From 02cfcfeab46f36aad95263ed40d19df7bd5eddef Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Wed, 19 Aug 2015 21:06:17 +0200
Subject: [PATCH] libauthsrv: generalize ticket service, not hardcoding ticket
 format and DES encryption

this is in preparation for replacing DES ticket encryption with
something better. but first need to make the code stop making
assumptions.

the wire encoding of the Ticket might be variable length
with TICKETLEN just giving an upper bound. the details will be
handled by libauthsrv _asgetticket() and _asgetresp() funciotns.

the Authenticator and Passwordreq structures are encrypted
with the random ticket key. The encryption schmeme will depend
on the Ticket format used, so we pass the Ticket* structure
instead of the DES key.

introduce Authkey structure that will hold all the required
cryptographic keys instead of passing DES key.
---
 sys/include/authsrv.h                |  29 ++--
 sys/man/2/authsrv                    |  66 +++++---
 sys/src/cmd/auth/as.c                |   1 +
 sys/src/cmd/auth/authcmdlib.h        |  12 +-
 sys/src/cmd/auth/authsrv.c           | 234 ++++++++++++++-------------
 sys/src/cmd/auth/changeuser.c        |  25 +--
 sys/src/cmd/auth/convkeys.c          |  22 +--
 sys/src/cmd/auth/convkeys2.c         |  22 +--
 sys/src/cmd/auth/cron.c              |   1 +
 sys/src/cmd/auth/debug.c             |  27 ++--
 sys/src/cmd/auth/factotum/apop.c     |  24 +--
 sys/src/cmd/auth/factotum/chap.c     |  26 ++-
 sys/src/cmd/auth/factotum/p9cr.c     |  15 +-
 sys/src/cmd/auth/factotum/p9sk1.c    |  99 ++++++------
 sys/src/cmd/auth/guard.srv.c         |   2 +-
 sys/src/cmd/auth/httpauth.c          |  23 +--
 sys/src/cmd/auth/keyfs.c             |  12 +-
 sys/src/cmd/auth/lib/error.c         |   1 +
 sys/src/cmd/auth/lib/fs.c            |   1 +
 sys/src/cmd/auth/lib/getauthkey.c    |   5 +-
 sys/src/cmd/auth/lib/getexpiration.c |   1 +
 sys/src/cmd/auth/lib/keyfmt.c        |   3 +-
 sys/src/cmd/auth/lib/netcheck.c      |   1 +
 sys/src/cmd/auth/lib/querybio.c      |   1 +
 sys/src/cmd/auth/lib/rdbio.c         |   1 +
 sys/src/cmd/auth/lib/readarg.c       |   1 +
 sys/src/cmd/auth/lib/readln.c        |   2 +-
 sys/src/cmd/auth/lib/readwrite.c     |  17 +-
 sys/src/cmd/auth/lib/wrbio.c         |   1 +
 sys/src/cmd/auth/netkey.c            |   7 +-
 sys/src/cmd/auth/passwd.c            |  63 ++------
 sys/src/cmd/auth/printnetkey.c       |   9 +-
 sys/src/cmd/auth/warning.c           |   1 +
 sys/src/libauth/auth_userpasswd.c    |  13 +-
 sys/src/libauth/httpauth.c           |  51 ------
 sys/src/libauthsrv/_asgetticket.c    |   8 +-
 sys/src/libauthsrv/convA2M.c         |  10 +-
 sys/src/libauthsrv/convM2A.c         |  20 ++-
 sys/src/libauthsrv/convM2PR.c        |  20 ++-
 sys/src/libauthsrv/convM2T.c         |  21 ++-
 sys/src/libauthsrv/convM2TR.c        |  11 +-
 sys/src/libauthsrv/convPR2M.c        |  10 +-
 sys/src/libauthsrv/convT2M.c         |   8 +-
 sys/src/libauthsrv/convTR2M.c        |   7 +-
 sys/src/libauthsrv/mkfile            |   2 +
 sys/src/libauthsrv/passtokey.c       |   8 +-
 sys/src/libauthsrv/readnvram.c       |   9 +-
 47 files changed, 471 insertions(+), 482 deletions(-)
 delete mode 100644 sys/src/libauth/httpauth.c

diff --git a/sys/include/authsrv.h b/sys/include/authsrv.h
index 9de941f3f..d8fbf36bc 100644
--- a/sys/include/authsrv.h
+++ b/sys/include/authsrv.h
@@ -12,6 +12,8 @@ typedef struct	Passwordreq	Passwordreq;
 typedef struct	OChapreply	OChapreply;
 typedef struct	OMSchapreply	OMSchapreply;
 
+typedef struct	Authkey		Authkey;
+
 enum
 {
 	ANAMELEN=	28,	/* name max size in previous proto */
@@ -110,22 +112,27 @@ struct	OMSchapreply
 };
 #define OMSCHAPREPLYLEN	(ANAMELEN+24+24)
 
+struct	Authkey
+{
+	char	des[DESKEYLEN];
+};
+
 /*
  *  convert to/from wire format
  */
-extern	int	convT2M(Ticket*, char*, char*);
-extern	void	convM2T(char*, Ticket*, char*);
-extern	int	convA2M(Authenticator*, char*, char*);
-extern	void	convM2A(char*, Authenticator*, char*);
-extern	int	convTR2M(Ticketreq*, char*);
-extern	void	convM2TR(char*, Ticketreq*);
-extern	int	convPR2M(Passwordreq*, char*, char*);
-extern	void	convM2PR(char*, Passwordreq*, char*);
+extern	int	convT2M(Ticket*, char*, int, Authkey*);
+extern	int	convM2T(char*, int, Ticket*, Authkey*);
+extern	int	convA2M(Authenticator*, char*, int, Ticket*);
+extern	int	convM2A(char*, int, Authenticator*, Ticket*);
+extern	int	convTR2M(Ticketreq*, char*, int);
+extern	int	convM2TR(char*, int, Ticketreq*);
+extern	int	convPR2M(Passwordreq*, char*, int, Ticket*);
+extern	int	convM2PR(char*, int, Passwordreq*, Ticket*);
 
 /*
  *  convert ascii password to DES key
  */
-extern	int	passtokey(char*, char*);
+extern	int	passtokey(Authkey*, char*);
 
 /*
  *  Nvram interface
@@ -167,5 +174,7 @@ extern	int	authdial(char *netroot, char *authdom);
 /*
  *  exchange messages with auth server
  */
-extern	int	_asgetticket(int, char*, char*);
+extern	int	_asgetticket(int, Ticketreq*, char*, int);
+extern	int	_asrequest(int, Ticketreq*);
+extern	int	_asgetresp(int, Ticket*, Authenticator*, Authkey *);
 extern	int	_asrdresp(int, char*, int);
diff --git a/sys/man/2/authsrv b/sys/man/2/authsrv
index 9eec0a426..70b1e7057 100644
--- a/sys/man/2/authsrv
+++ b/sys/man/2/authsrv
@@ -1,6 +1,6 @@
 .TH AUTHSRV 2
 .SH NAME
-authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR, _asgetticket, _asrdresp \- routines for communicating with authentication servers
+authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR, _asgetticket, _asrequest, _asgetresp, _asrdresp \- routines for communicating with authentication servers
 .SH SYNOPSIS
 .nf
 .PP
@@ -15,7 +15,7 @@ authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M, convM2TR, co
 int	authdial(char *netroot, char *ad);
 .PP
 .B
-int	passtokey(char key[DESKEYLEN], char *password)
+int	passtokey(Authkey *key, char *password)
 .PP
 .B
 uchar	nvcsum(void *mem, int len)
@@ -24,34 +24,40 @@ uchar	nvcsum(void *mem, int len)
 int	readnvram(Nvrsafe *nv, int flag);
 .PPP
 .B
-int	convT2M(Ticket *t, char *msg, char *key)
+int	convT2M(Ticket *t, char *msg, int len, Authkey *key)
 .PP
 .B
-void	convM2T(char *msg, Ticket *t, char *key)
+int	convM2T(char *msg, int len, Ticket *t, Authkey *key)
 .PP
 .B
-int	convA2M(Authenticator *a, char *msg, char *key)
+int	convA2M(Authenticator *a, char *msg, int len, Ticket *t)
 .PP
 .B
-void	convM2A(char *msg, Authenticator *a, char *key)
+int	convM2A(char *msg, int len, Authenticator *a, Ticket *t)
 .PP
 .B
-int	convTR2M(Ticketreq *tr, char *msg)
+int	convTR2M(Ticketreq *tr, char *msg, int len)
 .PP
 .B
-void	convM2TR(char *msg, Ticketreq *tr)
+int	convM2TR(char *msg, int len, Ticketreq *tr)
 .PP
 .B
-int	convPR2M(Passwordreq *pr, char *msg, char *key)
+int	convPR2M(Passwordreq *pr, char *msg, int len, Ticket *t)
 .PP
 .B
-void	convM2PR(char *msg, Passwordreq *pr, char *key)
+int	convM2PR(char *msg, int len, Passwordreq *pr, Ticket *t)
 .PP
 .B
-int	_asgetticket(int fd, char *trbuf, char *tbuf);
+int	_asgetticket(int fd, Ticketreq *tr, char *buf, int len)
 .PP
 .B
-int	_asrdresp(int fd, char *buf, int len);
+int	_asrequest(int fd, Ticketreq *tr)
+.PP
+.B
+int	_asgetresp(int fd, Ticket *t, Authenticator *a, Authkey *key)
+.PP
+.B
+int	_asrdresp(int fd, char *buf, int len)
 .SH DESCRIPTION
 .I Authdial
 dials an authentication server over the
@@ -99,7 +105,9 @@ is used to make the call.
 .I Passtokey
 converts
 .I password
-into a DES key and stores the result in
+into a set of cryptographic keys and stores them in the
+.I Authkey
+structure
 .IR key .
 It returns 0 if
 .I password
@@ -213,18 +221,34 @@ are used to convert them back.
 .I Key
 is used for encrypting the message before transmission and decrypting
 after reception.
-.PP
-The routine
-.I _asgetresp
-receives either a character array or an error string.
-On error, it sets errstr and returns -1.  If successful,
-it returns the number of bytes received.
+.IR ConvA2M ,
+.IR convM2A ,
+.I convPR2M
+and
+.I convM2PR
+encrypt/decrypt the message with the random ticket key.
 .PP
 The routine
 .I _asgetticket
-sends a ticket request message and then uses
+sends a ticket request
+.I tr
+returning the two encrypted tickets in
+.IR buf .
+The routine
+.I _asrequest
+encodes the ticket request
+.I tr
+and sends it not waiting for a response.
+After sending a request,
 .I _asgetresp
-to recieve an answer.
+can be used to receive the response containing a ticket and an optional
+authenticator and decrypts the ticket and authenticator using
+.IR key .
+The routine
+.I _asrdresp
+receives either a character array or an error string.
+On error, it sets errstr and returns -1.  If successful,
+it returns the number of bytes received.
 .SH SOURCE
 .B /sys/src/libauthsrv
 .SH SEE ALSO
diff --git a/sys/src/cmd/auth/as.c b/sys/src/cmd/auth/as.c
index 89d1285e9..59317b0af 100644
--- a/sys/src/cmd/auth/as.c
+++ b/sys/src/cmd/auth/as.c
@@ -8,6 +8,7 @@
 #include <bio.h>
 #include <libsec.h>
 #include <auth.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 int	debug;
diff --git a/sys/src/cmd/auth/authcmdlib.h b/sys/src/cmd/auth/authcmdlib.h
index 78a3a7078..b8e31ee13 100644
--- a/sys/src/cmd/auth/authcmdlib.h
+++ b/sys/src/cmd/auth/authcmdlib.h
@@ -39,13 +39,14 @@ extern Fs fs[3];
 void	checksum(char*, char*);
 void	error(char*, ...);
 void	fail(char*);
-char*	findkey(char*, char*, char*);
+int	findkey(char*, char*, Authkey*);
+char*	finddeskey(char*, char*, char*);
 char*	findsecret(char*, char*, char*);
-int	getauthkey(char*);
+int	getauthkey(Authkey*);
 long	getexpiration(char *db, char *u);
-void	getpass(char*, char*, int, int);
+void	getpass(Authkey*, char*, int, int);
 int	getsecret(int, char*);
-int	keyfmt(Fmt*);
+int	deskeyfmt(Fmt*);
 void	logfail(char*);
 int	netcheck(void*, long, char*);
 char*	netdecimal(char*);
@@ -58,7 +59,8 @@ int	readfile(char*, char*, int);
 void	readln(char*, char*, int, int);
 long	readn(int, void*, long);
 char*	secureidcheck(char*, char*);
-char*	setkey(char*, char*, char*);
+int	setkey(char*, char*, Authkey*);
+char*	setdeskey(char*, char*, char*);
 char*	setsecret(char*, char*, char*);
 int	smartcheck(void*, long, char*);
 void	succeed(char*);
diff --git a/sys/src/cmd/auth/authsrv.c b/sys/src/cmd/auth/authsrv.c
index bef741a37..e6dd65867 100644
--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -30,22 +30,24 @@ void	vnc(Ticketreq*);
 int	speaksfor(char*, char*);
 void	replyerror(char*, ...);
 void	getraddr(char*);
-void	mkkey(char*);
+void	mkkey(Authkey*);
+int	samekey(Authkey*, Authkey*);
+void	mkticket(Ticketreq*, Ticket*);
 void	randombytes(uchar*, int);
 void	nthash(uchar hash[MShashlen], char *passwd);
 void	lmhash(uchar hash[MShashlen], char *passwd);
 void	ntv2hash(uchar hash[MShashlen], char *passwd, char *user, char *dom);
 void	mschalresp(uchar resp[MSresplen], uchar hash[MShashlen], uchar chal[MSchallen]);
 void	desencrypt(uchar data[8], uchar key[7]);
-int	tickauthreply(Ticketreq*, char*);
+int	tickauthreply(Ticketreq*, Authkey*);
 void	safecpy(char*, char*, int);
 
