126206Swpaul/* 226206Swpaul * Copyright (c) 1996 326206Swpaul * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 426206Swpaul * 526206Swpaul * Redistribution and use in source and binary forms, with or without 626206Swpaul * modification, are permitted provided that the following conditions 726206Swpaul * are met: 826206Swpaul * 1. Redistributions of source code must retain the above copyright 926206Swpaul * notice, this list of conditions and the following disclaimer. 1026206Swpaul * 2. Redistributions in binary form must reproduce the above copyright 1126206Swpaul * notice, this list of conditions and the following disclaimer in the 1226206Swpaul * documentation and/or other materials provided with the distribution. 1326206Swpaul * 3. All advertising materials mentioning features or use of this software 1426206Swpaul * must display the following acknowledgement: 1526206Swpaul * This product includes software developed by Bill Paul. 1626206Swpaul * 4. Neither the name of the author nor the names of any co-contributors 1726206Swpaul * may be used to endorse or promote products derived from this software 1826206Swpaul * without specific prior written permission. 1926206Swpaul * 2026206Swpaul * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 2126206Swpaul * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2226206Swpaul * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2326206Swpaul * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 2426206Swpaul * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2526206Swpaul * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2626206Swpaul * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2726206Swpaul * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2826206Swpaul * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2926206Swpaul * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3026206Swpaul * SUCH DAMAGE. 3126206Swpaul */ 3226206Swpaul 3326206Swpaul#ifndef RPC_HDR 34114629Sobrien%#include <sys/cdefs.h> 35114629Sobrien%__FBSDID("$FreeBSD: releng/11.0/include/rpcsvc/crypt.x 114629 2003-05-04 02:51:42Z obrien $"); 3626206Swpaul#endif 3726206Swpaul 3826206Swpaul/* 3926206Swpaul * This protocol definition exists because of the U.S. government and 4026206Swpaul * its stupid export laws. We can't export DES code from the United 4126206Swpaul * States to other countries (even though the code already exists 4226206Swpaul * outside the U.S. -- go figure that one out) but we need to make 4326206Swpaul * Secure RPC work. The normal way around this is to break the DES 4426206Swpaul * code out into a shared library; we can then provide a dummy lib 4526206Swpaul * in the base OS and provide the real lib in the secure dist, which 4626206Swpaul * the user can install later. But we need Secure RPC for NIS+, and 4726206Swpaul * there are several system programs that use NIS+ which are statically 4826206Swpaul * linked. We would have to provide replacements for these programs 4926206Swpaul * in the secure dist, but there are a lot, and this is a pain. The 5026206Swpaul * shared lib trick won't work for these programs, and we can't change 5126206Swpaul * them once they're compiled. 5226206Swpaul * 5326206Swpaul * One solution for this problem is to do the DES encryption as a system 5426206Swpaul * call; no programs need to be changed and we can even supply the DES 5526206Swpaul * support as an LKM. But this bloats the kernel. Maybe if we have 5626206Swpaul * Secure NFS one day this will be worth it, but for now we should keep 5726206Swpaul * this mess in user space. 5826206Swpaul * 5926206Swpaul * So we have this second solution: we provide a server that does the 6026206Swpaul * DES encryption for us. In this case, the server is keyserv (we need 6126206Swpaul * it to make Secure RPC work anyway) and we use this protocol to ship 6226206Swpaul * the data back and forth between keyserv and the application. 6326206Swpaul */ 6426206Swpaul 6526206Swpaulenum des_dir { ENCRYPT_DES, DECRYPT_DES }; 6626206Swpaulenum des_mode { CBC_DES, ECB_DES }; 6726206Swpaul 6826206Swpaulstruct desargs { 6926206Swpaul u_char des_key[8]; /* key (with low bit parity) */ 7026206Swpaul des_dir des_dir; /* direction */ 7126206Swpaul des_mode des_mode; /* mode */ 7226206Swpaul u_char des_ivec[8]; /* input vector */ 7326206Swpaul opaque desbuf<>; 7426206Swpaul}; 7526206Swpaul 7626206Swpaulstruct desresp { 7726206Swpaul opaque desbuf<>; 7826206Swpaul u_char des_ivec[8]; 7926206Swpaul int stat; 8026206Swpaul}; 8126206Swpaul 8226206Swpaulprogram CRYPT_PROG { 8326206Swpaul version CRYPT_VERS { 8426206Swpaul desresp 8526206Swpaul DES_CRYPT(desargs) = 1; 8626206Swpaul } = 1; 8726206Swpaul} = 600100029; 88