diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 234 |
1 files changed, 5 insertions, 229 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.128 2013/11/04 11:51:16 markus Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.131 2014/02/02 03:44:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -95,7 +95,6 @@ | |||
95 | #include "misc.h" | 95 | #include "misc.h" |
96 | #include "compat.h" | 96 | #include "compat.h" |
97 | #include "ssh2.h" | 97 | #include "ssh2.h" |
98 | #include "jpake.h" | ||
99 | #include "roaming.h" | 98 | #include "roaming.h" |
100 | #include "authfd.h" | 99 | #include "authfd.h" |
101 | 100 | ||
@@ -161,11 +160,6 @@ int mm_answer_rsa_challenge(int, Buffer *); | |||
161 | int mm_answer_rsa_response(int, Buffer *); | 160 | int mm_answer_rsa_response(int, Buffer *); |
162 | int mm_answer_sesskey(int, Buffer *); | 161 | int mm_answer_sesskey(int, Buffer *); |
163 | int mm_answer_sessid(int, Buffer *); | 162 | int mm_answer_sessid(int, Buffer *); |
164 | int mm_answer_jpake_get_pwdata(int, Buffer *); | ||
165 | int mm_answer_jpake_step1(int, Buffer *); | ||
166 | int mm_answer_jpake_step2(int, Buffer *); | ||
167 | int mm_answer_jpake_key_confirm(int, Buffer *); | ||
168 | int mm_answer_jpake_check_confirm(int, Buffer *); | ||
169 | 163 | ||
170 | #ifdef USE_PAM | 164 | #ifdef USE_PAM |
171 | int mm_answer_pam_start(int, Buffer *); | 165 | int mm_answer_pam_start(int, Buffer *); |
@@ -254,13 +248,6 @@ struct mon_table mon_dispatch_proto20[] = { | |||
254 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, | 248 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, |
255 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, | 249 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, |
256 | #endif | 250 | #endif |
257 | #ifdef JPAKE | ||
258 | {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata}, | ||
259 | {MONITOR_REQ_JPAKE_STEP1, MON_ISAUTH, mm_answer_jpake_step1}, | ||
260 | {MONITOR_REQ_JPAKE_STEP2, MON_ONCE, mm_answer_jpake_step2}, | ||
261 | {MONITOR_REQ_JPAKE_KEY_CONFIRM, MON_ONCE, mm_answer_jpake_key_confirm}, | ||
262 | {MONITOR_REQ_JPAKE_CHECK_CONFIRM, MON_AUTH, mm_answer_jpake_check_confirm}, | ||
263 | #endif | ||
264 | {0, 0, NULL} | 251 | {0, 0, NULL} |
265 | }; | 252 | }; |
266 | 253 | ||
@@ -427,15 +414,6 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
427 | if (!authenticated) | 414 | if (!authenticated) |
428 | authctxt->failures++; | 415 | authctxt->failures++; |
429 | } | 416 | } |
430 | #ifdef JPAKE | ||
431 | /* Cleanup JPAKE context after authentication */ | ||
432 | if (ent->flags & MON_AUTHDECIDE) { | ||
433 | if (authctxt->jpake_ctx != NULL) { | ||
434 | jpake_free(authctxt->jpake_ctx); | ||
435 | authctxt->jpake_ctx = NULL; | ||
436 | } | ||
437 | } | ||
438 | #endif | ||
439 | } | 417 | } |
440 | 418 | ||
441 | if (!authctxt->valid) | 419 | if (!authctxt->valid) |
@@ -566,7 +544,7 @@ monitor_read(struct monitor *pmonitor, struct mon_table *ent, | |||
566 | struct pollfd pfd[2]; | 544 | struct pollfd pfd[2]; |
567 | 545 | ||
568 | for (;;) { | 546 | for (;;) { |
569 | bzero(&pfd, sizeof(pfd)); | 547 | memset(&pfd, 0, sizeof(pfd)); |
