shithub: riscv

Download patch

ref: 6de804b578e54fb2e7d24e56c3032def4d24547e
parent: da343924f4e72ed302208ef246d568c865a0a400
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Feb 26 17:44:47 EST 2017 

authsrv: don't hash in hostowner key for keyseed

aiju → i don't like it, it's more bullshit ways to expose the key :)
aiju → if someone can grab /adm/keyseed, they can also grab /adm/users and /adm/keys


--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -1005,18 +1005,9 @@
 void
 initkeyseed(void)
 {
-	static char info[] = "PRF key for generation of dummy user keys";
-	char k[DESKEYLEN], *u;
 	int fd;
 
 	genrandom(keyseed, sizeof(keyseed));
-
-	u = getuser();
-	if(!finddeskey(KEYDB, u, k)){
-		syslog(0, AUTHLOG, "initkeyseed: user %s not in keydb", u);
-		return;
-	}
-
 	if((fd = create("/adm/keyseed", OWRITE|OEXCL, 0600)) >= 0){
 		write(fd, keyseed, sizeof(keyseed));
 	} else if((fd = open("/adm/keyseed", OREAD)) >= 0){
@@ -1023,18 +1014,9 @@
 		read(fd, keyseed, sizeof(keyseed));
 	} else{
 		syslog(0, AUTHLOG, "initkeyseed: no seed file: %r");
-		memset(k, 0, sizeof(k));
 		return;
 	}
 	close(fd);
-
-	hkdf_x(	keyseed, sizeof(keyseed),
-		(uchar*)info, sizeof(info)-1,
-		(uchar*)k, sizeof(k),
-		keyseed, sizeof(keyseed),
-		hmac_sha2_256, SHA2_256dlen);
-
-	memset(k, 0, sizeof(k));
 }
 
 void
--