1 #pragma src "/sys/src/libauthsrv"
2 #pragma lib "libauthsrv.a"
5 * Interface for talking to authentication server.
7 typedef struct Ticket Ticket;
8 typedef struct Ticketreq Ticketreq;
9 typedef struct Authenticator Authenticator;
10 typedef struct Nvrsafe Nvrsafe;
11 typedef struct Passwordreq Passwordreq;
12 typedef struct OChapreply OChapreply;
13 typedef struct OMSchapreply OMSchapreply;
14 typedef struct NTLMreply NTLMreply;
16 typedef struct Authkey Authkey;
20 ANAMELEN= 28, /* name max size in previous proto */
21 AERRLEN= 64, /* errstr max size in previous proto */
22 DOMLEN= 48, /* authentication domain name length */
23 DESKEYLEN= 7, /* encrypt/decrypt des key length */
24 AESKEYLEN= 16, /* encrypt/decrypt aes key length */
26 CHALLEN= 8, /* plan9 sk1 challenge length */
27 NETCHLEN= 16, /* max network challenge length (used in AS protocol) */
29 SECRETLEN= 32, /* secret max size */
30 PASSWDLEN= 28, /* password max size */
34 KEYDBOFF= 8, /* bytes of random data at key file's start */
35 OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* old key file entry length */
36 KEYDBLEN= OKEYDBLEN+SECRETLEN, /* key file entry length */
39 /* AuthPAK constants */
41 PAKSLEN= (448+7)/8, /* ed448 scalar */
42 PAKPLEN= 4*PAKSLEN, /* point in extended format X,Y,Z,T */
43 PAKHASHLEN= 2*PAKPLEN, /* hashed points PM,PN */
44 PAKXLEN= PAKSLEN, /* random scalar secret key */
45 PAKYLEN= PAKSLEN, /* decaf encoded public key */
48 /* encryption numberings (anti-replay) */
51 AuthTreq=1, /* ticket request */
52 AuthChal=2, /* challenge box request */
53 AuthPass=3, /* change password */
54 AuthOK=4, /* fixed length reply follows */
55 AuthErr=5, /* error follows */
56 AuthMod=6, /* modify user */
57 AuthApop=7, /* apop authentication for pop3 */
58 AuthOKvar=9, /* variable length reply follows */
59 AuthChap=10, /* chap authentication for ppp */
60 AuthMSchap=11, /* MS chap authentication for ppp */
61 AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */
62 AuthHttp=13, /* http domain login */
63 AuthVNC=14, /* VNC server login (deprecated) */
64 AuthPAK=19, /* authenticated diffie hellman key agreement */
65 AuthMSchapv2=21,/* MS chap v2 authentication for ppp */
66 AuthNTLM=22, /* NTLM authentication for cifs */
67 AuthTs=64, /* ticket encrypted with server's key */
68 AuthTc, /* ticket encrypted with client's key */
69 AuthAs, /* server generated authenticator */
70 AuthAc, /* client generated authenticator */
71 AuthTp, /* ticket encrypted with client's key for password change */
72 AuthHr, /* http reply */
78 char authid[ANAMELEN]; /* server's encryption id */
79 char authdom[DOMLEN]; /* server's authentication domain */
80 char chal[CHALLEN]; /* challenge from server */
81 char hostid[ANAMELEN]; /* host's encryption id */
82 char uid[ANAMELEN]; /* uid of requesting user on host */
84 #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1)
88 char num; /* replay protection */
89 char chal[CHALLEN]; /* server challenge */
90 char cuid[ANAMELEN]; /* uid on client */
91 char suid[ANAMELEN]; /* uid on server */
92 uchar key[NONCELEN]; /* nonce key */
94 char form; /* (not transmitted) format (0 = des, 1 = ccpoly) */
96 #define MAXTICKETLEN (12+CHALLEN+2*ANAMELEN+NONCELEN+16)
100 char num; /* replay protection */
101 char chal[CHALLEN]; /* server/client challenge */
102 uchar rand[NONCELEN]; /* server/client nonce */
104 #define MAXAUTHENTLEN (12+CHALLEN+NONCELEN+16)
112 char secret[SECRETLEN]; /* new secret */
114 #define MAXPASSREQLEN (12+2*PASSWDLEN+1+SECRETLEN+16)
122 #define OCHAPREPLYLEN (1+ANAMELEN+OMD5LEN)
127 char LMresp[24]; /* Lan Manager response */
128 char NTresp[24]; /* NT response */
130 #define OMSCHAPREPLYLEN (ANAMELEN+24+24)
134 uchar len[2]; /* size of structure (lsb first) */
137 char LMresp[24]; /* Lan Manager response */
138 char NTresp[24]; /* NT response (variable length) */
140 #define NTLMREPLYLEN (2+ANAMELEN+DOMLEN+24+24)
144 char des[DESKEYLEN]; /* DES key from password */
145 uchar aes[AESKEYLEN]; /* AES key from password */
146 uchar pakkey[PAKKEYLEN]; /* shared key from AuthPAK exchange (see authpak_finish()) */
147 uchar pakhash[PAKHASHLEN]; /* secret hash from AES key and user name (see authpak_hash()) */
151 * convert to/from wire format
153 extern int convT2M(Ticket*, char*, int, Authkey*);
154 extern int convM2T(char*, int, Ticket*, Authkey*);
155 extern int convA2M(Authenticator*, char*, int, Ticket*);
156 extern int convM2A(char*, int, Authenticator*, Ticket*);
157 extern int convTR2M(Ticketreq*, char*, int);
158 extern int convM2TR(char*, int, Ticketreq*);
159 extern int convPR2M(Passwordreq*, char*, int, Ticket*);
160 extern int convM2PR(char*, int, Passwordreq*, Ticket*);
163 * convert ascii password to auth key
165 extern void passtokey(Authkey*, char*);
167 extern void passtodeskey(char key[DESKEYLEN], char *p);
168 extern void passtoaeskey(uchar key[AESKEYLEN], char *p);
174 NVread = 0, /* just read */
175 NVwrite = 1<<0, /* always prompt and rewrite nvram */
176 NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */
177 NVwritemem = 1<<2, /* don't prompt, write nvram from argument */
183 char machkey[DESKEYLEN]; /* file server's authid's des key */
185 char authkey[DESKEYLEN]; /* authid's des key from password */
188 * file server config string of device holding full configuration;
189 * secstore key on non-file-servers.
191 char config[CONFIGLEN];
193 char authid[ANAMELEN]; /* auth userid, e.g., bootes */
195 char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
198 uchar aesmachkey[AESKEYLEN];
202 extern uchar nvcsum(void*, int);
203 extern int readnvram(Nvrsafe*, int);
204 extern char* readcons(char*, char*, int);
207 * call up auth server
209 extern int authdial(char *netroot, char *authdom);
212 * exchange messages with auth server
214 extern int _asgetpakkey(int, Ticketreq*, Authkey*);
215 extern int _asgetticket(int, Ticketreq*, char*, int);
216 extern int _asrequest(int, Ticketreq*);
217 extern int _asgetresp(int, Ticket*, Authenticator*, Authkey *);
218 extern int _asrdresp(int, char*, int);
223 typedef struct PAKpriv PAKpriv;
231 extern void authpak_hash(Authkey *k, char *u);
232 extern void authpak_new(PAKpriv *p, Authkey *k, uchar y[PAKYLEN], int isclient);
233 extern int authpak_finish(PAKpriv *p, Authkey *k, uchar y[PAKYLEN]);