shithub: riscv

Download patch

ref: 02cfcfeab46f36aad95263ed40d19df7bd5eddef
parent: f785d4da07349c7bb250eb00a3f2bed3eb170828
author: cinap_lenrek <[email protected]>
date: Wed Aug 19 17:06:17 EDT 2015

libauthsrv: generalize ticket service, not hardcoding ticket format and DES encryption

this is in preparation for replacing DES ticket encryption with
something better. but first need to make the code stop making
assumptions.

the wire encoding of the Ticket might be variable length
with TICKETLEN just giving an upper bound. the details will be
handled by libauthsrv _asgetticket() and _asgetresp() funciotns.

the Authenticator and Passwordreq structures are encrypted
with the random ticket key. The encryption schmeme will depend
on the Ticket format used, so we pass the Ticket* structure
instead of the DES key.

introduce Authkey structure that will hold all the required
cryptographic keys instead of passing DES key.

--- a/sys/include/authsrv.h
+++ b/sys/include/authsrv.h
@@ -12,6 +12,8 @@
 typedef struct	OChapreply	OChapreply;
 typedef struct	OMSchapreply	OMSchapreply;
 
+typedef struct	Authkey		Authkey;
+
 enum
 {
 	ANAMELEN=	28,	/* name max size in previous proto */
@@ -110,22 +112,27 @@
 };
 #define OMSCHAPREPLYLEN	(ANAMELEN+24+24)
 
+struct	Authkey
+{
+	char	des[DESKEYLEN];
+};
+
 /*
  *  convert to/from wire format
  */
-extern	int	convT2M(Ticket*, char*, char*);
-extern	void	convM2T(char*, Ticket*, char*);
-extern	int	convA2M(Authenticator*, char*, char*);
-extern	void	convM2A(char*, Authenticator*, char*);
-extern	int	convTR2M(Ticketreq*, char*);
-extern	void	convM2TR(char*, Ticketreq*);
-extern	int	convPR2M(Passwordreq*, char*, char*);
-extern	void	convM2PR(char*, Passwordreq*, char*);
+extern	int	convT2M(Ticket*, char*, int, Authkey*);
+extern	int	convM2T(char*, int, Ticket*, Authkey*);
+extern	int	convA2M(Authenticator*, char*, int, Ticket*);
+extern	int	convM2A(char*, int, Authenticator*, Ticket*);
+extern	int	convTR2M(Ticketreq*, char*, int);
+extern	int	convM2TR(char*, int, Ticketreq*);
+extern	int	convPR2M(Passwordreq*, char*, int, Ticket*);
+extern	int	convM2PR(char*, int, Passwordreq*, Ticket*);
 
 /*
  *  convert ascii password to DES key
  */
-extern	int	passtokey(char*, char*);
+extern	int	passtokey(Authkey*, char*);
 
 /*
  *  Nvram interface
@@ -167,5 +174,7 @@
 /*
  *  exchange messages with auth server
  */
-extern	int	_asgetticket(int, char*, char*);
+extern	int	_asgetticket(int, Ticketreq*, char*, int);
+extern	int	_asrequest(int, Ticketreq*);
+extern	int	_asgetresp(int, Ticket*, Authenticator*, Authkey *);
 extern	int	_asrdresp(int, char*, int);
--- a/sys/man/2/authsrv
+++ b/sys/man/2/authsrv
@@ -1,6 +1,6 @@
 .TH AUTHSRV 2
 .SH NAME
-authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR, _asgetticket, _asrdresp \- routines for communicating with authentication servers
+authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR, _asgetticket, _asrequest, _asgetresp, _asrdresp \- routines for communicating with authentication servers
 .SH SYNOPSIS
 .nf
 .PP
@@ -15,7 +15,7 @@
 int	authdial(char *netroot, char *ad);
 .PP
 .B
-int	passtokey(char key[DESKEYLEN], char *password)
+int	passtokey(Authkey *key, char *password)
 .PP
 .B
 uchar	nvcsum(void *mem, int len)
@@ -24,34 +24,40 @@
 int	readnvram(Nvrsafe *nv, int flag);
 .PPP
 .B
-int	convT2M(Ticket *t, char *msg, char *key)
+int	convT2M(Ticket *t, char *msg, int len, Authkey *key)
 .PP
 .B
-void	convM2T(char *msg, Ticket *t, char *key)
+int	convM2T(char *msg, int len, Ticket *t, Authkey *key)
 .PP
 .B
-int	convA2M(Authenticator *a, char *msg, char *key)
+int	convA2M(Authenticator *a, char *msg, int len, Ticket *t)
 .PP
 .B
-void	convM2A(char *msg, Authenticator *a, char *key)
+int	convM2A(char *msg, int len, Authenticator *a, Ticket *t)
 .PP
 .B
-int	convTR2M(Ticketreq *tr, char *msg)
+int	convTR2M(Ticketreq *tr, char *msg, int len)
 .PP
 .B
-void	convM2TR(char *msg, Ticketreq *tr)
+int	convM2TR(char *msg, int len, Ticketreq *tr)
 .PP
 .B
-int	convPR2M(Passwordreq *pr, char *msg, char *key)
+int	convPR2M(Passwordreq *pr, char *msg, int len, Ticket *t)
 .PP
 .B
-void	convM2PR(char *msg, Passwordreq *pr, char *key)
+int	convM2PR(char *msg, int len, Passwordreq *pr, Ticket *t)
 .PP
 .B
-int	_asgetticket(int fd, char *trbuf, char *tbuf);
+int	_asgetticket(int fd, Ticketreq *tr, char *buf, int len)
 .PP
 .B
-int	_asrdresp(int fd, char *buf, int len);
+int	_asrequest(int fd, Ticketreq *tr)
+.PP
+.B
+int	_asgetresp(int fd, Ticket *t, Authenticator *a, Authkey *key)
+.PP
+.B
+int	_asrdresp(int fd, char *buf, int len)
 .SH DESCRIPTION
 .I Authdial
 dials an authentication server over the
@@ -99,7 +105,9 @@
 .I Passtokey
 converts
 .I password
-into a DES key and stores the result in
+into a set of cryptographic keys and stores them in the
+.I Authkey
+structure
 .IR key .
 It returns 0 if
 .I password
@@ -213,18 +221,34 @@
 .I Key
 is used for encrypting the message before transmission and decrypting
 after reception.
+.IR ConvA2M ,
+.IR convM2A ,
+.I convPR2M
+and
+.I convM2PR
+encrypt/decrypt the message with the random ticket key.
 .PP
 The routine
+.I _asgetticket
+sends a ticket request
+.I tr
+returning the two encrypted tickets in
+.IR buf .
+The routine
+.I _asrequest
+encodes the ticket request
+.I tr
+and sends it not waiting for a response.
+After sending a request,
 .I _asgetresp
+can be used to receive the response containing a ticket and an optional
+authenticator and decrypts the ticket and authenticator using
+.IR key .
+The routine
+.I _asrdresp
 receives either a character array or an error string.
 On error, it sets errstr and returns -1.  If successful,
 it returns the number of bytes received.
-.PP
-The routine
-.I _asgetticket
-sends a ticket request message and then uses
-.I _asgetresp
-to recieve an answer.
 .SH SOURCE
 .B /sys/src/libauthsrv
 .SH SEE ALSO
--- a/sys/src/cmd/auth/as.c
+++ b/sys/src/cmd/auth/as.c
@@ -8,6 +8,7 @@
 #include <bio.h>
 #include <libsec.h>
 #include <auth.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 int	debug;
--- a/sys/src/cmd/auth/authcmdlib.h
+++ b/sys/src/cmd/auth/authcmdlib.h
@@ -39,13 +39,14 @@
 void	checksum(char*, char*);
 void	error(char*, ...);
 void	fail(char*);
-char*	findkey(char*, char*, char*);
+int	findkey(char*, char*, Authkey*);
+char*	finddeskey(char*, char*, char*);
 char*	findsecret(char*, char*, char*);
-int	getauthkey(char*);
+int	getauthkey(Authkey*);
 long	getexpiration(char *db, char *u);
-void	getpass(char*, char*, int, int);
+void	getpass(Authkey*, char*, int, int);
 int	getsecret(int, char*);
-int	keyfmt(Fmt*);
+int	deskeyfmt(Fmt*);
 void	logfail(char*);
 int	netcheck(void*, long, char*);
 char*	netdecimal(char*);
@@ -58,7 +59,8 @@
 void	readln(char*, char*, int, int);
 long	readn(int, void*, long);
 char*	secureidcheck(char*, char*);
-char*	setkey(char*, char*, char*);
+int	setkey(char*, char*, Authkey*);
+char*	setdeskey(char*, char*, char*);
 char*	setsecret(char*, char*, char*);
 int	smartcheck(void*, long, char*);
 void	succeed(char*);
--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -30,7 +30,9 @@
 int	speaksfor(char*, char*);
 void	replyerror(char*, ...);
 void	getraddr(char*);
-void	mkkey(char*);
+void	mkkey(Authkey*);
+int	samekey(Authkey*, Authkey*);
+void	mkticket(Ticketreq*, Ticket*);
 void	randombytes(uchar*, int);
 void	nthash(uchar hash[MShashlen], char *passwd);
 void	lmhash(uchar hash[MShashlen], char *passwd);
@@ -37,15 +39,15 @@
 void	ntv2hash(uchar hash[MShashlen], char *passwd, char *user, char *dom);
 void	mschalresp(uchar resp[MSresplen], uchar hash[MShashlen], uchar chal[MSchallen]);
 void	desencrypt(uchar data[8], uchar key[7]);
-int	tickauthreply(Ticketreq*, char*);
+int	tickauthreply(Ticketreq*, Authkey*);
 void	safecpy(char*, char*, int);
 
-
 void
 main(int argc, char *argv[])
 {
 	char buf[TICKREQLEN];
 	Ticketreq tr;
+	int n;
 
 	ARGBEGIN{
 	case 'd':
@@ -64,11 +66,10 @@
 
 	srand(time(0)*getpid());
 	for(;;){
-		if(readn(0, buf, TICKREQLEN) <= 0)
+		n = readn(0, buf, sizeof(buf));
+		if(n <= 0 || convM2TR(buf, n, &tr) <= 0)
 			exits(0);
-
-		convM2TR(buf, &tr);
-		switch(buf[0]){
+		switch(tr.type){
 		case AuthTreq:
 			ticketrequest(&tr);
 			break;
@@ -97,7 +98,7 @@
 			vnc(&tr);
 			break;
 		default:
-			syslog(0, AUTHLOG, "unknown ticket request type: %d", buf[0]);
+			syslog(0, AUTHLOG, "unknown ticket request type: %d", tr.type);
 			exits(0);
 		}
 	}
@@ -107,45 +108,39 @@
 int
 ticketrequest(Ticketreq *tr)
 {
-	char akey[DESKEYLEN];
-	char hkey[DESKEYLEN];
-	Ticket t;
+	Authkey akey, hkey;
 	char tbuf[2*TICKETLEN+1];
+	Ticket t;
+	int n;
 
