3 authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR, _asgetticket, _asrequest, _asgetresp, _asrdresp, _asgetpakkey, authpak_hash, authpak_new, authpak_finish \- routines for communicating with authentication servers
12 .ta 8n +4n +4n +4n +4n +4n +4n
15 int authdial(char *netroot, char *ad);
18 void passtokey(Authkey *key, char *password)
21 uchar nvcsum(void *mem, int len)
24 int readnvram(Nvrsafe *nv, int flag);
27 int convT2M(Ticket *t, char *msg, int len, Authkey *key)
30 int convM2T(char *msg, int len, Ticket *t, Authkey *key)
33 int convA2M(Authenticator *a, char *msg, int len, Ticket *t)
36 int convM2A(char *msg, int len, Authenticator *a, Ticket *t)
39 int convTR2M(Ticketreq *tr, char *msg, int len)
42 int convM2TR(char *msg, int len, Ticketreq *tr)
45 int convPR2M(Passwordreq *pr, char *msg, int len, Ticket *t)
48 int convM2PR(char *msg, int len, Passwordreq *pr, Ticket *t)
51 int _asgetticket(int fd, Ticketreq *tr, char *buf, int len)
54 int _asrequest(int fd, Ticketreq *tr)
57 int _asgetresp(int fd, Ticket *t, Authenticator *a, Authkey *key)
60 int _asrdresp(int fd, char *buf, int len)
63 int _asgetpakkey(int fd, Ticketreq *tr, Authkey *a)
66 void authpak_hash(Authkey *k, char *u)
69 void authpak_new(PAKpriv *p, Authkey *k, uchar y[PAKYLEN], int isclient)
72 int authpak_finish(PAKpriv *p, Authkey *k, uchar y[PAKYLEN])
75 dials an authentication server over the
80 The authentication domain,
82 specifies which server to call.
90 is queried for an entry which contains
94 the former having precedence,
95 and which also contains an
98 If it finds neither, it tries
100 in DNS as the authentication server.
101 The string dialed is then
102 .I netroot\fP!\fIserver\fP!ticket
108 If no entry is found, the error string is
109 set to ``no authentication server found''
114 .IB netroot !$auth! ticket
115 is used to make the call.
120 into a set of cryptographic keys and stores them in the
126 reads authentication information into the structure:
129 .ta 4n +4n +8n +4n +4n +4n +4n
132 char machkey[DESKEYLEN]; /* was file server's authid's des key */
134 char authkey[DESKEYLEN]; /* authid's des key from password */
137 * file server config string of device holding full configuration;
138 * secstore key on non-file-servers.
140 char config[CONFIGLEN];
142 char authid[ANAMELEN]; /* auth userid, e.g., bootes */
144 char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
147 uchar aesmachkey[AESKEYLEN];
152 On Sparc, MIPS, and SGI machines this information is
153 in non-volatile ram, accessible in the file
157 successively opens the following areas stopping with the
160 \- the partition named by the
184 on a DOS floppy in drive 0
188 on a DOS floppy in drive 1
197 must match their respective checksum or that field is zeroed.
202 or at least one checksum fails and
207 will prompt for new values on
209 and then write them back to the storage area.
215 will write the values in
217 back to the storage area.
224 convert tickets, authenticators, ticket requests, and password change request
225 structures into transmittable messages.
231 are used to convert them back.
233 is used for encrypting the message before transmission and decrypting
240 encrypt/decrypt the message with the random ticket key.
244 sends a ticket request
246 returning the two encrypted tickets in
250 encodes the ticket request
252 and sends it not waiting for a response.
253 After sending a request,
255 can be used to receive the response containing a ticket and an optional
256 authenticator and decrypts the ticket and authenticator using
260 receives either a character array or an error string.
261 On error, it sets errstr and returns -1. If successful,
262 it returns the number of bytes received.
267 structure for a password authenticated key exchange (see
269 by calculating the pakhash from a user's aeskey and id
271 The fuction hashes the password derived aeskey and user id together
272 using hmac_sha256 and maps the result into two elliptic curve points
273 PN/PM on the Ed448-goldielocks curve using elligator2.
276 generates a new elliptic curve diffie-hellman key pair for a password
277 authenticated key exchange from a previously hashed
281 The randomly generated private key is returned in the
285 while the pakhash encrytped public key is returned in
289 completes a password authenticated key exchange, taking the other
290 sides pakhash encrypted public key
294 returning the shared secret pakkey in the
298 The function returns zero on success or non-zero on failure (malformed
303 establishes a new shared pakkey between the us and the authentication server
304 for ticket encryption; using the functions above; taking a previously hashed
310 and returns the shared pakkey in the
312 structure. It is usually called before
316 to negotiate bruteforce resistant ticket encryption for the
317 ticket request that follows (see
319 Returns zero on success, or non-zero on error (authenticatoin
320 server does not support the AuthPAK request or when we got a malformed public key).
322 .B /sys/src/libauthsrv
331 Integer-valued functions return -1 on error.