]>
Commit | Line | Data |
---|---|---|
1 | /* $OpenBSD: jpake.c,v 1.2 2009/03/05 07:18:19 djm Exp $ */ | |
2 | /* | |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | |
4 | * | |
5 | * Permission to use, copy, modify, and distribute this software for any | |
6 | * purpose with or without fee is hereby granted, provided that the above | |
7 | * copyright notice and this permission notice appear in all copies. | |
8 | * | |
9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
16 | */ | |
17 | ||
18 | /* | |
19 | * Shared components of zero-knowledge password auth using J-PAKE protocol | |
20 | * as described in: | |
21 | * | |
22 | * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", | |
23 | * 16th Workshop on Security Protocols, Cambridge, April 2008 | |
24 | * | |
25 | * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf | |
26 | */ | |
27 | ||
28 | #include "includes.h" | |
29 | ||
30 | #include <sys/types.h> | |
31 | ||
32 | #include <stdio.h> | |
33 | #include <string.h> | |
34 | #include <stdarg.h> | |
35 | ||
36 | #include <openssl/bn.h> | |
37 | #include <openssl/evp.h> | |
38 | ||
39 | #include "xmalloc.h" | |
40 | #include "ssh2.h" | |
41 | #include "key.h" | |
42 | #include "hostfile.h" | |
43 | #include "auth.h" | |
44 | #include "buffer.h" | |
45 | #include "packet.h" | |
46 | #include "dispatch.h" | |
47 | #include "log.h" | |
48 | ||
49 | #include "jpake.h" | |
50 | #include "schnorr.h" | |
51 | ||
52 | #ifdef JPAKE | |
53 | ||
54 | /* RFC3526 group 5, 1536 bits */ | |
55 | #define JPAKE_GROUP_G "2" | |
56 | #define JPAKE_GROUP_P \ | |
57 | "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74" \ | |
58 | "020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437" \ | |
59 | "4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ | |
60 | "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05" \ | |
61 | "98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" \ | |
62 | "9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF" | |
63 | ||
64 | struct modp_group * | |
65 | jpake_default_group(void) | |
66 | { | |
67 | return modp_group_from_g_and_safe_p(JPAKE_GROUP_G, JPAKE_GROUP_P); | |
68 | } | |
69 | ||
70 | struct jpake_ctx * | |
71 | jpake_new(void) | |
72 | { | |
73 | struct jpake_ctx *ret; | |
74 | ||
75 | ret = xcalloc(1, sizeof(*ret)); | |
76 | ||
77 | ret->grp = jpake_default_group(); | |
78 | ||
79 | ret->s = ret->k = NULL; | |
80 | ret->x1 = ret->x2 = ret->x3 = ret->x4 = NULL; | |
81 | ret->g_x1 = ret->g_x2 = ret->g_x3 = ret->g_x4 = NULL; | |
82 | ret->a = ret->b = NULL; | |
83 | ||
84 | ret->client_id = ret->server_id = NULL; | |
85 | ret->h_k_cid_sessid = ret->h_k_sid_sessid = NULL; | |
86 | ||
87 | debug3("%s: alloc %p", __func__, ret); | |
88 | ||
89 | return ret; | |
90 | } | |
91 | ||
92 | void | |
93 | jpake_free(struct jpake_ctx *pctx) | |
94 | { | |
95 | debug3("%s: free %p", __func__, pctx); | |
96 | ||
97 | #define JPAKE_BN_CLEAR_FREE(v) \ | |
98 | do { \ | |
99 | if ((v) != NULL) { \ | |
100 | BN_clear_free(v); \ | |
101 | (v) = NULL; \ | |
102 | } \ | |
103 | } while (0) | |
104 | #define JPAKE_BUF_CLEAR_FREE(v, l) \ | |
105 | do { \ | |
106 | if ((v) != NULL) { \ | |
107 | bzero((v), (l)); \ | |
108 | xfree(v); \ | |
109 | (v) = NULL; \ | |
110 | (l) = 0; \ | |
111 | } \ | |
112 | } while (0) | |
113 | ||
114 | JPAKE_BN_CLEAR_FREE(pctx->s); | |
115 | JPAKE_BN_CLEAR_FREE(pctx->k); | |
