1 files changed, 5 insertions, 229 deletions
diff --git a/monitor.c b/monitor.c
index 03baf1ea9..531c4f9a8 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.128 2013/11/04 11:51:16 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -95,7 +95,6 @@
 #include "misc.h"
 #include "compat.h"
 #include "ssh2.h"
-#include "jpake.h"
 #include "roaming.h"
 #include "authfd.h"
@@ -161,11 +160,6 @@ int mm_answer_rsa_challenge(int, Buffer *);
 int mm_answer_rsa_response(int, Buffer *);
 int mm_answer_sesskey(int, Buffer *);
 int mm_answer_sessid(int, Buffer *);
-int mm_answer_jpake_get_pwdata(int, Buffer *);
-int mm_answer_jpake_step1(int, Buffer *);
-int mm_answer_jpake_step2(int, Buffer *);
-int mm_answer_jpake_key_confirm(int, Buffer *);
-int mm_answer_jpake_check_confirm(int, Buffer *);
 #ifdef USE_PAM
 int mm_answer_pam_start(int, Buffer *);
@@ -254,13 +248,6 @@ struct mon_table mon_dispatch_proto20[] = {
    {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
    {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
 #endif
-#ifdef JPAKE
-    {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
-    {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1},
-    {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2},
-    {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm},
-    {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm},
-#endif
    {0, 0, NULL}
 };
@@ -427,15 +414,6 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
                        if (!authenticated)
                                authctxt->failures++;
                }
-#ifdef JPAKE
-                /* Cleanup JPAKE context after authentication */
-                if (ent->flags & MON_AUTHDECIDE) {
-                        if (authctxt->jpake_ctx != NULL) {
-                                jpake_free(authctxt->jpake_ctx);
-                                authctxt->jpake_ctx = NULL;
-                        }
-                }
-#endif
        }
        if (!authctxt->valid)
@@ -566,7 +544,7 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent,
        struct pollfd pfd[2];
        for (;;) {
-                bzero(&pfd, sizeof(pfd));
+                memset(&pfd, 0, sizeof(pfd));
                pfd[0].fd = pmonitor->m_sendfd;
                pfd[0].events = POLLIN;
                pfd[1].fd = pmonitor->m_log_recvfd;
@@ -880,7 +858,7 @@ mm_answer_authpassword(int sock, Buffer *m)
        /* Only authenticate if the context is valid */
        authenticated = options.password_authentication &&
            auth_password(authctxt, passwd);
-        memset(passwd, 0, strlen(passwd));
+        explicit_bzero(passwd, strlen(passwd));
        free(passwd);
        buffer_clear(m);
@@ -1822,13 +1800,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
        /* XXX inefficient for large buffers, need: buffer_init_from_string */
        buffer_clear(packet_get_input());
        buffer_append(packet_get_input(), child_state.input, child_state.ilen);
-        memset(child_state.input, 0, child_state.ilen);
+        explicit_bzero(child_state.input, child_state.ilen);
        free(child_state.input);
        buffer_clear(packet_get_output());
        buffer_append(packet_get_output(), child_state.output,
                      child_state.olen);
-        memset(child_state.output, 0, child_state.olen);
+        explicit_bzero(child_state.output, child_state.olen);
        free(child_state.output);
        /* Roaming */
@@ -2159,205 +2137,3 @@ mm_answer_gss_userok(int sock, Buffer *m)
 }
 #endif /* GSSAPI */
-#ifdef JPAKE
-int
-mm_answer_jpake_step1(int sock, Buffer *m)
-{
-        struct jpake_ctx *pctx;
-        u_char *x3_proof, *x4_proof;
-        u_int x3_proof_len, x4_proof_len;
-        if (!options.zero_knowledge_password_authentication)
-                fatal("zero_knowledge_password_authentication disabled");
-        if (authctxt->jpake_ctx != NULL)
-                fatal("%s: authctxt->jpake_ctx already set (%p)",
-                    __func__, authctxt->jpake_ctx);
-        authctxt->jpake_ctx = pctx = jpake_new();
-        jpake_step1(pctx->grp,
-            &pctx->server_id, &pctx->server_id_len,
