1 files changed, 1 insertions, 292 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 8acffc5c3..8343db10e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.201 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.202 2014/01/29 06:18:35 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -70,8 +70,6 @@
 #include "pathnames.h"
 #include "uidswap.h"
 #include "hostfile.h"
-#include "schnorr.h"
-#include "jpake.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -289,18 +287,12 @@ void	input_userauth_error(int, u_int32_t, void *);
 void    input_userauth_info_req(int, u_int32_t, void *);
 void    input_userauth_pk_ok(int, u_int32_t, void *);
 void    input_userauth_passwd_changereq(int, u_int32_t, void *);
-void    input_userauth_jpake_server_step1(int, u_int32_t, void *);
-void    input_userauth_jpake_server_step2(int, u_int32_t, void *);
-void    input_userauth_jpake_server_confirm(int, u_int32_t, void *);
 int     userauth_none(Authctxt *);
 int     userauth_pubkey(Authctxt *);
 int     userauth_passwd(Authctxt *);
 int     userauth_kbdint(Authctxt *);
 int     userauth_hostbased(Authctxt *);
-int     userauth_jpake(Authctxt *);
-void    userauth_jpake_cleanup(Authctxt *);
 #ifdef GSSAPI
 int     userauth_gssapi(Authctxt *authctxt);
@@ -340,13 +332,6 @@ Authmethod authmethods[] = {
                NULL,
                &options.pubkey_authentication,
                NULL},
-#ifdef JPAKE
-        {"jpake-01@openssh.com",
-                userauth_jpake,
-                userauth_jpake_cleanup,
-                &options.zero_knowledge_password_authentication,
-                &options.batch_mode},
-#endif
        {"keyboard-interactive",
                userauth_kbdint,
                NULL,
@@ -965,209 +950,6 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
            &input_userauth_passwd_changereq);
 }
-#ifdef JPAKE
-static char *
-pw_encrypt(const char *password, const char *crypt_scheme, const char *salt)
-{
-        /* OpenBSD crypt(3) handles all of these */
-        if (strcmp(crypt_scheme, "crypt") == 0 ||
-            strcmp(crypt_scheme, "bcrypt") == 0 ||
-            strcmp(crypt_scheme, "md5crypt") == 0 ||
-            strcmp(crypt_scheme, "crypt-extended") == 0)
-                return xstrdup(crypt(password, salt));
-        error("%s: unsupported password encryption scheme \"%.100s\"",
-            __func__, crypt_scheme);
-        return NULL;
-}
-static BIGNUM *
-jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme,
-    const char *salt)
-{
-        char prompt[256], *password, *crypted;
-        u_char *secret;
-        u_int secret_len;
-        BIGNUM *ret;
-        snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ",
-            authctxt->server_user, authctxt->host);
-        password = read_passphrase(prompt, 0);
-        if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) {
-                logit("Disabling %s authentication", authctxt->method->name);
-                authctxt->method->enabled = NULL;
-                /* Continue with an empty password to fail gracefully */
-                crypted = xstrdup("");
-        }
-#ifdef JPAKE_DEBUG
-        debug3("%s: salt = %s", __func__, salt);
-        debug3("%s: scheme = %s", __func__, crypt_scheme);
-        debug3("%s: crypted = %s", __func__, crypted);
-#endif
-        if (hash_buffer(crypted, strlen(crypted), SSH_DIGEST_SHA1,
-            &secret, &secret_len) != 0)
-                fatal("%s: hash_buffer", __func__);
-        bzero(password, strlen(password));
-        bzero(crypted, strlen(crypted));
-        free(password);
-        free(crypted);
-        if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
-                fatal("%s: BN_bin2bn (secret)", __func__);
-        bzero(secret, secret_len);
-        free(secret);
-        return ret;
-}
-/* ARGSUSED */
-void
-input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
-{
-        Authctxt *authctxt = ctxt;
-        struct jpake_ctx *pctx = authctxt->methoddata;
-        u_char *x3_proof, *x4_proof, *x2_s_proof;
-        u_int x3_proof_len, x4_proof_len, x2_s_proof_len;
-        char *crypt_scheme, *salt;
-        /* Disable this message */
-        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL);
-        if ((pctx->g_x3 = BN_new()) == NULL ||
-            (pctx->g_x4 = BN_new()) == NULL)
-                fatal("%s: BN_new", __func__);
-        /* Fetch step 1 values */
-        crypt_scheme = packet_get_string(NULL);
-        salt = packet_get_string(NULL);
-        pctx->server_id = packet_get_string(&pctx->server_id_len);
-        packet_get_bignum2(pctx->g_x3);
-        packet_get_bignum2(pctx->g_x4);
-        x3_proof = packet_get_string(&x3_proof_len);
-        x4_proof = packet_get_string(&x4_proof_len);
-        packet_check_eom();
-        JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
-        /* Obtain password and derive secret */