-
 void
 main(int argc, char *argv[])
 {
 	char buf[TICKREQLEN];
 	Ticketreq tr;
+	int n;
 
 	ARGBEGIN{
 	case 'd':
@@ -64,11 +66,10 @@ main(int argc, char *argv[])
 
 	srand(time(0)*getpid());
 	for(;;){
-		if(readn(0, buf, TICKREQLEN) <= 0)
+		n = readn(0, buf, sizeof(buf));
+		if(n <= 0 || convM2TR(buf, n, &tr) <= 0)
 			exits(0);
-
-		convM2TR(buf, &tr);
-		switch(buf[0]){
+		switch(tr.type){
 		case AuthTreq:
 			ticketrequest(&tr);
 			break;
@@ -97,7 +98,7 @@ main(int argc, char *argv[])
 			vnc(&tr);
 			break;
 		default:
-			syslog(0, AUTHLOG, "unknown ticket request type: %d", buf[0]);
+			syslog(0, AUTHLOG, "unknown ticket request type: %d", tr.type);
 			exits(0);
 		}
 	}
@@ -107,45 +108,39 @@ main(int argc, char *argv[])
 int
 ticketrequest(Ticketreq *tr)
 {
-	char akey[DESKEYLEN];
-	char hkey[DESKEYLEN];
-	Ticket t;
+	Authkey akey, hkey;
 	char tbuf[2*TICKETLEN+1];
+	Ticket t;
+	int n;
 
-	if(findkey(KEYDB, tr->authid, akey) == 0){
+	if(!findkey(KEYDB, tr->authid, &akey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(akey);
+		mkkey(&akey);
 		if(debug)
 			syslog(0, AUTHLOG, "tr-fail authid %s", raddr);
 	}
-	if(findkey(KEYDB, tr->hostid, hkey) == 0){
+	if(!findkey(KEYDB, tr->hostid, &hkey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(hkey);
+		mkkey(&hkey);
 		if(debug)
 			syslog(0, AUTHLOG, "tr-fail hostid %s(%s)", tr->hostid, raddr);
 	}
 
-	memset(&t, 0, sizeof(t));
-	memmove(t.chal, tr->chal, CHALLEN);
-	strcpy(t.cuid, tr->uid);
-	if(speaksfor(tr->hostid, tr->uid))
-		strcpy(t.suid, tr->uid);
-	else {
-		mkkey(akey);
-		mkkey(hkey);
+	mkticket(tr, &t);
+	if(!speaksfor(tr->hostid, tr->uid)){
+		mkkey(&akey);
+		mkkey(&hkey);
 		if(debug)
 			syslog(0, AUTHLOG, "tr-fail %s@%s(%s) -> %s@%s no speaks for",
 				tr->uid, tr->hostid, raddr, tr->uid, tr->authid);
 	}
-
-	mkkey(t.key);
-
-	tbuf[0] = AuthOK;
+	n = 0;
+	tbuf[n++] = AuthOK;
 	t.num = AuthTc;
-	convT2M(&t, tbuf+1, hkey);
+	n += convT2M(&t, tbuf+n, sizeof(tbuf)-n, &hkey);
 	t.num = AuthTs;
-	convT2M(&t, tbuf+1+TICKETLEN, akey);
-	if(write(1, tbuf, 2*TICKETLEN+1) < 0){
+	n += convT2M(&t, tbuf+n, sizeof(tbuf)-n, &akey);
+	if(write(1, tbuf, n) < 0){
 		if(debug)
 			syslog(0, AUTHLOG, "tr-fail %s@%s(%s): hangup",
 				tr->uid, tr->hostid, raddr);
@@ -163,22 +158,23 @@ challengebox(Ticketreq *tr)
 {
 	long chal;
 	char *key, *netkey;
-	char kbuf[DESKEYLEN], nkbuf[DESKEYLEN], hkey[DESKEYLEN];
+	Authkey hkey;
+	char kbuf[DESKEYLEN], nkbuf[DESKEYLEN];
 	char buf[NETCHLEN+1];
 	char *err;
 
-	key = findkey(KEYDB, tr->uid, kbuf);
-	netkey = findkey(NETKEYDB, tr->uid, nkbuf);
-	if(key == 0 && netkey == 0){
+	key = finddeskey(KEYDB, tr->uid, kbuf);
+	netkey = finddeskey(NETKEYDB, tr->uid, nkbuf);
+	if(key == nil && netkey == nil){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(nkbuf);
+		randombytes((uchar*)nkbuf, DESKEYLEN);
 		netkey = nkbuf;
 		if(debug)
 			syslog(0, AUTHLOG, "cr-fail uid %s@%s", tr->uid, raddr);
 	}
-	if(findkey(KEYDB, tr->hostid, hkey) == 0){
+	if(!findkey(KEYDB, tr->hostid, &hkey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(hkey);
+		mkkey(&hkey);
 		if(debug)
 			syslog(0, AUTHLOG, "cr-fail hostid %s %s@%s", tr->hostid,
 				tr->uid, raddr);
@@ -195,8 +191,8 @@ challengebox(Ticketreq *tr)
 		exits(0);
 	if(readn(0, buf, NETCHLEN) < 0)
 		exits(0);
-	if(!(key && netcheck(key, chal, buf))
-	&& !(netkey && netcheck(netkey, chal, buf))
+	if(!(key != nil && netcheck(key, chal, buf))
+	&& !(netkey != nil && netcheck(netkey, chal, buf))
 	&& (err = secureidcheck(tr->uid, buf)) != nil){
 		replyerror("cr-fail %s %s %s", err, tr->uid, raddr);
 		logfail(tr->uid);
@@ -210,7 +206,7 @@ challengebox(Ticketreq *tr)
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0){
+	if(tickauthreply(tr, &hkey) < 0){
 		if(debug)
 			syslog(0, AUTHLOG, "cr-fail %s@%s(%s): hangup",
 				tr->uid, tr->hostid, raddr);
@@ -229,36 +225,36 @@ changepasswd(Ticketreq *tr)
 	char tbuf[TICKETLEN+1];
 	char prbuf[PASSREQLEN];
 	Passwordreq pr;
-	char okey[DESKEYLEN], nkey[DESKEYLEN];
+	Authkey okey, nkey;
 	char *err;
+	int n;
 
-	if(findkey(KEYDB, tr->uid, okey) == 0){
+	if(!findkey(KEYDB, tr->uid, &okey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(okey);
+		mkkey(&okey);
 		syslog(0, AUTHLOG, "cp-fail uid %s", raddr);
 	}
 
 	/* send back a ticket with a new key */
-	memmove(t.chal, tr->chal, CHALLEN);
-	mkkey(t.key);
-	tbuf[0] = AuthOK;
+	mkticket(tr, &t);
 	t.num = AuthTp;
-	safecpy(t.cuid, tr->uid, sizeof(t.cuid));
-	safecpy(t.suid, tr->uid, sizeof(t.suid));
-	convT2M(&t, tbuf+1, okey);
-	write(1, tbuf, sizeof(tbuf));
+	n = 0;
+	tbuf[n++] = AuthOK;
+	n += convT2M(&t, tbuf+n, sizeof(tbuf)-n, &okey);
+	if(write(1, tbuf, n) != n)
+		exits(0);
 
 	/* loop trying passwords out */
 	for(;;){
-		if(readn(0, prbuf, PASSREQLEN) < 0)
+		n = readn(0, prbuf, sizeof(prbuf));
+		if(n <= 0 || convM2PR(prbuf, n, &pr, &t) <= 0)
 			exits(0);
-		convM2PR(prbuf, &pr, t.key);
 		if(pr.num != AuthPass){
 			replyerror("protocol botch1: %s", raddr);
 			exits(0);
 		}
-		passtokey(nkey, pr.old);
-		if(memcmp(nkey, okey, DESKEYLEN)){
+		passtokey(&nkey, pr.old);
+		if(!samekey(&nkey, &okey)){
 			replyerror("protocol botch2: %s", raddr);
 			continue;
 		}
@@ -268,13 +264,13 @@ changepasswd(Ticketreq *tr)
 				replyerror("%s %s", err, raddr);
 				continue;
 			}
-			passtokey(nkey, pr.new);
+			passtokey(&nkey, pr.new);
 		}
 		if(pr.changesecret && setsecret(KEYDB, tr->uid, pr.secret) == 0){
 			replyerror("can't write secret %s", raddr);
 			continue;
 		}
-		if(*pr.new && setkey(KEYDB, tr->uid, nkey) == 0){
+		if(*pr.new && setkey(KEYDB, tr->uid, &nkey) == 0){
 			replyerror("can't write key %s", raddr);
 			continue;
 		}
@@ -292,15 +288,14 @@ http(Ticketreq *tr)
 {
 	Ticket t;
 	char tbuf[TICKETLEN+1];
-	char key[DESKEYLEN];
+	Authkey key;
 	char *p;
 	Biobuf *b;
 	int n;
 
-	randombytes((uchar*)key, DESKEYLEN);
-
 	/* use plan9 key when there is any */
-	findkey(KEYDB, tr->uid, key);
+	if(!findkey(KEYDB, tr->uid, &key))
+		mkkey(&key);
 
 	n = strlen(tr->uid);
 	b = Bopen("/sys/lib/httppasswords", OREAD);
@@ -315,21 +310,20 @@ http(Ticketreq *tr)
 				p += n;
 				while(*p == ' ' || *p == '\t')
 					p++;
-				passtokey(key, p);
+				passtokey(&key, p);
 			}
 		}
 		Bterm(b);
 	}
 
 	/* send back a ticket encrypted with the key */
+	mkticket(tr, &t);
 	randombytes((uchar*)t.chal, CHALLEN);
-	mkkey(t.key);
-	tbuf[0] = AuthOK;
 	t.num = AuthHr;
-	safecpy(t.cuid, tr->uid, sizeof(t.cuid));
-	safecpy(t.suid, tr->uid, sizeof(t.suid));
-	convT2M(&t, tbuf+1, key);
-	write(1, tbuf, sizeof(tbuf));
+	n = 0;
+	tbuf[n++] = AuthOK;
+	n += convT2M(&t, tbuf+n, sizeof(tbuf)-n, &key);
+	write(1, tbuf, n);
 }
 
 static char*
@@ -339,13 +333,13 @@ domainname(void)
 	static char *domain;
 	int n;
 