116 | JPAKE_BN_CLEAR_FREE(pctx->x1); | |
117 | JPAKE_BN_CLEAR_FREE(pctx->x2); | |
118 | JPAKE_BN_CLEAR_FREE(pctx->x3); | |
119 | JPAKE_BN_CLEAR_FREE(pctx->x4); | |
120 | JPAKE_BN_CLEAR_FREE(pctx->g_x1); | |
121 | JPAKE_BN_CLEAR_FREE(pctx->g_x2); | |
122 | JPAKE_BN_CLEAR_FREE(pctx->g_x3); | |
123 | JPAKE_BN_CLEAR_FREE(pctx->g_x4); | |
124 | JPAKE_BN_CLEAR_FREE(pctx->a); | |
125 | JPAKE_BN_CLEAR_FREE(pctx->b); | |
126 | ||
127 | JPAKE_BUF_CLEAR_FREE(pctx->client_id, pctx->client_id_len); | |
128 | JPAKE_BUF_CLEAR_FREE(pctx->server_id, pctx->server_id_len); | |
129 | JPAKE_BUF_CLEAR_FREE(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len); | |
130 | JPAKE_BUF_CLEAR_FREE(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); | |
131 | ||
132 | #undef JPAKE_BN_CLEAR_FREE | |
133 | #undef JPAKE_BUF_CLEAR_FREE | |
134 | ||
135 | bzero(pctx, sizeof(pctx)); | |
136 | xfree(pctx); | |
137 | } | |
138 | ||
139 | /* dump entire jpake_ctx. NB. includes private values! */ | |
140 | void | |
141 | jpake_dump(struct jpake_ctx *pctx, const char *fmt, ...) | |
142 | { | |
143 | char *out; | |
144 | va_list args; | |
145 | ||
146 | out = NULL; | |
147 | va_start(args, fmt); | |
148 | vasprintf(&out, fmt, args); | |
149 | va_end(args); | |
150 | if (out == NULL) | |
151 | fatal("%s: vasprintf failed", __func__); | |
152 | ||
153 | debug3("%s: %s (ctx at %p)", __func__, out, pctx); | |
154 | if (pctx == NULL) { | |
155 | free(out); | |
156 | return; | |
157 | } | |
158 | ||
159 | #define JPAKE_DUMP_BN(a) do { \ | |
160 | if ((a) != NULL) \ | |
161 | JPAKE_DEBUG_BN(((a), "%s = ", #a)); \ | |
162 | } while (0) | |
163 | #define JPAKE_DUMP_BUF(a, b) do { \ | |
164 | if ((a) != NULL) \ | |
165 | JPAKE_DEBUG_BUF((a, b, "%s", #a)); \ | |
166 | } while (0) | |
167 | ||
168 | JPAKE_DUMP_BN(pctx->s); | |
169 | JPAKE_DUMP_BN(pctx->k); | |
170 | JPAKE_DUMP_BN(pctx->x1); | |
171 | JPAKE_DUMP_BN(pctx->x2); | |
172 | JPAKE_DUMP_BN(pctx->x3); | |
173 | JPAKE_DUMP_BN(pctx->x4); | |
174 | JPAKE_DUMP_BN(pctx->g_x1); | |
175 | JPAKE_DUMP_BN(pctx->g_x2); | |
176 | JPAKE_DUMP_BN(pctx->g_x3); | |
177 | JPAKE_DUMP_BN(pctx->g_x4); | |
178 | JPAKE_DUMP_BN(pctx->a); | |
179 | JPAKE_DUMP_BN(pctx->b); | |
180 | ||
181 | JPAKE_DUMP_BUF(pctx->client_id, pctx->client_id_len); | |
182 | JPAKE_DUMP_BUF(pctx->server_id, pctx->server_id_len); | |
183 | JPAKE_DUMP_BUF(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len); | |
184 | JPAKE_DUMP_BUF(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); | |
185 | ||
186 | debug3("%s: %s done", __func__, out); | |
187 | free(out); | |
188 | } | |
189 | ||
190 | /* Shared parts of step 1 exchange calculation */ | |
191 | void | |
192 | jpake_step1(struct modp_group *grp, | |
193 | u_char **id, u_int *id_len, | |
194 | BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2, | |
195 | u_char **priv1_proof, u_int *priv1_proof_len, | |
196 | u_char **priv2_proof, u_int *priv2_proof_len) | |
197 | { | |
198 | BN_CTX *bn_ctx; | |
199 | ||
200 | if ((bn_ctx = BN_CTX_new()) == NULL) | |
201 | fatal("%s: BN_CTX_new", __func__); | |
202 | ||
203 | /* Random nonce to prevent replay */ | |
204 | *id = xmalloc(KZP_ID_LEN); | |
205 | *id_len = KZP_ID_LEN; | |
206 | arc4random_buf(*id, *id_len); | |
207 | ||
208 | /* | |
209 | * x1/x3 is a random element of Zq | |
210 | * x2/x4 is a random element of Z*q | |