-	if(findkey(KEYDB, tr->authid, akey) == 0){
+	if(!findkey(KEYDB, tr->authid, &akey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(akey);
+		mkkey(&akey);
 		if(debug)
 			syslog(0, AUTHLOG, "tr-fail authid %s", raddr);
 	}
-	if(findkey(KEYDB, tr->hostid, hkey) == 0){
+	if(!findkey(KEYDB, tr->hostid, &hkey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(hkey);
+		mkkey(&hkey);
 		if(debug)
 			syslog(0, AUTHLOG, "tr-fail hostid %s(%s)", tr->hostid, raddr);
 	}
 
-	memset(&t, 0, sizeof(t));
-	memmove(t.chal, tr->chal, CHALLEN);
-	strcpy(t.cuid, tr->uid);
-	if(speaksfor(tr->hostid, tr->uid))
-		strcpy(t.suid, tr->uid);
-	else {
-		mkkey(akey);
-		mkkey(hkey);
+	mkticket(tr, &t);
+	if(!speaksfor(tr->hostid, tr->uid)){
+		mkkey(&akey);
+		mkkey(&hkey);
 		if(debug)
 			syslog(0, AUTHLOG, "tr-fail %s@%s(%s) -> %s@%s no speaks for",
 				tr->uid, tr->hostid, raddr, tr->uid, tr->authid);
 	}
-
-	mkkey(t.key);
-
-	tbuf[0] = AuthOK;
+	n = 0;
+	tbuf[n++] = AuthOK;
 	t.num = AuthTc;
-	convT2M(&t, tbuf+1, hkey);
+	n += convT2M(&t, tbuf+n, sizeof(tbuf)-n, &hkey);
 	t.num = AuthTs;
-	convT2M(&t, tbuf+1+TICKETLEN, akey);
-	if(write(1, tbuf, 2*TICKETLEN+1) < 0){
+	n += convT2M(&t, tbuf+n, sizeof(tbuf)-n, &akey);
+	if(write(1, tbuf, n) < 0){
 		if(debug)
 			syslog(0, AUTHLOG, "tr-fail %s@%s(%s): hangup",
 				tr->uid, tr->hostid, raddr);
@@ -163,22 +158,23 @@
 {
 	long chal;
 	char *key, *netkey;
-	char kbuf[DESKEYLEN], nkbuf[DESKEYLEN], hkey[DESKEYLEN];
+	Authkey hkey;
+	char kbuf[DESKEYLEN], nkbuf[DESKEYLEN];
 	char buf[NETCHLEN+1];
 	char *err;
 
-	key = findkey(KEYDB, tr->uid, kbuf);
-	netkey = findkey(NETKEYDB, tr->uid, nkbuf);
-	if(key == 0 && netkey == 0){
+	key = finddeskey(KEYDB, tr->uid, kbuf);
+	netkey = finddeskey(NETKEYDB, tr->uid, nkbuf);
+	if(key == nil && netkey == nil){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(nkbuf);
+		randombytes((uchar*)nkbuf, DESKEYLEN);
 		netkey = nkbuf;
 		if(debug)
 			syslog(0, AUTHLOG, "cr-fail uid %s@%s", tr->uid, raddr);
 	}
-	if(findkey(KEYDB, tr->hostid, hkey) == 0){
+	if(!findkey(KEYDB, tr->hostid, &hkey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(hkey);
+		mkkey(&hkey);
 		if(debug)
 			syslog(0, AUTHLOG, "cr-fail hostid %s %s@%s", tr->hostid,
 				tr->uid, raddr);
@@ -195,8 +191,8 @@
 		exits(0);
 	if(readn(0, buf, NETCHLEN) < 0)
 		exits(0);
-	if(!(key && netcheck(key, chal, buf))
-	&& !(netkey && netcheck(netkey, chal, buf))
+	if(!(key != nil && netcheck(key, chal, buf))
+	&& !(netkey != nil && netcheck(netkey, chal, buf))
 	&& (err = secureidcheck(tr->uid, buf)) != nil){
 		replyerror("cr-fail %s %s %s", err, tr->uid, raddr);
 		logfail(tr->uid);
@@ -210,7 +206,7 @@
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0){
+	if(tickauthreply(tr, &hkey) < 0){
 		if(debug)
 			syslog(0, AUTHLOG, "cr-fail %s@%s(%s): hangup",
 				tr->uid, tr->hostid, raddr);
@@ -229,36 +225,36 @@
 	char tbuf[TICKETLEN+1];
 	char prbuf[PASSREQLEN];
 	Passwordreq pr;
-	char okey[DESKEYLEN], nkey[DESKEYLEN];
+	Authkey okey, nkey;
 	char *err;
+	int n;
 
-	if(findkey(KEYDB, tr->uid, okey) == 0){
+	if(!findkey(KEYDB, tr->uid, &okey)){
 		/* make one up so caller doesn't know it was wrong */
-		mkkey(okey);
+		mkkey(&okey);
 		syslog(0, AUTHLOG, "cp-fail uid %s", raddr);
 	}
 
 	/* send back a ticket with a new key */
-	memmove(t.chal, tr->chal, CHALLEN);
-	mkkey(t.key);
-	tbuf[0] = AuthOK;
+	mkticket(tr, &t);
 	t.num = AuthTp;
-	safecpy(t.cuid, tr->uid, sizeof(t.cuid));
-	safecpy(t.suid, tr->uid, sizeof(t.suid));
-	convT2M(&t, tbuf+1, okey);
-	write(1, tbuf, sizeof(tbuf));
+	n = 0;
+	tbuf[n++] = AuthOK;
+	n += convT2M(&t, tbuf+n, sizeof(tbuf)-n, &okey);
+	if(write(1, tbuf, n) != n)
+		exits(0);
 
 	/* loop trying passwords out */
 	for(;;){
-		if(readn(0, prbuf, PASSREQLEN) < 0)
+		n = readn(0, prbuf, sizeof(prbuf));
+		if(n <= 0 || convM2PR(prbuf, n, &pr, &t) <= 0)
 			exits(0);
-		convM2PR(prbuf, &pr, t.key);
 		if(pr.num != AuthPass){
 			replyerror("protocol botch1: %s", raddr);
 			exits(0);
 		}
-		passtokey(nkey, pr.old);
-		if(memcmp(nkey, okey, DESKEYLEN)){
+		passtokey(&nkey, pr.old);
+		if(!samekey(&nkey, &okey)){
 			replyerror("protocol botch2: %s", raddr);
 			continue;
 		}
@@ -268,13 +264,13 @@
 				replyerror("%s %s", err, raddr);
 				continue;
 			}
-			passtokey(nkey, pr.new);
+			passtokey(&nkey, pr.new);
 		}
 		if(pr.changesecret && setsecret(KEYDB, tr->uid, pr.secret) == 0){
 			replyerror("can't write secret %s", raddr);
 			continue;
 		}
-		if(*pr.new && setkey(KEYDB, tr->uid, nkey) == 0){
+		if(*pr.new && setkey(KEYDB, tr->uid, &nkey) == 0){
 			replyerror("can't write key %s", raddr);
 			continue;
 		}
@@ -292,15 +288,14 @@
 {
 	Ticket t;
 	char tbuf[TICKETLEN+1];
-	char key[DESKEYLEN];
+	Authkey key;
 	char *p;
 	Biobuf *b;
 	int n;
 
-	randombytes((uchar*)key, DESKEYLEN);
-
 	/* use plan9 key when there is any */
-	findkey(KEYDB, tr->uid, key);
+	if(!findkey(KEYDB, tr->uid, &key))
+		mkkey(&key);
 
 	n = strlen(tr->uid);
 	b = Bopen("/sys/lib/httppasswords", OREAD);
@@ -315,7 +310,7 @@
 				p += n;
 				while(*p == ' ' || *p == '\t')
 					p++;
-				passtokey(key, p);
+				passtokey(&key, p);
 			}
 		}
 		Bterm(b);
@@ -322,14 +317,13 @@
 	}
 
 	/* send back a ticket encrypted with the key */
+	mkticket(tr, &t);
 	randombytes((uchar*)t.chal, CHALLEN);
-	mkkey(t.key);
-	tbuf[0] = AuthOK;
 	t.num = AuthHr;
-	safecpy(t.cuid, tr->uid, sizeof(t.cuid));
-	safecpy(t.suid, tr->uid, sizeof(t.suid));
-	convT2M(&t, tbuf+1, key);
-	write(1, tbuf, sizeof(tbuf));
+	n = 0;
+	tbuf[n++] = AuthOK;
+	n += convT2M(&t, tbuf+n, sizeof(tbuf)-n, &key);
+	write(1, tbuf, n);
 }
 
 static char*
@@ -339,13 +333,13 @@
 	static char *domain;
 	int n;
 
-	if(domain)
+	if(domain != nil)
 		return domain;
 	if(*sysname)
 		return sysname;
 
 	domain = csgetvalue(0, "sys", sysname, "dom", nil);
-	if(domain)
+	if(domain != nil)
 		return domain;
 
 	n = readfile("/dev/sysname", sysname, sizeof(sysname)-1);
@@ -373,12 +367,13 @@
 void
 apop(Ticketreq *tr, int type)
 {
-	int challen, i, tries;
-	char *secret, *hkey, *p;
+	int challen, i, n, tries;
+	char *secret, *p;
+	Authkey hkey;
 	Ticketreq treq;
 	DigestState *s;
-	char sbuf[SECRETLEN], hbuf[DESKEYLEN];
-	char tbuf[TICKREQLEN];
+	char sbuf[SECRETLEN];
+	char trbuf[TICKREQLEN];
 	char buf[MD5dlen*2];
 	uchar digest[MD5dlen], resp[MD5dlen];
 	ulong rb[4];
@@ -401,9 +396,9 @@
 		/*
 		 *  get ticket request
 		 */
-		if(readn(0, tbuf, TICKREQLEN) < 0)
+		n = readn(0, trbuf, sizeof(trbuf));
+		if(n <= 0 || convM2TR(trbuf, n, &treq) <= 0)
 			exits(0);
-		convM2TR(tbuf, &treq);
 		tr = &treq;
 		if(tr->type != type)
 			exits(0);
@@ -411,7 +406,7 @@
 		/*
 		 * read response
 		 */
-		if(readn(0, buf, MD5dlen*2) < 0)
+		if(readn(0, buf, MD5dlen*2) != MD5dlen*2)
 			exits(0);
 		for(i = 0; i < MD5dlen; i++)
 			resp[i] = (h2b(buf[2*i])<<4)|h2b(buf[2*i+1]);
@@ -420,8 +415,7 @@
 		 * lookup
 		 */
 		secret = findsecret(KEYDB, tr->uid, sbuf);
-		hkey = findkey(KEYDB, tr->hostid, hbuf);
-		if(hkey == 0 || secret == 0){
+		if(!findkey(KEYDB, tr->hostid, &hkey) || secret == nil){
 			replyerror("apop-fail bad response %s", raddr);
 			logfail(tr->uid);
 			if(tries > 5)
@@ -455,7 +449,7 @@
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0)
+	if(tickauthreply(tr, &hkey) < 0)
 		exits(0);
 
 	if(debug){
@@ -493,10 +487,11 @@
 void
 vnc(Ticketreq *tr)
 {
+	char *secret;
+	Authkey hkey;
 	uchar chal[VNCchallen+6];
 	uchar reply[VNCchallen];
-	char *secret, *hkey;
-	char sbuf[SECRETLEN], hbuf[DESKEYLEN];
+	char sbuf[SECRETLEN];
 	DESstate s;
 	int i;
 
