From 01ed2272a1545336173bf3aef66fbccc3494c8d8 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 5 Nov 2008 16:20:46 +1100
Subject:    - djm@cvs.openbsd.org 2008/11/04 08:22:13      [auth.h auth2.c
 monitor.c monitor.h monitor_wrap.c monitor_wrap.h]      [readconf.c
 readconf.h servconf.c servconf.h ssh2.h ssh_config.5]      [sshconnect2.c
 sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]      [Makefile.in]    
  Add support for an experimental zero-knowledge password authentication     
 method using the J-PAKE protocol described in F. Hao, P. Ryan,      "Password
 Authenticated Key Exchange by Juggling", 16th Workshop on      Security
 Protocols, Cambridge, April 2008.

     This method allows password-based authentication without exposing
     the password to the server. Instead, the client and server exchange
     cryptographic proofs to demonstrate of knowledge of the password while
     revealing nothing useful to an attacker or compromised endpoint.

     This is experimental, work-in-progress code and is presently
     compiled-time disabled (turn on -DJPAKE in Makefile.inc).

     "just commit it.  It isn't too intrusive." deraadt@
---
 auth2.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'auth2.c')

diff --git a/auth2.c b/auth2.c
index a835abfc6..ecf857052 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.120 2008/11/04 08:22:12 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -71,12 +71,18 @@ extern Authmethod method_hostbased;
 #ifdef GSSAPI
 extern Authmethod method_gssapi;
 #endif
+#ifdef JPAKE
+extern Authmethod method_jpake;
+#endif
 
 Authmethod *authmethods[] = {
 	&method_none,
 	&method_pubkey,
 #ifdef GSSAPI
 	&method_gssapi,
+#endif
+#ifdef JPAKE
+	&method_jpake,
 #endif
 	&method_passwd,
 	&method_kbdint,
@@ -257,8 +263,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 	}
 	/* reset state */
 	auth2_challenge_stop(authctxt);
+#ifdef JPAKE
+	auth2_jpake_stop(authctxt);
+#endif
 
 #ifdef GSSAPI
+	/* XXX move to auth2_gssapi_stop() */
 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
 	dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
 #endif
-- 
cgit v1.2.3