include "sys.m"; include "keyring.m"; kr:= load Keyring Keyring->PATH; auth: fn(fd: ref Sys->FD, info: ref Authinfo, setid: int) : (string, array of byte); readauthinfo: fn(filename: string) : ref Authinfo; writeauthinfo:fn(filename: string, info: ref Authinfo): int;
The auth function returns a string and a byte array. If the byte array is nil then the authentication has failed and the string is an error message. If the byte array is non-nil, then it represents a secret shared by the two communicating parties. In this case the string is the name of the party at the other end of the connection.
If the authentication is successful and the argument setid is non-zero then auth attempts to write the id of the party at the other end of the connection into /dev/user (see cons). No error is generated if this does not succeed. If the authentication is not successful and setid is non-zero, auth writes "none" into /dev/user.
The authentication protocol is based on the Station-to-Station protocol. In the following the parties are labeled 0 and 1. Sig0(x) is x signed with 0's private key.
0 -> 1 alpha**r0 mod p, CERTu0, PKu0 1 -> 0 alpha**r1 mod p, CERTu1, PKu1 0 -> 1 sig0(alpha**r0 mod p, alpha**r1 mod p) 1 -> 0 sig1(alpha**r0 mod p, alpha**r1 mod p)At this point both 0 and 1 share the secret alpha**(r0*r1) which is returned in the byte array.
The conventional directory for storing Authinfo files.|
The file normally used by server programs.|
The files normally used by clients where $server is the network name of the server being called, for example, |
B. Schneier, Applied Cryptography, 1996, J. Wiley & Sons, Inc.