@@ -514,7 +509,7 @@
 	 */
 	memset(sbuf, 0, sizeof(sbuf));
 	secret = findsecret(KEYDB, tr->uid, sbuf);
-	if(secret == 0){
+	if(secret == nil){
 		randombytes((uchar*)sbuf, sizeof(sbuf));
 		secret = sbuf;
 	}
@@ -521,11 +516,8 @@
 	for(i = 0; i < 8; i++)
 		secret[i] = swizzletab[(uchar)secret[i]];
 
-	hkey = findkey(KEYDB, tr->hostid, hbuf);
-	if(hkey == 0){
-		randombytes((uchar*)hbuf, sizeof(hbuf));
-		hkey = hbuf;
-	}
+	if(!findkey(KEYDB, tr->hostid, &hkey))
+		mkkey(&hkey);
 
 	/*
 	 *  get response
@@ -548,7 +540,7 @@
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0)
+	if(tickauthreply(tr, &hkey) < 0)
 		exits(0);
 
 	if(debug)
@@ -558,9 +550,10 @@
 void
 chap(Ticketreq *tr)
 {
-	char *secret, *hkey;
+	char *secret;
+	Authkey hkey;
 	DigestState *s;
-	char sbuf[SECRETLEN], hbuf[DESKEYLEN];
+	char sbuf[SECRETLEN];
 	uchar digest[MD5dlen];
 	char chal[CHALLEN];
 	OChapreply reply;
@@ -582,8 +575,7 @@
 	 * lookup
 	 */
 	secret = findsecret(KEYDB, tr->uid, sbuf);
-	hkey = findkey(KEYDB, tr->hostid, hbuf);
-	if(hkey == 0 || secret == 0){
+	if(!findkey(KEYDB, tr->hostid, &hkey) || secret == nil){
 		replyerror("chap-fail bad response %s", raddr);
 		logfail(tr->uid);
 		exits(0);
@@ -607,7 +599,7 @@
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0)
+	if(tickauthreply(tr, &hkey) < 0)
 		exits(0);
 
 	if(debug)
@@ -671,8 +663,9 @@
 void
 mschap(Ticketreq *tr)
 {
-	char *secret, *hkey;
-	char sbuf[SECRETLEN], hbuf[DESKEYLEN], windom[128];
+	char *secret;
+	Authkey hkey;
+	char sbuf[SECRETLEN], windom[128];
 	uchar chal[CHALLEN], ntblob[1024];
 	uchar hash[MShashlen];
 	uchar hash2[MShashlen];
@@ -743,8 +736,7 @@
 	 * lookup
 	 */
 	secret = findsecret(KEYDB, tr->uid, sbuf);
-	hkey = findkey(KEYDB, tr->hostid, hbuf);
-	if(hkey == 0 || secret == 0){
+	if(!findkey(KEYDB, tr->hostid, &hkey) || secret == nil){
 		replyerror("mschap-fail bad response %s/%s(%s)",
 			tr->uid, tr->hostid, raddr);
 		logfail(tr->uid);
@@ -812,7 +804,7 @@
 	/*
 	 *  reply with ticket & authenticator
 	 */
-	if(tickauthreply(tr, hkey) < 0)
+	if(tickauthreply(tr, &hkey) < 0)
 		exits(0);
 
 	if(debug)
@@ -939,16 +931,16 @@
 	if(strcmp(speaker, user) == 0)
 		return 1;
 
-	if(db == 0)
+	if(db == nil)
 		return 0;
 
 	tp = ndbsearch(db, &s, "hostid", speaker);
-	if(tp == 0)
+	if(tp == nil)
 		return 0;
 
 	ok = 0;
 	snprint(notuser, sizeof notuser, "!%s", user);
-	for(ntp = tp; ntp; ntp = ntp->entry)
+	for(ntp = tp; ntp != nil; ntp = ntp->entry)
 		if(strcmp(ntp->attr, "uid") == 0){
 			if(strcmp(ntp->val, notuser) == 0){
 				ok = 0;
@@ -1003,12 +995,28 @@
 }
 
 void
-mkkey(char *k)
+mkkey(Authkey *k)
 {
-	randombytes((uchar*)k, DESKEYLEN);
+	randombytes((uchar*)k->des, DESKEYLEN);
 }
 
+int
+samekey(Authkey *a, Authkey *b)
+{
+	return memcmp(a->des, b->des, DESKEYLEN) == 0;
+}
+
 void
+mkticket(Ticketreq *tr, Ticket *t)
+{
+	memset(t, 0, sizeof(Ticket));
+	memmove(t->chal, tr->chal, CHALLEN);
+	safecpy(t->cuid, tr->uid, sizeof(t->cuid));
+	safecpy(t->suid, tr->uid, sizeof(t->suid));
+	randombytes((uchar*)t->key, DESKEYLEN);
+}
+
+void
 randombytes(uchar *buf, int len)
 {
 	int i;
@@ -1024,25 +1032,24 @@
  *  reply with ticket and authenticator
  */
 int
-tickauthreply(Ticketreq *tr, char *hkey)
+tickauthreply(Ticketreq *tr, Authkey *hkey)
 {
 	Ticket t;
 	Authenticator a;
 	char buf[TICKETLEN+AUTHENTLEN+1];
+	int n;
 
-	memset(&t, 0, sizeof(t));
-	memmove(t.chal, tr->chal, CHALLEN);
-	safecpy(t.cuid, tr->uid, sizeof t.cuid);
-	safecpy(t.suid, tr->uid, sizeof t.suid);
-	mkkey(t.key);
-	buf[0] = AuthOK;
+	mkticket(tr, &t);
 	t.num = AuthTs;
-	convT2M(&t, buf+1, hkey);
+	n = 0;
+	buf[n++] = AuthOK;
+	n += convT2M(&t, buf+n, sizeof(buf)-n, hkey);
+	memset(&a, 0, sizeof(a));
 	memmove(a.chal, t.chal, CHALLEN);
 	a.num = AuthAc;
 	a.id = 0;
-	convA2M(&a, buf+TICKETLEN+1, t.key);
-	if(write(1, buf, TICKETLEN+AUTHENTLEN+1) < 0)
+	n += convA2M(&a, buf+n, sizeof(buf)-n, &t);
+	if(write(1, buf, n) != n)
 		return -1;
 	return 0;
 }
@@ -1053,3 +1060,4 @@
 	strncpy(to, from, len);
 	to[len-1] = 0;
 }
+
--- a/sys/src/cmd/auth/changeuser.c
+++ b/sys/src/cmd/auth/changeuser.c
@@ -5,7 +5,7 @@
 #include <bio.h>
 #include "authcmdlib.h"
 
-void	install(char*, char*, char*, long, int);
+void	install(char*, char*, Authkey*, long, int);
 int	exists (char*, char*);
 
 void
@@ -18,14 +18,15 @@
 void
 main(int argc, char *argv[])
 {
-	char *u, key[DESKEYLEN], answer[32], p9pass[32];
+	char *u, answer[32], p9pass[32];
 	int which, i, newkey, newbio, dosecret;
 	long t;
+	Authkey key;
 	Acctbio a;
 	Fs *f;
 
 	srand(getpid()*time(0));
-	fmtinstall('K', keyfmt);
+	fmtinstall('K', deskeyfmt);
 
 	which = 0;
 	ARGBEGIN{
@@ -61,10 +62,10 @@
 				newkey = 0;
 		}
 		if(newkey)
-			getpass(key, p9pass, 1, 1);
+			getpass(&key, p9pass, 1, 1);
 		dosecret = getsecret(newkey, p9pass);
 		t = getexpiration(f->keys, u);
-		install(f->keys, u, key, t, newkey);
+		install(f->keys, u, &key, t, newkey);
 		if(dosecret && setsecret(KEYDB, u, p9pass) == 0)
 			error("error writing Inferno/pop secret");
 		newbio = querybio(f->who, u, &a);
@@ -83,17 +84,17 @@
 		}
 		if(newkey)
 			for(i=0; i<DESKEYLEN; i++)
-				key[i] = nrand(256);
+				key.des[i] = nrand(256);
 		if(a.user == 0){
 			t = getexpiration(f->keys, u);
 			newbio = querybio(f->who, u, &a);
 		}
-		install(f->keys, u, key, t, newkey);
+		install(f->keys, u, &key, t, newkey);
 		if(newbio)
 			wrbio(f->who, &a);
-		findkey(f->keys, u, key);
-		print("user %s: SecureNet key: %K\n", u, key);
-		checksum(key, answer);
+		finddeskey(f->keys, u, key.des);
+		print("user %s: SecureNet key: %K\n", u, key.des);
+		checksum(key.des, answer);
 		print("verify with checksum %s\n", answer);
 		print("user %s installed for SecureNet\n", u);
 		syslog(0, AUTHLOG, "user %s installed for securenet", u);
@@ -102,7 +103,7 @@
 }
 
 void
-install(char *db, char *u, char *key, long t, int newkey)
+install(char *db, char *u, Authkey *key, long t, int newkey)
 {
 	char buf[KEYDBBUF+ANAMELEN+20];
 	int fd;
@@ -118,7 +119,7 @@
 	if(newkey){
 		sprint(buf, "%s/%s/key", db, u);
 		fd = open(buf, OWRITE);
-		if(fd < 0 || write(fd, key, DESKEYLEN) != DESKEYLEN)
+		if(fd < 0 || write(fd, key->des, DESKEYLEN) != DESKEYLEN)
 			error("can't set key: %r");
 		close(fd);
 	}
--- a/sys/src/cmd/auth/convkeys.c
+++ b/sys/src/cmd/auth/convkeys.c
@@ -7,12 +7,11 @@
 #include <bio.h>
 #include "authcmdlib.h"
 
