Skip to content

Commit

Permalink
- remove some more jpake remnants.
Browse files Browse the repository at this point in the history 
- try to fix umac; probably still broken on hosts that require strict
  alignment, but it is still a start.
  • Loading branch information
@zoulasc
zoulasc committed Oct 20, 2014
1 parent 3f2b437 commit 3f949a6
Show file tree
Hide file tree
Showing 10 changed files with 61 additions and 310 deletions.
3 changes: 1 addition & 2 deletions crypto/external/bsd/openssh/dist/auth.h
View file
@@ -1,4 +1,4 @@
/* $NetBSD: auth.h,v 1.8 2014/10/19 16:30:58 christos Exp $ */
/* $NetBSD: auth.h,v 1.9 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: auth.h,v 1.78 2014/07/03 11:16:55 djm Exp $ */

/*
Expand Down Expand Up @@ -62,7 +62,6 @@ struct Authctxt {
char *style;
void *kbdintctxt;
char *info; /* Extra info for next auth_log */
void *jpake_ctx;
#ifdef BSD_AUTH
auth_session_t *as;
#endif
Expand Down
5 changes: 3 additions & 2 deletions crypto/external/bsd/openssh/dist/compat.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: compat.c,v 1.7 2014/10/19 16:30:58 christos Exp $ */
/* $NetBSD: compat.c,v 1.8 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: compat.c,v 1.85 2014/04/20 02:49:32 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
Expand All @@ -25,7 +25,7 @@
*/

#include "includes.h"
__RCSID("$NetBSD: compat.c,v 1.7 2014/10/19 16:30:58 christos Exp $");
__RCSID("$NetBSD: compat.c,v 1.8 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>

#include <stdlib.h>
Expand Down Expand Up @@ -179,6 +179,7 @@ compat_datafellows(const char *version)
if (match_pattern_list(version, check[i].pat,
strlen(check[i].pat), 0) == 1) {
datafellows = check[i].bugs;
/* Check to see if the remote side is OpenSSH and not HPN */
if(strstr(version,"OpenSSH") != NULL)
{
if (strstr(version,"hpn") == NULL)
Expand Down
15 changes: 3 additions & 12 deletions crypto/external/bsd/openssh/dist/mac.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: mac.c,v 1.9 2014/10/19 16:30:58 christos Exp $ */
/* $NetBSD: mac.c,v 1.10 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: mac.c,v 1.30 2014/04/30 19:07:48 naddy Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
Expand All @@ -25,7 +25,7 @@
*/

#include "includes.h"
__RCSID("$NetBSD: mac.c,v 1.9 2014/10/19 16:30:58 christos Exp $");
__RCSID("$NetBSD: mac.c,v 1.10 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>

#include <openssl/hmac.h>
Expand Down Expand Up @@ -153,14 +153,12 @@ mac_init(Mac *mac)
ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
return -1;
return 0;
#ifdef UMAC_HAS_BEEN_UNBROKEN
case SSH_UMAC:
mac->umac_ctx = umac_new(mac->key);
return 0;
case SSH_UMAC128:
mac->umac_ctx = umac128_new(mac->key);
return 0;
#endif
default:
return -1;
}
Expand All @@ -174,9 +172,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
u_int64_t for_align;
} u;
u_char b[4];
#ifdef UMAC_HAS_BEEN_UNBROKEN
u_char nonce[8];
#endif

if (mac->mac_len > sizeof(u))
fatal("mac_compute: mac too long %u %zu",
Expand All @@ -192,7 +188,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
fatal("ssh_hmac failed");
break;
#ifdef UMAC_HAS_BEEN_UNBROKEN
case SSH_UMAC:
put_u64(nonce, seqno);
umac_update(mac->umac_ctx, data, datalen);
Expand All @@ -203,7 +198,6 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
umac128_update(mac->umac_ctx, data, datalen);
umac128_final(mac->umac_ctx, u.m, nonce);
break;
#endif
default:
fatal("mac_compute: unknown MAC type");
}
Expand All @@ -213,16 +207,13 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
void
mac_clear(Mac *mac)
{
#ifdef UMAC_HAS_BEEN_UNBROKEN
if (mac->type == SSH_UMAC) {
if (mac->umac_ctx != NULL)
umac_delete(mac->umac_ctx);
} else if (mac->type == SSH_UMAC128) {
if (mac->umac_ctx != NULL)
umac128_delete(mac->umac_ctx);
} else
#endif
if (mac->hmac_ctx != NULL)
} else if (mac->hmac_ctx != NULL)
ssh_hmac_free(mac->hmac_ctx);
mac->hmac_ctx = NULL;
mac->umac_ctx = NULL;
Expand Down
166 changes: 2 additions & 164 deletions crypto/external/bsd/openssh/dist/monitor_wrap.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: monitor_wrap.c,v 1.9 2014/10/19 16:30:58 christos Exp $ */
/* $NetBSD: monitor_wrap.c,v 1.10 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: monitor_wrap.c,v 1.80 2014/04/29 18:01:49 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
Expand Down Expand Up @@ -27,7 +27,7 @@
*/