-	if(domain)
+	if(domain != nil)
 		return domain;
 	if(*sysname)
 		return sysname;
 
 	domain = csgetvalue(0, "sys", sysname, "dom", nil);
-	if(domain)
+	if(domain != nil)
 		return domain;
 
 	n = readfile("/dev/sysname", sysname, sizeof(sysname)-1);
@@ -373,12 +367,13 @@ h2b(char c)
 void
 apop(Ticketreq *tr, int type)
 {
-	int challen, i, tries;
-	char *secret, *hkey, *p;
+	int challen, i, n, tries;
+	char *secret, *p;
+	Authkey hkey;
 	Ticketreq treq;
 	DigestState *s;
-	char sbuf[SECRETLEN], hbuf[DESKEYLEN];
-	char tbuf[TICKREQLEN];
+	char sbuf[SECRETLEN];
+	char trbuf[TICKREQLEN];
 	char buf[MD5dlen*2];
 	uchar digest[MD5dlen], resp[MD5dlen];
 	ulong rb[4];
@@ -401,9 +396,9 @@ apop(Ticketreq *tr, int type)
 		/*
 		 *  get ticket request
 		 */
-		if(readn(0, tbuf, TICKREQLEN) < 0)
+		n = readn(0, trbuf, sizeof(trbuf));
+		if(n <= 0 || convM2TR(trbuf, n, &treq) <= 0)
 			exits(0);
-		convM2TR(tbuf, &treq);
 		tr = &treq;
 		if(tr->type != type)
 			exits(0);
@@ -411,7 +406,7 @@ apop(Ticketreq *tr, int type)
 		/*
 		 * read response
 		 */
-		if(readn(0, buf, MD5dlen*2) < 0)
+		if(readn(0, buf, MD5dlen*2) != MD5dlen*2)
 			exits(0);
 		for(i = 0; i < MD5dlen; i++)
 			resp[i] = (h2b(buf[2*i])<<4)|h2b(buf[2*i+1]);
@@ -420,8 +415,7 @@ apop(Ticketreq *tr, int type)
 		 * lookup
 		 */
 		secret = findsecret(KEYDB, tr->uid, sbuf);
-		hkey = findkey(KEYDB, tr->hostid, hbuf);
-		if(hkey == 0 || secret == 0){
+		if(!findkey(KEYDB, tr->hostid, &hkey) || secret == nil){
 			replyerror("apop-fail bad response %s", raddr);
 			logfail(tr->uid);
 			if(tries > 5)
@@ -455,7 +449,7 @@ apop(Ticketreq *tr, int type)
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0)
+	if(tickauthreply(tr, &hkey) < 0)
 		exits(0);
 
 	if(debug){
@@ -493,10 +487,11 @@ uchar swizzletab[256] = {
 void
 vnc(Ticketreq *tr)
 {
+	char *secret;
+	Authkey hkey;
 	uchar chal[VNCchallen+6];
 	uchar reply[VNCchallen];
-	char *secret, *hkey;
-	char sbuf[SECRETLEN], hbuf[DESKEYLEN];
+	char sbuf[SECRETLEN];
 	DESstate s;
 	int i;
 
@@ -514,18 +509,15 @@ vnc(Ticketreq *tr)
 	 */
 	memset(sbuf, 0, sizeof(sbuf));
 	secret = findsecret(KEYDB, tr->uid, sbuf);
-	if(secret == 0){
+	if(secret == nil){
 		randombytes((uchar*)sbuf, sizeof(sbuf));
 		secret = sbuf;
 	}
 	for(i = 0; i < 8; i++)
 		secret[i] = swizzletab[(uchar)secret[i]];
 
-	hkey = findkey(KEYDB, tr->hostid, hbuf);
-	if(hkey == 0){
-		randombytes((uchar*)hbuf, sizeof(hbuf));
-		hkey = hbuf;
-	}
+	if(!findkey(KEYDB, tr->hostid, &hkey))
+		mkkey(&hkey);
 
 	/*
 	 *  get response
@@ -548,7 +540,7 @@ vnc(Ticketreq *tr)
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0)
+	if(tickauthreply(tr, &hkey) < 0)
 		exits(0);
 
 	if(debug)
@@ -558,9 +550,10 @@ vnc(Ticketreq *tr)
 void
 chap(Ticketreq *tr)
 {
-	char *secret, *hkey;
+	char *secret;
+	Authkey hkey;
 	DigestState *s;
-	char sbuf[SECRETLEN], hbuf[DESKEYLEN];
+	char sbuf[SECRETLEN];
 	uchar digest[MD5dlen];
 	char chal[CHALLEN];
 	OChapreply reply;
@@ -582,8 +575,7 @@ chap(Ticketreq *tr)
 	 * lookup
 	 */
 	secret = findsecret(KEYDB, tr->uid, sbuf);
-	hkey = findkey(KEYDB, tr->hostid, hbuf);
-	if(hkey == 0 || secret == 0){
+	if(!findkey(KEYDB, tr->hostid, &hkey) || secret == nil){
 		replyerror("chap-fail bad response %s", raddr);
 		logfail(tr->uid);
 		exits(0);
@@ -607,7 +599,7 @@ chap(Ticketreq *tr)
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0)
+	if(tickauthreply(tr, &hkey) < 0)
 		exits(0);
 
 	if(debug)
@@ -671,8 +663,9 @@ static uchar ntblobsig[] = {0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 void
 mschap(Ticketreq *tr)
 {
-	char *secret, *hkey;
-	char sbuf[SECRETLEN], hbuf[DESKEYLEN], windom[128];
+	char *secret;
+	Authkey hkey;
+	char sbuf[SECRETLEN], windom[128];
 	uchar chal[CHALLEN], ntblob[1024];
 	uchar hash[MShashlen];
 	uchar hash2[MShashlen];
@@ -743,8 +736,7 @@ mschap(Ticketreq *tr)
 	 * lookup
 	 */
 	secret = findsecret(KEYDB, tr->uid, sbuf);
-	hkey = findkey(KEYDB, tr->hostid, hbuf);
-	if(hkey == 0 || secret == 0){
+	if(!findkey(KEYDB, tr->hostid, &hkey) || secret == nil){
 		replyerror("mschap-fail bad response %s/%s(%s)",
 			tr->uid, tr->hostid, raddr);
 		logfail(tr->uid);
@@ -812,7 +804,7 @@ mschap(Ticketreq *tr)
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0)
+	if(tickauthreply(tr, &hkey) < 0)
 		exits(0);
 
 	if(debug)
@@ -939,16 +931,16 @@ speaksfor(char *speaker, char *user)
 	if(strcmp(speaker, user) == 0)
 		return 1;
 
-	if(db == 0)
+	if(db == nil)
 		return 0;
 
 	tp = ndbsearch(db, &s, "hostid", speaker);
-	if(tp == 0)
+	if(tp == nil)
 		return 0;
 
 	ok = 0;
 	snprint(notuser, sizeof notuser, "!%s", user);
-	for(ntp = tp; ntp; ntp = ntp->entry)
+	for(ntp = tp; ntp != nil; ntp = ntp->entry)
 		if(strcmp(ntp->attr, "uid") == 0){
 			if(strcmp(ntp->val, notuser) == 0){
 				ok = 0;
@@ -1003,9 +995,25 @@ getraddr(char *dir)
 }
 
 void
-mkkey(char *k)
+mkkey(Authkey *k)
 {
-	randombytes((uchar*)k, DESKEYLEN);
+	randombytes((uchar*)k->des, DESKEYLEN);
+}
+
+int
+samekey(Authkey *a, Authkey *b)
+{
+	return memcmp(a->des, b->des, DESKEYLEN) == 0;
+}
+
+void
+mkticket(Ticketreq *tr, Ticket *t)
+{
+	memset(t, 0, sizeof(Ticket));
+	memmove(t->chal, tr->chal, CHALLEN);
+	safecpy(t->cuid, tr->uid, sizeof(t->cuid));
+	safecpy(t->suid, tr->uid, sizeof(t->suid));
+	randombytes((uchar*)t->key, DESKEYLEN);
 }
 
 void
@@ -1024,25 +1032,24 @@ randombytes(uchar *buf, int len)
  *  reply with ticket and authenticator
  */
 int
-tickauthreply(Ticketreq *tr, char *hkey)
+tickauthreply(Ticketreq *tr, Authkey *hkey)
 {
 	Ticket t;
 	Authenticator a;
 	char buf[TICKETLEN+AUTHENTLEN+1];
+	int n;
 
-	memset(&t, 0, sizeof(t));
-	memmove(t.chal, tr->chal, CHALLEN);
-	safecpy(t.cuid, tr->uid, sizeof t.cuid);
-	safecpy(t.suid, tr->uid, sizeof t.suid);
-	mkkey(t.key);
-	buf[0] = AuthOK;
+	mkticket(tr, &t);
 	t.num = AuthTs;
-	convT2M(&t, buf+1, hkey);
+	n = 0;
+	buf[n++] = AuthOK;
+	n += convT2M(&t, buf+n, sizeof(buf)-n, hkey);
+	memset(&a, 0, sizeof(a));
 	memmove(a.chal, t.chal, CHALLEN);
 	a.num = AuthAc;
 	a.id = 0;
-	convA2M(&a, buf+TICKETLEN+1, t.key);
-	if(write(1, buf, TICKETLEN+AUTHENTLEN+1) < 0)
+	n += convA2M(&a, buf+n, sizeof(buf)-n, &t);
+	if(write(1, buf, n) != n)
 		return -1;
 	return 0;
 }
@@ -1053,3 +1060,4 @@ safecpy(char *to, char *from, int len)
 	strncpy(to, from, len);
 	to[len-1] = 0;
 }
+
diff --git a/sys/src/cmd/auth/changeuser.c b/sys/src/cmd/auth/changeuser.c
index 71a59fc03..aebf14b10 100644
--- a/sys/src/cmd/auth/changeuser.c
+++ b/sys/src/cmd/auth/changeuser.c
@@ -5,7 +5,7 @@
 #include <bio.h>
 #include "authcmdlib.h"
 
-void	install(char*, char*, char*, long, int);
+void	install(char*, char*, Authkey*, long, int);
 int	exists (char*, char*);
 
 void
@@ -18,14 +18,15 @@ usage(void)
 void
 main(int argc, char *argv[])
 {
-	char *u, key[DESKEYLEN], answer[32], p9pass[32];
+	char *u, answer[32], p9pass[32];
 	int which, i, newkey, newbio, dosecret;
 	long t;
+	Authkey key;
 	Acctbio a;
 	Fs *f;
 
 	srand(getpid()*time(0));
-	fmtinstall('K', keyfmt);
+	fmtinstall('K', deskeyfmt);
 
 	which = 0;
 	ARGBEGIN{
@@ -61,10 +62,10 @@ main(int argc, char *argv[])
 				newkey = 0;
 		}
 		if(newkey)
-			getpass(key, p9pass, 1, 1);
+			getpass(&key, p9pass, 1, 1);
 		dosecret = getsecret(newkey, p9pass);
 		t = getexpiration(f->keys, u);
-		install(f->keys, u, key, t, newkey);
+		install(f->keys, u, &key, t, newkey);
 		if(dosecret && setsecret(KEYDB, u, p9pass) == 0)
 			error("error writing Inferno/pop secret");
 		newbio = querybio(f->who, u, &a);
@@ -83,17 +84,17 @@ main(int argc, char *argv[])
 		}
 		if(newkey)
 			for(i=0; i<DESKEYLEN; i++)
-				key[i] = nrand(256);
+				key.des[i] = nrand(256);
 		if(a.user == 0){
 			t = getexpiration(f->keys, u);
 			newbio = querybio(f->who, u, &a);
 		}
-		install(f->keys, u, key, t, newkey);
+		install(f->keys, u, &key, t, newkey);
 		if(newbio)
 			wrbio(f->who, &a);
-		findkey(f->keys, u, key);
-		print("user %s: SecureNet key: %K\n", u, key);
-		checksum(key, answer);
+		finddeskey(f->keys, u, key.des);
+		print("user %s: SecureNet key: %K\n", u, key.des);
+		checksum(key.des, answer);
 		print("verify with checksum %s\n", answer);
 		print("user %s installed for SecureNet\n", u);
 		syslog(0, AUTHLOG, "user %s installed for securenet", u);
@@ -102,7 +103,7 @@ main(int argc, char *argv[])
 }
 
 void
-install(char *db, char *u, char *key, long t, int newkey)
+install(char *db, char *u, Authkey *key, long t, int newkey)
 {
 	char buf[KEYDBBUF+ANAMELEN+20];
 	int fd;
@@ -118,7 +119,7 @@ install(char *db, char *u, char *key, long t, int newkey)
 	if(newkey){
 		sprint(buf, "%s/%s/key", db, u);
 		fd = open(buf, OWRITE);
-		if(fd < 0 || write(fd, key, DESKEYLEN) != DESKEYLEN)
+		if(fd < 0 || write(fd, key->des, DESKEYLEN) != DESKEYLEN)
 			error("can't set key: %r");
 		close(fd);
 	}
diff --git a/sys/src/cmd/auth/convkeys.c b/sys/src/cmd/auth/convkeys.c
index dcd2c027f..bb7d553b3 100644
--- a/sys/src/cmd/auth/convkeys.c
+++ b/sys/src/cmd/auth/convkeys.c
@@ -7,19 +7,19 @@
 #include <bio.h>
 #include "authcmdlib.h"
 