-char	authkey[DESKEYLEN];
+Authkey	authkey;
 int	verb;
 int	usepass;
 
-int	convert(char*, char*, int);
-int	dofcrypt(int, char*, char*, int);
+int	convert(char*, Authkey*, int);
 void	usage(void);
 
 void
@@ -19,7 +18,8 @@
 main(int argc, char *argv[])
 {
 	Dir *d;
-	char *p, *file, key[DESKEYLEN];
+	Authkey key;
+	char *p, *file;
 	int fd, len;
 
 	ARGBEGIN{
@@ -40,12 +40,12 @@
 	/* get original key */
 	if(usepass){
 		print("enter password file is encoded with\n");
-		getpass(authkey, nil, 0, 1);
+		getpass(&authkey, nil, 0, 1);
 	} else
-		getauthkey(authkey);
+		getauthkey(&authkey);
 	if(!verb){
 		print("enter password to reencode with\n");
-		getpass(key, nil, 0, 1);
+		getpass(&key, nil, 0, 1);
 	}
 
 	fd = open(file, ORDWR);
@@ -60,7 +60,7 @@
 		error("out of memory");
 	if(read(fd, p, len) != len)
 		error("can't read key file: %r\n");
-	len = convert(p, key, len);
+	len = convert(p, &key, len);
 	if(verb)
 		exits(0);
 	if(pwrite(fd, p, len, 0) != len)
@@ -128,7 +128,7 @@
 }
 
 int
-convert(char *p, char *key, int len)
+convert(char *p, Authkey *key, int len)
 {
 	int i;
 
@@ -139,7 +139,7 @@
 		len -= len % KEYDBLEN;
 	}
 	len += KEYDBOFF;
-	oldCBCdecrypt(authkey, p, len);
+	oldCBCdecrypt(authkey.des, p, len);
 	for(i = KEYDBOFF; i < len; i += KEYDBLEN)
 		if (badname(&p[i])) {
 			print("bad name %.30s... - aborting\n", &p[i]);
@@ -150,7 +150,7 @@
 			print("%s\n", &p[i]);
 
 	randombytes((uchar*)p, 8);
-	oldCBCencrypt(key, p, len);
+	oldCBCencrypt(key->des, p, len);
 	return len;
 }
 
--- a/sys/src/cmd/auth/convkeys2.c
+++ b/sys/src/cmd/auth/convkeys2.c
@@ -6,12 +6,11 @@
 #include <bio.h>
 #include "authcmdlib.h"
 
-char	authkey[DESKEYLEN];
+Authkey	authkey;
 int	verb;
 int	usepass;
 
-int	convert(char*, char*, char*, int);
-int	dofcrypt(int, char*, char*, int);
+int	convert(char*, char*, Authkey*, int);
 void	usage(void);
 void	randombytes(uchar*, int);
 
@@ -19,7 +18,8 @@
 main(int argc, char *argv[])
 {
 	Dir *d;
-	char *p, *np, *file, key[DESKEYLEN];
+	Authkey key;
+	char *p, *np, *file;
 	int fd, len;
 
 	ARGBEGIN{
@@ -40,11 +40,11 @@
 	/* get original key */
 	if(usepass){
 		print("enter password file is encoded with\n");
-		getpass(authkey, nil, 0, 1);
+		getpass(&authkey, nil, 0, 1);
 	} else
-		getauthkey(authkey);
+		getauthkey(&authkey);
 	print("enter password to reencode with\n");
-	getpass(key, nil, 0, 1);
+	getpass(&key, nil, 0, 1);
 
 	fd = open(file, ORDWR);
 	if(fd < 0)
@@ -61,7 +61,7 @@
 		error("out of memory");
 	if(read(fd, p, len) != len)
 		error("can't read key file: %r\n");
-	len = convert(p, np, key, len);
+	len = convert(p, np, &key, len);
 	if(verb)
 		exits(0);
 	if(pwrite(fd, np, len, 0) != len)
@@ -84,7 +84,7 @@
 }
 
 int
-convert(char *p, char *np, char *key, int len)
+convert(char *p, char *np, Authkey *key, int len)
 {
 	int i, off, noff;
 
@@ -95,7 +95,7 @@
 	for(i = 0; i < len; i ++){
 		off = i*OKEYDBLEN;
 		noff = KEYDBOFF+i*(KEYDBLEN);
-		decrypt(authkey, &p[off], OKEYDBLEN);
+		decrypt(authkey.des, &p[off], OKEYDBLEN);
 		memmove(&np[noff], &p[off], OKEYDBLEN);
 		memset(&np[noff-SECRETLEN], 0, SECRETLEN);
 		if(verb)
@@ -103,7 +103,7 @@
 	}
 	randombytes((uchar*)np, KEYDBOFF);
 	len = (len*KEYDBLEN) + KEYDBOFF;
-	oldCBCencrypt(key, np, len);
+	oldCBCencrypt(key->des, np, len);
 	return len;
 }
 
--- a/sys/src/cmd/auth/cron.c
+++ b/sys/src/cmd/auth/cron.c
@@ -3,6 +3,7 @@
 #include <bio.h>
 #include <libsec.h>
 #include <auth.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 char CRONLOG[] = "cron";
--- a/sys/src/cmd/auth/debug.c
+++ b/sys/src/cmd/auth/debug.c
@@ -208,9 +208,9 @@
 void
 authfutz(char *dom, char *user)
 {
-	int fd, nobootes;
-	char pw[128], prompt[128], key[DESKEYLEN], booteskey[DESKEYLEN], tbuf[2*TICKETLEN],
-		trbuf[TICKREQLEN];
+	int fd, nobootes, n, m;
+	char pw[128], prompt[128], tbuf[2*TICKETLEN];
+	Authkey key, booteskey;
 	Ticket t;
 	Ticketreq tr;
 
@@ -218,7 +218,7 @@
 	readcons(prompt, nil, 1, pw, sizeof pw);
 	if(pw[0] == '\0')
 		return;
-	passtokey(key, pw);
+	passtokey(&key, pw);
 
 	fd = authdial(nil, dom);
 	if(fd < 0){
@@ -227,6 +227,7 @@
 	}
 
 	/* try ticket request using just user key */
+	memset(&tr, 0, sizeof(tr));
 	tr.type = AuthTreq;
 	strecpy(tr.authid, tr.authid+sizeof tr.authid, user);
 	strecpy(tr.authdom, tr.authdom+sizeof tr.authdom, dom);
@@ -233,13 +234,12 @@
 	strecpy(tr.hostid, tr.hostid+sizeof tr.hostid, user);
 	strecpy(tr.uid, tr.uid+sizeof tr.uid, user);
 	memset(tr.chal, 0xAA, sizeof tr.chal);
-	convTR2M(&tr, trbuf);
-	if(_asgetticket(fd, trbuf, tbuf) < 0){
-		close(fd);
+	if((n = _asgetticket(fd, &tr, tbuf, sizeof(tbuf))) < 0){
 		print("\t_asgetticket failed: %r\n");
+		close(fd);
 		return;
 	}
-	convM2T(tbuf, &t, key);
+	m = convM2T(tbuf, n, &t, &key);
 	if(t.num != AuthTc){
 		print("\tcannot decrypt ticket1 from auth server (bad t.num=0x%.2ux)\n", t.num);
 		print("\tauth server and you do not agree on key for %s@%s\n", user, dom);
@@ -252,7 +252,7 @@
 		return;
 	}
 
-	convM2T(tbuf+TICKETLEN, &t, key);
+	convM2T(tbuf+m, n-m, &t, &key);
 	if(t.num != AuthTs){
 		print("\tcannot decrypt ticket2 from auth server (bad t.num=0x%.2ux)\n", t.num);
 		print("\tauth server and you do not agree on key for %s@%s\n", user, dom);
@@ -269,13 +269,12 @@
 	/* try ticket request using bootes key */
 	snprint(prompt, sizeof prompt, "\tcpu server owner for domain %s ", dom);
 	readcons(prompt, "glenda", 0, tr.authid, sizeof tr.authid);
-	convTR2M(&tr, trbuf);
-	if(_asgetticket(fd, trbuf, tbuf) < 0){
+	if((n = _asgetticket(fd, &tr, tbuf, sizeof(tbuf))) < 0){
 		close(fd);
 		print("\t_asgetticket failed: %r\n");
 		return;
 	}
-	convM2T(tbuf, &t, key);
+	m = convM2T(tbuf, n, &t, &key);
 	if(t.num != AuthTc){
 		print("\tcannot decrypt ticket1 from auth server (bad t.num=0x%.2ux)\n", t.num);
 		print("\tauth server and you do not agree on key for %s@%s\n", user, dom);
@@ -295,9 +294,9 @@
 		goto Nobootes;
 	}
 	nobootes = 0;
-	passtokey(booteskey, pw);
+	passtokey(&booteskey, pw);
 
-	convM2T(tbuf+TICKETLEN, &t, booteskey);
+	convM2T(tbuf+m, n-m, &t, &booteskey);
 	if(t.num != AuthTs){
 		print("\tcannot decrypt ticket2 from auth server (bad t.num=0x%.2ux)\n", t.num);
 		print("\tauth server and you do not agree on key for %s@%s\n", tr.authid, dom);
--- a/sys/src/cmd/auth/factotum/apop.c
+++ b/sys/src/cmd/auth/factotum/apop.c
@@ -208,7 +208,7 @@
 static int
 dochal(State *s)
 {
-	char *dom, *user, trbuf[TICKREQLEN];
+	char *dom, *user;
 	int n;
 
 	s->asfd = -1;
@@ -228,13 +228,11 @@
 		goto err;
 
 	memset(&s->tr, 0, sizeof(s->tr));
-	s->tr.type = s->astype;
 	safecpy(s->tr.authdom, dom, sizeof s->tr.authdom);
 	safecpy(s->tr.hostid, user, sizeof(s->tr.hostid));
-	convTR2M(&s->tr, trbuf);
-
+	s->tr.type = s->astype;
 	alarm(30*1000);
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+	if(_asrequest(s->asfd, &s->tr) < 0){
 		alarm(0);
 		goto err;
 	}
@@ -254,8 +252,6 @@
 static int
 doreply(State *s, char *user, char *response)
 {
-	char ticket[TICKETLEN+AUTHENTLEN];
-	char trbuf[TICKREQLEN];
 	int n;
 	Authenticator a;
 
