- djm@cvs.openbsd.org 2014/01/29 06:18:35

     [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
     [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
     [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
     remove experimental, never-enabled JPAKE code; ok markus@

1 files changed, 1 insertions, 164 deletions

diff --git a/monitor_wrap.c b/monitor_wrap.c
index 4ce46960..64c26236 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.77 2013/11/06 16:52:11 markus Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.78 2014/01/29 06:18:35 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -71,8 +71,6 @@
 #include "atomicio.h"
 #include "monitor_fdpass.h"
 #include "misc.h"
-#include "schnorr.h"
-#include "jpake.h"
 #include "uuencode.h"
 
 #include "channels.h"
@@ -1292,164 +1290,3 @@ mm_ssh_gssapi_userok(char *user)
 }
 #endif /* GSSAPI */
 
-#ifdef JPAKE
-void
-mm_auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
-    char **hash_scheme, char **salt)
-{
-	Buffer m;
-
-	debug3("%s entering", __func__);
-
-	buffer_init(&m);
-	mm_request_send(pmonitor->m_recvfd,
-	    MONITOR_REQ_JPAKE_GET_PWDATA, &m);
-
-	debug3("%s: waiting for MONITOR_ANS_JPAKE_GET_PWDATA", __func__);
-	mm_request_receive_expect(pmonitor->m_recvfd,
-	    MONITOR_ANS_JPAKE_GET_PWDATA, &m);
-
-	*hash_scheme = buffer_get_string(&m, NULL);
-	*salt = buffer_get_string(&m, NULL);
-
-	buffer_free(&m);
-}
-
-void
-mm_jpake_step1(struct modp_group *grp,
-    u_char **id, u_int *id_len,
-    BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2,
-    u_char **priv1_proof, u_int *priv1_proof_len,
-    u_char **priv2_proof, u_int *priv2_proof_len)
-{
-	Buffer m;
-
-	debug3("%s entering", __func__);
-
-	buffer_init(&m);
-	mm_request_send(pmonitor->m_recvfd,
-	    MONITOR_REQ_JPAKE_STEP1, &m);
-
-	debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP1", __func__);
-	mm_request_receive_expect(pmonitor->m_recvfd,
-	    MONITOR_ANS_JPAKE_STEP1, &m);
-
-	if ((*priv1 = BN_new()) == NULL ||
-	    (*priv2 = BN_new()) == NULL ||
-	    (*g_priv1 = BN_new()) == NULL ||
-	    (*g_priv2 = BN_new()) == NULL)
-		fatal("%s: BN_new", __func__);
-
-	*id = buffer_get_string(&m, id_len);
-	/* priv1 and priv2 are, well, private */
-	buffer_get_bignum2(&m, *g_priv1);
-	buffer_get_bignum2(&m, *g_priv2);
-	*priv1_proof = buffer_get_string(&m, priv1_proof_len);
-	*priv2_proof = buffer_get_string(&m, priv2_proof_len);
-
-	buffer_free(&m);
-}
-
-void
-mm_jpake_step2(struct modp_group *grp, BIGNUM *s,
-    BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2,
-    const u_char *theirid, u_int theirid_len,
-    const u_char *myid, u_int myid_len,
-    const u_char *theirpub1_proof, u_int theirpub1_proof_len,
-    const u_char *theirpub2_proof, u_int theirpub2_proof_len,
-    BIGNUM **newpub,
-    u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len)
-{
-	Buffer m;
-
-	debug3("%s entering", __func__);
-
-	buffer_init(&m);
-	/* monitor already has all bignums except theirpub1, theirpub2 */
-	buffer_put_bignum2(&m, theirpub1);
-	buffer_put_bignum2(&m, theirpub2);
-	/* monitor already knows our id */
-	buffer_put_string(&m, theirid, theirid_len);
-	buffer_put_string(&m, theirpub1_proof, theirpub1_proof_len);
-	buffer_put_string(&m, theirpub2_proof, theirpub2_proof_len);
-
-	mm_request_send(pmonitor->m_recvfd,
-	    MONITOR_REQ_JPAKE_STEP2, &m);
-
-	debug3("%s: waiting for MONITOR_ANS_JPAKE_STEP2", __func__);
-	mm_request_receive_expect(pmonitor->m_recvfd,
-	    MONITOR_ANS_JPAKE_STEP2, &m);
-
-	if ((*newpub = BN_new()) == NULL)
-		fatal("%s: BN_new", __func__);
-
-	buffer_get_bignum2(&m, *newpub);
-	*newpub_exponent_proof = buffer_get_string(&m,
-	    newpub_exponent_proof_len);
-
-	buffer_free(&m);
-}
-
-void
-mm_jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val,
-    BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2,
-    BIGNUM *theirpub1, BIGNUM *theirpub2,
-    const u_char *my_id, u_int my_id_len,
-    const u_char *their_id, u_int their_id_len,
-    const u_char *sess_id, u_int sess_id_len,
-    const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len,
-    BIGNUM **k,
-    u_char **confirm_hash, u_int *confirm_hash_len)
-{
-	Buffer m;
-
-	debug3("%s entering", __func__);
-
-	buffer_init(&m);
-	/* monitor already has all bignums except step2_val */
-	buffer_put_bignum2(&m, step2_val);
-	/* monitor already knows all the ids */
-	buffer_put_string(&m, theirpriv2_s_proof, theirpriv2_s_proof_len);
-
-	mm_request_send(pmonitor->m_recvfd,
-	    MONITOR_REQ_JPAKE_KEY_CONFIRM, &m);
-
-	debug3("%s: waiting for MONITOR_ANS_JPAKE_KEY_CONFIRM", __func__);
-	mm_request_receive_expect(pmonitor->m_recvfd,
-	    MONITOR_ANS_JPAKE_KEY_CONFIRM, &m);
-
-	/* 'k' is sensitive and stays in the monitor */
-	*confirm_hash = buffer_get_string(&m, confirm_hash_len);
-
-	buffer_free(&m);
-}
-
-int
-mm_jpake_check_confirm(const BIGNUM *k,
-    const u_char *peer_id, u_int peer_id_len,
-    const u_char *sess_id, u_int sess_id_len,
-    const u_char *peer_confirm_hash, u_int peer_confirm_hash_len)
-{
-	Buffer m;
-	int success = 0;
-
-	debug3("%s entering", __func__);
-
-	buffer_init(&m);
-	/* k is dummy in slave, ignored */
-	/* monitor knows all the ids */
-	buffer_put_string(&m, peer_confirm_hash, peer_confirm_hash_len);
-	mm_request_send(pmonitor->m_recvfd,
-	    MONITOR_REQ_JPAKE_CHECK_CONFIRM, &m);
-
-	debug3("%s: waiting for MONITOR_ANS_JPAKE_CHECK_CONFIRM", __func__);
-	mm_request_receive_expect(pmonitor->m_recvfd,
-	    MONITOR_ANS_JPAKE_CHECK_CONFIRM, &m);
-
-	success = buffer_get_int(&m);
-	buffer_free(&m);
-
-	debug3("%s: success = %d", __func__, success);
-	return success;
-}
-#endif /* JPAKE */