-char	authkey[DESKEYLEN];
+Authkey	authkey;
 int	verb;
 int	usepass;
 
-int	convert(char*, char*, int);
-int	dofcrypt(int, char*, char*, int);
+int	convert(char*, Authkey*, int);
 void	usage(void);
 
 void
 main(int argc, char *argv[])
 {
 	Dir *d;
-	char *p, *file, key[DESKEYLEN];
+	Authkey key;
+	char *p, *file;
 	int fd, len;
 
 	ARGBEGIN{
@@ -40,12 +40,12 @@ main(int argc, char *argv[])
 	/* get original key */
 	if(usepass){
 		print("enter password file is encoded with\n");
-		getpass(authkey, nil, 0, 1);
+		getpass(&authkey, nil, 0, 1);
 	} else
-		getauthkey(authkey);
+		getauthkey(&authkey);
 	if(!verb){
 		print("enter password to reencode with\n");
-		getpass(key, nil, 0, 1);
+		getpass(&key, nil, 0, 1);
 	}
 
 	fd = open(file, ORDWR);
@@ -60,7 +60,7 @@ main(int argc, char *argv[])
 		error("out of memory");
 	if(read(fd, p, len) != len)
 		error("can't read key file: %r\n");
-	len = convert(p, key, len);
+	len = convert(p, &key, len);
 	if(verb)
 		exits(0);
 	if(pwrite(fd, p, len, 0) != len)
@@ -128,7 +128,7 @@ badname(char *s)
 }
 
 int
-convert(char *p, char *key, int len)
+convert(char *p, Authkey *key, int len)
 {
 	int i;
 
@@ -139,7 +139,7 @@ convert(char *p, char *key, int len)
 		len -= len % KEYDBLEN;
 	}
 	len += KEYDBOFF;
-	oldCBCdecrypt(authkey, p, len);
+	oldCBCdecrypt(authkey.des, p, len);
 	for(i = KEYDBOFF; i < len; i += KEYDBLEN)
 		if (badname(&p[i])) {
 			print("bad name %.30s... - aborting\n", &p[i]);
@@ -150,7 +150,7 @@ convert(char *p, char *key, int len)
 			print("%s\n", &p[i]);
 
 	randombytes((uchar*)p, 8);
-	oldCBCencrypt(key, p, len);
+	oldCBCencrypt(key->des, p, len);
 	return len;
 }
 
diff --git a/sys/src/cmd/auth/convkeys2.c b/sys/src/cmd/auth/convkeys2.c
index f8e6feffe..bb4e3e41d 100644
--- a/sys/src/cmd/auth/convkeys2.c
+++ b/sys/src/cmd/auth/convkeys2.c
@@ -6,12 +6,11 @@
 #include <bio.h>
 #include "authcmdlib.h"
 
-char	authkey[DESKEYLEN];
+Authkey	authkey;
 int	verb;
 int	usepass;
 
-int	convert(char*, char*, char*, int);
-int	dofcrypt(int, char*, char*, int);
+int	convert(char*, char*, Authkey*, int);
 void	usage(void);
 void	randombytes(uchar*, int);
 
@@ -19,7 +18,8 @@ void
 main(int argc, char *argv[])
 {
 	Dir *d;
-	char *p, *np, *file, key[DESKEYLEN];
+	Authkey key;
+	char *p, *np, *file;
 	int fd, len;
 
 	ARGBEGIN{
@@ -40,11 +40,11 @@ main(int argc, char *argv[])
 	/* get original key */
 	if(usepass){
 		print("enter password file is encoded with\n");
-		getpass(authkey, nil, 0, 1);
+		getpass(&authkey, nil, 0, 1);
 	} else
-		getauthkey(authkey);
+		getauthkey(&authkey);
 	print("enter password to reencode with\n");
-	getpass(key, nil, 0, 1);
+	getpass(&key, nil, 0, 1);
 
 	fd = open(file, ORDWR);
 	if(fd < 0)
@@ -61,7 +61,7 @@ main(int argc, char *argv[])
 		error("out of memory");
 	if(read(fd, p, len) != len)
 		error("can't read key file: %r\n");
-	len = convert(p, np, key, len);
+	len = convert(p, np, &key, len);
 	if(verb)
 		exits(0);
 	if(pwrite(fd, np, len, 0) != len)
@@ -84,7 +84,7 @@ oldCBCencrypt(char *key7, char *p, int len)
 }
 
 int
-convert(char *p, char *np, char *key, int len)
+convert(char *p, char *np, Authkey *key, int len)
 {
 	int i, off, noff;
 
@@ -95,7 +95,7 @@ convert(char *p, char *np, char *key, int len)
 	for(i = 0; i < len; i ++){
 		off = i*OKEYDBLEN;
 		noff = KEYDBOFF+i*(KEYDBLEN);
-		decrypt(authkey, &p[off], OKEYDBLEN);
+		decrypt(authkey.des, &p[off], OKEYDBLEN);
 		memmove(&np[noff], &p[off], OKEYDBLEN);
 		memset(&np[noff-SECRETLEN], 0, SECRETLEN);
 		if(verb)
@@ -103,7 +103,7 @@ convert(char *p, char *np, char *key, int len)
 	}
 	randombytes((uchar*)np, KEYDBOFF);
 	len = (len*KEYDBLEN) + KEYDBOFF;
-	oldCBCencrypt(key, np, len);
+	oldCBCencrypt(key->des, np, len);
 	return len;
 }
 
diff --git a/sys/src/cmd/auth/cron.c b/sys/src/cmd/auth/cron.c
index 425f2420d..57f1479a9 100644
--- a/sys/src/cmd/auth/cron.c
+++ b/sys/src/cmd/auth/cron.c
@@ -3,6 +3,7 @@
 #include <bio.h>
 #include <libsec.h>
 #include <auth.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 char CRONLOG[] = "cron";
diff --git a/sys/src/cmd/auth/debug.c b/sys/src/cmd/auth/debug.c
index d7df43f8b..4a182a640 100644
--- a/sys/src/cmd/auth/debug.c
+++ b/sys/src/cmd/auth/debug.c
@@ -208,9 +208,9 @@ authdialfutz(char *dom, char *user)
 void
 authfutz(char *dom, char *user)
 {
-	int fd, nobootes;
-	char pw[128], prompt[128], key[DESKEYLEN], booteskey[DESKEYLEN], tbuf[2*TICKETLEN],
-		trbuf[TICKREQLEN];
+	int fd, nobootes, n, m;
+	char pw[128], prompt[128], tbuf[2*TICKETLEN];
+	Authkey key, booteskey;
 	Ticket t;
 	Ticketreq tr;
 
@@ -218,7 +218,7 @@ authfutz(char *dom, char *user)
 	readcons(prompt, nil, 1, pw, sizeof pw);
 	if(pw[0] == '\0')
 		return;
-	passtokey(key, pw);
+	passtokey(&key, pw);
 
 	fd = authdial(nil, dom);
 	if(fd < 0){
@@ -227,19 +227,19 @@ authfutz(char *dom, char *user)
 	}
 
 	/* try ticket request using just user key */
+	memset(&tr, 0, sizeof(tr));
 	tr.type = AuthTreq;
 	strecpy(tr.authid, tr.authid+sizeof tr.authid, user);
 	strecpy(tr.authdom, tr.authdom+sizeof tr.authdom, dom);
 	strecpy(tr.hostid, tr.hostid+sizeof tr.hostid, user);
 	strecpy(tr.uid, tr.uid+sizeof tr.uid, user);
 	memset(tr.chal, 0xAA, sizeof tr.chal);
-	convTR2M(&tr, trbuf);
-	if(_asgetticket(fd, trbuf, tbuf) < 0){
-		close(fd);
+	if((n = _asgetticket(fd, &tr, tbuf, sizeof(tbuf))) < 0){
 		print("\t_asgetticket failed: %r\n");
+		close(fd);
 		return;
 	}
-	convM2T(tbuf, &t, key);
+	m = convM2T(tbuf, n, &t, &key);
 	if(t.num != AuthTc){
 		print("\tcannot decrypt ticket1 from auth server (bad t.num=0x%.2ux)\n", t.num);
 		print("\tauth server and you do not agree on key for %s@%s\n", user, dom);
@@ -252,7 +252,7 @@ authfutz(char *dom, char *user)
 		return;
 	}
 
-	convM2T(tbuf+TICKETLEN, &t, key);
+	convM2T(tbuf+m, n-m, &t, &key);
 	if(t.num != AuthTs){
 		print("\tcannot decrypt ticket2 from auth server (bad t.num=0x%.2ux)\n", t.num);
 		print("\tauth server and you do not agree on key for %s@%s\n", user, dom);
@@ -269,13 +269,12 @@ authfutz(char *dom, char *user)
 	/* try ticket request using bootes key */
 	snprint(prompt, sizeof prompt, "\tcpu server owner for domain %s ", dom);
 	readcons(prompt, "glenda", 0, tr.authid, sizeof tr.authid);
-	convTR2M(&tr, trbuf);
-	if(_asgetticket(fd, trbuf, tbuf) < 0){
+	if((n = _asgetticket(fd, &tr, tbuf, sizeof(tbuf))) < 0){
 		close(fd);
 		print("\t_asgetticket failed: %r\n");
 		return;
 	}
-	convM2T(tbuf, &t, key);
+	m = convM2T(tbuf, n, &t, &key);
 	if(t.num != AuthTc){
 		print("\tcannot decrypt ticket1 from auth server (bad t.num=0x%.2ux)\n", t.num);
 		print("\tauth server and you do not agree on key for %s@%s\n", user, dom);
@@ -295,9 +294,9 @@ authfutz(char *dom, char *user)
 		goto Nobootes;
 	}
 	nobootes = 0;
-	passtokey(booteskey, pw);
+	passtokey(&booteskey, pw);
 
-	convM2T(tbuf+TICKETLEN, &t, booteskey);
+	convM2T(tbuf+m, n-m, &t, &booteskey);
 	if(t.num != AuthTs){
 		print("\tcannot decrypt ticket2 from auth server (bad t.num=0x%.2ux)\n", t.num);
 		print("\tauth server and you do not agree on key for %s@%s\n", tr.authid, dom);
diff --git a/sys/src/cmd/auth/factotum/apop.c b/sys/src/cmd/auth/factotum/apop.c
index 004c8c9b2..a900d8f4f 100644
--- a/sys/src/cmd/auth/factotum/apop.c
+++ b/sys/src/cmd/auth/factotum/apop.c
@@ -208,7 +208,7 @@ apopclose(Fsstate *fss)
 static int
 dochal(State *s)
 {
-	char *dom, *user, trbuf[TICKREQLEN];
+	char *dom, *user;
 	int n;
 
 	s->asfd = -1;
@@ -228,13 +228,11 @@ dochal(State *s)
 		goto err;
 
 	memset(&s->tr, 0, sizeof(s->tr));
-	s->tr.type = s->astype;
 	safecpy(s->tr.authdom, dom, sizeof s->tr.authdom);
 	safecpy(s->tr.hostid, user, sizeof(s->tr.hostid));
-	convTR2M(&s->tr, trbuf);
-
+	s->tr.type = s->astype;
 	alarm(30*1000);
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+	if(_asrequest(s->asfd, &s->tr) < 0){
 		alarm(0);
 		goto err;
 	}
@@ -254,8 +252,6 @@ err:
 static int
 doreply(State *s, char *user, char *response)
 {
-	char ticket[TICKETLEN+AUTHENTLEN];
-	char trbuf[TICKREQLEN];
 	int n;
 	Authenticator a;
 
@@ -267,21 +263,16 @@ doreply(State *s, char *user, char *response)
 
 	memrandom(s->tr.chal, CHALLEN);
 	safecpy(s->tr.uid, user, sizeof(s->tr.uid));
-	convTR2M(&s->tr, trbuf);
 	alarm(30*1000);
-	if((n=write(s->asfd, trbuf, TICKREQLEN)) != TICKREQLEN){
+	if(_asrequest(s->asfd, &s->tr) < 0){
 		alarm(0);
-		if(n >= 0)
-			werrstr("short write to auth server");
 		goto err;
 	}
-	if((n=write(s->asfd, response, MD5dlen*2)) != MD5dlen*2){
+	if(write(s->asfd, response, MD5dlen*2) != MD5dlen*2){
 		alarm(0);
-		if(n >= 0)
-			werrstr("short write to auth server");
 		goto err;
 	}
-	n = _asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN);
+	n = _asgetresp(s->asfd, &s->t, &a, (Authkey*)s->key->priv);
 	alarm(0);
 	if(n < 0){
 		/* leave connection open so we can try again */
@@ -290,7 +281,6 @@ doreply(State *s, char *user, char *response)
 	close(s->asfd);
 	s->asfd = -1;
 