211 | * We also exclude [1] from x1/x3 candidates and [0, 1] from | |
212 | * x2/x4 candiates to avoid possible degeneracy (i.e. g^0, g^1). | |
213 | */ | |
214 | if ((*priv1 = bn_rand_range_gt_one(grp->q)) == NULL || | |
215 | (*priv2 = bn_rand_range_gt_one(grp->q)) == NULL) | |
216 | fatal("%s: bn_rand_range_gt_one", __func__); | |
217 | ||
218 | /* | |
219 | * client: g_x1 = g^x1 mod p / server: g_x3 = g^x3 mod p | |
220 | * client: g_x2 = g^x2 mod p / server: g_x4 = g^x4 mod p | |
221 | */ | |
222 | if ((*g_priv1 = BN_new()) == NULL || | |
223 | (*g_priv2 = BN_new()) == NULL) | |
224 | fatal("%s: BN_new", __func__); | |
225 | if (BN_mod_exp(*g_priv1, grp->g, *priv1, grp->p, bn_ctx) == -1) | |
226 | fatal("%s: BN_mod_exp", __func__); | |
227 | if (BN_mod_exp(*g_priv2, grp->g, *priv2, grp->p, bn_ctx) == -1) | |
228 | fatal("%s: BN_mod_exp", __func__); | |
229 | ||
230 | /* Generate proofs for holding x1/x3 and x2/x4 */ | |
231 | if (schnorr_sign_buf(grp->p, grp->q, grp->g, | |
232 | *priv1, *g_priv1, *id, *id_len, | |
233 | priv1_proof, priv1_proof_len) != 0) | |
234 | fatal("%s: schnorr_sign", __func__); | |
235 | if (schnorr_sign_buf(grp->p, grp->q, grp->g, | |
236 | *priv2, *g_priv2, *id, *id_len, | |
237 | priv2_proof, priv2_proof_len) != 0) | |
238 | fatal("%s: schnorr_sign", __func__); | |
239 | ||
240 | BN_CTX_free(bn_ctx); | |
241 | } | |
242 | ||
243 | /* Shared parts of step 2 exchange calculation */ | |
244 | void | |
245 | jpake_step2(struct modp_group *grp, BIGNUM *s, | |
246 | BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2, | |
247 | const u_char *theirid, u_int theirid_len, | |
248 | const u_char *myid, u_int myid_len, | |
249 | const u_char *theirpub1_proof, u_int theirpub1_proof_len, | |
250 | const u_char *theirpub2_proof, u_int theirpub2_proof_len, | |
251 | BIGNUM **newpub, | |
252 | u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len) | |
253 | { | |
254 | BN_CTX *bn_ctx; | |
255 | BIGNUM *tmp, *exponent; | |
256 | ||
257 | /* Validate peer's step 1 values */ | |
258 | if (BN_cmp(theirpub1, BN_value_one()) <= 0) | |
259 | fatal("%s: theirpub1 <= 1", __func__); | |
260 | if (BN_cmp(theirpub2, BN_value_one()) <= 0) | |
261 | fatal("%s: theirpub2 <= 1", __func__); | |
262 | ||
263 | if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1, | |
264 | theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1) | |
265 | fatal("%s: schnorr_verify theirpub1 failed", __func__); | |
266 | if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub2, | |
267 | theirid, theirid_len, theirpub2_proof, theirpub2_proof_len) != 1) | |
268 | fatal("%s: schnorr_verify theirpub2 failed", __func__); | |
269 | ||
270 | if ((bn_ctx = BN_CTX_new()) == NULL) | |
271 | fatal("%s: BN_CTX_new", __func__); | |
272 | ||
273 | if ((*newpub = BN_new()) == NULL || | |
274 | (tmp = BN_new()) == NULL || | |
275 | (exponent = BN_new()) == NULL) | |
276 | fatal("%s: BN_new", __func__); | |
277 | ||
278 | /* | |
279 | * client: exponent = x2 * s mod p | |
280 | * server: exponent = x4 * s mod p | |
281 | */ | |
282 | if (BN_mod_mul(exponent, mypriv2, s, grp->q, bn_ctx) != 1) | |
283 | fatal("%s: BN_mod_mul (exponent = mypriv2 * s mod p)", | |
284 | __func__); | |
285 | ||
286 | /* | |
287 | * client: tmp = g^(x1 + x3 + x4) mod p | |
288 | * server: tmp = g^(x1 + x2 + x3) mod p | |
289 | */ | |
290 | if (BN_mod_mul(tmp, mypub1, theirpub1, grp->p, bn_ctx) != 1) | |
