mcg.h
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 225
`
`

`
`* The author of this software is Matt Blaze.
`
`*
`
`Copyright
`
`(c) 1994 by AT&T.
`
`* Permission to use, Copy, and modify this software without fee
`
`* is hereby granted, provided that this entire notice is included in
`
`* all copies of any software which is or includes a copy or
`
`* modification of this software and in all copies of the supporting
`* documentation for such software.
`
`* This software is subject to United States export controls.
`
`* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
`
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`* WARRANTY.
`* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`
`* OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`/* MacGuffin Constants */
`
`#define SIZE (l<<l6)
`
`extern unsigned short stable[SIZE];
`
`extern unsigned short lookupmasks[4][3];
`
`extern unsigned short outputmasks[4];
`
`/*
`
`*
`*/
`
`input and output
`
`lookup masks
`
`/* Sl+S2 */
`#define LOOKOO
`
`OXOO36
`
`#define LOOKOl
`
`OxO6cO
`
`#define LOOKO2 OX6900
`
`#define OUTO
`
`OXOOOf
`
`/* s3+s4 */
`#define LOOKlO OX5048
`
`#define LOOKll OX2lO6
`
`#define LOOKl2 OX84ll
`
`#define OUTl
`
`OXOOfO
`
`/* s5+s7 */
`#define LOOK2O OX860l
`
`#define LOOK2l OX4828
`
`#define LOOK22
`
`OXIOC4
`
`#define OUT2
`
`Ox33OO
`
`/* s6+s8 */
`#define LOOK3O
`
`OX298O
`
`#define LOOK3l Ox90ll
`
`#define LOOK32 OxO22a
`
`#define OUT3
`
`OxccOO
`
`#define ROUNDS 32
`
`#define KSIZE (ROUNDS*3)
`
`"YP“'def Struct “‘C9—keY {
`unsigned short val[KSIZE];
`EXNbflD
`
`Petitioner Oracle-Apple-Exhibit1010-Page 226
`
`

`
`} mcg_key ;
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 227
`
`

`
`mcgsbox.c
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 228
`
`

`
`* The author of this software is Matt Blaze.
`
`*
`
`Copyright
`
`(c) 1992, 1993, 1994 by AT&T.
`
`* Permission to use, Copy, and modify this software without fee
`
`* is hereby granted, provided that this entire notice is included in
`
`* all copies of any software which is or includes a copy or
`
`* modification of this software and in all copies of the supporting
`* documentation for such software.
`
`* This software is subject to United States export controls.
`
`* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
`
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`* WARRANTY.
`* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`
`* OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`* MacGuffin optimized table initialization and key setup
`
`* 10/3/94 matt blaze
`*
`
`/
`
`#include "mcg.h"
`
`*
`
`the 8 s—boxes, expanded to put the output bits in the right
`
`* places.
`
`note that these are the des s—boxes
`
`(in left—right,
`
`* not cannonical, order), but with only the "outer" two output
`* bits.
`
`*/
`
`unsigned short sboxes[8][64]
`/* 0
`(S1) */
`
`= {
`
`{OXOOO2, OXOOOO, OXOOOO, OXOOO3, OXOOO3, OXOOOl, OXOOOl, OXOOOO,
`OXOOOO, OXOOO2, OXOOO3, OXOOOO, OXOOO3, OXOOO3, OXOOO2, OXOOOl,
`
`OXOOOl, OXOOO2, OXOOO2, OXOOOO, OXOOOO, OXOOO2, OXOOO2, OXOOO3,
`
`OXOOOl, OXOOO3, OXOOO3, OXOOOl, OXOOOO, OXOOOl, OXOOOl, OXOOO2,
`
`OXOOOO, OXOOO3, OXOOOl, OXOOO2, OXOOO2, OXOOO2, OXOOO2, OXOOOO,
`
`OXOOO3, OXOOOO, OXOOOO, OXOOO3, OXOOOO, OXOOOl, OXOOO3, OXOOOl,
`
`OXOOO3, OXOOOl, OXOOO2, OXOOO3, OXOOO3, OXOOOl, OXOOOl, OXOOO2,
`
`OXOOOl, OXOOO2, OXOOO2, OXOOOO, OXOOOl, OXOOOO, OXOOOO, OXOOO3},
`(s2) */
`
`/* 1
`
`{OXOOOC, OXOOO4, OXOOO4, OXOOOC, OXOOO8, OXOOOO, OXOOO8, OXOOO4,
`OXOOOO, OXOOOC, OXOOOC, OXOOOO, OXOOO4, OXOOO8, OXOOOO, OXOOO8,
`
`OXOOOC, OXOOO8, OXOOO4, OXOOOO, OXOOOO, OXOOO4, OXOOOC, OXOOO8,
`
`OXOOO8, OXOOOO, OXOOOO, OXOOOC, OXOOO4, OXOOOC, OXOOO8, OXOOO4,
`
`OXOOOO, OXOOOC, OXOOO8, OXOOO8, OXOOO4, OXOOO8, OXOOOC, OXOOO4,
`
`OXOOO8, OXOOO4, OXOOOO, OXOOOC, OXOOOC, OXOOOO, OXOOO4, OXOOOO,
`
`OXOOO4, OXOOOC, OXOOO8, OXOOOO, OXOOO8, OXOOO4, OXOOOO, OXOOO8,
`
`OXOOOC, OXOOOO, OXOOO4, OXOOO4, OXOOOO, OXOOO8, OXOOOC, OXOOOC},
`(s3) */
`
`/* 2
`
`{OxOO20, OxOO30, OXOOOO, OXOOlO, OXOO30, OXOOOO, OXOO20, OXOO30,
`OXOOOO, OxOOlO, OXOOlO, OXOOOO, OXOO30, OXOOOO, OxOOlO, OXOO20,
`
`oxooio, oxoooo, oxoo3o, oxoo2o. oxoo2o. Qxooio. 0xoo%%fifi8§aa5gfim%A
`OXOO30, OXOO20, OXOOOO, OXOO30, OXOOOO, OXOO30, OxOO20, OXOOlO,
`EXNDHD
`
`pple - Exhibit 1010 - Page 229
`
`

