+.PP
+.I Authpak_hash
+prepares a
+.I Authkey
+structure for a password authenticated key exchange (see
+.IR authsrv (6))
+by calculating the pakhash from a user's aeskey and id
+.IR u .
+The fuction hashes the password derived aeskey and user id together
+using hmac_sha256 and maps the result into two elliptic curve points
+PN/PM on the Ed448-goldielocks curve using elligator2.
+.PP
+.I Authpak_new
+generates a new elliptic curve diffie-hellman key pair for a password
+authenticated key exchange from a previously hashed
+.I Authkey
+structure
+.IR k .
+The randomly generated private key is returned in the
+.I PAKpriv
+structure passed in
+.IR p ,
+while the pakhash encrytped public key is returned in
+.IR y .
+.PP
+.I Authpak_finish
+completes a password authenticated key exchange, taking the other
+sides pakhash encrypted public key
+.I y
+and our private key
+.I p
+returning the shared secret pakkey in the
+.I Authkey
+structure
+.IR k .
+The function returns zero on success or non-zero on failure (malformed
+public key).
+.PP
+The function
+.I _asgetpakkey
+establishes a new shared pakkey between the us and the authentication server
+for ticket encryption; using the functions above; taking a previously hashed
+.I Authkey
+.I a
+and
+.I Ticketreq
+.I tr
+and returns the shared pakkey in the
+.I Authkey
+structure. It is usually called before
+.I _asrequest
+right after
+.IR authdial
+to negotiate bruteforce resistant ticket encryption for the
+ticket request that follows (see
+.IR authsrv (6)).
+Returns zero on success, or non-zero on error (authenticatoin
+server does not support the AuthPAK request or when we got a malformed public key).