-            &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
-            &x3_proof, &x3_proof_len,
-            &x4_proof, &x4_proof_len);
-        JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__));
-        buffer_clear(m);
-        buffer_put_string(m, pctx->server_id, pctx->server_id_len);
-        buffer_put_bignum2(m, pctx->g_x3);
-        buffer_put_bignum2(m, pctx->g_x4);
-        buffer_put_string(m, x3_proof, x3_proof_len);
-        buffer_put_string(m, x4_proof, x4_proof_len);
-        debug3("%s: sending step1", __func__);
-        mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
-        bzero(x3_proof, x3_proof_len);
-        bzero(x4_proof, x4_proof_len);
-        free(x3_proof);
-        free(x4_proof);
-        monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
-        monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
-        return 0;
-}
-int
-mm_answer_jpake_get_pwdata(int sock, Buffer *m)
-{
-        struct jpake_ctx *pctx = authctxt->jpake_ctx;
-        char *hash_scheme, *salt;
-        if (pctx == NULL)
-                fatal("%s: pctx == NULL", __func__);
-        auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt);
-        buffer_clear(m);
-        /* pctx->s is sensitive, not returned to slave */
-        buffer_put_cstring(m, hash_scheme);
-        buffer_put_cstring(m, salt);
-        debug3("%s: sending pwdata", __func__);
-        mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
-        bzero(hash_scheme, strlen(hash_scheme));
-        bzero(salt, strlen(salt));
-        free(hash_scheme);
-        free(salt);
-        monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
-        return 0;
-}
-int
-mm_answer_jpake_step2(int sock, Buffer *m)
-{
-        struct jpake_ctx *pctx = authctxt->jpake_ctx;
-        u_char *x1_proof, *x2_proof, *x4_s_proof;
-        u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
-        if (pctx == NULL)
-                fatal("%s: pctx == NULL", __func__);
-        if ((pctx->g_x1 = BN_new()) == NULL ||
-            (pctx->g_x2 = BN_new()) == NULL)
-                fatal("%s: BN_new", __func__);
-        buffer_get_bignum2(m, pctx->g_x1);
-        buffer_get_bignum2(m, pctx->g_x2);
-        pctx->client_id = buffer_get_string(m, &pctx->client_id_len);
-        x1_proof = buffer_get_string(m, &x1_proof_len);
-        x2_proof = buffer_get_string(m, &x2_proof_len);
-        jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
-            pctx->g_x1, pctx->g_x2, pctx->x4,
-            pctx->client_id, pctx->client_id_len,
-            pctx->server_id, pctx->server_id_len,
-            x1_proof, x1_proof_len,
-            x2_proof, x2_proof_len,
-            &pctx->b,
-            &x4_s_proof, &x4_s_proof_len);
-        JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
-        bzero(x1_proof, x1_proof_len);
-        bzero(x2_proof, x2_proof_len);
-        free(x1_proof);
-        free(x2_proof);
-        buffer_clear(m);
-        buffer_put_bignum2(m, pctx->b);
-        buffer_put_string(m, x4_s_proof, x4_s_proof_len);
-        debug3("%s: sending step2", __func__);
-        mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
-        bzero(x4_s_proof, x4_s_proof_len);
-        free(x4_s_proof);
-        monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
-        return 0;
-}
-int
-mm_answer_jpake_key_confirm(int sock, Buffer *m)
-{
-        struct jpake_ctx *pctx = authctxt->jpake_ctx;
-        u_char *x2_s_proof;
-        u_int x2_s_proof_len;
-        if (pctx == NULL)
-                fatal("%s: pctx == NULL", __func__);
-        if ((pctx->a = BN_new()) == NULL)
-                fatal("%s: BN_new", __func__);
-        buffer_get_bignum2(m, pctx->a);
-        x2_s_proof = buffer_get_string(m, &x2_s_proof_len);
-        jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
-            pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
-            pctx->server_id, pctx->server_id_len,
-            pctx->client_id, pctx->client_id_len,
-            session_id2, session_id2_len,
-            x2_s_proof, x2_s_proof_len,