@@ -267,21 +263,16 @@
 
 	memrandom(s->tr.chal, CHALLEN);
 	safecpy(s->tr.uid, user, sizeof(s->tr.uid));
-	convTR2M(&s->tr, trbuf);
 	alarm(30*1000);
-	if((n=write(s->asfd, trbuf, TICKREQLEN)) != TICKREQLEN){
+	if(_asrequest(s->asfd, &s->tr) < 0){
 		alarm(0);
-		if(n >= 0)
-			werrstr("short write to auth server");
 		goto err;
 	}
-	if((n=write(s->asfd, response, MD5dlen*2)) != MD5dlen*2){
+	if(write(s->asfd, response, MD5dlen*2) != MD5dlen*2){
 		alarm(0);
-		if(n >= 0)
-			werrstr("short write to auth server");
 		goto err;
 	}
-	n = _asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN);
+	n = _asgetresp(s->asfd, &s->t, &a, (Authkey*)s->key->priv);
 	alarm(0);
 	if(n < 0){
 		/* leave connection open so we can try again */
@@ -290,7 +281,6 @@
 	close(s->asfd);
 	s->asfd = -1;
 
-	convM2T(ticket, &s->t, (char*)s->key->priv);
 	if(s->t.num != AuthTs
 	|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0){
 		if(s->key->successes == 0)
@@ -299,7 +289,6 @@
 		goto err;
 	}
 	s->key->successes++;
-	convM2A(ticket+TICKETLEN, &a, s->t.key);
 	if(a.num != AuthAc
 	|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
 	|| a.id != 0){
@@ -306,7 +295,6 @@
 		werrstr(Easproto);
 		goto err;
 	}
-
 	return 0;
 err:
 	if(s->asfd >= 0)
--- a/sys/src/cmd/auth/factotum/chap.c
+++ b/sys/src/cmd/auth/factotum/chap.c
@@ -299,8 +299,7 @@
 dochal(State *s)
 {
 	char *dom, *user;
-	char trbuf[TICKREQLEN];
-	int ret;
+	int n;
 
 	s->asfd = -1;
 
@@ -315,20 +314,17 @@
 		goto err;
 	
 	memset(&s->tr, 0, sizeof(s->tr));
-	s->tr.type = s->astype;
 	safecpy(s->tr.authdom, dom, sizeof(s->tr.authdom));
 	safecpy(s->tr.hostid, user, sizeof(s->tr.hostid));
-	convTR2M(&s->tr, trbuf);
-
+	s->tr.type = s->astype;
 	alarm(30*1000);
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+	if(_asrequest(s->asfd, &s->tr) < 0){
 		alarm(0);
 		goto err;
 	}
-	/* readn, not _asrdresp.  needs to match auth.srv.c. */
-	ret = readn(s->asfd, s->chal, sizeof s->chal);
+	n = readn(s->asfd, s->chal, sizeof s->chal);
 	alarm(0);
-	if(ret != sizeof s->chal)
+	if(n != sizeof s->chal)
 		goto err;
 
 	return 0;
@@ -343,18 +339,16 @@
 static int
 doreply(State *s, uchar *reply, int nreply)
 {
-	char ticket[TICKETLEN+AUTHENTLEN];
 	int n;
 	Authenticator a;
 
 	alarm(30*1000);
-	if((n=write(s->asfd, reply, nreply)) != nreply){
+	if(write(s->asfd, reply, nreply) != nreply){
 		alarm(0);
-		if(n >= 0)
-			werrstr("short write to auth server");
 		goto err;
 	}
-	if(_asrdresp(s->asfd, ticket, TICKETLEN+AUTHENTLEN) < 0){
+	n = _asgetresp(s->asfd, &s->t, &a, (Authkey*)s->key->priv);
+	if(n < 0){
 		alarm(0);
 		/* leave connection open so we can try again */
 		return -1;
@@ -365,7 +359,7 @@
 		s->nsecret = 0;
 	close(s->asfd);
 	s->asfd = -1;
-	convM2T(ticket, &s->t, s->key->priv);
+
 	if(s->t.num != AuthTs
 	|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0){
 		if(s->key->successes == 0)
@@ -374,7 +368,6 @@
 		return -1;
 	}
 	s->key->successes++;
-	convM2A(ticket+TICKETLEN, &a, s->t.key);
 	if(a.num != AuthAc
 	|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
 	|| a.id != 0){
@@ -381,7 +374,6 @@
 		werrstr(Easproto);
 		return -1;
 	}
-
 	return 0;
 err:
 	if(s->asfd >= 0)
--- a/sys/src/cmd/auth/factotum/p9cr.c
+++ b/sys/src/cmd/auth/factotum/p9cr.c
@@ -165,7 +165,7 @@
 static int
 p9response(Fsstate *fss, State *s)
 {
-	char key[DESKEYLEN];
+	Authkey key;
 	uchar buf[8];
 	ulong chal;
 	char *pw;
@@ -173,10 +173,10 @@
 	pw = _strfindattr(s->key->privattr, "!password");
 	if(pw == nil)
 		return failure(fss, "vncresponse cannot happen");
-	passtokey(key, pw);
+	passtokey(&key, pw);
 	memset(buf, 0, 8);
 	sprint((char*)buf, "%d", atoi(s->chal));
-	if(encrypt(key, buf, 8) < 0)
+	if(encrypt(key.des, buf, 8) < 0)
 		return failure(fss, "can't encrypt response");
 	chal = (buf[0]<<24)+(buf[1]<<16)+(buf[2]<<8)+buf[3];
 	s->resplen = snprint(s->resp, sizeof s->resp, "%.8lux", chal);
@@ -247,7 +247,6 @@
 static int
 p9crwrite(Fsstate *fss, void *va, uint n)
 {
-	char tbuf[TICKETLEN+AUTHENTLEN];
 	State *s;
 	char *data = va;
 	Authenticator a;
@@ -288,7 +287,7 @@
 			return failure(fss, Easproto);
 		}
 		/* get ticket plus authenticator from auth server */
-		ret = _asrdresp(s->asfd, tbuf, TICKETLEN+AUTHENTLEN);
+		ret = _asgetresp(s->asfd, &s->t, &a, (Authkey*)s->key->priv);
 		alarm(0);
 
 		if(ret < 0)
@@ -295,7 +294,6 @@
 			return failure(fss, nil);
 
 		/* check ticket */
-		convM2T(tbuf, &s->t, s->key->priv);
 		if(s->t.num != AuthTs
 		|| memcmp(s->t.chal, s->tr.chal, sizeof(s->t.chal)) != 0){
 			if (s->key->successes == 0)
@@ -303,7 +301,6 @@
 			return failure(fss, Easproto);
 		}
 		s->key->successes++;
-		convM2A(tbuf+TICKETLEN, &a, s->t.key);
 		if(a.num != AuthAc
 		|| memcmp(a.chal, s->tr.chal, sizeof(a.chal)) != 0
 		|| a.id != 0)
@@ -322,13 +319,11 @@
 static int
 getchal(State *s, Fsstate *fss)
 {
-	char trbuf[TICKREQLEN];
 	int n;
 
 	safecpy(s->tr.hostid, _strfindattr(s->key->attr, "user"), sizeof(s->tr.hostid));
 	safecpy(s->tr.authdom, _strfindattr(s->key->attr, "dom"), sizeof(s->tr.authdom));
 	s->tr.type = s->astype;
-	convTR2M(&s->tr, trbuf);
 
 	/* get challenge from auth server */
 	s->asfd = _authdial(nil, _strfindattr(s->key->attr, "dom"));
@@ -335,7 +330,7 @@
 	if(s->asfd < 0)
 		return failure(fss, Easproto);
 	alarm(30*1000);
-	if(write(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN){
+	if(_asrequest(s->asfd, &s->tr) < 0){
 		alarm(0);
 		return failure(fss, Easproto);
 	}
--- a/sys/src/cmd/auth/factotum/p9sk1.c
+++ b/sys/src/cmd/auth/factotum/p9sk1.c
@@ -25,7 +25,7 @@
 	Ticketreq tr;
 	char cchal[CHALLEN];
 	char tbuf[TICKETLEN+AUTHENTLEN];
-	char authkey[DESKEYLEN];
+	int tbuflen;
 	uchar *secret;
 	int speakfor;
 };
@@ -60,7 +60,7 @@
 [SHaveAuth]		"SHaveAuth",
 };
 
-static int gettickets(State*, char*, char*);
+static int gettickets(State*, Ticketreq *, char*, int);
 
 static int
 p9skinit(Proto *p, Fsstate *fss)
@@ -119,6 +119,8 @@
 			break;
 		}
 	}
+	s->tbuflen = 0;
+	s->secret = nil;
 	fss->ps = s;
 	return RpcOk;
 }
@@ -147,13 +149,12 @@
 		m = TICKREQLEN;
 		if(*n < m)
 			return toosmall(fss, m);
-		*n = m;
-		convTR2M(&s->tr, a);
+		*n = convTR2M(&s->tr, a, *n);
 		fss->phase = SNeedTicket;
 		return RpcOk;
 
 	case CHaveTicket:
-		m = TICKETLEN+AUTHENTLEN;
+		m = s->tbuflen;
 		if(*n < m)
 			return toosmall(fss, m);
 		*n = m;
@@ -162,11 +163,11 @@
 		return RpcOk;
 
 	case SHaveAuth:
-		m = AUTHENTLEN;
+		m = s->tbuflen;
 		if(*n < m)
 			return toosmall(fss, m);
 		*n = m;
-		memmove(a, s->tbuf+TICKETLEN, m);
+		memmove(a, s->tbuf, m);
 		fss->ai.cuid = s->t.cuid;
 		fss->ai.suid = s->t.suid;
 		s->secret = emalloc(8);
@@ -183,7 +184,7 @@
 p9skwrite(Fsstate *fss, void *a, uint n)
 {
 	int m, ret, sret;
-	char tbuf[2*TICKETLEN], trbuf[TICKREQLEN], *user;
+	char tbuf[2*TICKETLEN], *user;
 	Attr *attr;
 	Authenticator auth;
 	State *s;
@@ -204,12 +205,11 @@
 		return RpcOk;
 
 	case CNeedTreq:
-		m = TICKREQLEN;
-		if(n < m)
-			return toosmall(fss, m);
+		m = convM2TR(a, n, &s->tr);
+		if(m <= 0)
+			return toosmall(fss, -m);
 
 		/* remember server's chal */
-		convM2TR(a, &s->tr);
 		if(s->vers == 2)
 			memmove(s->cchal, s->tr.chal, CHALLEN);
 
@@ -263,15 +263,14 @@
 		else
 			safecpy(s->tr.uid, s->tr.hostid, sizeof s->tr.uid);
 
-		convTR2M(&s->tr, trbuf);
-
 		/* get tickets, from auth server or invent if we can */
-		if(gettickets(s, trbuf, tbuf) < 0){
+		ret = gettickets(s, &s->tr, tbuf, sizeof(tbuf));
+		if(ret < 0){
 			_freeattr(attr);
 			return failure(fss, nil);
 		}
 