-        pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
-        bzero(crypt_scheme, strlen(crypt_scheme));
-        bzero(salt, strlen(salt));
-        free(crypt_scheme);
-        free(salt);
-        JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
-        /* Calculate step 2 values */
-        jpake_step2(pctx->grp, pctx->s, pctx->g_x1,
-            pctx->g_x3, pctx->g_x4, pctx->x2,
-            pctx->server_id, pctx->server_id_len,
-            pctx->client_id, pctx->client_id_len,
-            x3_proof, x3_proof_len,
-            x4_proof, x4_proof_len,
-            &pctx->a,
-            &x2_s_proof, &x2_s_proof_len);
-        bzero(x3_proof, x3_proof_len);
-        bzero(x4_proof, x4_proof_len);
-        free(x3_proof);
-        free(x4_proof);
-        JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
-        /* Send values for step 2 */
-        packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2);
-        packet_put_bignum2(pctx->a);
-        packet_put_string(x2_s_proof, x2_s_proof_len);
-        packet_send();
-        bzero(x2_s_proof, x2_s_proof_len);
-        free(x2_s_proof);
-        /* Expect step 2 packet from peer */
-        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
-            input_userauth_jpake_server_step2);
-}
-/* ARGSUSED */
-void
-input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
-{
-        Authctxt *authctxt = ctxt;
-        struct jpake_ctx *pctx = authctxt->methoddata;
-        u_char *x4_s_proof;
-        u_int x4_s_proof_len;
-        /* Disable this message */
-        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL);
-        if ((pctx->b = BN_new()) == NULL)
-                fatal("%s: BN_new", __func__);
-        /* Fetch step 2 values */
-        packet_get_bignum2(pctx->b);
-        x4_s_proof = packet_get_string(&x4_s_proof_len);
-        packet_check_eom();
-        JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
-        /* Derive shared key and calculate confirmation hash */
-        jpake_key_confirm(pctx->grp, pctx->s, pctx->b,
-            pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4,
-            pctx->client_id, pctx->client_id_len,
-            pctx->server_id, pctx->server_id_len,
-            session_id2, session_id2_len,
-            x4_s_proof, x4_s_proof_len,
-            &pctx->k,
-            &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
-        bzero(x4_s_proof, x4_s_proof_len);
-        free(x4_s_proof);
-        JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
-        /* Send key confirmation proof */
-        packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM);
-        packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
-        packet_send();
-        /* Expect confirmation from peer */
-        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM,
-            input_userauth_jpake_server_confirm);
-}
-/* ARGSUSED */
-void
-input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt)
-{
-        Authctxt *authctxt = ctxt;
-        struct jpake_ctx *pctx = authctxt->methoddata;
-        /* Disable this message */
-        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL);
-        pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len);
-        packet_check_eom();
-        JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
-        /* Verify expected confirmation hash */
-        if (jpake_check_confirm(pctx->k,
-            pctx->server_id, pctx->server_id_len,
-            session_id2, session_id2_len,
-            pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1)
-                debug("%s: %s success", __func__, authctxt->method->name);
-        else {
-                debug("%s: confirmation mismatch", __func__);
-                /* XXX stash this so if auth succeeds then we can warn/kill */
-        }
-        userauth_jpake_cleanup(authctxt);
-}
-#endif /* JPAKE */
 static int
 identity_sign(Identity *id, u_char **sigp, u_int *lenp,
    u_char *data, u_int datalen)
@@ -1783,79 +1565,6 @@ userauth_hostbased(Authctxt *authctxt)
        return 1;
 }
-#ifdef JPAKE
-int
-userauth_jpake(Authctxt *authctxt)
-{
-        struct jpake_ctx *pctx;
-        u_char *x1_proof, *x2_proof;
-        u_int x1_proof_len, x2_proof_len;
-        static int attempt = 0; /* XXX share with userauth_password's? */
-        if (attempt++ >= options.number_of_password_prompts)
-                return 0;
-        if (attempt != 1)
-                error("Permission denied, please try again.");
-        if (authctxt->methoddata != NULL)
-                fatal("%s: authctxt->methoddata already set (%p)",
-                    __func__, authctxt->methoddata);
-        authctxt->methoddata = pctx = jpake_new();
-        /*
-         * Send request immediately, to get the protocol going while
-         * we do the initial computations.