-            &pctx->k,
-            &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len);
-        JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
-        bzero(x2_s_proof, x2_s_proof_len);
-        buffer_clear(m);
-        /* pctx->k is sensitive, not sent */
-        buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
-        debug3("%s: sending confirmation hash", __func__);
-        mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m);
-        monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1);
-        return 0;
-}
-int
-mm_answer_jpake_check_confirm(int sock, Buffer *m)
-{
-        int authenticated = 0;
-        u_char *peer_confirm_hash;
-        u_int peer_confirm_hash_len;
-        struct jpake_ctx *pctx = authctxt->jpake_ctx;
-        if (pctx == NULL)
-                fatal("%s: pctx == NULL", __func__);
-        peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len);
-        authenticated = jpake_check_confirm(pctx->k,
-            pctx->client_id, pctx->client_id_len,
-            session_id2, session_id2_len,
-            peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid;
-        JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
-        bzero(peer_confirm_hash, peer_confirm_hash_len);
-        free(peer_confirm_hash);
-        buffer_clear(m);
-        buffer_put_int(m, authenticated);
-        debug3("%s: sending result %d", __func__, authenticated);
-        mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m);
-        monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1);
-        auth_method = "jpake-01@openssh.com";
-        return authenticated;
-}
-#endif /* JPAKE */

diff --git a/monitor.c b/monitor.c index 03baf1ea9..531c4f9a8 100644 --- a/monitor.c +++ b/monitor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor.c,v 1.128 2013/11/04 11:51:16 markus Exp $ */	1	/* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -95,7 +95,6 @@
95	#include "misc.h"	95	#include "misc.h"
96	#include "compat.h"	96	#include "compat.h"
97	#include "ssh2.h"	97	#include "ssh2.h"
98	#include "jpake.h"
99	#include "roaming.h"	98	#include "roaming.h"
100	#include "authfd.h"	99	#include "authfd.h"
101		100
@@ -161,11 +160,6 @@ int mm_answer_rsa_challenge(int, Buffer *);
161	int mm_answer_rsa_response(int, Buffer *);	160	int mm_answer_rsa_response(int, Buffer *);
162	int mm_answer_sesskey(int, Buffer *);	161	int mm_answer_sesskey(int, Buffer *);
163	int mm_answer_sessid(int, Buffer *);	162	int mm_answer_sessid(int, Buffer *);
164	int mm_answer_jpake_get_pwdata(int, Buffer *);
165	int mm_answer_jpake_step1(int, Buffer *);
166	int mm_answer_jpake_step2(int, Buffer *);
167	int mm_answer_jpake_key_confirm(int, Buffer *);
168	int mm_answer_jpake_check_confirm(int, Buffer *);
169		163
170	#ifdef USE_PAM	164	#ifdef USE_PAM
171	int mm_answer_pam_start(int, Buffer *);	165	int mm_answer_pam_start(int, Buffer *);
@@ -254,13 +248,6 @@ struct mon_table mon_dispatch_proto20[] = {
254	{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},	248	{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
255	{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},	249	{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
256	#endif	250	#endif
257	#ifdef JPAKE
258	{MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
259	{MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1},
260	{MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2},
261	{MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm},
262	{MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm},
263	#endif
264	{0, 0, NULL}	251	{0, 0, NULL}
265	};	252	};
266		253
@@ -427,15 +414,6 @@ monitor_child_preauth(Authctxt _authctxt, struct monitor pmonitor)
427	if (!authenticated)	414	if (!authenticated)
428	authctxt->failures++;	415	authctxt->failures++;
429	}	416	}
430	#ifdef JPAKE
431	/* Cleanup JPAKE context after authentication */
432	if (ent->flags & MON_AUTHDECIDE) {
433	if (authctxt->jpake_ctx != NULL) {
434	jpake_free(authctxt->jpake_ctx);
435	authctxt->jpake_ctx = NULL;
436	}
437	}
438	#endif
439	}	417	}
440		418
441	if (!authctxt->valid)	419	if (!authctxt->valid)