-		convM2T(tbuf, &s->t, (char*)s->key->priv);
+		m = convM2T(tbuf, ret, &s->t, (Authkey*)s->key->priv);
 		if(s->t.num != AuthTc){
 			if(s->key->successes == 0 && !s->speakfor)
 				disablekey(s->key);
@@ -287,24 +286,27 @@
 		}
 		s->key->successes++;
 		_freeattr(attr);
-		memmove(s->tbuf, tbuf+TICKETLEN, TICKETLEN);
+		ret -= m;
+		memmove(s->tbuf, tbuf+m, ret);
 
 		auth.num = AuthAc;
 		memmove(auth.chal, s->tr.chal, CHALLEN);
 		auth.id = 0;
-		convA2M(&auth, s->tbuf+TICKETLEN, s->t.key);
+		ret += convA2M(&auth, s->tbuf+ret, sizeof(s->tbuf)-ret, &s->t);
+		s->tbuflen = ret;
 		fss->phase = CHaveTicket;
 		return RpcOk;
 
 	case SNeedTicket:
-		m = TICKETLEN+AUTHENTLEN;
-		if(n < m)
-			return toosmall(fss, m);
-		convM2T(a, &s->t, (char*)s->key->priv);
+		m = convM2T(a, n, &s->t, (Authkey*)s->key->priv);
+		if(m <= 0)
+			return toosmall(fss, -m);
 		if(s->t.num != AuthTs
 		|| memcmp(s->t.chal, s->tr.chal, CHALLEN) != 0)
 			return failure(fss, Easproto);
-		convM2A((char*)a+TICKETLEN, &auth, s->t.key);
+		ret = convM2A((char*)a+m, n-m, &auth, &s->t);
+		if(ret <= 0)
+			return toosmall(fss, -ret + m);
 		if(auth.num != AuthAc
 		|| memcmp(auth.chal, s->tr.chal, CHALLEN) != 0
 		|| auth.id != 0)
@@ -312,15 +314,14 @@
 		auth.num = AuthAs;
 		memmove(auth.chal, s->cchal, CHALLEN);
 		auth.id = 0;
-		convA2M(&auth, s->tbuf+TICKETLEN, s->t.key);
+		s->tbuflen = convA2M(&auth, s->tbuf, sizeof(s->tbuf), &s->t);
 		fss->phase = SHaveAuth;
 		return RpcOk;
 
 	case CNeedAuth:
-		m = AUTHENTLEN;
-		if(n < m)
-			return toosmall(fss, m);
-		convM2A(a, &auth, s->t.key);
+		m = convM2A(a, n, &auth, &s->t);
+		if(m <= 0)
+			return toosmall(fss, -m);
 		if(auth.num != AuthAs
 		|| memcmp(auth.chal, s->cchal, CHALLEN) != 0
 		|| auth.id != 0)
@@ -384,24 +385,24 @@
 static int
 p9skaddkey(Key *k, int before)
 {
+	Authkey *akey;
 	char *s;
 
-	k->priv = emalloc(DESKEYLEN);
+	akey = emalloc(sizeof(Authkey));
 	if(s = _strfindattr(k->privattr, "!hex")){
-		if(hexparse(s, k->priv, 7) < 0){
-			free(k->priv);
-			k->priv = nil;
+		if(hexparse(s, (uchar*)akey->des, DESKEYLEN) < 0){
+			free(akey);
 			werrstr("malformed key data");
 			return -1;
 		}
 	}else if(s = _strfindattr(k->privattr, "!password")){
-		passtokey((char*)k->priv, s);
+		passtokey(akey, s);
 	}else{
 		werrstr("no key data");
-		free(k->priv);
-		k->priv = nil;
+		free(akey);
 		return -1;
 	}
+	k->priv = akey;
 	return replacekey(k, before);
 }
 
@@ -412,7 +413,7 @@
 }
 
 static int
-getastickets(State *s, char *trbuf, char *tbuf)
+getastickets(State *s, Ticketreq *tr, char *tbuf, int tbuflen)
 {
 	int asfd, rv;
 	char *dom;
@@ -425,7 +426,7 @@
 	if(asfd < 0)
 		return -1;
 	alarm(30*1000);
-	rv = _asgetticket(asfd, trbuf, tbuf);
+	rv = _asgetticket(asfd, tr, tbuf, tbuflen);
 	alarm(0);
 	close(asfd);
 	return rv;
@@ -432,10 +433,11 @@
 }
 
 static int
-mkserverticket(State *s, char *tbuf)
+mkserverticket(State *s, char *tbuf, int tbuflen)
 {
 	Ticketreq *tr = &s->tr;
 	Ticket t;
+	int ret;
 
 	if(strcmp(tr->authid, tr->hostid) != 0)
 		return -1;
@@ -449,22 +451,21 @@
 	strcpy(t.suid, tr->uid);
 	memrandom(t.key, DESKEYLEN);
 	t.num = AuthTc;
-	convT2M(&t, tbuf, s->key->priv);
+	ret = convT2M(&t, tbuf, tbuflen, (Authkey*)s->key->priv);
 	t.num = AuthTs;
-	convT2M(&t, tbuf+TICKETLEN, s->key->priv);
-	return 0;
+	ret += convT2M(&t, tbuf+ret, tbuflen-ret, (Authkey*)s->key->priv);
+	return ret;
 }
 
 static int
-gettickets(State *s, char *trbuf, char *tbuf)
+gettickets(State *s, Ticketreq *tr, char *tbuf, int tbuflen)
 {
-/*
-	if(mktickets(s, trbuf, tbuf) >= 0)
-		return 0;
-*/
-	if(getastickets(s, trbuf, tbuf) >= 0)
-		return 0;
-	return mkserverticket(s, tbuf);
+	int ret;
+
+	ret = getastickets(s, tr, tbuf, tbuflen);
+	if(ret >= 0)
+		return ret;
+	return mkserverticket(s, tbuf, tbuflen);
 }
 
 Proto p9sk1 = {
--- a/sys/src/cmd/auth/guard.srv.c
+++ b/sys/src/cmd/auth/guard.srv.c
@@ -90,7 +90,7 @@
 
 	/* remove password login from guard.research.bell-labs.com, sucre, etc. */
 //	if(!findkey(KEYDB,    user, ukey) || !netcheck(ukey, chal, resp))
-	if(!findkey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
+	if(!finddeskey(NETKEYDB, user, ukey) || !netcheck(ukey, chal, resp))
 	if((err = secureidcheck(user, resp)) != nil){
 		print("NO %s", err);
 		write(1, "NO", 2);
--- a/sys/src/cmd/auth/httpauth.c
+++ b/sys/src/cmd/auth/httpauth.c
@@ -8,36 +8,25 @@
 	int afd;
 	Ticketreq tr;
 	Ticket	t;
-	char key[DESKEYLEN];
-	char buf[512];
+	Authkey key;
 
 	afd = authdial(nil, nil);
 	if(afd < 0)
 		return -1;
 
+	passtokey(&key, password);
+
 	/* send ticket request to AS */
 	memset(&tr, 0, sizeof(tr));
 	strcpy(tr.uid, name);
 	tr.type = AuthHttp;
-	convTR2M(&tr, buf);
-	if(write(afd, buf, TICKREQLEN) != TICKREQLEN){
+	if(_asrequest(afd, &tr) < 0){
 		close(afd);
 		return -1;
 	}
-	if(_asrdresp(afd, buf, TICKETLEN) < 0){
-		close(afd);
-		return -1;
-	}
+	_asgetresp(afd, &t, nil, &key);
 	close(afd);
-
-	/*
-	 *  use password and try to decrypt the
-	 *  ticket.  If it doesn't work we've got a bad password,
-	 *  give up.
-	 */
-	passtokey(key, password);
-	convM2T(buf, &t, key);
-	if(t.num != AuthHr || strcmp(t.cuid, tr.uid))
+	if(t.num != AuthHr || strcmp(t.cuid, tr.uid) != 0)
 		return -1;
 
 	return 0;
--- a/sys/src/cmd/auth/keyfs.c
+++ b/sys/src/cmd/auth/keyfs.c
@@ -13,7 +13,7 @@
 
 #pragma	varargck	type	"W"	char*
 
-char authkey[8];
+Authkey authkey;
 
 typedef struct Fid	Fid;
 typedef struct User	User;
@@ -170,9 +170,9 @@
 		error("can't make pipe: %r");
 
 	if(usepass) {
-		getpass(authkey, nil, 0, 0);
+		getpass(&authkey, nil, 0, 0);
 	} else {
-		if(!getauthkey(authkey))
+		if(!getauthkey(&authkey))
 			print("keyfs: warning: can't read NVRAM\n");
 	}
 
@@ -690,7 +690,7 @@
 
 	if(Bread(b, buf, KEYDBLEN) != KEYDBLEN)
 		return 0;
-	decrypt(authkey, buf, KEYDBLEN);
+	decrypt(authkey.des, buf, KEYDBLEN);
 	buf[Namelen-1] = '\0';
 	return 1;
 }
@@ -780,7 +780,7 @@
 		}
 
 	/* encrypt */
-	oldCBCencrypt(authkey, buf, p - buf);
+	oldCBCencrypt(authkey.des, buf, p - buf);
 
 	/* write file */
 	fd = create(userkeys, OWRITE, 0660);
@@ -888,7 +888,7 @@
 
 	/* decrypt */
 	n -= n % KEYDBLEN;
-	oldCBCdecrypt(authkey, buf, n);
+	oldCBCdecrypt(authkey.des, buf, n);
 
