xref: /inferno-os/module/auth9.m (revision 46439007cf417cbd9ac8049bb4122c890097a0fa) 
1Auth9: module
2{
3	PATH:	con "/dis/lib/auth9.dis";
4
5	#
6	# plan 9 authentication
7	#
8
9	ANAMELEN: con 	28; # maximum size of name in previous proto
10	AERRLEN: con 	64; # maximum size of errstr in previous proto
11	DOMLEN: con 		48; # length of an authentication domain name
12	DESKEYLEN: con 	7; # length of a des key for encrypt/decrypt
13	CHALLEN: con 	8; # length of a plan9 sk1 challenge
14	NETCHLEN: con 	16; # max network challenge length (used in AS protocol)
15	SECRETLEN: con 	32; # max length of a secret
16
17	# encryption numberings (anti-replay)
18	AuthTreq: con 1; 	# ticket request
19	AuthChal: con 2; 	# challenge box request
20	AuthPass: con 3; 	# change password
21	AuthOK: con 4; 	# fixed length reply follows
22	AuthErr: con 5; 	# error follows
23	AuthMod: con 6; 	# modify user
24	AuthApop: con 7; 	# apop authentication for pop3
25	AuthOKvar: con 9; 	# variable length reply follows
26	AuthChap: con 10; 	# chap authentication for ppp
27	AuthMSchap: con 11; 	# MS chap authentication for ppp
28	AuthCram: con 12; 	# CRAM verification for IMAP (RFC2195 & rfc2104)
29	AuthHttp: con 13; 	# http domain login
30	AuthVNC: con 14; 	# VNC server login (deprecated)
31
32
33	AuthTs: con 64;	# ticket encrypted with server's key
34	AuthTc: con 65;	# ticket encrypted with client's key
35	AuthAs: con 66;	# server generated authenticator
36	AuthAc: con 67;	# client generated authenticator
37	AuthTp: con 68;	# ticket encrypted with client's key for password change
38	AuthHr: con 69;	# http reply
39
40	Ticketreq: adt {
41		rtype: int;
42		authid: string;	# [ANAMELEN]	server's encryption id
43		authdom: string;	# [DOMLEN]	server's authentication domain
44		chal:	array of byte; # [CHALLEN]	challenge from server
45		hostid: string;	# [ANAMELEN]		host's encryption id
46		uid: string;	# [ANAMELEN]	uid of requesting user on host
47
48		pack:	fn(t: self ref Ticketreq): array of byte;
49		unpack:	fn(a: array of byte): (int, ref Ticketreq);
50	};
51		TICKREQLEN: con	3*ANAMELEN+CHALLEN+DOMLEN+1;
52
53	Ticket: adt {
54		num: int;	# replay protection
55		chal:	array of byte;	# [CHALLEN]	server challenge
56		cuid: string;	# [ANAMELEN]	uid on client
57		suid: string;	# [ANAMELEN]	uid on server
58		key:	array of byte;	# [DESKEYLEN]	nonce DES key
59
60		pack:	fn(t: self ref Ticket, key: array of byte): array of byte;
61		unpack:	fn(a: array of byte, key: array of byte): (int, ref Ticket);
62	};
63		TICKETLEN: con CHALLEN+2*ANAMELEN+DESKEYLEN+1;
64
65	Authenticator: adt {
66		num: int;			# replay protection
67		chal: array of byte;	# [CHALLEN]
68		id:	int;			# authenticator id, ++'d with each auth
69
70		pack:	fn(f: self ref Authenticator, key: array of byte): array of byte;
71		unpack:	fn(a: array of byte, key: array of byte): (int, ref Authenticator);
72	};
73		AUTHENTLEN: con CHALLEN+4+1;
74
75	Passwordreq: adt {
76		num: int;
77		old:	array of byte;	# [ANAMELEN]
78		new:	array of byte;	# [ANAMELEN]
79		changesecret:	int;
80		secret:	array of byte; # [SECRETLEN]	new secret
81
82		pack:	fn(f: self ref Passwordreq, key: array of byte): array of byte;
83		unpack:	fn(a: array of byte, key: array of byte): (int, ref Passwordreq);
84	};
85	PASSREQLEN: con	2*ANAMELEN+1+1+SECRETLEN;
86
87	# secure ID and Plan 9 auth key/request/reply encryption
88	netcrypt:	fn(key: array of byte, chal: string): string;
89	passtokey:	fn(pw: string): array of byte;
90	des56to64:	fn(a: array of byte): array of byte;
91	encrypt:	fn(key: array of byte, data: array of byte, n: int);
92	decrypt:	fn(key: array of byte, data: array of byte, n: int);
93
94	# dial auth server
95#	authdial(netroot: string, authdom: string): ref Sys->FD;
96
97	# exchange messages with auth server
98	_asgetticket:	fn(fd: ref Sys->FD, tr: ref Ticketreq, key: array of byte): (ref Ticket, array of byte);
99	_asrdresp:	fn(fd: ref Sys->FD, n: int): array of byte;
100
101	init:	fn();
102};
103
104