-	convM2T(ticket, &s->t, (char*)s->key->priv);
 	if(s->t.num != AuthTs
 	|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0){
 		if(s->key->successes == 0)
@@ -299,14 +289,12 @@ doreply(State *s, char *user, char *response)
 		goto err;
 	}
 	s->key->successes++;
-	convM2A(ticket+TICKETLEN, &a, s->t.key);
 	if(a.num != AuthAc
 	|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
 	|| a.id != 0){
 		werrstr(Easproto);
 		goto err;
 	}
-
 	return 0;
 err:
 	if(s->asfd >= 0)
diff --git a/sys/src/cmd/auth/factotum/chap.c b/sys/src/cmd/auth/factotum/chap.c
index ca6e0f173..e6e0f6b8f 100644
--- a/sys/src/cmd/auth/factotum/chap.c
+++ b/sys/src/cmd/auth/factotum/chap.c
@@ -299,8 +299,7 @@ static int
 dochal(State *s)
 {
 	char *dom, *user;
-	char trbuf[TICKREQLEN];
-	int ret;
+	int n;
 
 	s->asfd = -1;
 
@@ -315,20 +314,17 @@ dochal(State *s)
 		goto err;
 	
 	memset(&s->tr, 0, sizeof(s->tr));
-	s->tr.type = s->astype;
 	safecpy(s->tr.authdom, dom, sizeof(s->tr.authdom));
 	safecpy(s->tr.hostid, user, sizeof(s->tr.hostid));
-	convTR2M(&s->tr, trbuf);
-
+	s->tr.type = s->astype;
 	alarm(30*1000);
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+	if(_asrequest(s->asfd, &s->tr) < 0){
 		alarm(0);
 		goto err;
 	}
-	/* readn, not _asrdresp.  needs to match auth.srv.c. */
-	ret = readn(s->asfd, s->chal, sizeof s->chal);
+	n = readn(s->asfd, s->chal, sizeof s->chal);
 	alarm(0);
-	if(ret != sizeof s->chal)
+	if(n != sizeof s->chal)
 		goto err;
 
 	return 0;
@@ -343,18 +339,16 @@ err:
 static int
 doreply(State *s, uchar *reply, int nreply)
 {
-	char ticket[TICKETLEN+AUTHENTLEN];
 	int n;
 	Authenticator a;
 
 	alarm(30*1000);
-	if((n=write(s->asfd, reply, nreply)) != nreply){
+	if(write(s->asfd, reply, nreply) != nreply){
 		alarm(0);
-		if(n >= 0)
-			werrstr("short write to auth server");
 		goto err;
 	}
-	if(_asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN) < 0){
+	n = _asgetresp(s->asfd, &s->t, &a, (Authkey*)s->key->priv);
+	if(n < 0){
 		alarm(0);
 		/* leave connection open so we can try again */
 		return -1;
@@ -365,7 +359,7 @@ doreply(State *s, uchar *reply, int nreply)
 		s->nsecret = 0;
 	close(s->asfd);
 	s->asfd = -1;
-	convM2T(ticket, &s->t, s->key->priv);
+
 	if(s->t.num != AuthTs
 	|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0){
 		if(s->key->successes == 0)
@@ -374,14 +368,12 @@ doreply(State *s, uchar *reply, int nreply)
 		return -1;
 	}
 	s->key->successes++;
-	convM2A(ticket+TICKETLEN, &a, s->t.key);
 	if(a.num != AuthAc
 	|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
 	|| a.id != 0){
 		werrstr(Easproto);
 		return -1;
 	}
-
 	return 0;
 err:
 	if(s->asfd >= 0)
diff --git a/sys/src/cmd/auth/factotum/p9cr.c b/sys/src/cmd/auth/factotum/p9cr.c
index e3ed2fbfa..858c22473 100644
--- a/sys/src/cmd/auth/factotum/p9cr.c
+++ b/sys/src/cmd/auth/factotum/p9cr.c
@@ -165,7 +165,7 @@ p9crread(Fsstate *fss, void *va, uint *n)
 static int
 p9response(Fsstate *fss, State *s)
 {
-	char key[DESKEYLEN];
+	Authkey key;
 	uchar buf[8];
 	ulong chal;
 	char *pw;
@@ -173,10 +173,10 @@ p9response(Fsstate *fss, State *s)
 	pw = _strfindattr(s->key->privattr, "!password");
 	if(pw == nil)
 		return failure(fss, "vncresponse cannot happen");
-	passtokey(key, pw);
+	passtokey(&key, pw);
 	memset(buf, 0, 8);
 	sprint((char*)buf, "%d", atoi(s->chal));
-	if(encrypt(key, buf, 8) < 0)
+	if(encrypt(key.des, buf, 8) < 0)
 		return failure(fss, "can't encrypt response");
 	chal = (buf[0]<<24)+(buf[1]<<16)+(buf[2]<<8)+buf[3];
 	s->resplen = snprint(s->resp, sizeof s->resp, "%.8lux", chal);
@@ -247,7 +247,6 @@ vncresponse(Fsstate*, State *s)
 static int
 p9crwrite(Fsstate *fss, void *va, uint n)
 {
-	char tbuf[TICKETLEN+AUTHENTLEN];
 	State *s;
 	char *data = va;
 	Authenticator a;
@@ -288,14 +287,13 @@ p9crwrite(Fsstate *fss, void *va, uint n)
 			return failure(fss, Easproto);
 		}
 		/* get ticket plus authenticator from auth server */
-		ret = _asrdresp(s->asfd, tbuf, TICKETLEN+AUTHENTLEN);
+		ret = _asgetresp(s->asfd, &s->t, &a, (Authkey*)s->key->priv);
 		alarm(0);
 
 		if(ret < 0)
 			return failure(fss, nil);
 
 		/* check ticket */
-		convM2T(tbuf, &s->t, s->key->priv);
 		if(s->t.num != AuthTs
 		|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0){
 			if (s->key->successes == 0)
@@ -303,7 +301,6 @@ p9crwrite(Fsstate *fss, void *va, uint n)
 			return failure(fss, Easproto);
 		}
 		s->key->successes++;
-		convM2A(tbuf+TICKETLEN, &a, s->t.key);
 		if(a.num != AuthAc
 		|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
 		|| a.id != 0)
@@ -322,20 +319,18 @@ p9crwrite(Fsstate *fss, void *va, uint n)
 static int
 getchal(State *s, Fsstate *fss)
 {
-	char trbuf[TICKREQLEN];
 	int n;
 
 	safecpy(s->tr.hostid, _strfindattr(s->key->attr, "user"), sizeof(s->tr.hostid));
 	safecpy(s->tr.authdom, _strfindattr(s->key->attr, "dom"), sizeof(s->tr.authdom));
 	s->tr.type = s->astype;
-	convTR2M(&s->tr, trbuf);
 
 	/* get challenge from auth server */
 	s->asfd = _authdial(nil, _strfindattr(s->key->attr, "dom"));
 	if(s->asfd < 0)
 		return failure(fss, Easproto);
 	alarm(30*1000);
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+	if(_asrequest(s->asfd, &s->tr) < 0){
 		alarm(0);
 		return failure(fss, Easproto);
 	}
diff --git a/sys/src/cmd/auth/factotum/p9sk1.c b/sys/src/cmd/auth/factotum/p9sk1.c
index a61381b76..ea7eaa5ad 100644
--- a/sys/src/cmd/auth/factotum/p9sk1.c
+++ b/sys/src/cmd/auth/factotum/p9sk1.c
@@ -25,7 +25,7 @@ struct State
 	Ticketreq tr;
 	char cchal[CHALLEN];
 	char tbuf[TICKETLEN+AUTHENTLEN];
-	char authkey[DESKEYLEN];
+	int tbuflen;
 	uchar *secret;
 	int speakfor;
 };
@@ -60,7 +60,7 @@ static char *phasenames[Maxphase] =
 [SHaveAuth]		"SHaveAuth",
 };
 
-static int gettickets(State*, char*, char*);
+static int gettickets(State*, Ticketreq *, char*, int);
 
 static int
 p9skinit(Proto *p, Fsstate *fss)
@@ -119,6 +119,8 @@ p9skinit(Proto *p, Fsstate *fss)
 			break;
 		}
 	}
+	s->tbuflen = 0;
+	s->secret = nil;
 	fss->ps = s;
 	return RpcOk;
 }
@@ -147,13 +149,12 @@ p9skread(Fsstate *fss, void *a, uint *n)
 		m = TICKREQLEN;
 		if(*n < m)
 			return toosmall(fss, m);
-		*n = m;
-		convTR2M(&s->tr, a);
+		*n = convTR2M(&s->tr, a, *n);
 		fss->phase = SNeedTicket;
 		return RpcOk;
 
 	case CHaveTicket:
-		m = TICKETLEN+AUTHENTLEN;
+		m = s->tbuflen;
 		if(*n < m)
 			return toosmall(fss, m);
 		*n = m;
@@ -162,11 +163,11 @@ p9skread(Fsstate *fss, void *a, uint *n)
 		return RpcOk;
 
 	case SHaveAuth:
-		m = AUTHENTLEN;
+		m = s->tbuflen;
 		if(*n < m)
 			return toosmall(fss, m);
 		*n = m;
-		memmove(a, s->tbuf+TICKETLEN, m);
+		memmove(a, s->tbuf, m);
 		fss->ai.cuid = s->t.cuid;
 		fss->ai.suid = s->t.suid;
 		s->secret = emalloc(8);
@@ -183,7 +184,7 @@ static int
 p9skwrite(Fsstate *fss, void *a, uint n)
 {
 	int m, ret, sret;
-	char tbuf[2*TICKETLEN], trbuf[TICKREQLEN], *user;
+	char tbuf[2*TICKETLEN], *user;
 	Attr *attr;
 	Authenticator auth;
 	State *s;
@@ -204,12 +205,11 @@ p9skwrite(Fsstate *fss, void *a, uint n)
 		return RpcOk;
 
 	case CNeedTreq:
-		m = TICKREQLEN;
-		if(n < m)
-			return toosmall(fss, m);
+		m = convM2TR(a, n, &s->tr);
+		if(m <= 0)
+			return toosmall(fss, -m);
 
 		/* remember server's chal */
-		convM2TR(a, &s->tr);
 		if(s->vers == 2)
 			memmove(s->cchal, s->tr.chal, CHALLEN);
 
@@ -263,15 +263,14 @@ p9skwrite(Fsstate *fss, void *a, uint n)
 		else
 			safecpy(s->tr.uid, s->tr.hostid, sizeof s->tr.uid);
 
-		convTR2M(&s->tr, trbuf);
-
 		/* get tickets, from auth server or invent if we can */
-		if(gettickets(s, trbuf, tbuf) < 0){
+		ret = gettickets(s, &s->tr, tbuf, sizeof(tbuf));
+		if(ret < 0){
 			_freeattr(attr);
 			return failure(fss, nil);
 		}
 