-         */
-        packet_start(SSH2_MSG_USERAUTH_REQUEST);
-        packet_put_cstring(authctxt->server_user);
-        packet_put_cstring(authctxt->service);
-        packet_put_cstring(authctxt->method->name);
-        packet_send();
-        packet_write_wait();
-        jpake_step1(pctx->grp,
-            &pctx->client_id, &pctx->client_id_len,
-            &pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
-            &x1_proof, &x1_proof_len,
-            &x2_proof, &x2_proof_len);
-        JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
-        packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
-        packet_put_string(pctx->client_id, pctx->client_id_len);
-        packet_put_bignum2(pctx->g_x1);
-        packet_put_bignum2(pctx->g_x2);
-        packet_put_string(x1_proof, x1_proof_len);
-        packet_put_string(x2_proof, x2_proof_len);
-        packet_send();
-        bzero(x1_proof, x1_proof_len);
-        bzero(x2_proof, x2_proof_len);
-        free(x1_proof);
-        free(x2_proof);
-        /* Expect step 1 packet from peer */
-        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
-            input_userauth_jpake_server_step1);
-        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
-            &input_userauth_success_unexpected);
-        return 1;
-}
-void
-userauth_jpake_cleanup(Authctxt *authctxt)
-{
-        debug3("%s: clean up", __func__);
-        if (authctxt->methoddata != NULL) {
-                jpake_free(authctxt->methoddata);
-                authctxt->methoddata = NULL;
-        }
-        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
-}
-#endif /* JPAKE */
 /* find auth method */
 /*

diff --git a/sshconnect2.c b/sshconnect2.c index 8acffc5c3..8343db10e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect2.c,v 1.201 2014/01/09 23:20:00 djm Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.202 2014/01/29 06:18:35 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Damien Miller. All rights reserved.	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -70,8 +70,6 @@
70	#include "pathnames.h"	70	#include "pathnames.h"
71	#include "uidswap.h"	71	#include "uidswap.h"
72	#include "hostfile.h"	72	#include "hostfile.h"
73	#include "schnorr.h"
74	#include "jpake.h"
75		73
76	#ifdef GSSAPI	74	#ifdef GSSAPI
77	#include "ssh-gss.h"	75	#include "ssh-gss.h"
@@ -289,18 +287,12 @@ void input_userauth_error(int, u_int32_t, void *);
289	void input_userauth_info_req(int, u_int32_t, void *);	287	void input_userauth_info_req(int, u_int32_t, void *);
290	void input_userauth_pk_ok(int, u_int32_t, void *);	288	void input_userauth_pk_ok(int, u_int32_t, void *);
291	void input_userauth_passwd_changereq(int, u_int32_t, void *);	289	void input_userauth_passwd_changereq(int, u_int32_t, void *);
292	void input_userauth_jpake_server_step1(int, u_int32_t, void *);
293	void input_userauth_jpake_server_step2(int, u_int32_t, void *);
294	void input_userauth_jpake_server_confirm(int, u_int32_t, void *);
295		290
296	int userauth_none(Authctxt *);	291	int userauth_none(Authctxt *);
297	int userauth_pubkey(Authctxt *);	292	int userauth_pubkey(Authctxt *);
298	int userauth_passwd(Authctxt *);	293	int userauth_passwd(Authctxt *);
299	int userauth_kbdint(Authctxt *);	294	int userauth_kbdint(Authctxt *);
300	int userauth_hostbased(Authctxt *);	295	int userauth_hostbased(Authctxt *);
