AUTHSRV(2)                                             AUTHSRV(2)

          authdial, passtokey, nvcsum, readnvram, convT2M, convM2T,
          convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR,
          _asgetticket, _asrequest, _asgetresp, _asrdresp,
          _asgetpakkey, authpak_hash, authpak_new, authpak_finish -
          routines for communicating with authentication servers

          #include <u.h>
          #include <libc.h>
          #include <authsrv.h>

          int     authdial(char *netroot, char *ad);

          void    passtokey(Authkey *key, char *password)

          uchar   nvcsum(void *mem, int len)

          int     readnvram(Nvrsafe *nv, int flag);

          int     convT2M(Ticket *t, char *msg, int len, Authkey *key)

          int     convM2T(char *msg, int len, Ticket *t, Authkey *key)

          int     convA2M(Authenticator *a, char *msg, int len, Ticket

          int     convM2A(char *msg, int len, Authenticator *a, Ticket

          int     convTR2M(Ticketreq *tr, char *msg, int len)

          int     convM2TR(char *msg, int len, Ticketreq *tr)

          int     convPR2M(Passwordreq *pr, char *msg, int len, Ticket

          int     convM2PR(char *msg, int len, Passwordreq *pr, Ticket

          int     _asgetticket(int fd, Ticketreq *tr, char *buf, int

          int     _asrequest(int fd, Ticketreq *tr)

          int     _asgetresp(int fd, Ticket *t, Authenticator *a,
          Authkey *key)

          int     _asrdresp(int fd, char *buf, int len)

     Page 1                       Plan 9             (printed 7/22/24)

     AUTHSRV(2)                                             AUTHSRV(2)

          int     _asgetpakkey(int fd, Ticketreq *tr, Authkey *a)

          void    authpak_hash(Authkey *k, char *u)

          void    authpak_new(PAKpriv *p, Authkey *k, uchar
          y[PAKYLEN], int isclient)

          int     authpak_finish(PAKpriv *p, Authkey *k, uchar

          Authdial dials an authentication server over the network
          rooted at net, default /net.  The authentication domain, ad,
          specifies which server to call.  If ad is non-nil, the con-
          nection server cs (see ndb(8)) is queried for an entry which
          contains authdom=ad or dom=ad, the former having precedence,
          and which also contains an auth attribute.  If it finds nei-
          ther, it tries in DNS as the authentication
          server.  The string dialed is then netroot!server!ticket
          where server is the value of the auth attribute.  If no
          entry is found, the error string is set to ``no authentica-
          tion server found'' and -1 is returned.  If authdom is nil,
          the string netroot!$auth!ticket is used to make the call.

          Passtokey converts password into a set of cryptographic keys
          and stores them in the Authkey structure key.

          Readnvram reads authentication information into the struc-

          struct Nvrsafe
              char        machkey[DESKEYLEN];/* was file server's authid's des key */
              uchar       machsum;
              char        authkey[DESKEYLEN];/* authid's des key from password */
              uchar       authsum;
               * file server config string of device holding full configuration;
               * secstore key on non-file-servers.
              char        config[CONFIGLEN];
              uchar       configsum;
              char        authid[ANAMELEN];/* auth userid, e.g., bootes */
              uchar       authidsum;
              char        authdom[DOMLEN]; /* auth domain, e.g., */
              uchar       authdomsum;

              uchar       aesmachkey[AESKEYLEN];
              uchar       aesmachsum;

          On Sparc, MIPS, and SGI machines this information is in

     Page 2                       Plan 9             (printed 7/22/24)

     AUTHSRV(2)                                             AUTHSRV(2)

          non-volatile ram, accessible in the file #r/nvram.  On x86s
          and Alphas readnvram successively opens the following areas
          stopping with the first to succeed:

          - the partition named by the $nvram environment variable
          (commonly set via plan9.ini(8))
          - the partition #S/sdC0/nvram
          - a file called plan9.nvr in the partition #S/sdC0/9fat
          - the partition #S/sd00/nvram
          - a file called plan9.nvr in the partition #S/sd00/9fat
          - a file called plan9.nvr on a DOS floppy in drive 0
          - a file called plan9.nvr on a DOS floppy in drive 1

          The nvcsums of the fields machkey, authid, and authdom must
          match their respective checksum or that field is zeroed.  If
          flag is NVwrite or at least one checksum fails and flag is
          NVwriteonerr, readnvram will prompt for new values on
          #c/cons and then write them back to the storage area.  If
          flag is NVwritemem, readnvram will write the values in *nv
          back to the storage area.

          ConvT2M, convA2M, convTR2M, and convPR2M convert tickets,
          authenticators, ticket requests, and password change request
          structures into transmittable messages.  ConvM2T, convM2A,
          convM2TR, and convM2PR are used to convert them back.  Key
          is used for encrypting the message before transmission and
          decrypting after reception.  ConvA2M, convM2A, convPR2M and
          convM2PR encrypt/decrypt the message with the random ticket

          The routine _asgetticket sends a ticket request tr returning
          the two encrypted tickets in buf. The routine _asrequest
          encodes the ticket request tr and sends it not waiting for a
          response.  After sending a request, _asgetresp can be used
          to receive the response containing a ticket and an optional
          authenticator and decrypts the ticket and authenticator
          using key. The routine _asrdresp receives either a character
          array or an error string.  On error, it sets errstr and
          returns -1.  If successful, it returns the number of bytes

          Authpak_hash prepares a Authkey structure for a password
          authenticated key exchange (see authsrv(6)) by calculating
          the pakhash from a user's aeskey and id u. The fuction
          hashes the password derived aeskey and user id together
          using hmac_sha256 and maps the result into two elliptic
          curve points PN/PM on the Ed448-goldielocks curve using

          Authpak_new generates a new elliptic curve diffie-hellman
          key pair for a password authenticated key exchange from a
          previously hashed Authkey structure k. The randomly

     Page 3                       Plan 9             (printed 7/22/24)

     AUTHSRV(2)                                             AUTHSRV(2)

          generated private key is returned in the PAKpriv structure
          passed in p, while the pakhash encrytped public key is
          returned in y.

          Authpak_finish completes a password authenticated key
          exchange, taking the other sides pakhash encrypted public
          key y and our private key p returning the shared secret pak-
          key in the Authkey structure k. The function returns zero on
          success or non-zero on failure (malformed public key).

          The function _asgetpakkey establishes a new shared pakkey
          between the us and the authentication server for ticket
          encryption; using the functions above; taking a previously
          hashed Authkey a and Ticketreq tr and returns the shared
          pakkey in the Authkey structure. It is usually called before
          _asrequest right after authdial to negotiate bruteforce
          resistant ticket encryption for the ticket request that fol-
          lows (see authsrv(6)). Returns zero on success, or non-zero
          on error (authenticatoin server does not support the AuthPAK
          request or when we got a malformed public key).


          passwd(1), cons(3), dial(2), authsrv(6),

          These routines set errstr. Integer-valued functions return
          -1 on error.

     Page 4                       Plan 9             (printed 7/22/24)