#include "includes.h"
__RCSID("$NetBSD: monitor_wrap.c,v 1.9 2014/10/19 16:30:58 christos Exp $");
__RCSID("$NetBSD: monitor_wrap.c,v 1.10 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/queue.h>
Expand Down Expand Up @@ -1268,168 +1268,6 @@ mm_ssh_gssapi_userok(char *user)
}
#endif /* GSSAPI */

#ifdef JPAKE
void
mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
char **hash_scheme, char **salt)
{
Buffer m;

debug3("%s entering", __func__);

buffer_init(&m);
mm_request_send(pmonitor->m_recvfd,
MONITOR_REQ_JPAKE_GET_PWDATA, &m);

debug3("%s: waiting for MONITOR_ANS_JPAKE_GET_PWDATA", __func__);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_JPAKE_GET_PWDATA, &m);

*hash_scheme = buffer_get_string(&m, NULL);
*salt = buffer_get_string(&m, NULL);

buffer_free(&m);
}

void
mm_jpake_step1(struct modp_group *grp,
u_char **id, u_int *id_len,
BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
u_char **priv1_proof, u_int *priv1_proof_len,
u_char **priv2_proof, u_int *priv2_proof_len)
{
Buffer m;

debug3("%s entering", __func__);

buffer_init(&m);
mm_request_send(pmonitor->m_recvfd,
MONITOR_REQ_JPAKE_STEP1, &m);

debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP1", __func__);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_JPAKE_STEP1, &m);

if ((*priv1 = BN_new()) == NULL ||
(*priv2 = BN_new()) == NULL ||
(*g_priv1 = BN_new()) == NULL ||
(*g_priv2 = BN_new()) == NULL)
fatal("%s: BN_new", __func__);

*id = buffer_get_string(&m, id_len);
/* priv1 and priv2 are, well, private */
buffer_get_bignum2(&m, *g_priv1);
buffer_get_bignum2(&m, *g_priv2);
*priv1_proof = buffer_get_string(&m, priv1_proof_len);
*priv2_proof = buffer_get_string(&m, priv2_proof_len);

buffer_free(&m);
}

void
mm_jpake_step2(struct modp_group *grp, BIGNUM *s,
BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
const u_char *theirid, u_int theirid_len,
const u_char *myid, u_int myid_len,
const u_char *theirpub1_proof, u_int theirpub1_proof_len,
const u_char *theirpub2_proof, u_int theirpub2_proof_len,
BIGNUM **newpub,
u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
{
Buffer m;

debug3("%s entering", __func__);

buffer_init(&m);
/* monitor already has all bignums except theirpub1, theirpub2 */
buffer_put_bignum2(&m, theirpub1);
buffer_put_bignum2(&m, theirpub2);
/* monitor already knows our id */
buffer_put_string(&m, theirid, theirid_len);
buffer_put_string(&m, theirpub1_proof, theirpub1_proof_len);
buffer_put_string(&m, theirpub2_proof, theirpub2_proof_len);

mm_request_send(pmonitor->m_recvfd,
MONITOR_REQ_JPAKE_STEP2, &m);

debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP2", __func__);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_JPAKE_STEP2, &m);

if ((*newpub = BN_new()) == NULL)
fatal("%s: BN_new", __func__);

buffer_get_bignum2(&m, *newpub);
*newpub_exponent_proof = buffer_get_string(&m,
newpub_exponent_proof_len);

buffer_free(&m);
}

void
mm_jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
BIGNUM *theirpub1, BIGNUM *theirpub2,
const u_char *my_id, u_int my_id_len,
const u_char *their_id, u_int their_id_len,
const u_char *sess_id, u_int sess_id_len,
const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
BIGNUM **k,
u_char **confirm_hash, u_int *confirm_hash_len)
{
Buffer m;

debug3("%s entering", __func__);

buffer_init(&m);
/* monitor already has all bignums except step2_val */
buffer_put_bignum2(&m, step2_val);
/* monitor already knows all the ids */
buffer_put_string(&m, theirpriv2_s_proof, theirpriv2_s_proof_len);

mm_request_send(pmonitor->m_recvfd,
MONITOR_REQ_JPAKE_KEY_CONFIRM, &m);

debug3("%s: waiting for MONITOR_ANS_JPAKE_KEY_CONFIRM", __func__);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_JPAKE_KEY_CONFIRM, &m);