301	int userauth_jpake(Authctxt *);
302
303	void userauth_jpake_cleanup(Authctxt *);
304		296
305	#ifdef GSSAPI	297	#ifdef GSSAPI
306	int userauth_gssapi(Authctxt *authctxt);	298	int userauth_gssapi(Authctxt *authctxt);
@@ -340,13 +332,6 @@ Authmethod authmethods[] = {
340	NULL,	332	NULL,
341	&options.pubkey_authentication,	333	&options.pubkey_authentication,
342	NULL},	334	NULL},
343	#ifdef JPAKE
344	{"jpake-01@openssh.com",
345	userauth_jpake,
346	userauth_jpake_cleanup,
347	&options.zero_knowledge_password_authentication,
348	&options.batch_mode},
349	#endif
350	{"keyboard-interactive",	335	{"keyboard-interactive",
351	userauth_kbdint,	336	userauth_kbdint,
352	NULL,	337	NULL,
@@ -965,209 +950,6 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
965	&input_userauth_passwd_changereq);	950	&input_userauth_passwd_changereq);
966	}	951	}
967		952
968	#ifdef JPAKE
969	static char *
970	pw_encrypt(const char password, const char crypt_scheme, const char *salt)
971	{
972	/* OpenBSD crypt(3) handles all of these */
973	if (strcmp(crypt_scheme, "crypt") == 0 \|\|
974	strcmp(crypt_scheme, "bcrypt") == 0 \|\|
975	strcmp(crypt_scheme, "md5crypt") == 0 \|\|
976	strcmp(crypt_scheme, "crypt-extended") == 0)
977	return xstrdup(crypt(password, salt));
978	error("%s: unsupported password encryption scheme \"%.100s\"",
979	__func__, crypt_scheme);
980	return NULL;
981	}
982
983	static BIGNUM *
984	jpake_password_to_secret(Authctxt authctxt, const char crypt_scheme,
985	const char *salt)
986	{
987	char prompt[256], password, crypted;
988	u_char *secret;
989	u_int secret_len;
990	BIGNUM *ret;
991
992	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password (JPAKE): ",
993	authctxt->server_user, authctxt->host);
994	password = read_passphrase(prompt, 0);
995
996	if ((crypted = pw_encrypt(password, crypt_scheme, salt)) == NULL) {
997	logit("Disabling %s authentication", authctxt->method->name);
998	authctxt->method->enabled = NULL;
999	/* Continue with an empty password to fail gracefully */
1000	crypted = xstrdup("");
1001	}
1002
1003	#ifdef JPAKE_DEBUG
1004	debug3("%s: salt = %s", __func__, salt);
1005	debug3("%s: scheme = %s", __func__, crypt_scheme);
1006	debug3("%s: crypted = %s", __func__, crypted);
1007	#endif
1008
1009	if (hash_buffer(crypted, strlen(crypted), SSH_DIGEST_SHA1,
1010	&secret, &secret_len) != 0)
1011	fatal("%s: hash_buffer", __func__);
1012
1013	bzero(password, strlen(password));
1014	bzero(crypted, strlen(crypted));
1015	free(password);
1016	free(crypted);
1017
1018	if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
1019	fatal("%s: BN_bin2bn (secret)", __func__);
1020	bzero(secret, secret_len);
1021	free(secret);
1022
1023	return ret;
1024	}
1025
1026	/* ARGSUSED */
1027	void
1028	input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt)
1029	{
1030	Authctxt *authctxt = ctxt;
1031	struct jpake_ctx *pctx = authctxt->methoddata;
1032	u_char x3_proof, x4_proof, *x2_s_proof;
1033	u_int x3_proof_len, x4_proof_len, x2_s_proof_len;
1034	char crypt_scheme, salt;
1035
1036	/* Disable this message */
1037	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, NULL);
1038
1039	if ((pctx->g_x3 = BN_new()) == NULL \|\|
1040	(pctx->g_x4 = BN_new()) == NULL)
1041	fatal("%s: BN_new", __func__);
1042
1043	/* Fetch step 1 values */
1044	crypt_scheme = packet_get_string(NULL);
1045	salt = packet_get_string(NULL);