@@ -566,7 +544,7 @@ monitor_read(struct monitor pmonitor, struct mon_table ent,
566	struct pollfd pfd[2];	544	struct pollfd pfd[2];
567		545
568	for (;;) {	546	for (;;) {
569	bzero(&pfd, sizeof(pfd));	547	memset(&pfd, 0, sizeof(pfd));
570	pfd[0].fd = pmonitor->m_sendfd;	548	pfd[0].fd = pmonitor->m_sendfd;
571	pfd[0].events = POLLIN;	549	pfd[0].events = POLLIN;
572	pfd[1].fd = pmonitor->m_log_recvfd;	550	pfd[1].fd = pmonitor->m_log_recvfd;
@@ -880,7 +858,7 @@ mm_answer_authpassword(int sock, Buffer *m)
880	/* Only authenticate if the context is valid */	858	/* Only authenticate if the context is valid */
881	authenticated = options.password_authentication &&	859	authenticated = options.password_authentication &&
882	auth_password(authctxt, passwd);	860	auth_password(authctxt, passwd);
883	memset(passwd, 0, strlen(passwd));	861	explicit_bzero(passwd, strlen(passwd));
884	free(passwd);	862	free(passwd);
885		863
886	buffer_clear(m);	864	buffer_clear(m);
@@ -1822,13 +1800,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
1822	/* XXX inefficient for large buffers, need: buffer_init_from_string */	1800	/* XXX inefficient for large buffers, need: buffer_init_from_string */
1823	buffer_clear(packet_get_input());	1801	buffer_clear(packet_get_input());
1824	buffer_append(packet_get_input(), child_state.input, child_state.ilen);	1802	buffer_append(packet_get_input(), child_state.input, child_state.ilen);
1825	memset(child_state.input, 0, child_state.ilen);	1803	explicit_bzero(child_state.input, child_state.ilen);
1826	free(child_state.input);	1804	free(child_state.input);
1827		1805
1828	buffer_clear(packet_get_output());	1806	buffer_clear(packet_get_output());
1829	buffer_append(packet_get_output(), child_state.output,	1807	buffer_append(packet_get_output(), child_state.output,
1830	child_state.olen);	1808	child_state.olen);
1831	memset(child_state.output, 0, child_state.olen);	1809	explicit_bzero(child_state.output, child_state.olen);
1832	free(child_state.output);	1810	free(child_state.output);
1833		1811
1834	/* Roaming */	1812	/* Roaming */
@@ -2159,205 +2137,3 @@ mm_answer_gss_userok(int sock, Buffer *m)
2159	}	2137	}
2160	#endif /* GSSAPI */	2138	#endif /* GSSAPI */
2161		2139
2162	#ifdef JPAKE
2163	int
2164	mm_answer_jpake_step1(int sock, Buffer *m)
2165	{
2166	struct jpake_ctx *pctx;
2167	u_char x3_proof, x4_proof;
2168	u_int x3_proof_len, x4_proof_len;
2169
2170	if (!options.zero_knowledge_password_authentication)
2171	fatal("zero_knowledge_password_authentication disabled");
2172
2173	if (authctxt->jpake_ctx != NULL)
2174	fatal("%s: authctxt->jpake_ctx already set (%p)",
2175	__func__, authctxt->jpake_ctx);
2176	authctxt->jpake_ctx = pctx = jpake_new();
2177
2178	jpake_step1(pctx->grp,
2179	&pctx->server_id, &pctx->server_id_len,
2180	&pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4,
2181	&x3_proof, &x3_proof_len,
2182	&x4_proof, &x4_proof_len);
2183
2184	JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__));
2185
2186	buffer_clear(m);
2187
2188	buffer_put_string(m, pctx->server_id, pctx->server_id_len);
2189	buffer_put_bignum2(m, pctx->g_x3);
2190	buffer_put_bignum2(m, pctx->g_x4);
2191	buffer_put_string(m, x3_proof, x3_proof_len);
2192	buffer_put_string(m, x4_proof, x4_proof_len);
2193
2194	debug3("%s: sending step1", __func__);
2195	mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
2196
2197	bzero(x3_proof, x3_proof_len);
2198	bzero(x4_proof, x4_proof_len);
2199	free(x3_proof);
2200	free(x4_proof);
2201
2202	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
2203	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
2204
2205	return 0;
2206	}
2207
2208	int
2209	mm_answer_jpake_get_pwdata(int sock, Buffer *m)
2210	{
2211	struct jpake_ctx *pctx = authctxt->jpake_ctx;
2212	char hash_scheme, salt;
2213
2214	if (pctx == NULL)
2215	fatal("%s: pctx == NULL", __func__);
2216
2217	auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt);
2218
2219	buffer_clear(m);
2220	/* pctx->s is sensitive, not returned to slave */
2221	buffer_put_cstring(m, hash_scheme);
2222	buffer_put_cstring(m, salt);
2223
2224	debug3("%s: sending pwdata", __func__);