291 | fatal("%s: BN_mod_mul (tmp = mypub1 * theirpub1 mod p)", | |
292 | __func__); | |
293 | if (BN_mod_mul(tmp, tmp, theirpub2, grp->p, bn_ctx) != 1) | |
294 | fatal("%s: BN_mod_mul (tmp = tmp * theirpub2 mod p)", __func__); | |
295 | ||
296 | /* | |
297 | * client: a = tmp^exponent = g^((x1+x3+x4) * x2 * s) mod p | |
298 | * server: b = tmp^exponent = g^((x1+x2+x3) * x4 * s) mod p | |
299 | */ | |
300 | if (BN_mod_exp(*newpub, tmp, exponent, grp->p, bn_ctx) != 1) | |
301 | fatal("%s: BN_mod_mul (newpub = tmp^exponent mod p)", __func__); | |
302 | ||
303 | JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__)); | |
304 | JPAKE_DEBUG_BN((exponent, "%s: exponent = ", __func__)); | |
305 | ||
306 | /* Note the generator here is 'tmp', not g */ | |
307 | if (schnorr_sign_buf(grp->p, grp->q, tmp, exponent, *newpub, | |
308 | myid, myid_len, | |
309 | newpub_exponent_proof, newpub_exponent_proof_len) != 0) | |
310 | fatal("%s: schnorr_sign newpub", __func__); | |
311 | ||
312 | BN_clear_free(tmp); /* XXX stash for later use? */ | |
313 | BN_clear_free(exponent); /* XXX stash for later use? (yes, in conf) */ | |
314 | ||
315 | BN_CTX_free(bn_ctx); | |
316 | } | |
317 | ||
318 | /* Confirmation hash calculation */ | |
319 | void | |
320 | jpake_confirm_hash(const BIGNUM *k, | |
321 | const u_char *endpoint_id, u_int endpoint_id_len, | |
322 | const u_char *sess_id, u_int sess_id_len, | |
323 | u_char **confirm_hash, u_int *confirm_hash_len) | |
324 | { | |
325 | Buffer b; | |
326 | ||
327 | /* | |
328 | * Calculate confirmation proof: | |
329 | * client: H(k || client_id || session_id) | |
330 | * server: H(k || server_id || session_id) | |
331 | */ | |
332 | buffer_init(&b); | |
333 | buffer_put_bignum2(&b, k); | |
334 | buffer_put_string(&b, endpoint_id, endpoint_id_len); | |
335 | buffer_put_string(&b, sess_id, sess_id_len); | |
336 | if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(), | |
337 | confirm_hash, confirm_hash_len) != 0) | |
338 | fatal("%s: hash_buffer", __func__); | |
339 | buffer_free(&b); | |
340 | } | |
341 | ||
342 | /* Shared parts of key derivation and confirmation calculation */ | |
343 | void | |
344 | jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val, | |
345 | BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2, | |
346 | BIGNUM *theirpub1, BIGNUM *theirpub2, | |
347 | const u_char *my_id, u_int my_id_len, | |
348 | const u_char *their_id, u_int their_id_len, | |
349 | const u_char *sess_id, u_int sess_id_len, | |
350 | const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len, | |
351 | BIGNUM **k, | |
352 | u_char **confirm_hash, u_int *confirm_hash_len) | |
353 | { | |
354 | BN_CTX *bn_ctx; | |
355 | BIGNUM *tmp; | |
356 | ||
357 | if ((bn_ctx = BN_CTX_new()) == NULL) | |
358 | fatal("%s: BN_CTX_new", __func__); | |
359 | if ((tmp = BN_new()) == NULL || | |
360 | (*k = BN_new()) == NULL) | |
361 | fatal("%s: BN_new", __func__); | |
362 | ||
363 | /* Validate step 2 values */ | |
364 | if (BN_cmp(step2_val, BN_value_one()) <= 0) | |
365 | fatal("%s: step2_val <= 1", __func__); | |
366 | ||
367 | /* | |
368 | * theirpriv2_s_proof is calculated with a different generator: | |
369 | * tmp = g^(mypriv1+mypriv2+theirpub1) = g^mypub1*g^mypub2*g^theirpub1 | |
370 | * Calculate it here so we can check the signature. | |
371 | */ | |
372 | if (BN_mod_mul(tmp, mypub1, mypub2, grp->p, bn_ctx) != 1) | |
