Types Supporting Encryption
Block: TYPE = ARRAY 4 OF UNSPECIFIED;
Key: TYPE = Block; -- each byte has odd parity
HashedPassword: TYPE = CARDINAL;
Types Describing Credentials and Verifiers
CredentialsType: TYPE = { simple(0), strong(1) };
simpleCredentials: CredentialsType = simple;
Credentials:
TYPE =
RECORD [
type: CredentialsType,
value: SeqWords
];
CredentialsPackage:
TYPE =
RECORD [
credentials: Credentials,
nonce: LONG CARDINAL,
recipient: CHName.Name,
conversationKey: Key
];
Strong credentials must be a multiple of 64 bits long, padded with zeroes:
StrongCredentials:
TYPE =
RECORD [
conversationKey: Key,
expirationTime: Time.Time,
initiator: CHName.Name
];
SimpleCredentials: TYPE = CHName.Name;
SeqWords: TYPE = SEQUENCE OF UNSPECIFIED;
Verifier: TYPE = SeqWords;
StrongVerifier:
TYPE =
RECORD [
timeStamp: Time.Time,
ticks: LONG CARDINAL
];
SimpleVerifier: TYPE = HashedPassword;
Remote procedures
GetStrongCredentials:
PROCEDURE [initiator: CHName.Name, recipient: CHName.Name, nonce:
LONG
CARDINAL]
RETURNS [encryptedCredentialsPackage: SeqWords]
REPORTS [AuthenticationError, CallError] = 1;
CheckSimpleCredentials:
PROCEDURE [credentials: Credentials, verifier: Verifier]
RETURNS [ok: BOOLEAN]
REPORTS [AuthenticationError, CallError] = 2;
CreateStrongKey:
PROCEDURE [credentials: Credentials, verifier: Verifier, name: CHName.Name, key: Block]
REPORTS [AuthenticationError, CallError] = 3;
ChangeStrongKey:
PROCEDURE [credentials: Credentials, verifier: Verifier, newKey: Block]
REPORTS [AuthenticationError, CallError] = 4;
DeleteStrongKey:
PROCEDURE [credentials: Credentials, verifier: Verifier, name: CHName.Name]
REPORTS [AuthenticationError, CallError] = 5;
CreateSimpleKey:
PROCEDURE [credentials: Credentials, verifier: Verifier, name: CHName.Name, key: HashedPassword]
REPORTS [AuthenticationError, CallError] = 6;
ChangeSimpleKey:
PROCEDURE [credentials: Credentials, verifier: Verifier, newKey: HashedPassword]
REPORTS [AuthenticationError, CallError] = 7;
DeleteSimpleKey:
PROCEDURE [credentials: Credentials, verifier: Verifier, name: CHName.Name]
REPORTS [AuthenticationError, CallError] = 8;
Remote Errors
CallError: ERROR [problem: CallProblem, whichArg: Which] = 1;
Which:
TYPE = {
notApplicable(0),
initiator(1),
recipient(2),
client(3)
};
CallProblem:
TYPE = {
tooBusy(0),
accessRightsInsufficient(1),
keysUnavailable(2),
strongKeyDoesNotExist(3),
simpleKeyDoesNotExist(4),
strongKeyAlreadyRegistered(5),
simpleKeyAlreadyRegistered(6),
domainForNewKeyUnavailable(7),
domainForNewKeyUnknown(8),
badKey(9),
badName(10),
databaseFull(11),
other(12)
};
AuthenticationError: ERROR [problem: Problem] = 2;
Problem:
TYPE = {
credentialsInvalid(0),
verifierInvalid(1),
verifierExpired(2),
verifierReused(3),
credentialsExpired(4),
inappropriateCredentials(5)
};