2225	mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
2226
2227	bzero(hash_scheme, strlen(hash_scheme));
2228	bzero(salt, strlen(salt));
2229	free(hash_scheme);
2230	free(salt);
2231
2232	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
2233
2234	return 0;
2235	}
2236
2237	int
2238	mm_answer_jpake_step2(int sock, Buffer *m)
2239	{
2240	struct jpake_ctx *pctx = authctxt->jpake_ctx;
2241	u_char x1_proof, x2_proof, *x4_s_proof;
2242	u_int x1_proof_len, x2_proof_len, x4_s_proof_len;
2243
2244	if (pctx == NULL)
2245	fatal("%s: pctx == NULL", __func__);
2246
2247	if ((pctx->g_x1 = BN_new()) == NULL \|\|
2248	(pctx->g_x2 = BN_new()) == NULL)
2249	fatal("%s: BN_new", __func__);
2250	buffer_get_bignum2(m, pctx->g_x1);
2251	buffer_get_bignum2(m, pctx->g_x2);
2252	pctx->client_id = buffer_get_string(m, &pctx->client_id_len);
2253	x1_proof = buffer_get_string(m, &x1_proof_len);
2254	x2_proof = buffer_get_string(m, &x2_proof_len);
2255
2256	jpake_step2(pctx->grp, pctx->s, pctx->g_x3,
2257	pctx->g_x1, pctx->g_x2, pctx->x4,
2258	pctx->client_id, pctx->client_id_len,
2259	pctx->server_id, pctx->server_id_len,
2260	x1_proof, x1_proof_len,
2261	x2_proof, x2_proof_len,
2262	&pctx->b,
2263	&x4_s_proof, &x4_s_proof_len);
2264
2265	JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
2266
2267	bzero(x1_proof, x1_proof_len);
2268	bzero(x2_proof, x2_proof_len);
2269	free(x1_proof);
2270	free(x2_proof);
2271
2272	buffer_clear(m);
2273
2274	buffer_put_bignum2(m, pctx->b);
2275	buffer_put_string(m, x4_s_proof, x4_s_proof_len);
2276
2277	debug3("%s: sending step2", __func__);
2278	mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
2279
2280	bzero(x4_s_proof, x4_s_proof_len);
2281	free(x4_s_proof);
2282
2283	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
2284
2285	return 0;
2286	}
2287
2288	int
2289	mm_answer_jpake_key_confirm(int sock, Buffer *m)
2290	{
2291	struct jpake_ctx *pctx = authctxt->jpake_ctx;
2292	u_char *x2_s_proof;
2293	u_int x2_s_proof_len;
2294
2295	if (pctx == NULL)
2296	fatal("%s: pctx == NULL", __func__);
2297
2298	if ((pctx->a = BN_new()) == NULL)
2299	fatal("%s: BN_new", __func__);
2300	buffer_get_bignum2(m, pctx->a);
2301	x2_s_proof = buffer_get_string(m, &x2_s_proof_len);
2302
2303	jpake_key_confirm(pctx->grp, pctx->s, pctx->a,
2304	pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2,
2305	pctx->server_id, pctx->server_id_len,
2306	pctx->client_id, pctx->client_id_len,
2307	session_id2, session_id2_len,
2308	x2_s_proof, x2_s_proof_len,
2309	&pctx->k,
2310	&pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len);
2311
2312	JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
2313
2314	bzero(x2_s_proof, x2_s_proof_len);
2315	buffer_clear(m);
2316
2317	/* pctx->k is sensitive, not sent */
2318	buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len);
2319
2320	debug3("%s: sending confirmation hash", __func__);
2321	mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m);
2322
2323	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1);
2324
2325	return 0;
2326	}
2327
2328	int
2329	mm_answer_jpake_check_confirm(int sock, Buffer *m)
2330	{
2331	int authenticated = 0;
2332	u_char *peer_confirm_hash;
2333	u_int peer_confirm_hash_len;
2334	struct jpake_ctx *pctx = authctxt->jpake_ctx;
2335
2336	if (pctx == NULL)
2337	fatal("%s: pctx == NULL", __func__);
2338
2339	peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len);
2340
2341	authenticated = jpake_check_confirm(pctx->k,
2342	pctx->client_id, pctx->client_id_len,
2343	session_id2, session_id2_len,
2344	peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid;
2345
2346	JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
2347
2348	bzero(peer_confirm_hash, peer_confirm_hash_len);
2349	free(peer_confirm_hash);
2350
2351	buffer_clear(m);
2352	buffer_put_int(m, authenticated);
2353
2354	debug3("%s: sending result %d", __func__, authenticated);
2355	mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m);
2356
2357	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1);
2358
2359	auth_method = "jpake-01@openssh.com";
2360	return authenticated;
2361	}
2362
2363	#endif /* JPAKE */