-		convM2T(tbuf, &s->t, (char*)s->key->priv);
+		m = convM2T(tbuf, ret, &s->t, (Authkey*)s->key->priv);
 		if(s->t.num != AuthTc){
 			if(s->key->successes == 0 && !s->speakfor)
 				disablekey(s->key);
@@ -287,24 +286,27 @@ p9skwrite(Fsstate *fss, void *a, uint n)
 		}
 		s->key->successes++;
 		_freeattr(attr);
-		memmove(s->tbuf, tbuf+TICKETLEN, TICKETLEN);
+		ret -= m;
+		memmove(s->tbuf, tbuf+m, ret);
 
 		auth.num = AuthAc;
 		memmove(auth.chal, s->tr.chal, CHALLEN);
 		auth.id = 0;
-		convA2M(&auth, s->tbuf+TICKETLEN, s->t.key);
+		ret += convA2M(&auth, s->tbuf+ret, sizeof(s->tbuf)-ret, &s->t);
+		s->tbuflen = ret;
 		fss->phase = CHaveTicket;
 		return RpcOk;
 
 	case SNeedTicket:
-		m = TICKETLEN+AUTHENTLEN;
-		if(n < m)
-			return toosmall(fss, m);
-		convM2T(a, &s->t, (char*)s->key->priv);
+		m = convM2T(a, n, &s->t, (Authkey*)s->key->priv);
+		if(m <= 0)
+			return toosmall(fss, -m);
 		if(s->t.num != AuthTs
 		|| memcmp(s->t.chal, s->tr.chal, CHALLEN) != 0)
 			return failure(fss, Easproto);
-		convM2A((char*)a+TICKETLEN, &auth, s->t.key);
+		ret = convM2A((char*)a+m, n-m, &auth, &s->t);
+		if(ret <= 0)
+			return toosmall(fss, -ret + m);
 		if(auth.num != AuthAc
 		|| memcmp(auth.chal, s->tr.chal, CHALLEN) != 0
 		|| auth.id != 0)
@@ -312,15 +314,14 @@ p9skwrite(Fsstate *fss, void *a, uint n)
 		auth.num = AuthAs;
 		memmove(auth.chal, s->cchal, CHALLEN);
 		auth.id = 0;
-		convA2M(&auth, s->tbuf+TICKETLEN, s->t.key);
+		s->tbuflen = convA2M(&auth, s->tbuf, sizeof(s->tbuf), &s->t);
 		fss->phase = SHaveAuth;
 		return RpcOk;
 
 	case CNeedAuth:
-		m = AUTHENTLEN;
-		if(n < m)
-			return toosmall(fss, m);
-		convM2A(a, &auth, s->t.key);
+		m = convM2A(a, n, &auth, &s->t);
+		if(m <= 0)
+			return toosmall(fss, -m);
 		if(auth.num != AuthAs
 		|| memcmp(auth.chal, s->cchal, CHALLEN) != 0
 		|| auth.id != 0)
@@ -384,24 +385,24 @@ hexparse(char *hex, uchar *dat, int ndat)
 static int
 p9skaddkey(Key *k, int before)
 {
+	Authkey *akey;
 	char *s;
 
-	k->priv = emalloc(DESKEYLEN);
+	akey = emalloc(sizeof(Authkey));
 	if(s = _strfindattr(k->privattr, "!hex")){
-		if(hexparse(s, k->priv, 7) < 0){
-			free(k->priv);
-			k->priv = nil;
+		if(hexparse(s, (uchar*)akey->des, DESKEYLEN) < 0){
+			free(akey);
 			werrstr("malformed key data");
 			return -1;
 		}
 	}else if(s = _strfindattr(k->privattr, "!password")){
-		passtokey((char*)k->priv, s);
+		passtokey(akey, s);
 	}else{
 		werrstr("no key data");
-		free(k->priv);
-		k->priv = nil;
+		free(akey);
 		return -1;
 	}
+	k->priv = akey;
 	return replacekey(k, before);
 }
 
@@ -412,7 +413,7 @@ p9skclosekey(Key *k)
 }
 
 static int
-getastickets(State *s, char *trbuf, char *tbuf)
+getastickets(State *s, Ticketreq *tr, char *tbuf, int tbuflen)
 {
 	int asfd, rv;
 	char *dom;
@@ -425,17 +426,18 @@ getastickets(State *s, char *trbuf, char *tbuf)
 	if(asfd < 0)
 		return -1;
 	alarm(30*1000);
-	rv = _asgetticket(asfd, trbuf, tbuf);
+	rv = _asgetticket(asfd, tr, tbuf, tbuflen);
 	alarm(0);
 	close(asfd);
 	return rv;
 }
 
 static int
-mkserverticket(State *s, char *tbuf)
+mkserverticket(State *s, char *tbuf, int tbuflen)
 {
 	Ticketreq *tr = &s->tr;
 	Ticket t;
+	int ret;
 
 	if(strcmp(tr->authid, tr->hostid) != 0)
 		return -1;
@@ -449,22 +451,21 @@ mkserverticket(State *s, char *tbuf)
 	strcpy(t.suid, tr->uid);
 	memrandom(t.key, DESKEYLEN);
 	t.num = AuthTc;
-	convT2M(&t, tbuf, s->key->priv);
+	ret = convT2M(&t, tbuf, tbuflen, (Authkey*)s->key->priv);
 	t.num = AuthTs;
-	convT2M(&t, tbuf+TICKETLEN, s->key->priv);
-	return 0;
+	ret += convT2M(&t, tbuf+ret, tbuflen-ret, (Authkey*)s->key->priv);
+	return ret;
 }
 
 static int
-gettickets(State *s, char *trbuf, char *tbuf)
+gettickets(State *s, Ticketreq *tr, char *tbuf, int tbuflen)
 {
-/*
-	if(mktickets(s, trbuf, tbuf) >= 0)
-		return 0;
-*/
-	if(getastickets(s, trbuf, tbuf) >= 0)
-		return 0;
-	return mkserverticket(s, tbuf);
+	int ret;
+
+	ret = getastickets(s, tr, tbuf, tbuflen);
+	if(ret >= 0)
+		return ret;
+	return mkserverticket(s, tbuf, tbuflen);
 }
 
 Proto p9sk1 = {
diff --git a/sys/src/cmd/auth/guard.srv.c b/sys/src/cmd/auth/guard.srv.c
index ffe902e5f..013cd7945 100644
--- a/sys/src/cmd/auth/guard.srv.c
+++ b/sys/src/cmd/auth/guard.srv.c
@@ -90,7 +90,7 @@ main(int argc, char *argv[])
 
 	/* remove password login from guard.research.bell-labs.com, sucre, etc. */
 //	if(!findkey(KEYDB,    user, ukey) || !netcheck(ukey, chal, resp))
-	if(!findkey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
+	if(!finddeskey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
 	if((err = secureidcheck(user, resp)) != nil){
 		print("NO %s", err);
 		write(1, "NO", 2);
diff --git a/sys/src/cmd/auth/httpauth.c b/sys/src/cmd/auth/httpauth.c
index f54cd252d..4b0f39028 100644
--- a/sys/src/cmd/auth/httpauth.c
+++ b/sys/src/cmd/auth/httpauth.c
@@ -8,36 +8,25 @@ httpauth(char *name, char *password)
 	int afd;
 	Ticketreq tr;
 	Ticket	t;
-	char key[DESKEYLEN];
-	char buf[512];
+	Authkey key;
 
 	afd = authdial(nil, nil);
 	if(afd < 0)
 		return -1;
 
+	passtokey(&key, password);
+
 	/* send ticket request to AS */
 	memset(&tr, 0, sizeof(tr));
 	strcpy(tr.uid, name);
 	tr.type = AuthHttp;
-	convTR2M(&tr, buf);
-	if(write(afd, buf, TICKREQLEN) != TICKREQLEN){
-		close(afd);
-		return -1;
-	}
-	if(_asrdresp(afd, buf, TICKETLEN) < 0){
+	if(_asrequest(afd, &tr) < 0){
 		close(afd);
 		return -1;
 	}
+	_asgetresp(afd, &t, nil, &key);
 	close(afd);
-
-	/*
-	 *  use password and try to decrypt the
-	 *  ticket.  If it doesn't work we've got a bad password,
-	 *  give up.
-	 */
-	passtokey(key, password);
-	convM2T(buf, &t, key);
-	if(t.num != AuthHr || strcmp(t.cuid, tr.uid))
+	if(t.num != AuthHr || strcmp(t.cuid, tr.uid) != 0)
 		return -1;
 
 	return 0;
diff --git a/sys/src/cmd/auth/keyfs.c b/sys/src/cmd/auth/keyfs.c
index 193acf27e..8c6c01748 100644
--- a/sys/src/cmd/auth/keyfs.c
+++ b/sys/src/cmd/auth/keyfs.c
@@ -13,7 +13,7 @@
 
 #pragma	varargck	type	"W"	char*
 
-char authkey[8];
+Authkey authkey;
 
 typedef struct Fid	Fid;
 typedef struct User	User;
@@ -170,9 +170,9 @@ main(int argc, char *argv[])
 		error("can't make pipe: %r");
 
 	if(usepass) {
-		getpass(authkey, nil, 0, 0);
+		getpass(&authkey, nil, 0, 0);
 	} else {
-		if(!getauthkey(authkey))
+		if(!getauthkey(&authkey))
 			print("keyfs: warning: can't read NVRAM\n");
 	}
 
@@ -690,7 +690,7 @@ passline(Biobuf *b, void *vbuf)
 
 	if(Bread(b, buf, KEYDBLEN) != KEYDBLEN)
 		return 0;
-	decrypt(authkey, buf, KEYDBLEN);
+	decrypt(authkey.des, buf, KEYDBLEN);
 	buf[Namelen-1] = '\0';
 	return 1;
 }
@@ -780,7 +780,7 @@ writeusers(void)
 		}
 
 	/* encrypt */
-	oldCBCencrypt(authkey, buf, p - buf);
+	oldCBCencrypt(authkey.des, buf, p - buf);
 
 	/* write file */
 	fd = create(userkeys, OWRITE, 0660);
@@ -888,7 +888,7 @@ readusers(void)
 
 	/* decrypt */
 	n -= n % KEYDBLEN;
-	oldCBCdecrypt(authkey, buf, n);
+	oldCBCdecrypt(authkey.des, buf, n);
 
 	/* unpack */
 	nu = 0;
diff --git a/sys/src/cmd/auth/lib/error.c b/sys/src/cmd/auth/lib/error.c
index 71bf63df1..784ae37df 100644
--- a/sys/src/cmd/auth/lib/error.c
+++ b/sys/src/cmd/auth/lib/error.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 void
diff --git a/sys/src/cmd/auth/lib/fs.c b/sys/src/cmd/auth/lib/fs.c
index 43f7db845..35429d0ac 100644
--- a/sys/src/cmd/auth/lib/fs.c
+++ b/sys/src/cmd/auth/lib/fs.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 Fs fs[3] =
diff --git a/sys/src/cmd/auth/lib/getauthkey.c b/sys/src/cmd/auth/lib/getauthkey.c
index 1ae8d4e87..84c3d1557 100644
--- a/sys/src/cmd/auth/lib/getauthkey.c
+++ b/sys/src/cmd/auth/lib/getauthkey.c
@@ -17,9 +17,10 @@ getkey(char *authkey)
 }
 
 int
-getauthkey(char *authkey)
+getauthkey(Authkey *authkey)
 {
-	if(getkey(authkey) == 0)
+	memset(authkey, 0, sizeof(Authkey));
+	if(getkey(authkey->des) == 0)
 		return 1;
 	print("can't read NVRAM, please enter machine key\n");
 	getpass(authkey, nil, 0, 1);
diff --git a/sys/src/cmd/auth/lib/getexpiration.c b/sys/src/cmd/auth/lib/getexpiration.c
index 44ebfaaca..ebbd1c24c 100644
--- a/sys/src/cmd/auth/lib/getexpiration.c
+++ b/sys/src/cmd/auth/lib/getexpiration.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <ctype.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 /*
diff --git a/sys/src/cmd/auth/lib/keyfmt.c b/sys/src/cmd/auth/lib/keyfmt.c
index 86c2378a3..35642c9a5 100644
--- a/sys/src/cmd/auth/lib/keyfmt.c
+++ b/sys/src/cmd/auth/lib/keyfmt.c
@@ -1,13 +1,14 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 /*
  * print a key in des standard form
  */
 int
-keyfmt(Fmt *f)
+deskeyfmt(Fmt *f)
 {
 	uchar key[8];
 	char buf[32];
diff --git a/sys/src/cmd/auth/lib/netcheck.c b/sys/src/cmd/auth/lib/netcheck.c
index 5e4220c25..7b8fa92d7 100644
--- a/sys/src/cmd/auth/lib/netcheck.c
+++ b/sys/src/cmd/auth/lib/netcheck.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 /*
diff --git a/sys/src/cmd/auth/lib/querybio.c b/sys/src/cmd/auth/lib/querybio.c
index 97218a6dc..90e54ae74 100644
--- a/sys/src/cmd/auth/lib/querybio.c
+++ b/sys/src/cmd/auth/lib/querybio.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <bio.h>
 #include <ctype.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 
diff --git a/sys/src/cmd/auth/lib/rdbio.c b/sys/src/cmd/auth/lib/rdbio.c
index 34196fd36..1d56c5da6 100644
--- a/sys/src/cmd/auth/lib/rdbio.c
+++ b/sys/src/cmd/auth/lib/rdbio.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <bio.h>
 #include <ctype.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 void
diff --git a/sys/src/cmd/auth/lib/readarg.c b/sys/src/cmd/auth/lib/readarg.c
index cce957db9..238e8252f 100644
--- a/sys/src/cmd/auth/lib/readarg.c
+++ b/sys/src/cmd/auth/lib/readarg.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 int
diff --git a/sys/src/cmd/auth/lib/readln.c b/sys/src/cmd/auth/lib/readln.c
index ee470a52c..38a712497 100644
--- a/sys/src/cmd/auth/lib/readln.c
+++ b/sys/src/cmd/auth/lib/readln.c
@@ -5,7 +5,7 @@
 #include "authcmdlib.h"
 
 void
-getpass(char *key, char *pass, int check, int confirm)
+getpass(Authkey *key, char *pass, int check, int confirm)
 {
 	char rpass[32], npass[32];
 	char *err;
diff --git a/sys/src/cmd/auth/lib/readwrite.c b/sys/src/cmd/auth/lib/readwrite.c
index 54f494eb4..1c19bad01 100644
--- a/sys/src/cmd/auth/lib/readwrite.c
+++ b/sys/src/cmd/auth/lib/readwrite.c
@@ -33,7 +33,7 @@ writefile(char *file, char *buf, int n)
 }
 
 char*
-findkey(char *db, char *user, char *key)
+finddeskey(char *db, char *user, char *key)
 {
 	int n;
 	char filename[Maxpath];
@@ -46,6 +46,13 @@ findkey(char *db, char *user, char *key)
 		return key;
 }
 
