authsrv: more aes key stuff

sys/src/cmd/auth/authcmdlib.h

@@ -41,6 +41,7 @@ void	error(char*, ...);
 void	fail(char*);
 int	findkey(char*, char*, Authkey*);
 char*	finddeskey(char*, char*, char*);
+uchar*	findaeskey(char*, char*, uchar*);
 char*	findsecret(char*, char*, char*);
 int	getauthkey(Authkey*);
 long	getexpiration(char *db, char *u);
@@ -61,6 +62,7 @@ long	readn(int, void*, long);
 char*	secureidcheck(char*, char*);
 int	setkey(char*, char*, Authkey*);
 char*	setdeskey(char*, char*, char*);
+uchar*	setaeskey(char*, char*, uchar*);
 char*	setsecret(char*, char*, char*);
 int	smartcheck(void*, long, char*);
 void	succeed(char*);

sys/src/cmd/auth/authsrv.c

@@ -11,6 +11,7 @@
 int debug;
 Ndb *db;
 char raddr[128];
+uchar zeros[16];
 
 /* Microsoft auth constants */
 enum {
@@ -31,7 +32,6 @@ int	speaksfor(char*, char*);
 void	replyerror(char*, ...);
 void	getraddr(char*);
 void	mkkey(Authkey*);
-int	samekey(Authkey*, Authkey*);
 void	mkticket(Ticketreq*, Ticket*);
 void	randombytes(uchar*, int);
 void	nthash(uchar hash[MShashlen], char *passwd);
@@ -254,10 +254,14 @@ changepasswd(Ticketreq *tr)
 			exits(0);
 		}
 		passtokey(&nkey, pr.old);
-		if(!samekey(&nkey, &okey)){
+		if(memcmp(nkey.des, okey.des, DESKEYLEN) != 0){
 			replyerror("protocol botch2: %s", raddr);
 			continue;
 		}
+		if(memcmp(okey.aes, zeros, AESKEYLEN) != 0 && memcmp(okey.aes, nkey.aes, AESKEYLEN) != 0){
+			replyerror("protocol botch3: %s", raddr);
+			continue;
+		}
 		if(*pr.new){
 			err = okpasswd(pr.new);
 			if(err){
@@ -1000,12 +1004,6 @@ mkkey(Authkey *k)
 	randombytes((uchar*)k->des, DESKEYLEN);
 }
 
-int
-samekey(Authkey *a, Authkey *b)
-{
-	return memcmp(a->des, b->des, DESKEYLEN) == 0;
-}
-
 void
 mkticket(Ticketreq *tr, Ticket *t)
 {

sys/src/cmd/auth/lib/readwrite.c

@@ -41,7 +41,21 @@ finddeskey(char *db, char *user, char *key)
 	snprint(filename, sizeof filename, "%s/%s/key", db, user);
 	n = readfile(filename, key, DESKEYLEN);
 	if(n != DESKEYLEN)
-		return 0;
+		return nil;
+	else
+		return key;
+}
+
+uchar*
+findaeskey(char *db, char *user, uchar *key)
+{
+	int n;
+	char filename[Maxpath];
+
+	snprint(filename, sizeof filename, "%s/%s/aeskey", db, user);
+	n = readfile(filename, (char*)key, AESKEYLEN);
+	if(n != AESKEYLEN)
+		return nil;
 	else
 		return key;
 }
@@ -49,8 +63,12 @@ finddeskey(char *db, char *user, char *key)
 int
 findkey(char *db, char *user, Authkey *key)
 {
+	int ret;
+
 	memset(key, 0, sizeof(Authkey));
-	return finddeskey(db, user, key->des) != nil;
+	ret = finddeskey(db, user, key->des) != nil;
+	ret |= findaeskey(db, user, key->aes) != nil;
+	return ret;
 }
 
 char*
@@ -63,7 +81,7 @@ findsecret(char *db, char *user, char *secret)
 	n = readfile(filename, secret, SECRETLEN-1);
 	secret[n]=0;
 	if(n <= 0)
-		return 0;
+		return nil;
 	else
 		return secret;
 }
@@ -77,7 +95,21 @@ setdeskey(char *db, char *user, char *key)
 	snprint(filename, sizeof filename, "%s/%s/key", db, user);
 	n = writefile(filename, key, DESKEYLEN);
 	if(n != DESKEYLEN)
-		return 0;
+		return nil;
+	else
+		return key;
+}
+
+uchar*
+setaeskey(char *db, char *user, uchar *key)
+{
+	int n;
+	char filename[Maxpath];
+
+	snprint(filename, sizeof filename, "%s/%s/aeskey", db, user);
+	n = writefile(filename, (char*)key, AESKEYLEN);
+	if(n != AESKEYLEN)
+		return nil;
 	else
 		return key;
 }
@@ -85,7 +117,11 @@ setdeskey(char *db, char *user, char *key)
 int
 setkey(char *db, char *user, Authkey *key)
 {
-	return setdeskey(db, user, key->des) != nil;
+	int ret;
+
+	ret = setdeskey(db, user, key->des) != nil;
+	ret |= setaeskey(db, user, key->aes) != nil;
+	return ret;
 }
 
 char*
@@ -97,7 +133,7 @@ setsecret(char *db, char *user, char *secret)
 	snprint(filename, sizeof filename, "%s/%s/secret", db, user);
 	n = writefile(filename, secret, strlen(secret));
 	if(n != strlen(secret))
-		return 0;
+		return nil;
 	else
 		return secret;
 }