<<>>
<<Authentication2.cr>>
    <<Copyright Ó 1986, 1991 by Xerox Corporation.  All rights reserved.>>
    <<Bill Jackson (bj) August 8, 1986 7:23:43 pm PDT>>
    <<Demers, January 15, 1987 10:39:04 pm PST>>

    Authentication: PROGRAM 14 VERSION 2 = BEGIN
        DEPENDS UPON
            CHName(2) VERSION 0,
            Time(15) VERSION 2;

    <<Types Supporting Encryption>>
        Block: TYPE = ARRAY 4 OF UNSPECIFIED;
        Key: TYPE = Block;    -- each byte has odd parity

        HashedPassword: TYPE = CARDINAL;

    <<Types Describing Credentials and Verifiers>>
        CredentialsType: TYPE = { simple(0), strong(1) };

        simpleCredentials: CredentialsType = simple;

        Credentials: TYPE = RECORD [
            type: CredentialsType,
            value: SeqWords
            ];

        CredentialsPackage: TYPE = RECORD [
            credentials: Credentials,
            nonce: LONG CARDINAL,
            recipient: CHName.Name,
            conversationKey: Key
            ];

        <<Strong credentials must be a multiple of 64 bits long, padded with zeroes:>>
        StrongCredentials: TYPE = RECORD [
            conversationKey: Key,
            expirationTime: Time.Time,
            initiator: CHName.Name
            ];

        SimpleCredentials: TYPE = CHName.Name;

        SeqWords: TYPE = SEQUENCE OF UNSPECIFIED;
        Verifier: TYPE = SeqWords;

        StrongVerifier: TYPE = RECORD [
            timeStamp: Time.Time,
            ticks: LONG CARDINAL
            ];

        SimpleVerifier: TYPE = HashedPassword;

    <<Remote procedures>>

        GetStrongCredentials: PROCEDURE [initiator: CHName.Name, recipient: CHName.Name, nonce: LONG CARDINAL]
            RETURNS [encryptedCredentialsPackage: SeqWords]
            REPORTS [AuthenticationError, CallError] = 1;

        CheckSimpleCredentials: PROCEDURE [credentials: Credentials, verifier: Verifier]
            RETURNS [ok: BOOLEAN]
            REPORTS [AuthenticationError, CallError] = 2;

        CreateStrongKey: PROCEDURE [credentials: Credentials, verifier: Verifier, name: CHName.Name, key: Block]
            REPORTS [AuthenticationError, CallError] = 3;

        ChangeStrongKey: PROCEDURE [credentials: Credentials, verifier: Verifier, newKey: Block]
            REPORTS [AuthenticationError, CallError] = 4;

        DeleteStrongKey: PROCEDURE [credentials: Credentials, verifier: Verifier, name: CHName.Name]
            REPORTS [AuthenticationError, CallError] = 5;

        CreateSimpleKey: PROCEDURE [credentials: Credentials, verifier: Verifier, name: CHName.Name, key: HashedPassword]
            REPORTS [AuthenticationError, CallError] = 6;

        ChangeSimpleKey: PROCEDURE [credentials: Credentials, verifier: Verifier, newKey: HashedPassword]
            REPORTS [AuthenticationError, CallError] = 7;

        DeleteSimpleKey: PROCEDURE [credentials: Credentials, verifier: Verifier, name: CHName.Name]
            REPORTS [AuthenticationError, CallError] = 8;

    <<Remote Errors>>
        CallError: ERROR [problem: CallProblem, whichArg: Which] = 1;
        Which: TYPE = {
            notApplicable(0),
            initiator(1),
            recipient(2),
            client(3)
            };
        CallProblem: TYPE = {
            tooBusy(0),
            accessRightsInsufficient(1),
            keysUnavailable(2),
            strongKeyDoesNotExist(3),
            simpleKeyDoesNotExist(4),
            strongKeyAlreadyRegistered(5),
            simpleKeyAlreadyRegistered(6),
            domainForNewKeyUnavailable(7),
            domainForNewKeyUnknown(8),
            badKey(9),
            badName(10),
            databaseFull(11),
            other(12)
            };

        AuthenticationError: ERROR [problem: Problem] = 2;
        Problem: TYPE = {
            credentialsInvalid(0),
            verifierInvalid(1),
            verifierExpired(2),
            verifierReused(3),
            credentialsExpired(4),
            inappropriateCredentials(5)
            };

        END.
<<>>