+int
+findkey(char *db, char *user, Authkey *key)
+{
+	memset(key, 0, sizeof(Authkey));
+	return finddeskey(db, user, key->des) != nil;
+}
+
 char*
 findsecret(char *db, char *user, char *secret)
 {
@@ -62,7 +69,7 @@ findsecret(char *db, char *user, char *secret)
 }
 
 char*
-setkey(char *db, char *user, char *key)
+setdeskey(char *db, char *user, char *key)
 {
 	int n;
 	char filename[Maxpath];
@@ -75,6 +82,12 @@ setkey(char *db, char *user, char *key)
 		return key;
 }
 
+int
+setkey(char *db, char *user, Authkey *key)
+{
+	return setdeskey(db, user, key->des) != nil;
+}
+
 char*
 setsecret(char *db, char *user, char *secret)
 {
diff --git a/sys/src/cmd/auth/lib/wrbio.c b/sys/src/cmd/auth/lib/wrbio.c
index 9c688dbe1..2590ad72d 100644
--- a/sys/src/cmd/auth/lib/wrbio.c
+++ b/sys/src/cmd/auth/lib/wrbio.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <bio.h>
 #include <ctype.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 void
diff --git a/sys/src/cmd/auth/netkey.c b/sys/src/cmd/auth/netkey.c
index ee7b10a28..faca0f3d5 100644
--- a/sys/src/cmd/auth/netkey.c
+++ b/sys/src/cmd/auth/netkey.c
@@ -15,7 +15,8 @@ usage(void)
 void
 main(int argc, char *argv[])
 {
-	char buf[32], pass[32], key[DESKEYLEN];
+	Authkey key;
+	char buf[32], pass[32];
 	char *s;
 	int n;
 
@@ -33,7 +34,7 @@ main(int argc, char *argv[])
 	}
 
 	readln("Password: ", pass, sizeof pass, 1);
-	passtokey(key, pass);
+	passtokey(&key, pass);
 
 	for(;;){
 		print("challenge: ");
@@ -43,7 +44,7 @@ main(int argc, char *argv[])
 		buf[n] = '\0';
 		n = strtol(buf, 0, 10);
 		sprint(buf, "%d", n);
-		netcrypt(key, buf);
+		netcrypt(key.des, buf);
 		print("response: %s\n", buf);
 	}
 }
diff --git a/sys/src/cmd/auth/passwd.c b/sys/src/cmd/auth/passwd.c
index 20369805f..69fb602fb 100644
--- a/sys/src/cmd/auth/passwd.c
+++ b/sys/src/cmd/auth/passwd.c
@@ -1,52 +1,17 @@
 #include <u.h>
 #include <libc.h>
-#include <authsrv.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
-static char *pbmsg = "AS protocol botch";
-
-int
-asrdresp(int fd, char *buf, int len)
-{
-	char error[AERRLEN];
-
-	if(read(fd, buf, 1) != 1){
-		werrstr(pbmsg);
-		return -1;
-	}
-
-	switch(buf[0]){
-	case AuthOK:
-		if(readn(fd, buf, len) < 0){
-			werrstr(pbmsg);
-			return -1;
-		}
-		break;
-	case AuthErr:
-		if(readn(fd, error, AERRLEN) < 0){
-			werrstr(pbmsg);
-			return -1;
-		}
-		error[AERRLEN-1] = 0;
-		errstr(error, sizeof error);
-		return -1;
-	default:
-		werrstr(pbmsg);
-		return -1;
-	}
-	return 0;
-}
-
 void
 main(int argc, char **argv)
 {
-	int fd;
+	int fd, n;
 	Ticketreq tr;
 	Ticket t;
 	Passwordreq pr;
-	char tbuf[TICKETLEN];
-	char key[DESKEYLEN];
+	Authkey key;
 	char buf[512];
 	char *s, *user;
 
@@ -73,12 +38,8 @@ main(int argc, char **argv)
 	memset(&tr, 0, sizeof(tr));
 	strcpy(tr.uid, user);
 	tr.type = AuthPass;
-	convTR2M(&tr, buf);
-	if(write(fd, buf, TICKREQLEN) != TICKREQLEN)
-		error("protocol botch: %r");
-	if(asrdresp(fd, buf, TICKETLEN) < 0)
+	if(_asrequest(fd, &tr) < 0)
 		error("%r");
-	memmove(tbuf, buf, TICKETLEN);
 
 	/*
 	 *  get a password from the user and try to decrypt the
@@ -86,13 +47,17 @@ main(int argc, char **argv)
 	 *  give up.
 	 */
 	readln("Plan 9 Password: ", pr.old, sizeof pr.old, 1);
-	passtokey(key, pr.old);
-	convM2T(tbuf, &t, key);
-	if(t.num != AuthTp || strcmp(t.cuid, tr.uid))
+	passtokey(&key, pr.old);
+
+	if(_asgetresp(fd, &t, nil, &key) < 0)
+		error("%r");
+
+	if(t.num != AuthTp || strcmp(t.cuid, tr.uid) != 0)
 		error("bad password");
 
 	/* loop trying new passwords */
 	for(;;){
+		memset(&pr, 0, sizeof(pr));
 		pr.changesecret = 0;
 		*pr.new = 0;
 		readln("change Plan 9 Password? (y/n) ", buf, sizeof buf, 0);
@@ -126,10 +91,10 @@ main(int argc, char **argv)
 			}
 		}
 		pr.num = AuthPass;
-		convPR2M(&pr, buf, t.key);
-		if(write(fd, buf, PASSREQLEN) != PASSREQLEN)
+		n = convPR2M(&pr, buf, sizeof(buf), &t);
+		if(write(fd, buf, n) != n)
 			error("AS protocol botch: %r");
-		if(asrdresp(fd, buf, 0) == 0)
+		if(_asrdresp(fd, buf, 0) == 0)
 			break;
 		fprint(2, "passwd: refused: %r\n");
 	}
diff --git a/sys/src/cmd/auth/printnetkey.c b/sys/src/cmd/auth/printnetkey.c
index 5840bb8f8..9b5897824 100644
--- a/sys/src/cmd/auth/printnetkey.c
+++ b/sys/src/cmd/auth/printnetkey.c
@@ -1,10 +1,9 @@
 #include <u.h>
 #include <libc.h>
-#include <authsrv.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
-void	install(char*, char*, int);
 void	usage(void);
 
 void
@@ -15,7 +14,7 @@ main(int argc, char *argv[])
 	char keybuf[DESKEYLEN];
 
 	argv0 = "printnetkey";
-	fmtinstall('K', keyfmt);
+	fmtinstall('K', deskeyfmt);
 
 	ARGBEGIN{
 	default:
@@ -25,11 +24,9 @@ main(int argc, char *argv[])
 		usage();
 
 	u = argv[0];
-	fmtinstall('K', keyfmt);
-	
 	if(memchr(u, '\0', ANAMELEN) == 0)
 		error("bad user name");
-	key = findkey(NETKEYDB, u, keybuf);
+	key = finddeskey(NETKEYDB, u, keybuf);
 	if(!key)
 		error("%s has no netkey\n", u);
 	print("user %s: net key %K\n", u, key);
diff --git a/sys/src/cmd/auth/warning.c b/sys/src/cmd/auth/warning.c
index 7aae9c137..b2a33185b 100644
--- a/sys/src/cmd/auth/warning.c
+++ b/sys/src/cmd/auth/warning.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <bio.h>
 #include <auth.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 /* working directory */
diff --git a/sys/src/libauth/auth_userpasswd.c b/sys/src/libauth/auth_userpasswd.c
index 292899281..e113d83a4 100644
--- a/sys/src/libauth/auth_userpasswd.c
+++ b/sys/src/libauth/auth_userpasswd.c
@@ -11,13 +11,13 @@
  * this was copied from inet's guard.
  */
 static void
-netresp(char *key, long chal, char *answer)
+netresp(Authkey *key, long chal, char *answer)
 {
 	uchar buf[8];
 
 	memset(buf, 0, sizeof buf);
 	snprint((char *)buf, sizeof buf, "%lud", chal);
-	if(encrypt(key, buf, 8) < 0)
+	if(encrypt(key->des, buf, 8) < 0)
 		abort();
 	sprint(answer, "%.8ux", buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3]);
 }
@@ -25,7 +25,8 @@ netresp(char *key, long chal, char *answer)
 AuthInfo*
 auth_userpasswd(char *user, char *passwd)
 {
-	char key[DESKEYLEN], resp[16];
+	char resp[16];
+	Authkey key;
 	AuthInfo *ai;
 	Chalstate *ch;
 
@@ -37,9 +38,9 @@ auth_userpasswd(char *user, char *passwd)
 	if((ch = auth_challenge("user=%q proto=p9cr role=server", user)) == nil)
 		return nil;
 
-	passtokey(key, passwd);
-	netresp(key, atol(ch->chal), resp);
-	memset(key, 0, sizeof key);
+	passtokey(&key, passwd);
+	netresp(&key, atol(ch->chal), resp);
+	memset(&key, 0, sizeof(Authkey));
 
 	ch->resp = resp;
 	ch->nresp = strlen(resp);
diff --git a/sys/src/libauth/httpauth.c b/sys/src/libauth/httpauth.c
deleted file mode 100644
index 9d1b0d26f..000000000
--- a/sys/src/libauth/httpauth.c
+++ /dev/null
@@ -1,51 +0,0 @@
-#include <u.h>
-#include <libc.h>
-#include <auth.h>
-#include <authsrv.h>
-
-/* deprecated.
-	This is the mechanism that put entries in /sys/lib/httpd.rewrite
-	and passwords on the authserver in /sys/lib/httppasswords, which
-	was awkward to administer.  Instead, use local .httplogin files,
-	which are implemented in sys/src/cmd/ip/httpd/authorize.c */
-
-int
-httpauth(char *name, char *password)
-{
-	int afd;
-	Ticketreq tr;
-	Ticket	t;
-	char key[DESKEYLEN];
-	char buf[512];
-
-	afd = authdial(nil, nil);
-	if(afd < 0)
-		return -1;
-
-	/* send ticket request to AS */
-	memset(&tr, 0, sizeof(tr));
-	strcpy(tr.uid, name);
-	tr.type = AuthHttp;
-	convTR2M(&tr, buf);
-	if(write(afd, buf, TICKREQLEN) != TICKREQLEN){
-		close(afd);
-		return -1;
-	}
-	if(_asrdresp(afd, buf, TICKETLEN) < 0){
-		close(afd);
-		return -1;
-	}
-	close(afd);
-
-	/*
-	 *  use password and try to decrypt the
-	 *  ticket.  If it doesn't work we've got a bad password,
-	 *  give up.
-	 */
-	passtokey(key, password);
-	convM2T(buf, &t, key);
-	if(t.num != AuthHr || strcmp(t.cuid, tr.uid))
-		return -1;
-
-	return 0;
-}
diff --git a/sys/src/libauthsrv/_asgetticket.c b/sys/src/libauthsrv/_asgetticket.c
index 46283bd5a..11a344621 100644
--- a/sys/src/libauthsrv/_asgetticket.c
+++ b/sys/src/libauthsrv/_asgetticket.c
@@ -5,11 +5,13 @@
 static char *pbmsg = "AS protocol botch";
 
 int
-_asgetticket(int fd, char *trbuf, char *tbuf)
+_asgetticket(int fd, Ticketreq *tr, char *tbuf, int tbuflen)
 {
-	if(write(fd, trbuf, TICKREQLEN) < 0){
+	if(_asrequest(fd, tr) < 0){
 		werrstr(pbmsg);
 		return -1;
 	}
-	return _asrdresp(fd, tbuf, 2*TICKETLEN);
+	if(tbuflen > 2*TICKETLEN)
+		tbuflen = 2*TICKETLEN;
+	return _asrdresp(fd, tbuf, tbuflen);
 }
diff --git a/sys/src/libauthsrv/convA2M.c b/sys/src/libauthsrv/convA2M.c
index 2799cbf56..d285ad770 100644
--- a/sys/src/libauthsrv/convA2M.c
+++ b/sys/src/libauthsrv/convA2M.c
@@ -9,17 +9,19 @@
 #define	STRING(x,n)	memmove(p, f->x, n); p += n
 
 int
-convA2M(Authenticator *f, char *ap, char *key)
+convA2M(Authenticator *f, char *ap, int n, Ticket *t)
 {
-	int n;
 	uchar *p;
 