 	/* unpack */
 	nu = 0;
--- a/sys/src/cmd/auth/lib/error.c
+++ b/sys/src/cmd/auth/lib/error.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 void
--- a/sys/src/cmd/auth/lib/fs.c
+++ b/sys/src/cmd/auth/lib/fs.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 Fs fs[3] =
--- a/sys/src/cmd/auth/lib/getauthkey.c
+++ b/sys/src/cmd/auth/lib/getauthkey.c
@@ -17,9 +17,10 @@
 }
 
 int
-getauthkey(char *authkey)
+getauthkey(Authkey *authkey)
 {
-	if(getkey(authkey) == 0)
+	memset(authkey, 0, sizeof(Authkey));
+	if(getkey(authkey->des) == 0)
 		return 1;
 	print("can't read NVRAM, please enter machine key\n");
 	getpass(authkey, nil, 0, 1);
--- a/sys/src/cmd/auth/lib/getexpiration.c
+++ b/sys/src/cmd/auth/lib/getexpiration.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <ctype.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 /*
--- a/sys/src/cmd/auth/lib/keyfmt.c
+++ b/sys/src/cmd/auth/lib/keyfmt.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 /*
@@ -7,7 +8,7 @@
  * print a key in des standard form
  */
 int
-keyfmt(Fmt *f)
+deskeyfmt(Fmt *f)
 {
 	uchar key[8];
 	char buf[32];
--- a/sys/src/cmd/auth/lib/netcheck.c
+++ b/sys/src/cmd/auth/lib/netcheck.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 /*
--- a/sys/src/cmd/auth/lib/querybio.c
+++ b/sys/src/cmd/auth/lib/querybio.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <bio.h>
 #include <ctype.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 
--- a/sys/src/cmd/auth/lib/rdbio.c
+++ b/sys/src/cmd/auth/lib/rdbio.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <bio.h>
 #include <ctype.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 void
--- a/sys/src/cmd/auth/lib/readarg.c
+++ b/sys/src/cmd/auth/lib/readarg.c
@@ -1,6 +1,7 @@
 #include <u.h>
 #include <libc.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 int
--- a/sys/src/cmd/auth/lib/readln.c
+++ b/sys/src/cmd/auth/lib/readln.c
@@ -5,7 +5,7 @@
 #include "authcmdlib.h"
 
 void
-getpass(char *key, char *pass, int check, int confirm)
+getpass(Authkey *key, char *pass, int check, int confirm)
 {
 	char rpass[32], npass[32];
 	char *err;
--- a/sys/src/cmd/auth/lib/readwrite.c
+++ b/sys/src/cmd/auth/lib/readwrite.c
@@ -33,7 +33,7 @@
 }
 
 char*
-findkey(char *db, char *user, char *key)
+finddeskey(char *db, char *user, char *key)
 {
 	int n;
 	char filename[Maxpath];
@@ -46,6 +46,13 @@
 		return key;
 }
 
+int
+findkey(char *db, char *user, Authkey *key)
+{
+	memset(key, 0, sizeof(Authkey));
+	return finddeskey(db, user, key->des) != nil;
+}
+
 char*
 findsecret(char *db, char *user, char *secret)
 {
@@ -62,7 +69,7 @@
 }
 
 char*
-setkey(char *db, char *user, char *key)
+setdeskey(char *db, char *user, char *key)
 {
 	int n;
 	char filename[Maxpath];
@@ -73,6 +80,12 @@
 		return 0;
 	else
 		return key;
+}
+
+int
+setkey(char *db, char *user, Authkey *key)
+{
+	return setdeskey(db, user, key->des) != nil;
 }
 
 char*
--- a/sys/src/cmd/auth/lib/wrbio.c
+++ b/sys/src/cmd/auth/lib/wrbio.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <bio.h>
 #include <ctype.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 void
--- a/sys/src/cmd/auth/netkey.c
+++ b/sys/src/cmd/auth/netkey.c
@@ -15,7 +15,8 @@
 void
 main(int argc, char *argv[])
 {
-	char buf[32], pass[32], key[DESKEYLEN];
+	Authkey key;
+	char buf[32], pass[32];
 	char *s;
 	int n;
 
@@ -33,7 +34,7 @@
 	}
 
 	readln("Password: ", pass, sizeof pass, 1);
-	passtokey(key, pass);
+	passtokey(&key, pass);
 
 	for(;;){
 		print("challenge: ");
@@ -43,7 +44,7 @@
 		buf[n] = '\0';
 		n = strtol(buf, 0, 10);
 		sprint(buf, "%d", n);
-		netcrypt(key, buf);
+		netcrypt(key.des, buf);
 		print("response: %s\n", buf);
 	}
 }
--- a/sys/src/cmd/auth/passwd.c
+++ b/sys/src/cmd/auth/passwd.c
@@ -1,52 +1,17 @@
 #include <u.h>
 #include <libc.h>
-#include <authsrv.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
-static char *pbmsg = "AS protocol botch";
-
-int
-asrdresp(int fd, char *buf, int len)
-{
-	char error[AERRLEN];
-
-	if(read(fd, buf, 1) != 1){
-		werrstr(pbmsg);
-		return -1;
-	}
-
-	switch(buf[0]){
-	case AuthOK:
-		if(readn(fd, buf, len) < 0){
-			werrstr(pbmsg);
-			return -1;
-		}
-		break;
-	case AuthErr:
-		if(readn(fd, error, AERRLEN) < 0){
-			werrstr(pbmsg);
-			return -1;
-		}
-		error[AERRLEN-1] = 0;
-		errstr(error, sizeof error);
-		return -1;
-	default:
-		werrstr(pbmsg);
-		return -1;
-	}
-	return 0;
-}
-
 void
 main(int argc, char **argv)
 {
-	int fd;
+	int fd, n;
 	Ticketreq tr;
 	Ticket t;
 	Passwordreq pr;
-	char tbuf[TICKETLEN];
-	char key[DESKEYLEN];
+	Authkey key;
 	char buf[512];
 	char *s, *user;
 
@@ -73,12 +38,8 @@
 	memset(&tr, 0, sizeof(tr));
 	strcpy(tr.uid, user);
 	tr.type = AuthPass;
-	convTR2M(&tr, buf);
-	if(write(fd, buf, TICKREQLEN) != TICKREQLEN)
-		error("protocol botch: %r");
-	if(asrdresp(fd, buf, TICKETLEN) < 0)
+	if(_asrequest(fd, &tr) < 0)
 		error("%r");
-	memmove(tbuf, buf, TICKETLEN);
 
 	/*
 	 *  get a password from the user and try to decrypt the
@@ -86,13 +47,17 @@
 	 *  give up.
 	 */
 	readln("Plan 9 Password: ", pr.old, sizeof pr.old, 1);
-	passtokey(key, pr.old);
-	convM2T(tbuf, &t, key);
-	if(t.num != AuthTp || strcmp(t.cuid, tr.uid))
+	passtokey(&key, pr.old);
+
+	if(_asgetresp(fd, &t, nil, &key) < 0)
+		error("%r");
+
+	if(t.num != AuthTp || strcmp(t.cuid, tr.uid) != 0)
 		error("bad password");
 
 	/* loop trying new passwords */
 	for(;;){
+		memset(&pr, 0, sizeof(pr));
 		pr.changesecret = 0;
 		*pr.new = 0;
 		readln("change Plan 9 Password? (y/n) ", buf, sizeof buf, 0);
@@ -126,10 +91,10 @@
 			}
 		}
 		pr.num = AuthPass;
-		convPR2M(&pr, buf, t.key);
-		if(write(fd, buf, PASSREQLEN) != PASSREQLEN)
+		n = convPR2M(&pr, buf, sizeof(buf), &t);
+		if(write(fd, buf, n) != n)
 			error("AS protocol botch: %r");
-		if(asrdresp(fd, buf, 0) == 0)
+		if(_asrdresp(fd, buf, 0) == 0)
 			break;
 		fprint(2, "passwd: refused: %r\n");
 	}
--- a/sys/src/cmd/auth/printnetkey.c
+++ b/sys/src/cmd/auth/printnetkey.c
@@ -1,10 +1,9 @@
 #include <u.h>
 #include <libc.h>
-#include <authsrv.h>
 #include <bio.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
-void	install(char*, char*, int);
 void	usage(void);
 
 void
@@ -15,7 +14,7 @@
 	char keybuf[DESKEYLEN];
 
 	argv0 = "printnetkey";
-	fmtinstall('K', keyfmt);
+	fmtinstall('K', deskeyfmt);
 
 	ARGBEGIN{
 	default:
@@ -25,11 +24,9 @@
 		usage();
 
 	u = argv[0];
-	fmtinstall('K', keyfmt);
-	
 	if(memchr(u, '\0', ANAMELEN) == 0)
 		error("bad user name");
-	key = findkey(NETKEYDB, u, keybuf);
+	key = finddeskey(NETKEYDB, u, keybuf);
 	if(!key)
 		error("%s has no netkey\n", u);
 	print("user %s: net key %K\n", u, key);
--- a/sys/src/cmd/auth/warning.c
+++ b/sys/src/cmd/auth/warning.c
@@ -2,6 +2,7 @@
 #include <libc.h>
 #include <bio.h>
 #include <auth.h>
+#include <authsrv.h>
 #include "authcmdlib.h"
 
 /* working directory */
--- a/sys/src/libauth/auth_userpasswd.c
+++ b/sys/src/libauth/auth_userpasswd.c
@@ -11,13 +11,13 @@
  * this was copied from inet's guard.
  */
 static void
-netresp(char *key, long chal, char *answer)
+netresp(Authkey *key, long chal, char *answer)
 {
 	uchar buf[8];
 
 	memset(buf, 0, sizeof buf);
 	snprint((char *)buf, sizeof buf, "%lud", chal);
-	if(encrypt(key, buf, 8) < 0)
+	if(encrypt(key->des, buf, 8) < 0)
 		abort();
 	sprint(answer, "%.8ux", buf[0]<<24 | buf[1]<<16 | buf[2]<<8 | buf[3]);
 }
@@ -25,7 +25,8 @@
 AuthInfo*
 auth_userpasswd(char *user, char *passwd)
 {
-	char key[DESKEYLEN], resp[16];
+	char resp[16];
+	Authkey key;
 	AuthInfo *ai;
 	Chalstate *ch;
 
@@ -37,9 +38,9 @@
 	if((ch = auth_challenge("user=%q proto=p9cr role=server", user)) == nil)
 		return nil;
 
-	passtokey(key, passwd);
-	netresp(key, atol(ch->chal), resp);
-	memset(key, 0, sizeof key);
+	passtokey(&key, passwd);
+	netresp(&key, atol(ch->chal), resp);
+	memset(&key, 0, sizeof(Authkey));
 
 	ch->resp = resp;
 	ch->nresp = strlen(resp);
--- a/sys/src/libauth/httpauth.c
+++ /dev/null
@@ -1,51 +1,0 @@
-#include <u.h>
-#include <libc.h>
-#include <auth.h>
-#include <authsrv.h>
-
-/* deprecated.
-	This is the mechanism that put entries in /sys/lib/httpd.rewrite
-	and passwords on the authserver in /sys/lib/httppasswords, which
-	was awkward to administer.  Instead, use local .httplogin files,
-	which are implemented in sys/src/cmd/ip/httpd/authorize.c */
-
-int
-httpauth(char *name, char *password)
-{
-	int afd;
-	Ticketreq tr;
-	Ticket	t;
-	char key[DESKEYLEN];
-	char buf[512];
-
-	afd = authdial(nil, nil);
-	if(afd < 0)
-		return -1;
-
-	/* send ticket request to AS */
-	memset(&tr, 0, sizeof(tr));
-	strcpy(tr.uid, name);
-	tr.type = AuthHttp;
-	convTR2M(&tr, buf);
-	if(write(afd, buf, TICKREQLEN) != TICKREQLEN){
-		close(afd);
-		return -1;
-	}
-	if(_asrdresp(afd, buf, TICKETLEN) < 0){
-		close(afd);
-		return -1;
-	}
-	close(afd);
-
-	/*
-	 *  use password and try to decrypt the
-	 *  ticket.  If it doesn't work we've got a bad password,
-	 *  give up.
-	 */
-	passtokey(key, password);
-	convM2T(buf, &t, key);
-	if(t.num != AuthHr || strcmp(t.cuid, tr.uid))
-		return -1;
-
-	return 0;
-}
--- a/sys/src/libauthsrv/_asgetticket.c
+++ b/sys/src/libauthsrv/_asgetticket.c
@@ -5,11 +5,13 @@
 static char *pbmsg = "AS protocol botch";
 
 int
-_asgetticket(int fd, char *trbuf, char *tbuf)
+_asgetticket(int fd, Ticketreq *tr, char *tbuf, int tbuflen)
 {
-	if(write(fd, trbuf, TICKREQLEN) < 0){
+	if(_asrequest(fd, tr) < 0){
 		werrstr(pbmsg);
 		return -1;
 	}
-	return _asrdresp(fd, tbuf, 2*TICKETLEN);
+	if(tbuflen > 2*TICKETLEN)
+		tbuflen = 2*TICKETLEN;
+	return _asrdresp(fd, tbuf, tbuflen);
 }
--- a/sys/src/libauthsrv/convA2M.c
+++ b/sys/src/libauthsrv/convA2M.c
@@ -9,17 +9,19 @@
 #define	STRING(x,n)	memmove(p, f->x, n); p += n
 
 int
-convA2M(Authenticator *f, char *ap, char *key)
+convA2M(Authenticator *f, char *ap, int n, Ticket *t)
 {
-	int n;
 	uchar *p;
 