`
`oxoo3o. QxOOlO. oxoooo. oxoozo. oxoooo, oxoo3o, oxoo3o, oxoooo.
`
`oxoo2o. oxoooo, oxoo3o, oxoo3o. Qxooio. oxoozo. oxoooo. oxooio.
`
`oxoo3o, oxoooo. QxOOlO. oxoo3o, oxoooo. oxoozo. oxoozo. 9xOOlO.
`
`oxooio. oxoo3o. oxoozo. 9xOOlO. oxoozo. oxoooo. QxOOlO. oxoozo}.
`(S4) */
`
`/* 3
`
`{oxoo4o, oxooco, oxooco, OxOO80. OxOO80. oxooco. oxoo4o. oxoo4o.
`oxoooo, oxoooo, oxoooo, oxooco, oxooco, oxoooo, OxOO80. oxoo4o.
`
`oxoo4o. oxoooo, oxoooo. oxoo4o. OxOO80. oxoooo. oxoo4o. OxOO80.
`
`oxooco. oxoo4o. OxOO80. OxOO80. oxoooo, OxOO80. oxooco, oxooco.
`
`OxOO80. oxoo4o. oxoooo, oxooco, oxooco, oxoooo, oxoooo, oxoooo.
`
`OxOO80. OxOO80. oxooco. oxoo4o. oxoo4o. oxooco, oxooco, OxOO80.
`
`oxooco, oxooco. oxoo4o. oxoooo. oxoo4o. oxoo4o. OxOO80. oxooco.
`
`oxoo4o. OxOO80. oxoooo. oxoo4o. OxOO80. oxoooo, oxoooo, oxooso}.
`(s5) */
`
`/* 4
`
`{oxoooo, oxo2oo. oxo2oo. oxo3oo, oxoooo, oxoooo. oxoioo. oxo2oo.
`oxoioo, oxoooo. oxo2oo. oxoioo. oxo3oo, oxo3oo, oxoooo. oxoioo.
`
`oxo2oo. oxoioo. oxoioo. oxoooo. oxoioo. oxo3oo, oxo3oo. oxo2oo.
`
`oxo3oo. oxoioo. oxoooo, oxo3oo. oxo2oo. oxo2oo. oxo3oo, oxoooo.
`
`oxoooo, oxo3oo, oxoooo. oxo2oo. oxoioo. oxo2oo. oxo3oo. oxoioo.
`
`oxo2oo. oxoioo. oxo3oo. oxo2oo. oxoioo. oxoooo. oxo2oo. oxo3oo.
`
`oxo3oo, oxoooo, oxo3oo, oxo3oo. oxo2oo. oxoooo. oxoioo. oxo3oo.
`
`oxoooo. oxo2oo. oxoioo. oxoooo, oxoooo. oxoioo. oxo2oo. oxoioo}.
`(S6) */
`
`/* 5
`
`{oxo8oo, oxosoo. oxo4oo. oxocoo, oxosoo, oxoooo, oxocoo, oxoooo.
`oxocoo. oxo4oo. oxoooo, oxosoo, oxoooo, oxocoo, oxosoo. oxo4oo.
`
`oxoooo, oxoooo, oxocoo. oxo4oo. oxo4oo. oxocoo, oxoooo, oxosoo.
`
`oxosoo, oxoooo. oxo4oo. oxocoo. oxo4oo. oxo4oo. oxocoo, oxosoo.
`
`oxocoo, oxoooo, oxosoo. oxo4oo. oxocoo, oxoooo. oxo4oo. oxosoo.
`
`oxoooo, oxocoo, oxosoo. oxo4oo. oxosoo, oxocoo. oxo4oo. oxosoo.
`
`oxo4oo, oxocoo, oxoooo, oxosoo, oxoooo. oxo4oo. oxosoo. oxo4oo.
`
`oxo4oo, oxoooo, oxocoo, oxoooo, oxocoo, oxosoo, oxoooo, oxocoo}.
`(S7) */
`
`/* 6
`
`{oxoooo, ox3ooo, ox3ooo, oxoooo, oxoooo, ox3ooo, oxzooo, oxiooo.
`ox3ooo, oxoooo, oxoooo, ox3ooo, oxzooo, oxiooo, ox3ooo, oxzooo.
`
`oxiooo, oxzooo, oxzooo, oxiooo, ox3ooo, oxiooo, oxiooo, oxzooo.
`
`oxiooo, oxoooo, oxzooo, ox3ooo, oxoooo, oxzooo, oxiooo, oxoooo.
`
`oxiooo, oxoooo, oxoooo, ox3ooo, ox3ooo, ox3ooo, ox3ooo, oxzooo.
`
`oxzooo, oxiooo, oxiooo, oxoooo, oxiooo, oxzooo, oxzooo, oxiooo.
`
`oxzooo, ox3ooo, ox3ooo, oxiooo, oxoooo, oxoooo, oxzooo, ox3ooo.
`
`oxoooo, oxzooo, oxiooo, oxoooo, ox3ooo, oxiooo, oxoooo, oxzooo}.
`(S8) */
`
`/* 7
`
`{oxcooo, ox4ooo, oxoooo, oxcooo, oxsooo, oxcooo, oxoooo, oxsooo.
`oxoooo, oxsooo, oxcooo, ox4ooo, oxcooo, ox4ooo, ox4ooo, oxoooo.
`
`oxsooo, oxsooo, oxcooo, ox4ooo, ox4ooo, oxoooo, oxsooo, oxcooo.
`
`ox4ooo, oxoooo, oxoooo, oxsooo, oxsooo, oxcooo, ox4ooo, oxoooo.
`
`ox4ooo, oxoooo, oxcooo, ox4ooo, oxoooo, oxsooo, ox4ooo, ox4ooo.
`
`oxcooo, oxoooo, oxsooo, oxsooo, oxsooo, oxsooo, oxoooo, oxcooo.
`
`oxoooo, oxcooo, oxoooo, oxsooo, oxsooo, oxcooo, oxcooo, oxoooo.
`
`oxcooo, ox4ooo, ox4ooo, ox4ooo, ox4ooo, oxoooo, oxsooo, oxcooo}};
`
`* table s—box outputs, expanded for 16 bit input
`
`* this one table includes all 8 sboxes — just mask off
`
`*
`
`the output bits not in use
`
`* /
`unsigned short stable[SIZE];
`EXNDHD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 230
`
`