+	if(n < AUTHENTLEN)
+		return 0;
+
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(chal, CHALLEN);
 	LONG(id);
 	n = p - (uchar*)ap;
-	if(key)
-		encrypt(key, ap, n);
+	if(t)
+		encrypt(t->key, ap, n);
 	return n;
 }
diff --git a/sys/src/libauthsrv/convM2A.c b/sys/src/libauthsrv/convM2A.c
index 3d58f9b59..b0d6712ca 100644
--- a/sys/src/libauthsrv/convM2A.c
+++ b/sys/src/libauthsrv/convM2A.c
@@ -8,16 +8,24 @@
 #define	LONG(x)		VLONG(f->x)
 #define	STRING(x,n)	memmove(f->x, p, n); p += n
 
-void
-convM2A(char *ap, Authenticator *f, char *key)
+int
+convM2A(char *ap, int n, Authenticator *f, Ticket *t)
 {
-	uchar *p;
+	uchar *p, buf[AUTHENTLEN];
 
-	if(key)
-		decrypt(key, ap, AUTHENTLEN);
+	memset(f, 0, sizeof(Authenticator));
+	if(n < AUTHENTLEN)
+		return -AUTHENTLEN;
+
+	if(t) {
+		memmove(buf, ap, AUTHENTLEN);
+		ap = (char*)buf;
+		decrypt(t->key, ap, AUTHENTLEN);
+	}
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(chal, CHALLEN);
 	LONG(id);
-	USED(p);
+	n = p - (uchar*)ap;
+	return n;
 }
diff --git a/sys/src/libauthsrv/convM2PR.c b/sys/src/libauthsrv/convM2PR.c
index 21df5b508..c7bd4974d 100644
--- a/sys/src/libauthsrv/convM2PR.c
+++ b/sys/src/libauthsrv/convM2PR.c
@@ -8,14 +8,21 @@
 #define	LONG(x)		VLONG(f->x)
 #define	STRING(x,n)	memmove(f->x, p, n); p += n
 
-void
-convM2PR(char *ap, Passwordreq *f, char *key)
+int
+convM2PR(char *ap, int n, Passwordreq *f, Ticket *t)
 {
-	uchar *p;
+	uchar *p, buf[PASSREQLEN];
 
+	memset(f, 0, sizeof(Passwordreq));
+	if(n < PASSREQLEN)
+		return -PASSREQLEN;
+
+	if(t){
+		memmove(buf, ap, PASSREQLEN);
+		ap = (char*)buf;
+		decrypt(t->key, ap, PASSREQLEN);
+	}
 	p = (uchar*)ap;
-	if(key)
-		decrypt(key, ap, PASSREQLEN);
 	CHAR(num);
 	STRING(old, ANAMELEN);
 	f->old[ANAMELEN-1] = 0;
@@ -24,5 +31,6 @@ convM2PR(char *ap, Passwordreq *f, char *key)
 	CHAR(changesecret);
 	STRING(secret, SECRETLEN);
 	f->secret[SECRETLEN-1] = 0;
-	USED(p);
+	n = p - (uchar*)ap;
+	return n;
 }
diff --git a/sys/src/libauthsrv/convM2T.c b/sys/src/libauthsrv/convM2T.c
index 372825a87..425ebefdd 100644
--- a/sys/src/libauthsrv/convM2T.c
+++ b/sys/src/libauthsrv/convM2T.c
@@ -8,13 +8,20 @@
 #define	LONG(x)		VLONG(f->x)
 #define	STRING(x,n)	memmove(f->x, p, n); p += n
 
-void
-convM2T(char *ap, Ticket *f, char *key)
+int
+convM2T(char *ap, int n, Ticket *f, Authkey *key)
 {
-	uchar *p;
+	uchar *p, buf[TICKETLEN];
 
-	if(key)
-		decrypt(key, ap, TICKETLEN);
+	memset(f, 0, sizeof(Ticket));
+	if(n < TICKETLEN)
+		return -TICKETLEN;
+
+	if(key){
+		memmove(buf, ap, TICKETLEN);
+		ap = (char*)buf;
+		decrypt(key->des, ap, TICKETLEN);
+	}
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(chal, CHALLEN);
@@ -23,6 +30,6 @@ convM2T(char *ap, Ticket *f, char *key)
 	STRING(suid, ANAMELEN);
 	f->suid[ANAMELEN-1] = 0;
 	STRING(key, DESKEYLEN);
-	USED(p);
+	n = p - (uchar*)ap;
+	return n;
 }
-
diff --git a/sys/src/libauthsrv/convM2TR.c b/sys/src/libauthsrv/convM2TR.c
index ffad75c77..d6491705b 100644
--- a/sys/src/libauthsrv/convM2TR.c
+++ b/sys/src/libauthsrv/convM2TR.c
@@ -8,11 +8,15 @@
 #define	LONG(x)		VLONG(f->x)
 #define	STRING(x,n)	memmove(f->x, p, n); p += n
 
-void
-convM2TR(char *ap, Ticketreq *f)
+int
+convM2TR(char *ap, int n, Ticketreq *f)
 {
 	uchar *p;
 
+	memset(f, 0, sizeof(Ticketreq));
+	if(n < TICKREQLEN)
+		return -TICKREQLEN;
+
 	p = (uchar*)ap;
 	CHAR(type);
 	STRING(authid, ANAMELEN);
@@ -24,5 +28,6 @@ convM2TR(char *ap, Ticketreq *f)
 	f->hostid[ANAMELEN-1] = 0;
 	STRING(uid, ANAMELEN);
 	f->uid[ANAMELEN-1] = 0;
-	USED(p);
+	n = p - (uchar*)ap;
+	return n;
 }
diff --git a/sys/src/libauthsrv/convPR2M.c b/sys/src/libauthsrv/convPR2M.c
index 8b2422f1b..d5c0ee7ac 100644
--- a/sys/src/libauthsrv/convPR2M.c
+++ b/sys/src/libauthsrv/convPR2M.c
@@ -9,11 +9,13 @@
 #define	STRING(x,n)	memmove(p, f->x, n); p += n
 
 int
-convPR2M(Passwordreq *f, char *ap, char *key)
+convPR2M(Passwordreq *f, char *ap, int n, Ticket *t)
 {
-	int n;
 	uchar *p;
 
+	if(n < PASSREQLEN)
+		return 0;
+
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(old, ANAMELEN);
@@ -21,8 +23,8 @@ convPR2M(Passwordreq *f, char *ap, char *key)
 	CHAR(changesecret);
 	STRING(secret, SECRETLEN);
 	n = p - (uchar*)ap;
-	if(key)
-		encrypt(key, ap, n);
+	if(t)
+		encrypt(t->key, ap, n);
 	return n;
 }
 
diff --git a/sys/src/libauthsrv/convT2M.c b/sys/src/libauthsrv/convT2M.c
index 810ba5c67..77edcef1f 100644
--- a/sys/src/libauthsrv/convT2M.c
+++ b/sys/src/libauthsrv/convT2M.c
@@ -9,11 +9,13 @@
 #define	STRING(x,n)	memmove(p, f->x, n); p += n
 
 int
-convT2M(Ticket *f, char *ap, char *key)
+convT2M(Ticket *f, char *ap, int n, Authkey *key)
 {
-	int n;
 	uchar *p;
 
+	if(n < TICKETLEN)
+		return 0;
+
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(chal, CHALLEN);
@@ -22,6 +24,6 @@ convT2M(Ticket *f, char *ap, char *key)
 	STRING(key, DESKEYLEN);
 	n = p - (uchar*)ap;
 	if(key)
-		encrypt(key, ap, n);
+		encrypt(key->des, ap, n);
 	return n;
 }
diff --git a/sys/src/libauthsrv/convTR2M.c b/sys/src/libauthsrv/convTR2M.c
index 3a7610a71..0bbe9cb6f 100644
--- a/sys/src/libauthsrv/convTR2M.c
+++ b/sys/src/libauthsrv/convTR2M.c
@@ -9,11 +9,13 @@
 #define	STRING(x,n)	memmove(p, f->x, n); p += n
 
 int
-convTR2M(Ticketreq *f, char *ap)
+convTR2M(Ticketreq *f, char *ap, int n)
 {
-	int n;
 	uchar *p;
 
+	if(n < TICKREQLEN)
+		return 0;
+
 	p = (uchar*)ap;
 	CHAR(type);
 	STRING(authid, 28);	/* BUG */
@@ -24,4 +26,3 @@ convTR2M(Ticketreq *f, char *ap)
 	n = p - (uchar*)ap;
 	return n;
 }
-
diff --git a/sys/src/libauthsrv/mkfile b/sys/src/libauthsrv/mkfile
index b3e59b670..d46fa52d7 100644
--- a/sys/src/libauthsrv/mkfile
+++ b/sys/src/libauthsrv/mkfile
@@ -3,6 +3,8 @@
 LIB=/$objtype/lib/libauthsrv.a
 OFILES=\
 	_asgetticket.$O\
+	_asgetresp.$O\
+	_asrequest.$O\
 	_asrdresp.$O\
 	authdial.$O\
 	convA2M.$O\
diff --git a/sys/src/libauthsrv/passtokey.c b/sys/src/libauthsrv/passtokey.c
index cde9a2422..44963cec6 100644
--- a/sys/src/libauthsrv/passtokey.c
+++ b/sys/src/libauthsrv/passtokey.c
@@ -3,7 +3,7 @@
 #include <authsrv.h>
 
 int
-passtokey(char *key, char *p)
+passtokey(Authkey *key, char *p)
 {
 	uchar buf[ANAMELEN], *t;
 	int i, n;
@@ -15,10 +15,10 @@ passtokey(char *key, char *p)
 	t = buf;
 	strncpy((char*)t, p, n);
 	t[n] = 0;
-	memset(key, 0, DESKEYLEN);
+	memset(key, 0, sizeof(Authkey));
 	for(;;){
 		for(i = 0; i < DESKEYLEN; i++)
-			key[i] = (t[i] >> i) + (t[i+1] << (8 - (i+1)));
+			key->des[i] = (t[i] >> i) + (t[i+1] << (8 - (i+1)));
 		if(n <= 8)
 			return 1;
 		n -= 8;
@@ -27,6 +27,6 @@ passtokey(char *key, char *p)
 			t -= 8 - n;
 			n = 8;
 		}
-		encrypt(key, t, 8);
+		encrypt(key->des, t, 8);
 	}
 }
diff --git a/sys/src/libauthsrv/readnvram.c b/sys/src/libauthsrv/readnvram.c
index ef9c91249..5d054725d 100644
--- a/sys/src/libauthsrv/readnvram.c
+++ b/sys/src/libauthsrv/readnvram.c
@@ -292,11 +292,14 @@ readnvram(Nvrsafe *safep, int flag)
 			readcons("secstore key", nil, 1, safe->config,
 					sizeof safe->config);
 			for(;;){
-				if(readcons("password", nil, 1, in, sizeof in)
-				    == nil)
+				Authkey k;
+
+				if(readcons("password", nil, 1, in, sizeof in) == nil)
 					goto Out;
-				if(passtokey(safe->machkey, in))
+				if(passtokey(&k, in)){
+					memmove(safe->machkey, k.des, DESKEYLEN);
 					break;
+				}
 			}
 		}