheme, strlen(crypt_scheme)); | ||
| 1058 | bzero(salt, strlen(salt)); | ||
| 1059 | free(crypt_scheme); | ||
| 1060 | free(salt); | ||
| 1061 | JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); | ||
| 1062 | |||
| 1063 | /* Calculate step 2 values */ | ||
| 1064 | jpake_step2(pctx->grp, pctx->s, pctx->g_x1, | ||
| 1065 | pctx->g_x3, pctx->g_x4, pctx->x2, | ||
| 1066 | pctx->server_id, pctx->server_id_len, | ||
| 1067 | pctx->client_id, pctx->client_id_len, | ||
| 1068 | x3_proof, x3_proof_len, | ||
| 1069 | x4_proof, x4_proof_len, | ||
| 1070 | &pctx->a, | ||
| 1071 | &x2_s_proof, &x2_s_proof_len); | ||
| 1072 | |||
| 1073 | bzero(x3_proof, x3_proof_len); | ||
| 1074 | bzero(x4_proof, x4_proof_len); | ||
| 1075 | free(x3_proof); | ||
| 1076 | free(x4_proof); | ||
| 1077 | |||
| 1078 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); | ||
| 1079 | |||
| 1080 | /* Send values for step 2 */ | ||
| 1081 | packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2); | ||
| 1082 | packet_put_bignum2(pctx->a); | ||
| 1083 | packet_put_string(x2_s_proof, x2_s_proof_len); | ||
| 1084 | packet_send(); | ||
| 1085 | |||
| 1086 | bzero(x2_s_proof, x2_s_proof_len); | ||
| 1087 | free(x2_s_proof); | ||
| 1088 | |||
| 1089 | /* Expect step 2 packet from peer */ | ||
| 1090 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, | ||
| 1091 | input_userauth_jpake_server_step2); | ||
| 1092 | } | ||
| 1093 | |||
| 1094 | /* ARGSUSED */ | ||
| 1095 | void | ||
| 1096 | input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt) | ||
| 1097 | { | ||
| 1098 | Authctxt *authctxt = ctxt; | ||
| 1099 | struct jpake_ctx *pctx = authctxt->methoddata; | ||
| 1100 | u_char *x4_s_proof; | ||
| 1101 | u_int x4_s_proof_len; | ||
| 1102 | |||
| 1103 | /* Disable this message */ | ||
| 1104 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL); | ||
| 1105 | |||
| 1106 | if ((pctx->b = BN_new()) == NULL) | ||
| 1107 | fatal("%s: BN_new", __func__); | ||
| 1108 | |||
| 1109 | /* Fetch step 2 values */ | ||
| 1110 | packet_get_bignum2(pctx->b); | ||
| 1111 | x4_s_proof = packet_get_string(&x4_s_proof_len); | ||
| 1112 | packet_check_eom(); | ||
| 1113 | |||
| 1114 | JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__)); | ||
| 1115 | |||
| 1116 | /* Derive shared key and calculate confirmation hash */ | ||
| 1117 | jpake_key_confirm(pctx->grp, pctx->s, pctx->b, | ||
| 1118 | pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4, | ||
| 1119 | pctx->client_id, pctx->client_id_len, | ||
| 1120 | pctx->server_id, pctx->server_id_len, | ||
| 1121 | session_id2, session_id2_len, | ||
| 1122 | x4_s_proof, x4_s_proof_len, | ||
| 1123 | &pctx->k, | ||
| 1124 | &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); | ||
| 1125 | |||
| 1126 | bzero(x4_s_proof, x4_s_proof_len); | ||
| 1127 | free(x4_s_proof); | ||
| 1128 | |||
| 1129 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); | ||
| 1130 | |||
| 1131 | /* Send key confirmation proof */ | ||
| 1132 | packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM); | ||
| 1133 | packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len); | ||
| 1134 | packet_send(); | ||
| 1135 | |||
| 1136 | /* Expect confirmation from peer */ | ||
| 1137 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, | ||
| 1138 | input_userauth_jpake_server_confirm); | ||
| 1139 | } | ||
| 1140 | |||
| 1141 | /* ARGSUSED */ | ||
| 1142 | void | ||
| 1143 | input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt) | ||
| 1144 | { | ||
| 1145 | Authctxt *authctxt = ctxt; | ||
| 1146 | struct jpake_ctx *pctx = authctxt->methoddata; | ||
| 1147 | |||
| 1148 | /* Disable this message */ | ||
| 1149 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL); | ||
| 1150 | |||
| 1151 | pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len); | ||
| 1152 | packet_check_eom(); | ||
| 1153 | |||
| 1154 | JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__)); | ||
| 1155 | |||
| 1156 | /* Verify expected confirmation hash */ | ||