570 | pfd[0].fd = pmonitor->m_sendfd; | 548 | pfd[0].fd = pmonitor->m_sendfd; |
571 | pfd[0].events = POLLIN; | 549 | pfd[0].events = POLLIN; |
572 | pfd[1].fd = pmonitor->m_log_recvfd; | 550 | pfd[1].fd = pmonitor->m_log_recvfd; |
@@ -880,7 +858,7 @@ mm_answer_authpassword(int sock, Buffer *m) | |||
880 | /* Only authenticate if the context is valid */ | 858 | /* Only authenticate if the context is valid */ |
881 | authenticated = options.password_authentication && | 859 | authenticated = options.password_authentication && |
882 | auth_password(authctxt, passwd); | 860 | auth_password(authctxt, passwd); |
883 | memset(passwd, 0, strlen(passwd)); | 861 | explicit_bzero(passwd, strlen(passwd)); |
884 | free(passwd); | 862 | free(passwd); |
885 | 863 | ||
886 | buffer_clear(m); | 864 | buffer_clear(m); |
@@ -1822,13 +1800,13 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1822 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ | 1800 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ |
1823 | buffer_clear(packet_get_input()); | 1801 | buffer_clear(packet_get_input()); |
1824 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); | 1802 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); |
1825 | memset(child_state.input, 0, child_state.ilen); | 1803 | explicit_bzero(child_state.input, child_state.ilen); |
1826 | free(child_state.input); | 1804 | free(child_state.input); |
1827 | 1805 | ||
1828 | buffer_clear(packet_get_output()); | 1806 | buffer_clear(packet_get_output()); |
1829 | buffer_append(packet_get_output(), child_state.output, | 1807 | buffer_append(packet_get_output(), child_state.output, |
1830 | child_state.olen); | 1808 | child_state.olen); |
1831 | memset(child_state.output, 0, child_state.olen); | 1809 | explicit_bzero(child_state.output, child_state.olen); |
1832 | free(child_state.output); | 1810 | free(child_state.output); |
1833 | 1811 | ||
1834 | /* Roaming */ | 1812 | /* Roaming */ |
@@ -2159,205 +2137,3 @@ mm_answer_gss_userok(int sock, Buffer *m) | |||
2159 | } | 2137 | } |
2160 | #endif /* GSSAPI */ | 2138 | #endif /* GSSAPI */ |
2161 | 2139 | ||
2162 | #ifdef JPAKE | ||
2163 | int | ||
2164 | mm_answer_jpake_step1(int sock, Buffer *m) | ||
2165 | { | ||
2166 | struct jpake_ctx *pctx; | ||
2167 | u_char *x3_proof, *x4_proof; | ||
2168 | u_int x3_proof_len, x4_proof_len; | ||
2169 | |||
2170 | if (!options.zero_knowledge_password_authentication) | ||
2171 | fatal("zero_knowledge_password_authentication disabled"); | ||
2172 | |||
2173 | if (authctxt->jpake_ctx != NULL) | ||
2174 | fatal("%s: authctxt->jpake_ctx already set (%p)", | ||
2175 | __func__, authctxt->jpake_ctx); | ||
2176 | authctxt->jpake_ctx = pctx = jpake_new(); | ||
2177 | |||
2178 | jpake_step1(pctx->grp, | ||
2179 | &pctx->server_id, &pctx->server_id_len, | ||
2180 | &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4, | ||
2181 | &x3_proof, &x3_proof_len, | ||
2182 | &x4_proof, &x4_proof_len); | ||
2183 | |||
2184 | JPAKE_DEBUG_CTX((pctx, "step1 done in %s", __func__)); | ||
2185 | |||
2186 | buffer_clear(m); | ||
2187 | |||
2188 | buffer_put_string(m, pctx->server_id, pctx->server_id_len); | ||
2189 | buffer_put_bignum2(m, pctx->g_x3); | ||
