adjustment to client side keyboard auth behavior and auth test case

Author: JacobBarthelmeh

src/internal.c

@@ -7881,7 +7881,10 @@ static int DoUserAuthFailure(WOLFSSH* ssh,
                             break;
 #ifdef WOLFSSH_KEYBOARD_INTERACTIVE
                         case ID_USERAUTH_KEYBOARD:
-                            authType |= WOLFSSH_USERAUTH_KEYBOARD;
+                            /* try a different auth method if failing */
+                            if (ssh->kbAuthAttempts < 3) {
+                                authType |= WOLFSSH_USERAUTH_KEYBOARD;
+                            }
                             break;
 #endif
 #if !defined(WOLFSSH_NO_RSA) || !defined(WOLFSSH_NO_ECDSA)
@@ -13389,6 +13392,11 @@ int SendUserAuthKeyboardRequest(WOLFSSH* ssh, WS_UserAuthData* authData)
         if (ret == WOLFSSH_USERAUTH_SUCCESS) {
             ret = WS_SUCCESS;
         }
+        else {
+            WLOG(WS_LOG_DEBUG, "Issue with keyboard auth setup, try another "
+                "auth type");
+            return  SendUserAuthFailure(ssh, 0);
+        }
     }
 
     if (ret == WS_SUCCESS) {
@@ -15077,6 +15085,7 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authType, int addSig)
             /* submethods */
             c32toa(0, output + idx);
             idx += LENGTH_SZ;
+            ssh->kbAuthAttempts++;
         }
 #endif
         else if (authId == ID_USERAUTH_PUBLICKEY)

tests/auth.c

@@ -222,11 +222,23 @@ static int load_key(byte isEcc, byte* buf, word32 bufSz)
 
 static int serverUserAuth(byte authType, WS_UserAuthData* authData, void* ctx)
 {
-    (void) ctx;
-    if (authType != WOLFSSH_USERAUTH_KEYBOARD) {
+    WS_UserAuthData_Keyboard* prompts = (WS_UserAuthData_Keyboard*)ctx;
+
+    if (ctx == NULL) {
         return WOLFSSH_USERAUTH_FAILURE;
     }
 
+    if (authType != WOLFSSH_USERAUTH_KEYBOARD &&
+            authType != WOLFSSH_USERAUTH_KEYBOARD_SETUP) {
+        return WOLFSSH_USERAUTH_FAILURE;
+    }
+
+    if (authType == WOLFSSH_USERAUTH_KEYBOARD_SETUP) {
+        WMEMCPY(&authData->sf.keyboard, prompts,
+            sizeof(WS_UserAuthData_Keyboard));
+        return WS_SUCCESS;
+    }
+
     if (authData->sf.keyboard.responseCount != kbResponseCount) {
         return WOLFSSH_USERAUTH_FAILURE;
     }
@@ -251,14 +263,6 @@ static int serverUserAuth(byte authType, WS_UserAuthData* authData, void* ctx)
     return WOLFSSH_USERAUTH_SUCCESS;
 }
 
-static int serverKeyboardCallback(WS_UserAuthData_Keyboard *kbAuth, void *ctx)
-{
-    (void) ctx;
-    WMEMCPY(kbAuth, &promptData, sizeof(WS_UserAuthData_Keyboard));
-
-    return WS_SUCCESS;
-}
-
 static INLINE void SignalTcpReady(tcp_ready* ready, word16 port)
 {
     pthread_mutex_lock(&ready->mutex);
@@ -332,13 +336,13 @@ static THREAD_RETURN WOLFSSH_THREAD server_thread(void* args)
     }
 
     wolfSSH_SetUserAuth(ctx, serverUserAuth);
-    wolfSSH_SetKeyboardAuthPrompts(ctx, serverKeyboardCallback);
     ssh = wolfSSH_new(ctx);
     if (ssh == NULL) {
         ES_ERROR("Couldn't allocate SSH data.\n");
     }
     keyLoadBuf = buf;
     bufSz = EXAMPLE_KEYLOAD_BUFFER_SZ;
+    wolfSSH_SetUserAuthCtx(ssh, &promptData);
 
     bufSz = load_key(peerEcc, keyLoadBuf, bufSz);
     if (bufSz == 0) {

wolfssh/internal.h

@@ -919,6 +919,7 @@ struct WOLFSSH {
     void* keyingCompletionCtx;
 #ifdef WOLFSSH_KEYBOARD_INTERACTIVE
     WS_UserAuthData_Keyboard kbAuth;
+    byte kbAuthAttempts;
 #endif
 };