+-- $Header: Authentication2.cr,v 2.2 86/06/05 08:37:06 jqj Exp $ --
+
+-- $Log: Authentication2.cr,v $
+-- Revision 2.2 86/06/05 08:37:06 jqj
+-- updated it to actual Authentication V 2 instead of subset
+-- (compiler has been fixed to support everything)
+--
+-- Revision 2.0 85/11/21 07:24:00 jqj
+-- 4.3BSD standard release, still a small subset
+--
+-- initial version was:
+-- a subset of Authentication, hopefully big enough for some testing
+--
+
+Authentication: PROGRAM 14 VERSION 2 =
+
+BEGIN
+ DEPENDS UPON Time(15) VERSION 2;
+
+-- faked dependency: should be DEPENDS UPON Clearinghouse(2) VERSION 2; --
+
+Organization: TYPE = STRING;
+Domain: TYPE = STRING;
+Object: TYPE = STRING;
+
+ThreePartName: TYPE = RECORD [
+ organization: Organization,
+ domain: Domain,
+ object: Object
+ ];
+
+Clearinghouse_Name: TYPE = ThreePartName;
+
+
+-- TYPES --
+
+-- Types supporting encoding --
+
+Key: TYPE = ARRAY 4 OF UNSPECIFIED; -- lsb of each octet is odd parity bit --
+
+Block: TYPE = ARRAY 4 OF UNSPECIFIED; -- cipher text or plain text block --
+
+HashedPassword: TYPE = CARDINAL;
+
+-- Types describing credentials and verifiers --
+
+CredentialsType: TYPE = {simple(0), strong(1)};
+
+simpleCredentials: CredentialsType = simple;
+
+Credentials: TYPE = RECORD [type: CredentialsType,
+ value: SEQUENCE OF UNSPECIFIED];
+
+CredentialsPackage: TYPE = RECORD [
+ credentials: Credentials,
+ nonce: LONG CARDINAL,
+ recipient: Clearinghouse_Name,
+ conversationKey: Key ];
+
+-- instances of the following type must be a multiple of 64 bits, padded --
+-- with zeros, before encryption --
+
+StrongCredentials: TYPE = RECORD [
+ conversationKey: Key,
+ expirationTime: Time.Time,
+ initiator: Clearinghouse_Name ];
+
+SimpleCredentials: TYPE = Clearinghouse_Name;
+
+Verifier: TYPE = SEQUENCE 12 OF UNSPECIFIED;
+
+StrongVerifier: TYPE = RECORD [
+ timeStamp: Time.Time,
+ ticks: LONG CARDINAL ];
+
+SimpleVerifier: TYPE = HashedPassword;
+
+
+-- ERRORS --
+
+Problem: TYPE = {
+ credentialsInvalid(0),
+ verifierInvalid(1),
+ verifierExpired(2),
+ verifierReused(3),
+ credentialsExpired(4),
+ inappropriateCredentials(5) };
+AuthenticationError: ERROR[problem: Problem] = 2;
+
+CallProblem: TYPE = {
+ tooBusy(0),
+ accessRightsInsufficient(1),
+ keysUnavailable(2),
+ strongKeyDoesNotExist(3),
+ simpleKeyDoesNotExist(4),
+ strongKeyAlreadyRegistered(5),
+ simpleKeyAlreadyRegistered(6),
+ domainForNewKeyUnavailable(7),
+ domainForNewKeyUnknown(8),
+ badKey(9),
+ badName(10),
+ databaseFull(11),
+ other(12) };
+Which: TYPE = {notApplicable(0), initiator(1), recipient(2), client(3) };
+CallError: ERROR [problem: CallProblem, whichArg: Which] = 1;
+
+
+-- PROCEDURES --
+
+-- Strong Authentication --
+
+GetStrongCredentials: PROCEDURE [
+ initiator, recipient: Clearinghouse_Name,
+ nonce: LONG CARDINAL ]
+ RETURNS [ credentialsPackage: SEQUENCE OF UNSPECIFIED ]
+ REPORTS [ CallError ] = 1;
+
+CreateStrongKey: PROCEDURE [
+ credentials: Credentials, verifier: Verifier,
+ name: Clearinghouse_Name, key: Key ]
+ REPORTS [ AuthenticationError, CallError ] = 3;
+
+ChangeStrongKey: PROCEDURE [
+ credentials: Credentials, verifier: Verifier,
+ newKey: Block ]
+ REPORTS [ AuthenticationError, CallError ] = 4;
+
+DeleteStrongKey: PROCEDURE [
+ credentials: Credentials, verifier: Verifier,
+ name: Clearinghouse_Name ]
+ REPORTS [ AuthenticationError, CallError ] = 5;
+
+
+-- Simple Authentication --
+
+CheckSimpleCredentials: PROCEDURE [
+ credentials: Credentials, verifier: Verifier ]
+ RETURNS[ok: BOOLEAN]
+ REPORTS[AuthenticationError, CallError] = 2;
+
+CreateSimpleKey: PROCEDURE [
+ credentials: Credentials, verifier: Verifier,
+ name: Clearinghouse_Name, key: HashedPassword ]
+ REPORTS[AuthenticationError, CallError] = 6;
+
+ChangeSimpleKey: PROCEDURE [
+ credentials: Credentials, verifier: Verifier,
+ newKey: HashedPassword ]
+ REPORTS[AuthenticationError, CallError] = 7;
+
+DeleteSimpleKey: PROCEDURE [
+ credentials: Credentials, verifier: Verifier,
+ name: Clearinghouse_Name ]
+ REPORTS[AuthenticationError, CallError] = 8;
+
+
+END.