/* 'k' is sensitive and stays in the monitor */
*confirm_hash = buffer_get_string(&m, confirm_hash_len);

buffer_free(&m);
}

int
mm_jpake_check_confirm(const BIGNUM *k,
const u_char *peer_id, u_int peer_id_len,
const u_char *sess_id, u_int sess_id_len,
const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
{
Buffer m;
int success = 0;

debug3("%s entering", __func__);

buffer_init(&m);
/* k is dummy in slave, ignored */
/* monitor knows all the ids */
buffer_put_string(&m, peer_confirm_hash, peer_confirm_hash_len);
mm_request_send(pmonitor->m_recvfd,
MONITOR_REQ_JPAKE_CHECK_CONFIRM, &m);

debug3("%s: waiting for MONITOR_ANS_JPAKE_CHECK_CONFIRM", __func__);
mm_request_receive_expect(pmonitor->m_recvfd,
MONITOR_ANS_JPAKE_CHECK_CONFIRM, &m);

success = buffer_get_int(&m);
buffer_free(&m);

debug3("%s: success = %d", __func__, success);
return success;
}
#endif /* JPAKE */

#ifdef KRB4
int
mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
Expand Down
21 changes: 1 addition & 20 deletions crypto/external/bsd/openssh/dist/monitor_wrap.h
View file
@@ -1,4 +1,4 @@
/* $NetBSD: monitor_wrap.h,v 1.6 2014/10/19 16:30:58 christos Exp $ */
/* $NetBSD: monitor_wrap.h,v 1.7 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: monitor_wrap.h,v 1.24 2014/01/29 06:18:35 djm Exp $ */

/*
Expand Down Expand Up @@ -97,25 +97,6 @@ int mm_bsdauth_respond(void *, u_int, char **);
int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
int mm_skey_respond(void *, u_int, char **);

/* jpake */
struct modp_group;
void mm_auth2_jpake_get_pwdata(struct Authctxt *, BIGNUM **, char **, char **);
void mm_jpake_step1(struct modp_group *, u_char **, u_int *,
BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **,
u_char **, u_int *, u_char **, u_int *);
void mm_jpake_step2(struct modp_group *, BIGNUM *,
BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
const u_char *, u_int, const u_char *, u_int,
const u_char *, u_int, const u_char *, u_int,
BIGNUM **, u_char **, u_int *);
void mm_jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *,
BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
const u_char *, u_int, const u_char *, u_int,
const u_char *, u_int, const u_char *, u_int,
BIGNUM **, u_char **, u_int *);
int mm_jpake_check_confirm(const BIGNUM *,
const u_char *, u_int, const u_char *, u_int, const u_char *, u_int);

/* auth_krb */
#ifdef KRB4
int mm_auth_krb4(struct Authctxt *, void *, char **, void *);
Expand Down
5 changes: 3 additions & 2 deletions crypto/external/bsd/openssh/dist/packet.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: packet.c,v 1.13 2014/10/19 16:30:58 christos Exp $ */
/* $NetBSD: packet.c,v 1.14 2014/10/20 03:05:13 christos Exp $ */
/* $OpenBSD: packet.c,v 1.198 2014/07/15 15:54:14 millert Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
Expand Down Expand Up @@ -39,7 +39,7 @@
*/

#include "includes.h"
__RCSID("$NetBSD: packet.c,v 1.13 2014/10/19 16:30:58 christos Exp $");
__RCSID("$NetBSD: packet.c,v 1.14 2014/10/20 03:05:13 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
#include <sys/socket.h>
Expand Down Expand Up @@ -944,6 +944,7 @@ packet_send2_wrapped(void)
len, padlen, aadlen));

/* compute MAC over seqnr and packet(length fields, payload, padding) */
debug("mac %p, %d %d\n", mac, mac? mac->enabled : -1, mac ? mac->etm : -1);
if (mac && mac->enabled && !mac->etm) {
macbuf = mac_compute(mac, active_state->p_send.seqnr,
buffer_ptr(&active_state->outgoing_packet), len);
Expand Down

0 comments on commit 3f949a6

Please sign in to comment.