crypt.x revision 50473
1/* 2 * Copyright (c) 1996 3 * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Bill Paul. 16 * 4. Neither the name of the author nor the names of any co-contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 * 32 * $FreeBSD: head/include/rpcsvc/crypt.x 50473 1999-08-27 23:45:13Z peter $ 33 */ 34 35#ifndef RPC_HDR 36%#ifndef lint 37%static const char rcsid[] = 38% "$FreeBSD: head/include/rpcsvc/crypt.x 50473 1999-08-27 23:45:13Z peter $"; 39%#endif 40#endif 41 42/* 43 * This protocol definition exists because of the U.S. government and 44 * its stupid export laws. We can't export DES code from the United 45 * States to other countries (even though the code already exists 46 * outside the U.S. -- go figure that one out) but we need to make 47 * Secure RPC work. The normal way around this is to break the DES 48 * code out into a shared library; we can then provide a dummy lib 49 * in the base OS and provide the real lib in the secure dist, which 50 * the user can install later. But we need Secure RPC for NIS+, and 51 * there are several system programs that use NIS+ which are statically 52 * linked. We would have to provide replacements for these programs 53 * in the secure dist, but there are a lot, and this is a pain. The 54 * shared lib trick won't work for these programs, and we can't change 55 * them once they're compiled. 56 * 57 * One solution for this problem is to do the DES encryption as a system 58 * call; no programs need to be changed and we can even supply the DES 59 * support as an LKM. But this bloats the kernel. Maybe if we have 60 * Secure NFS one day this will be worth it, but for now we should keep 61 * this mess in user space. 62 * 63 * So we have this second solution: we provide a server that does the 64 * DES encryption for us. In this case, the server is keyserv (we need 65 * it to make Secure RPC work anyway) and we use this protocol to ship 66 * the data back and forth between keyserv and the application. 67 */ 68 69enum des_dir { ENCRYPT_DES, DECRYPT_DES }; 70enum des_mode { CBC_DES, ECB_DES }; 71 72struct desargs { 73 u_char des_key[8]; /* key (with low bit parity) */ 74 des_dir des_dir; /* direction */ 75 des_mode des_mode; /* mode */ 76 u_char des_ivec[8]; /* input vector */ 77 opaque desbuf<>; 78}; 79 80struct desresp { 81 opaque desbuf<>; 82 u_char des_ivec[8]; 83 int stat; 84}; 85 86program CRYPT_PROG { 87 version CRYPT_VERS { 88 desresp 89 DES_CRYPT(desargs) = 1; 90 } = 1; 91} = 600100029; 92