`
`* we can exploit two features of the s—box input and output
`
`* permutations — first, each s—box uses as input two different bits
`
`*
`
`from each of the three registers in the right side, and, second,
`
`* for each s—box there is another—sbox with no common input bits
`
`* between them.
`
`therefore we can lookup two s—box outputs in one
`
`* probe of the table.
`
`just mask off the approprate input bits
`
`*
`
`in the table below for each of the three registers and or
`
`* together for the table lookup index.
`
`* These are also available in #defines, for better lookup
`
`* speed in unrolled loops.
`*/
`
`unsigned short lookupmasks[4][3]
`/* a
`.
`b
`.
`c
`*/
`
`= {
`
`{OxOO36, OxO6cO, Ox6900},
`
`/* sl+s2 */
`
`{Ox5048, Ox2lO6, Ox84ll},
`
`/* s3+s4 */
`
`{Ox860l, Ox4828, OxlOc4},
`
`/* s5+s7 */
`
`{Ox2980, Ox90ll, OxO22a}};
`
`/* s6+s8 */
`
`/*
`
`* this table contains the corresponding output masks for the table
`
`*
`
`lookup procedure mentioned above.
`
`* similarly available in #defines.
`*/
`
`unsigned short outputmasks[4]
`OxOOOf,
`/* sl+s2 */
`
`= {
`
`OxOOfO,
`
`/* s3+s4 */
`
`Ox3300,
`
`/* s5+s7 */
`
`OxccOO};
`
`/* s6+s8 */
`
`/*
`
`* initialize the macguffin s—box tables.
`
`* this takes a while, but is only done once.
`*/
`
`mcg_init()
`
`{
`
`unsigned int i,j,k;
`int b;
`
`/*
`
`*
`
`input permutation for the 8 s—boxes.
`
`* each row entry is a bit position from
`
`* one of the three right hand registers,
`* as follows:
`
`a,a,b,b,c,c
`
`*
`
`*/
`
`static int sbits[8][6] = {
`
`{2.5.s,9,11.13}.
`
`{l,4,7,lO,8,l4},
`
`{3.s,s,13.o.15}.
`
`{12,14,1,2,4,10},
`
`{o,1o.3,14,6,12},
`ExmbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 231
`
`

