authsrv: don't hash in hostowner key for keyseed

aiju → i don't like it, it's more bullshit ways to expose the key :)
aiju → if someone can grab /adm/keyseed, they can also grab /adm/users and /adm/keys

1 files changed, 0 insertions, 18 deletions

diff --git a/sys/src/cmd/auth/authsrv.c b/sys/src/cmd/auth/authsrv.c
index cd6bd05fd..051c08ff1 100644
--- a/sys/src/cmd/auth/authsrv.c
+++ b/sys/src/cmd/auth/authsrv.c
@@ -1005,36 +1005,18 @@ getraddr(char *dir)
 void
 initkeyseed(void)
 {
-	static char info[] = "PRF key for generation of dummy user keys";
-	char k[DESKEYLEN], *u;
 	int fd;
 
 	genrandom(keyseed, sizeof(keyseed));
-
-	u = getuser();
-	if(!finddeskey(KEYDB, u, k)){
-		syslog(0, AUTHLOG, "initkeyseed: user %s not in keydb", u);
-		return;
-	}
-
 	if((fd = create("/adm/keyseed", OWRITE|OEXCL, 0600)) >= 0){
 		write(fd, keyseed, sizeof(keyseed));
 	} else if((fd = open("/adm/keyseed", OREAD)) >= 0){
 		read(fd, keyseed, sizeof(keyseed));
 	} else{
 		syslog(0, AUTHLOG, "initkeyseed: no seed file: %r");
-		memset(k, 0, sizeof(k));
 		return;
 	}
 	close(fd);
-
-	hkdf_x(	keyseed, sizeof(keyseed),
-		(uchar*)info, sizeof(info)-1,
-		(uchar*)k, sizeof(k),
-		keyseed, sizeof(keyseed),
-		hmac_sha2_256, SHA2_256dlen);
-
-	memset(k, 0, sizeof(k));
 }
 
 void