373 | fatal("%s: BN_mod_mul (tmp = mypub1 * mypub2 mod p)", __func__); | |
374 | if (BN_mod_mul(tmp, tmp, theirpub1, grp->p, bn_ctx) != 1) | |
375 | fatal("%s: BN_mod_mul (tmp = tmp * theirpub1 mod p)", __func__); | |
376 | ||
377 | JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__)); | |
378 | ||
379 | if (schnorr_verify_buf(grp->p, grp->q, tmp, step2_val, | |
380 | their_id, their_id_len, | |
381 | theirpriv2_s_proof, theirpriv2_s_proof_len) != 1) | |
382 | fatal("%s: schnorr_verify theirpriv2_s_proof failed", __func__); | |
383 | ||
384 | /* | |
385 | * Derive shared key: | |
386 | * client: k = (b / g^(x2*x4*s))^x2 = g^((x1+x3)*x2*x4*s) | |
387 | * server: k = (a / g^(x2*x4*s))^x4 = g^((x1+x3)*x2*x4*s) | |
388 | * | |
389 | * Computed as: | |
390 | * client: k = (g_x4^(q - (x2 * s)) * b)^x2 mod p | |
391 | * server: k = (g_x2^(q - (x4 * s)) * b)^x4 mod p | |
392 | */ | |
393 | if (BN_mul(tmp, mypriv2, s, bn_ctx) != 1) | |
394 | fatal("%s: BN_mul (tmp = mypriv2 * s)", __func__); | |
395 | if (BN_mod_sub(tmp, grp->q, tmp, grp->q, bn_ctx) != 1) | |
396 | fatal("%s: BN_mod_sub (tmp = q - tmp mod q)", __func__); | |
397 | if (BN_mod_exp(tmp, theirpub2, tmp, grp->p, bn_ctx) != 1) | |
398 | fatal("%s: BN_mod_exp (tmp = theirpub2^tmp) mod p", __func__); | |
399 | if (BN_mod_mul(tmp, tmp, step2_val, grp->p, bn_ctx) != 1) | |
400 | fatal("%s: BN_mod_mul (tmp = tmp * step2_val) mod p", __func__); | |
401 | if (BN_mod_exp(*k, tmp, mypriv2, grp->p, bn_ctx) != 1) | |
402 | fatal("%s: BN_mod_exp (k = tmp^mypriv2) mod p", __func__); | |
403 | ||
404 | BN_CTX_free(bn_ctx); | |
405 | BN_clear_free(tmp); | |
406 | ||
407 | jpake_confirm_hash(*k, my_id, my_id_len, sess_id, sess_id_len, | |
408 | confirm_hash, confirm_hash_len); | |
409 | } | |
410 | ||
411 | /* | |
412 | * Calculate and check confirmation hash from peer. Returns 1 on success | |
413 | * 0 on failure/mismatch. | |
414 | */ | |
415 | int | |
416 | jpake_check_confirm(const BIGNUM *k, | |
417 | const u_char *peer_id, u_int peer_id_len, | |
418 | const u_char *sess_id, u_int sess_id_len, | |
419 | const u_char *peer_confirm_hash, u_int peer_confirm_hash_len) | |
420 | { | |
421 | u_char *expected_confirm_hash; | |
422 | u_int expected_confirm_hash_len; | |
423 | int success = 0; | |
424 | ||
425 | /* Calculate and verify expected confirmation hash */ | |
426 | jpake_confirm_hash(k, peer_id, peer_id_len, sess_id, sess_id_len, | |
427 | &expected_confirm_hash, &expected_confirm_hash_len); | |
428 | ||
429 | JPAKE_DEBUG_BUF((expected_confirm_hash, expected_confirm_hash_len, | |
430 | "%s: expected confirm hash", __func__)); | |
431 | JPAKE_DEBUG_BUF((peer_confirm_hash, peer_confirm_hash_len, | |
432 | "%s: received confirm hash", __func__)); | |
433 | ||
434 | if (peer_confirm_hash_len != expected_confirm_hash_len) | |
435 | error("%s: confirmation length mismatch (my %u them %u)", | |
436 | __func__, expected_confirm_hash_len, peer_confirm_hash_len); | |
437 | else if (memcmp(peer_confirm_hash, expected_confirm_hash, | |
438 | expected_confirm_hash_len) == 0) | |
439 | success = 1; | |
440 | bzero(expected_confirm_hash, expected_confirm_hash_len); | |
441 | xfree(expected_confirm_hash); | |
442 | debug3("%s: success = %d", __func__, success); | |
443 | return success; | |
444 | } | |
445 | ||
446 | /* XXX main() function with tests */ | |
447 | ||
448 | #endif /* JPAKE */ | |
449 |