`
`{7,8,l2,l5,l,5},
`
`{9,15,5,11,2,7},
`
`{11,13,o,4,3,9}};
`
`/* fill the table */
`if ((stab1e[O]==Oxc86e) && (stab1e[Oxffff]==Oxedaf))
`return 0;
`
`i<SIZE;
`for (i=0;
`stab1e[i]=O;
`
`i++)
`
`{
`
`for (j=O;
`
`j<8;
`
`j++)
`
`|=
`stab1e[i]
`sboxes[j][((i>>sbits[j][O])&l)
`
`|(((i>>sbits[j][l])&l)<<l)
`
`|(((i>>sbits[j][2])&l)<<2)
`
`|(((i>>sbitS[j][3])&l)<<3)
`
`|(((i>>sbits[j][4])&l)<<4)
`
`|(((i>>sbitS[j][5])&l)<<5)];
`
`}r
`
`eturn 1;
`
`#ifdef SOLARISZX
`
`#define bcopy(s,d,1) memcpy(d,s,1)
`#endif
`
`mcg_keyset(key,ek)
`unsigned char *key;
`
`mcg_key *ek;
`
`int i,j;
`
`unsigned char k[2][8];
`
`mcg_init();
`bcopy(&key[O].k[O].8);
`
`bcopy(&key[8].k[l].8);
`for (i=0;
`i<KSIZE;
`i++)
`
`ek—>Va1[i]=O;
`
`for (i=0;
`
`i<2;
`
`i++)
`
`{
`j++)
`j<32;
`for (j=O;
`mcg_b1ock_encrypt(k[i],ek);
`
`ek->va1[j*3]
`
`“= k[i][O]
`
`|
`
`(k[i][1]<<8);
`
`ek->va1[j*3+1]
`
`‘= k[i][2]
`
`ek->va1[j*3+2]
`
`‘= k[i][4]
`
`|
`
`|
`
`(k[i][3]<<8);
`
`(k[i][5]<<8);
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 232
`
`

