![[Contents]](contents.gif)
![[Index]](index.gif)
include "keyring.m";
include "security.m";
lg:= load Login Login->PATH;
Login: module
{
PATH: con "/dis/lib/login.dis";
DHrandlen: con 512; # size of random number
for dh exponent
PKmodlen: con 512; # size in bits of modulus
for public keys
DHmodlen: con 512; # size in bits of modulus
for diffie hellman
init: fn(): string;
chello: fn(id, agreefile: string,
c: ref Sys->Connection):
(ref Sys->Connection, string);
ckeyx: fn(id, passwd: string, c: ref Sys->Connection):
(ref Keyring->Authinfo, string);
shello: fn(agreefile: string, c: ref Sys->Connection):
(ref Password->PW, string);
skeyx: fn(pw: ref Password->PW, info:
ref Keyring->Authinfo, c: ref Sys->Connection):
(ref Keyring->Authinfo, string);
defaultsigner: fn(): string;
signerkey: fn(file: string):
(ref Keyring->Authinfo, string);
};
The password is used by the encrypted key exchange protocol described in this section to establish a secure channel between the user and CA. The description uses the following notation:
In the following protocol, the notation user --> CA xxx means that a user sends the message xxx to the certifying authority (CA). At any point in the exchange, either party can send an error instead of a message to terminate the protocol.
user --> CA name
CA --> user ACK
user --> CA ivec
CA --> user key(alpha**r0 mod p), alpha, p
user --> CA alpha**r1 mod p
CA --> user CA's public key, SHA(CA's public key + secret)
user --> CA user's public key, SHA(user's public key +
secret)
CA --> user user's public key certificate
The complexity of this protocol is intended to shield the password. To start a clear text attack against the password, one needs to first attack the Diffie-Hellman exponential to determine alpha**r0 mod p.
The values alpha and p are sent unprotected, though the user code does a few sanity checks on the values it receives.
The role of ivec is to foil any replay attacks by someone spoofing the CA.
init: fn(): string;
## returns nil on success; error message on failure.The init function loads the modules required by other Login module functions.
defaultsigner: fn(): string;The defaultsigner function returns the default signer server name from the file /services/cs/db.
signerkey: fn(file: string):
(ref Keyring->Authinfo, string);
## returns (nil, error message) on failure.The signerkey function retrieves the signer's authentication information from file and returns a tuple. If there is an error reading file or the certificate has expired, the tuple contains (nil, <error message>). If signerkey is successful, it returns a reference to a Keyring->Authinfo adt and a nil error message.
chello: fn(id, agreefile: string, c: ref Sys->Connection):
(ref Sys->Connection, string);
## returns (nil, error message) on failure.The chello function sends the user id through an open connection and, if valid, gets an agreement. If successful, chello returns a ref connection and a nil error message.
shello: fn(agreefile: string, c: ref Sys->Connection):
(ref Password->PW, string);
## returns (nil, error message) on failure.The shello function gets the user id from an open connection and checks it against the password file. If valid, shello sends an agreement, waits for acknowledgement, and proceeds if the user agrees returning a ref Password->PW and a nil error message.
ckeyx: fn(id, passwd: string, c: ref Sys->Connection):
(ref Keyring->Authinfo, string);
## returns (nil, error message) on failure.The ckeyx function gets a certificate for a client.
skeyx: fn(pw: ref Password->PW, info:
ref Keyring->Authinfo, c: ref Sys->Connection):
(ref Keyring->Authinfo, string);
## returns (nil, error message) on failure.The skeyx function creates and sends a certificate on an open connection.