+	if(n < AUTHENTLEN)
+		return 0;
+
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(chal, CHALLEN);
 	LONG(id);
 	n = p - (uchar*)ap;
-	if(key)
-		encrypt(key, ap, n);
+	if(t)
+		encrypt(t->key, ap, n);
 	return n;
 }
--- a/sys/src/libauthsrv/convM2A.c
+++ b/sys/src/libauthsrv/convM2A.c
@@ -8,16 +8,24 @@
 #define	LONG(x)		VLONG(f->x)
 #define	STRING(x,n)	memmove(f->x, p, n); p += n
 
-void
-convM2A(char *ap, Authenticator *f, char *key)
+int
+convM2A(char *ap, int n, Authenticator *f, Ticket *t)
 {
-	uchar *p;
+	uchar *p, buf[AUTHENTLEN];
 
-	if(key)
-		decrypt(key, ap, AUTHENTLEN);
+	memset(f, 0, sizeof(Authenticator));
+	if(n < AUTHENTLEN)
+		return -AUTHENTLEN;
+
+	if(t) {
+		memmove(buf, ap, AUTHENTLEN);
+		ap = (char*)buf;
+		decrypt(t->key, ap, AUTHENTLEN);
+	}
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(chal, CHALLEN);
 	LONG(id);
-	USED(p);
+	n = p - (uchar*)ap;
+	return n;
 }
--- a/sys/src/libauthsrv/convM2PR.c
+++ b/sys/src/libauthsrv/convM2PR.c
@@ -8,14 +8,21 @@
 #define	LONG(x)		VLONG(f->x)
 #define	STRING(x,n)	memmove(f->x, p, n); p += n
 
-void
-convM2PR(char *ap, Passwordreq *f, char *key)
+int
+convM2PR(char *ap, int n, Passwordreq *f, Ticket *t)
 {
-	uchar *p;
+	uchar *p, buf[PASSREQLEN];
 
+	memset(f, 0, sizeof(Passwordreq));
+	if(n < PASSREQLEN)
+		return -PASSREQLEN;
+
+	if(t){
+		memmove(buf, ap, PASSREQLEN);
+		ap = (char*)buf;
+		decrypt(t->key, ap, PASSREQLEN);
+	}
 	p = (uchar*)ap;
-	if(key)
-		decrypt(key, ap, PASSREQLEN);
 	CHAR(num);
 	STRING(old, ANAMELEN);
 	f->old[ANAMELEN-1] = 0;
@@ -24,5 +31,6 @@
 	CHAR(changesecret);
 	STRING(secret, SECRETLEN);
 	f->secret[SECRETLEN-1] = 0;
-	USED(p);
+	n = p - (uchar*)ap;
+	return n;
 }
--- a/sys/src/libauthsrv/convM2T.c
+++ b/sys/src/libauthsrv/convM2T.c
@@ -8,13 +8,20 @@
 #define	LONG(x)		VLONG(f->x)
 #define	STRING(x,n)	memmove(f->x, p, n); p += n
 
-void
-convM2T(char *ap, Ticket *f, char *key)
+int
+convM2T(char *ap, int n, Ticket *f, Authkey *key)
 {
-	uchar *p;
+	uchar *p, buf[TICKETLEN];
 
-	if(key)
-		decrypt(key, ap, TICKETLEN);
+	memset(f, 0, sizeof(Ticket));
+	if(n < TICKETLEN)
+		return -TICKETLEN;
+
+	if(key){
+		memmove(buf, ap, TICKETLEN);
+		ap = (char*)buf;
+		decrypt(key->des, ap, TICKETLEN);
+	}
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(chal, CHALLEN);
@@ -23,6 +30,6 @@
 	STRING(suid, ANAMELEN);
 	f->suid[ANAMELEN-1] = 0;
 	STRING(key, DESKEYLEN);
-	USED(p);
+	n = p - (uchar*)ap;
+	return n;
 }
-
--- a/sys/src/libauthsrv/convM2TR.c
+++ b/sys/src/libauthsrv/convM2TR.c
@@ -8,11 +8,15 @@
 #define	LONG(x)		VLONG(f->x)
 #define	STRING(x,n)	memmove(f->x, p, n); p += n
 
-void
-convM2TR(char *ap, Ticketreq *f)
+int
+convM2TR(char *ap, int n, Ticketreq *f)
 {
 	uchar *p;
 
+	memset(f, 0, sizeof(Ticketreq));
+	if(n < TICKREQLEN)
+		return -TICKREQLEN;
+
 	p = (uchar*)ap;
 	CHAR(type);
 	STRING(authid, ANAMELEN);
@@ -24,5 +28,6 @@
 	f->hostid[ANAMELEN-1] = 0;
 	STRING(uid, ANAMELEN);
 	f->uid[ANAMELEN-1] = 0;
-	USED(p);
+	n = p - (uchar*)ap;
+	return n;
 }
--- a/sys/src/libauthsrv/convPR2M.c
+++ b/sys/src/libauthsrv/convPR2M.c
@@ -9,11 +9,13 @@
 #define	STRING(x,n)	memmove(p, f->x, n); p += n
 
 int
-convPR2M(Passwordreq *f, char *ap, char *key)
+convPR2M(Passwordreq *f, char *ap, int n, Ticket *t)
 {
-	int n;
 	uchar *p;
 
+	if(n < PASSREQLEN)
+		return 0;
+
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(old, ANAMELEN);
@@ -21,8 +23,8 @@
 	CHAR(changesecret);
 	STRING(secret, SECRETLEN);
 	n = p - (uchar*)ap;
-	if(key)
-		encrypt(key, ap, n);
+	if(t)
+		encrypt(t->key, ap, n);
 	return n;
 }
 
--- a/sys/src/libauthsrv/convT2M.c
+++ b/sys/src/libauthsrv/convT2M.c
@@ -9,11 +9,13 @@
 #define	STRING(x,n)	memmove(p, f->x, n); p += n
 
 int
-convT2M(Ticket *f, char *ap, char *key)
+convT2M(Ticket *f, char *ap, int n, Authkey *key)
 {
-	int n;
 	uchar *p;
 
+	if(n < TICKETLEN)
+		return 0;
+
 	p = (uchar*)ap;
 	CHAR(num);
 	STRING(chal, CHALLEN);
@@ -22,6 +24,6 @@
 	STRING(key, DESKEYLEN);
 	n = p - (uchar*)ap;
 	if(key)
-		encrypt(key, ap, n);
+		encrypt(key->des, ap, n);
 	return n;
 }
--- a/sys/src/libauthsrv/convTR2M.c
+++ b/sys/src/libauthsrv/convTR2M.c
@@ -9,11 +9,13 @@
 #define	STRING(x,n)	memmove(p, f->x, n); p += n
 
 int
-convTR2M(Ticketreq *f, char *ap)
+convTR2M(Ticketreq *f, char *ap, int n)
 {
-	int n;
 	uchar *p;
 
+	if(n < TICKREQLEN)
+		return 0;
+
 	p = (uchar*)ap;
 	CHAR(type);
 	STRING(authid, 28);	/* BUG */
@@ -24,4 +26,3 @@
 	n = p - (uchar*)ap;
 	return n;
 }
-
--- a/sys/src/libauthsrv/mkfile
+++ b/sys/src/libauthsrv/mkfile
@@ -3,6 +3,8 @@
 LIB=/$objtype/lib/libauthsrv.a
 OFILES=\
 	_asgetticket.$O\
+	_asgetresp.$O\
+	_asrequest.$O\
 	_asrdresp.$O\
 	authdial.$O\
 	convA2M.$O\
--- a/sys/src/libauthsrv/passtokey.c
+++ b/sys/src/libauthsrv/passtokey.c
@@ -3,7 +3,7 @@
 #include <authsrv.h>
 
 int
-passtokey(char *key, char *p)
+passtokey(Authkey *key, char *p)
 {
 	uchar buf[ANAMELEN], *t;
 	int i, n;
@@ -15,10 +15,10 @@
 	t = buf;
 	strncpy((char*)t, p, n);
 	t[n] = 0;
-	memset(key, 0, DESKEYLEN);
+	memset(key, 0, sizeof(Authkey));
 	for(;;){
 		for(i = 0; i < DESKEYLEN; i++)
-			key[i] = (t[i] >> i) + (t[i+1] << (8 - (i+1)));
+			key->des[i] = (t[i] >> i) + (t[i+1] << (8 - (i+1)));
 		if(n <= 8)
 			return 1;
 		n -= 8;
@@ -27,6 +27,6 @@
 			t -= 8 - n;
 			n = 8;
 		}
-		encrypt(key, t, 8);
+		encrypt(key->des, t, 8);
 	}
 }
--- a/sys/src/libauthsrv/readnvram.c
+++ b/sys/src/libauthsrv/readnvram.c
@@ -292,11 +292,14 @@
 			readcons("secstore key", nil, 1, safe->config,
 					sizeof safe->config);
 			for(;;){
-				if(readcons("password", nil, 1, in, sizeof in)
-				    == nil)
+				Authkey k;
+
+				if(readcons("password", nil, 1, in, sizeof in) == nil)
 					goto Out;
-				if(passtokey(safe->machkey, in))
+				if(passtokey(&k, in)){
+					memmove(safe->machkey, k.des, DESKEYLEN);
 					break;
+				}
 			}
 		}