`
`m0unt.x
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 233
`
`

`
`/* @(#)mount.x
`
`1.2 87/11/12 3.9 RPCSRC */
`
`/* @(#)mount.x 1.2 87/09/18 Copyr 1987 Sun Micro */
`
`* Sun RPC is a product of Sun Microsystems,
`
`Inc. and is provided for
`
`* unrestricted use provided that this legend is included on all tape
`
`* media and as a part of the software program in whole or part. Users
`
`* may copy or modify Sun RPC without charge, but are not authorized
`
`*
`
`to license or distribute it to anyone else except as part of a product or
`
`* program developed by the user.
`
`* SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
`
`* WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
`
`* PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
`
`* Sun RPC is provided with no support and without any obligation on the
`
`Inc.
`* part of Sun Microsystems,
`* modification or enhancement.
`
`to assist in its use, correction,
`
`* SUN MICROSYSTEMS,
`
`INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
`
`INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
`*
`* OR ANY PART THEREOF.
`
`* In no event will Sun Microsystems,
`
`Inc. be liable for any lost revenue
`
`* or profits or other special,
`
`indirect and consequential damages, even if
`
`* Sun has been advised of the possibility of such damages.
`
`* Sun Microsystems,
`* 2550 Garcia Avenue
`
`Inc.
`
`* Mountain View, California
`
`94043
`
`*/
`
`/*
`
`* Protocol description for the mount program
`*/
`
`const MNTPATHLEN = 1024;
`
`/* maximum bytes in a pathname argument */
`
`const MNTNAMLEN = 255;
`
`/* maximum bytes in a name argument */
`
`const FHSIZE = 32;
`
`/* size in bytes of a file handle */
`
`/*
`
`* The fhandle is the file handle that the server passes to the client.
`
`* All file operations are done using the file handles to refer to a file
`
`* or a directory. The file handle can contain whatever information the
`
`* server needs to distinguish an individual file.
`*/
`
`struct fhandle {
`opaque data[FHSIZE];
`
`* If a status of zero is returned,
`
`the call completed successfully, and
`
`* a file handle for the directory follows. A non—zero status indicates
`
`* some sort of error. The status corresponds with UNIX eE%fifiO&§mBE£fi}Appb__Exmbfl1010__Page234
`
`EXNbflD
`
`

`
`union fhstatus switch (unsigned fhs_status)
`case 0:
`
`{
`
`struct fhandle fhs_fhandle;
`default:
`
`void;
`
`},-
`
`/9:
`
`* The type dirpath is the pathname of a directory
`*/
`
`typedef string dirpath<MNTPATHLEN>;
`
`/*
`
`* The type name is used for arbitrary names
`*/
`
`(hostnames, groupnames)
`
`typedef string name<MNTNAMLEN>;
`
`/*
`* A list of who has what mounted
`*
`
`/
`
`{
`struct mountlist
`name ml_hostname;
`
`dirpath ml_directory;
`
`mountlist *ml_next;
`
`};
`
`/*
`
`* A list of netgroups
`*/
`
`typedef struct groupnode *groups;
`
`struct groupnode {
`name gr_name;
`
`groups *gr_next;
`
`};
`
`/*
`
`* A list of what is exported and to whom
`*
`/
`
`struct exports {
`dirpath ex_dir;
`groups ex_groups;
`
`exports *ex_next;
`
`};
`
`program MOUNTPROG {
`/*
`
`* Version one of the mount protocol communicates with version two
`
`* of the NFS protocol. The only connecting point is the fhandle
`
`* structure, which is the same for both protocols.
`*/
`
`version MOUNTVERS {
`/*
`* Does no work. It is made available in all RPC services
`
`*
`
`to allow server reponse testing and timing
`
`*/
`void
`
`EXNDHD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 235
`
`