1046	pctx->server_id = packet_get_string(&pctx->server_id_len);
1047	packet_get_bignum2(pctx->g_x3);
1048	packet_get_bignum2(pctx->g_x4);
1049	x3_proof = packet_get_string(&x3_proof_len);
1050	x4_proof = packet_get_string(&x4_proof_len);
1051	packet_check_eom();
1052
1053	JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__));
1054
1055	/* Obtain password and derive secret */
1056	pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
1057	bzero(crypt_scheme, strlen(crypt_scheme));
1058	bzero(salt, strlen(salt));
1059	free(crypt_scheme);
1060	free(salt);
1061	JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
1062
1063	/* Calculate step 2 values */
1064	jpake_step2(pctx->grp, pctx->s, pctx->g_x1,
1065	pctx->g_x3, pctx->g_x4, pctx->x2,
1066	pctx->server_id, pctx->server_id_len,
1067	pctx->client_id, pctx->client_id_len,
1068	x3_proof, x3_proof_len,
1069	x4_proof, x4_proof_len,
1070	&pctx->a,
1071	&x2_s_proof, &x2_s_proof_len);
1072
1073	bzero(x3_proof, x3_proof_len);
1074	bzero(x4_proof, x4_proof_len);
1075	free(x3_proof);
1076	free(x4_proof);
1077
1078	JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
1079
1080	/* Send values for step 2 */
1081	packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2);
1082	packet_put_bignum2(pctx->a);
1083	packet_put_string(x2_s_proof, x2_s_proof_len);
1084	packet_send();
1085
1086	bzero(x2_s_proof, x2_s_proof_len);
1087	free(x2_s_proof);
1088
1089	/* Expect step 2 packet from peer */
1090	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2,
1091	input_userauth_jpake_server_step2);
1092	}
1093
1094	/* ARGSUSED */
1095	void
1096	input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt)
1097	{
1098	Authctxt *authctxt = ctxt;
1099	struct jpake_ctx *pctx = authctxt->methoddata;
1100	u_char *x4_s_proof;
1101	u_int x4_s_proof_len;
1102
1103	/* Disable this message */
1104	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, NULL);
1105
1106	if ((pctx->b = BN_new()) == NULL)
1107	fatal("%s: BN_new", __func__);
1108
1109	/* Fetch step 2 values */
1110	packet_get_bignum2(pctx->b);
1111	x4_s_proof = packet_get_string(&x4_s_proof_len);
1112	packet_check_eom();
1113
1114	JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__));
1115
1116	/* Derive shared key and calculate confirmation hash */
1117	jpake_key_confirm(pctx->grp, pctx->s, pctx->b,
1118	pctx->x2, pctx->g_x1, pctx->g_x2, pctx->g_x3, pctx->g_x4,
1119	pctx->client_id, pctx->client_id_len,
1120	pctx->server_id, pctx->server_id_len,
1121	session_id2, session_id2_len,
1122	x4_s_proof, x4_s_proof_len,
1123	&pctx->k,
1124	&pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
1125
1126	bzero(x4_s_proof, x4_s_proof_len);
1127	free(x4_s_proof);
1128
1129	JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
1130
1131	/* Send key confirmation proof */
1132	packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM);
1133	packet_put_string(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len);
1134	packet_send();
1135
1136	/* Expect confirmation from peer */
1137	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM,
1138	input_userauth_jpake_server_confirm);
1139	}
1140
1141	/* ARGSUSED */
1142	void
1143	input_userauth_jpake_server_confirm(int type, u_int32_t seq, void *ctxt)
1144	{
1145	Authctxt *authctxt = ctxt;
1146	struct jpake_ctx *pctx = authctxt->methoddata;
1147
1148	/* Disable this message */
1149	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM, NULL);