2190 | buffer_put_bignum2(m, pctx->g_x4); | ||
2191 | buffer_put_string(m, x3_proof, x3_proof_len); | ||
2192 | buffer_put_string(m, x4_proof, x4_proof_len); | ||
2193 | |||
2194 | debug3("%s: sending step1", __func__); | ||
2195 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m); | ||
2196 | |||
2197 | bzero(x3_proof, x3_proof_len); | ||
2198 | bzero(x4_proof, x4_proof_len); | ||
2199 | free(x3_proof); | ||
2200 | free(x4_proof); | ||
2201 | |||
2202 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); | ||
2203 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); | ||
2204 | |||
2205 | return 0; | ||
2206 | } | ||
2207 | |||
2208 | int | ||
2209 | mm_answer_jpake_get_pwdata(int sock, Buffer *m) | ||
2210 | { | ||
2211 | struct jpake_ctx *pctx = authctxt->jpake_ctx; | ||
2212 | char *hash_scheme, *salt; | ||
2213 | |||
2214 | if (pctx == NULL) | ||
2215 | fatal("%s: pctx == NULL", __func__); | ||
2216 | |||
2217 | auth2_jpake_get_pwdata(authctxt, &pctx->s, &hash_scheme, &salt); | ||
2218 | |||
2219 | buffer_clear(m); | ||
2220 | /* pctx->s is sensitive, not returned to slave */ | ||
2221 | buffer_put_cstring(m, hash_scheme); | ||
2222 | buffer_put_cstring(m, salt); | ||
2223 | |||
2224 | debug3("%s: sending pwdata", __func__); | ||
2225 | mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m); | ||
2226 | |||
2227 | bzero(hash_scheme, strlen(hash_scheme)); | ||
2228 | bzero(salt, strlen(salt)); | ||
2229 | free(hash_scheme); | ||
2230 | free(salt); | ||
2231 | |||
2232 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); | ||
2233 | |||
2234 | return 0; | ||
2235 | } | ||
2236 | |||
2237 | int | ||
2238 | mm_answer_jpake_step2(int sock, Buffer *m) | ||
2239 | { | ||
2240 | struct jpake_ctx *pctx = authctxt->jpake_ctx; | ||
2241 | u_char *x1_proof, *x2_proof, *x4_s_proof; | ||
2242 | u_int x1_proof_len, x2_proof_len, x4_s_proof_len; | ||
2243 | |||
2244 | if (pctx == NULL) | ||
2245 | fatal("%s: pctx == NULL", __func__); | ||
2246 | |||
2247 | if ((pctx->g_x1 = BN_new()) == NULL || | ||
2248 | (pctx->g_x2 = BN_new()) == NULL) | ||
2249 | fatal("%s: BN_new", __func__); | ||
2250 | buffer_get_bignum2(m, pctx->g_x1); | ||
2251 | buffer_get_bignum2(m, pctx->g_x2); | ||
2252 | pctx->client_id = buffer_get_string(m, &pctx->client_id_len); | ||
2253 | x1_proof = buffer_get_string(m, &x1_proof_len); | ||
2254 | x2_proof = buffer_get_string(m, &x2_proof_len); | ||
2255 | |||
2256 | jpake_step2(pctx->grp, pctx->s, pctx->g_x3, | ||
2257 | pctx->g_x1, pctx->g_x2, pctx->x4, | ||
2258 | pctx->client_id, pctx->client_id_len, | ||
2259 | pctx->server_id, pctx->server_id_len, | ||
2260 | x1_proof, x1_proof_len, | ||
2261 | x2_proof, x2_proof_len, | ||
2262 | &pctx->b, | ||
2263 | &x4_s_proof, &x4_s_proof_len); | ||
2264 | |||
2265 | JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__)); | ||
2266 | |||
2267 | bzero(x1_proof, x1_proof_len); | ||
2268 | bzero(x2_proof, x2_proof_len); | ||
2269 | free(x1_proof); | ||
2270 | free(x2_proof); | ||
2271 | |||
2272 | buffer_clear(m); | ||
2273 | |||
2274 | buffer_put_bignum2(m, pctx->b); | ||
2275 | buffer_put_string(m, x4_s_proof, x4_s_proof_len); | ||
2276 | |||
2277 | debug3("%s: sending step2", __func__); | ||