| 1157 | if (jpake_check_confirm(pctx->k, | ||
| 1158 | pctx->server_id, pctx->server_id_len, | ||
| 1159 | session_id2, session_id2_len, | ||
| 1160 | pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1) | ||
| 1161 | debug("%s: %s success", __func__, authctxt->method->name); | ||
| 1162 | else { | ||
| 1163 | debug("%s: confirmation mismatch", __func__); | ||
| 1164 | /* XXX stash this so if auth succeeds then we can warn/kill */ | ||
| 1165 | } | ||
| 1166 | |||
| 1167 | userauth_jpake_cleanup(authctxt); | ||
| 1168 | } | ||
| 1169 | #endif /* JPAKE */ | ||
| 1170 | |||
| 1171 | static int | 953 | static int |
| 1172 | identity_sign(Identity *id, u_char **sigp, u_int *lenp, | 954 | identity_sign(Identity *id, u_char **sigp, u_int *lenp, |
| 1173 | u_char *data, u_int datalen) | 955 | u_char *data, u_int datalen) |
| @@ -1783,79 +1565,6 @@ userauth_hostbased(Authctxt *authctxt) | |||
| 1783 | return 1; | 1565 | return 1; |
| 1784 | } | 1566 | } |
| 1785 | 1567 | ||
| 1786 | #ifdef JPAKE | ||
| 1787 | int | ||
| 1788 | userauth_jpake(Authctxt *authctxt) | ||
| 1789 | { | ||
| 1790 | struct jpake_ctx *pctx; | ||
| 1791 | u_char *x1_proof, *x2_proof; | ||
| 1792 | u_int x1_proof_len, x2_proof_len; | ||
| 1793 | static int attempt = 0; /* XXX share with userauth_password's? */ | ||
| 1794 | |||
| 1795 | if (attempt++ >= options.number_of_password_prompts) | ||
| 1796 | return 0; | ||
| 1797 | if (attempt != 1) | ||
| 1798 | error("Permission denied, please try again."); | ||
| 1799 | |||
| 1800 | if (authctxt->methoddata != NULL) | ||
| 1801 | fatal("%s: authctxt->methoddata already set (%p)", | ||
| 1802 | __func__, authctxt->methoddata); | ||
| 1803 | |||
| 1804 | authctxt->methoddata = pctx = jpake_new(); | ||
| 1805 | |||
| 1806 | /* | ||
| 1807 | * Send request immediately, to get the protocol going while | ||
| 1808 | * we do the initial computations. | ||
| 1809 | */ | ||
| 1810 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | ||
| 1811 | packet_put_cstring(authctxt->server_user); | ||
| 1812 | packet_put_cstring(authctxt->service); | ||
| 1813 | packet_put_cstring(authctxt->method->name); | ||
| 1814 | packet_send(); | ||
| 1815 | packet_write_wait(); | ||
| 1816 | |||
| 1817 | jpake_step1(pctx->grp, | ||
| 1818 | &pctx->client_id, &pctx->client_id_len, | ||
| 1819 | &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2, | ||
| 1820 | &x1_proof, &x1_proof_len, | ||
| 1821 | &x2_proof, &x2_proof_len); | ||
| 1822 | |||
| 1823 | JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__)); | ||
| 1824 | |||
| 1825 | packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1); | ||
| 1826 | packet_put_string(pctx->client_id, pctx->client_id_len); | ||
| 1827 | packet_put_bignum2(pctx->g_x1); | ||
| 1828 | packet_put_bignum2(pctx->g_x2); | ||
| 1829 | packet_put_string(x1_proof, x1_proof_len); | ||
| 1830 | packet_put_string(x2_proof, x2_proof_len); | ||
| 1831 | packet_send(); | ||
| 1832 | |||
| 1833 | bzero(x1_proof, x1_proof_len); | ||
| 1834 | bzero(x2_proof, x2_proof_len); | ||
| 1835 | free(x1_proof); | ||
| 1836 | free(x2_proof); | ||
| 1837 | |||
| 1838 | /* Expect step 1 packet from peer */ | ||
| 1839 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, | ||
| 1840 | input_userauth_jpake_server_step1); | ||
| 1841 | dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, | ||
| 1842 | &input_userauth_success_unexpected); | ||
| 1843 | |||
| 1844 | return 1; | ||
| 1845 | } | ||
| 1846 | |||
| 1847 | void | ||
| 1848 | userauth_jpake_cleanup(Authctxt *authctxt) | ||
| 1849 | { | ||
| 1850 | debug3("%s: clean up", __func__); | ||
| 1851 | if (authctxt->methoddata != NULL) { | ||
| 1852 | jpake_free(authctxt->methoddata); | ||
| 1853 | authctxt->methoddata = NULL; | ||
| 1854 | } | ||
| 1855 | dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); | ||
| 1856 | } | ||
| 1857 | #endif /* JPAKE */ | ||
| 1858 | |||
| 1859 | /* find auth method */ | 1568 | /* find auth method */ |
| 1860 | 1569 | ||
| 1861 | /* | 1570 | /* |