1150
1151	pctx->h_k_sid_sessid = packet_get_string(&pctx->h_k_sid_sessid_len);
1152	packet_check_eom();
1153
1154	JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__));
1155
1156	/* Verify expected confirmation hash */
1157	if (jpake_check_confirm(pctx->k,
1158	pctx->server_id, pctx->server_id_len,
1159	session_id2, session_id2_len,
1160	pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len) == 1)
1161	debug("%s: %s success", __func__, authctxt->method->name);
1162	else {
1163	debug("%s: confirmation mismatch", __func__);
1164	/* XXX stash this so if auth succeeds then we can warn/kill */
1165	}
1166
1167	userauth_jpake_cleanup(authctxt);
1168	}
1169	#endif /* JPAKE */
1170
1171	static int	953	static int
1172	identity_sign(Identity id, u_char sigp, u_int lenp,	954	identity_sign(Identity id, u_char sigp, u_int lenp,
1173	u_char *data, u_int datalen)	955	u_char *data, u_int datalen)
@@ -1783,79 +1565,6 @@ userauth_hostbased(Authctxt *authctxt)
1783	return 1;	1565	return 1;
1784	}	1566	}
1785		1567
1786	#ifdef JPAKE
1787	int
1788	userauth_jpake(Authctxt *authctxt)
1789	{
1790	struct jpake_ctx *pctx;
1791	u_char x1_proof, x2_proof;
1792	u_int x1_proof_len, x2_proof_len;
1793	static int attempt = 0; /* XXX share with userauth_password's? */
1794
1795	if (attempt++ >= options.number_of_password_prompts)
1796	return 0;
1797	if (attempt != 1)
1798	error("Permission denied, please try again.");
1799
1800	if (authctxt->methoddata != NULL)
1801	fatal("%s: authctxt->methoddata already set (%p)",
1802	__func__, authctxt->methoddata);
1803
1804	authctxt->methoddata = pctx = jpake_new();
1805
1806	/*
1807	* Send request immediately, to get the protocol going while
1808	* we do the initial computations.
1809	*/
1810	packet_start(SSH2_MSG_USERAUTH_REQUEST);
1811	packet_put_cstring(authctxt->server_user);
1812	packet_put_cstring(authctxt->service);
1813	packet_put_cstring(authctxt->method->name);
1814	packet_send();
1815	packet_write_wait();
1816
1817	jpake_step1(pctx->grp,
1818	&pctx->client_id, &pctx->client_id_len,
1819	&pctx->x1, &pctx->x2, &pctx->g_x1, &pctx->g_x2,
1820	&x1_proof, &x1_proof_len,
1821	&x2_proof, &x2_proof_len);
1822
1823	JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__));
1824
1825	packet_start(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1);
1826	packet_put_string(pctx->client_id, pctx->client_id_len);
1827	packet_put_bignum2(pctx->g_x1);
1828	packet_put_bignum2(pctx->g_x2);
1829	packet_put_string(x1_proof, x1_proof_len);
1830	packet_put_string(x2_proof, x2_proof_len);
1831	packet_send();
1832
1833	bzero(x1_proof, x1_proof_len);
1834	bzero(x2_proof, x2_proof_len);
1835	free(x1_proof);
1836	free(x2_proof);
1837
1838	/* Expect step 1 packet from peer */
1839	dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
1840	input_userauth_jpake_server_step1);
1841	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
1842	&input_userauth_success_unexpected);
1843
1844	return 1;
1845	}
1846
1847	void
1848	userauth_jpake_cleanup(Authctxt *authctxt)
1849	{
1850	debug3("%s: clean up", __func__);
1851	if (authctxt->methoddata != NULL) {
1852	jpake_free(authctxt->methoddata);
1853	authctxt->methoddata = NULL;
1854	}
1855	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
1856	}
1857	#endif /* JPAKE */
1858
1859	/* find auth method */	1568	/* find auth method */
1860		1569
1861	/*	1570	/*