2278 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); | ||
2279 | |||
2280 | bzero(x4_s_proof, x4_s_proof_len); | ||
2281 | free(x4_s_proof); | ||
2282 | |||
2283 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); | ||
2284 | |||
2285 | return 0; | ||
2286 | } | ||
2287 | |||
2288 | int | ||
2289 | mm_answer_jpake_key_confirm(int sock, Buffer *m) | ||
2290 | { | ||
2291 | struct jpake_ctx *pctx = authctxt->jpake_ctx; | ||
2292 | u_char *x2_s_proof; | ||
2293 | u_int x2_s_proof_len; | ||
2294 | |||
2295 | if (pctx == NULL) | ||
2296 | fatal("%s: pctx == NULL", __func__); | ||
2297 | |||
2298 | if ((pctx->a = BN_new()) == NULL) | ||
2299 | fatal("%s: BN_new", __func__); | ||
2300 | buffer_get_bignum2(m, pctx->a); | ||
2301 | x2_s_proof = buffer_get_string(m, &x2_s_proof_len); | ||
2302 | |||
2303 | jpake_key_confirm(pctx->grp, pctx->s, pctx->a, | ||
2304 | pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2, | ||
2305 | pctx->server_id, pctx->server_id_len, | ||
2306 | pctx->client_id, pctx->client_id_len, | ||
2307 | session_id2, session_id2_len, | ||
2308 | x2_s_proof, x2_s_proof_len, | ||
2309 | &pctx->k, | ||
2310 | &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len); | ||
2311 | |||
2312 | JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__)); | ||
2313 | |||
2314 | bzero(x2_s_proof, x2_s_proof_len); | ||
2315 | buffer_clear(m); | ||
2316 | |||
2317 | /* pctx->k is sensitive, not sent */ | ||
2318 | buffer_put_string(m, pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); | ||
2319 | |||
2320 | debug3("%s: sending confirmation hash", __func__); | ||
2321 | mm_request_send(sock, MONITOR_ANS_JPAKE_KEY_CONFIRM, m); | ||
2322 | |||
2323 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_CHECK_CONFIRM, 1); | ||
2324 | |||
2325 | return 0; | ||
2326 | } | ||
2327 | |||
2328 | int | ||
2329 | mm_answer_jpake_check_confirm(int sock, Buffer *m) | ||
2330 | { | ||
2331 | int authenticated = 0; | ||
2332 | u_char *peer_confirm_hash; | ||
2333 | u_int peer_confirm_hash_len; | ||
2334 | struct jpake_ctx *pctx = authctxt->jpake_ctx; | ||
2335 | |||
2336 | if (pctx == NULL) | ||
2337 | fatal("%s: pctx == NULL", __func__); | ||
2338 | |||
2339 | peer_confirm_hash = buffer_get_string(m, &peer_confirm_hash_len); | ||
2340 | |||
2341 | authenticated = jpake_check_confirm(pctx->k, | ||
2342 | pctx->client_id, pctx->client_id_len, | ||
2343 | session_id2, session_id2_len, | ||
2344 | peer_confirm_hash, peer_confirm_hash_len) && authctxt->valid; | ||
2345 | |||
2346 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); | ||
2347 | |||
2348 | bzero(peer_confirm_hash, peer_confirm_hash_len); | ||
2349 | free(peer_confirm_hash); | ||
2350 | |||
2351 | buffer_clear(m); | ||
2352 | buffer_put_int(m, authenticated); | ||
2353 | |||
2354 | debug3("%s: sending result %d", __func__, authenticated); | ||
2355 | mm_request_send(sock, MONITOR_ANS_JPAKE_CHECK_CONFIRM, m); | ||
2356 | |||
2357 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 1); | ||
2358 | |||
2359 | auth_method = "jpake-01@openssh.com"; | ||
2360 | return authenticated; | ||
2361 | } | ||
2362 | |||
2363 | #endif /* JPAKE */ | ||