crypt.x revision 26206
126206Swpaul/* 226206Swpaul * Copyright (c) 1996 326206Swpaul * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 426206Swpaul * 526206Swpaul * Redistribution and use in source and binary forms, with or without 626206Swpaul * modification, are permitted provided that the following conditions 726206Swpaul * are met: 826206Swpaul * 1. Redistributions of source code must retain the above copyright 926206Swpaul * notice, this list of conditions and the following disclaimer. 1026206Swpaul * 2. Redistributions in binary form must reproduce the above copyright 1126206Swpaul * notice, this list of conditions and the following disclaimer in the 1226206Swpaul * documentation and/or other materials provided with the distribution. 1326206Swpaul * 3. All advertising materials mentioning features or use of this software 1426206Swpaul * must display the following acknowledgement: 1526206Swpaul * This product includes software developed by Bill Paul. 1626206Swpaul * 4. Neither the name of the author nor the names of any co-contributors 1726206Swpaul * may be used to endorse or promote products derived from this software 1826206Swpaul * without specific prior written permission. 1926206Swpaul * 2026206Swpaul * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 2126206Swpaul * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2226206Swpaul * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2326206Swpaul * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 2426206Swpaul * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2526206Swpaul * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2626206Swpaul * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2726206Swpaul * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2826206Swpaul * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2926206Swpaul * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3026206Swpaul * SUCH DAMAGE. 3126206Swpaul * 3226206Swpaul * $Id$ 3326206Swpaul */ 3426206Swpaul 3526206Swpaul#ifndef RPC_HDR 3626206Swpaul%#ifndef lint 3726206Swpaul%static const char rcsid[] = "$Id$"; 3826206Swpaul%#endif 3926206Swpaul#endif 4026206Swpaul 4126206Swpaul/* 4226206Swpaul * This protocol definition exists because of the U.S. government and 4326206Swpaul * its stupid export laws. We can't export DES code from the United 4426206Swpaul * States to other countries (even though the code already exists 4526206Swpaul * outside the U.S. -- go figure that one out) but we need to make 4626206Swpaul * Secure RPC work. The normal way around this is to break the DES 4726206Swpaul * code out into a shared library; we can then provide a dummy lib 4826206Swpaul * in the base OS and provide the real lib in the secure dist, which 4926206Swpaul * the user can install later. But we need Secure RPC for NIS+, and 5026206Swpaul * there are several system programs that use NIS+ which are statically 5126206Swpaul * linked. We would have to provide replacements for these programs 5226206Swpaul * in the secure dist, but there are a lot, and this is a pain. The 5326206Swpaul * shared lib trick won't work for these programs, and we can't change 5426206Swpaul * them once they're compiled. 5526206Swpaul * 5626206Swpaul * One solution for this problem is to do the DES encryption as a system 5726206Swpaul * call; no programs need to be changed and we can even supply the DES 5826206Swpaul * support as an LKM. But this bloats the kernel. Maybe if we have 5926206Swpaul * Secure NFS one day this will be worth it, but for now we should keep 6026206Swpaul * this mess in user space. 6126206Swpaul * 6226206Swpaul * So we have this second solution: we provide a server that does the 6326206Swpaul * DES encryption for us. In this case, the server is keyserv (we need 6426206Swpaul * it to make Secure RPC work anyway) and we use this protocol to ship 6526206Swpaul * the data back and forth between keyserv and the application. 6626206Swpaul */ 6726206Swpaul 6826206Swpaulenum des_dir { ENCRYPT_DES, DECRYPT_DES }; 6926206Swpaulenum des_mode { CBC_DES, ECB_DES }; 7026206Swpaul 7126206Swpaulstruct desargs { 7226206Swpaul u_char des_key[8]; /* key (with low bit parity) */ 7326206Swpaul des_dir des_dir; /* direction */ 7426206Swpaul des_mode des_mode; /* mode */ 7526206Swpaul u_char des_ivec[8]; /* input vector */ 7626206Swpaul opaque desbuf<>; 7726206Swpaul}; 7826206Swpaul 7926206Swpaulstruct desresp { 8026206Swpaul opaque desbuf<>; 8126206Swpaul u_char des_ivec[8]; 8226206Swpaul int stat; 8326206Swpaul}; 8426206Swpaul 8526206Swpaulprogram CRYPT_PROG { 8626206Swpaul version CRYPT_VERS { 8726206Swpaul desresp 8826206Swpaul DES_CRYPT(desargs) = 1; 8926206Swpaul } = 1; 9026206Swpaul} = 600100029; 91