`
`MOUNTPROC_NULL(VOid)
`
`= O;
`
`then fhs_fhandle contains the
`* If fhs_status is 0,
`* file handle for the directory. This file handle may
`
`* be used in the NFS protocol. This procedure also adds
`
`* a new entry to the mount list for this client mounting
`
`*
`
`the directory.
`
`* Unix authentication required.
`*/
`fhstatus
`
`MOUNTPROC_MNT(dirpath)
`
`= 1;
`
`/*
`
`* Returns the list of remotely mounted filesystems. The
`
`* mountlist contains one entry for each hostname and
`
`* directory pair.
`*/
`mountlist
`
`MOUNTPROC_DUMP(void)
`
`= 2;
`
`/*
`
`* Removes the mount list entry for the directory
`
`* Unix authentication required.
`*/
`void
`
`MOUNTPROC_UMNT(dirpath)
`
`= 3;
`
`/*
`* Removes all of the mount list entries for this client
`
`* Unix authentication required.
`*/
`void
`
`MOUNTPROC_UMNTALL(VOid)
`
`= 4;
`
`/9:
`
`* Returns a list of all the exported filesystems, and which
`
`* machines are allowed to import it.
`*/
`
`exports
`
`MOUNTPROC_EXPORT(VOid)
`
`= 5;
`
`/9:
`
`* Identical to MOUNTPROC_EXPORT above
`*/
`
`exports
`
`MOUNTPROC_EXPORTALL(Void)
`
`= 6;
`
`} = 1:
`
`} = 100005;
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 236
`
`

`
`nfsproto.x
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 237
`
`

`
`/* @(#)nfs_prot.x
`
`1.2 87/11/12 3.9 RPCSRC */
`
`* Sun RPC is a product of Sun Microsystems,
`
`Inc. and is provided for
`
`* unrestricted use provided that this legend is included on all tape
`
`* media and as a part of the software program in whole or part. Users
`
`* may copy or modify Sun RPC without charge, but are not authorized
`
`to license or distribute it to anyone else except as part of a product or
`*
`* program developed by the user.
`
`* SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
`
`* WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
`
`* PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
`
`* Sun RPC is provided with no support and without any obligation on the
`
`Inc.
`* part of Sun Microsystems,
`* modification or enhancement.
`
`to assist in its use, correction,
`
`* SUN MICROSYSTEMS,
`
`INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
`
`INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
`*
`* OR ANY PART THEREOF.
`
`* In no event will Sun Microsystems,
`
`Inc. be liable for any lost revenue
`
`* or profits or other special,
`
`indirect and consequential damages, even if
`
`* Sun has been advised of the possibility of such damages.
`
`* Sun Microsystems,
`* 2550 Garcia Avenue
`
`Inc.
`
`* Mountain View, California
`
`94043
`
`* nfs_prot.x 1.2 87/10/12
`* Copyright 1987 Sun Microsystems,
`*/
`
`Inc.
`
`const NFS_PORT
`
`const NFS_MAXDATA
`
`const NFS_MAXPATHLEN
`
`= 2049;
`
`= 8192;
`
`= 1024;
`
`const NFS_MAXNAMLEN = 255;
`
`const NFS_FHSIZE
`
`= 32;
`
`const NFS_COOKIESIZE
`
`= 4;
`
`const NFS_FIFO_DEV = -1;
`
`/* size kludge for named pipes */
`
`/*
`
`* File types
`*/
`
`const NFSMODE_FMT
`
`= 0170000;
`
`/* type Of file */
`
`const NFSMODE_DIR
`
`= 0040000;
`
`/* directory */
`
`const NFSMODE_CHR
`
`= 0020000;
`
`/* character special */
`
`const NFSMODE_BLK = 0060000;
`
`/* block special */
`
`const NFSMODE_REG = 0100000;
`
`/* regular */
`
`const NFSMODE_LNK = 0120000;
`
`/* symbolic link */
`
`const NFSMODE_SOCK = 0140000;
`
`/* socket */
`
`const NFSMODE_FIFO = 0010000;
`
`/* fifo */
`
`/*
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 238
`
`

`
`* Error status
`
`*/
`
`enum nfsstat {
`NFS_OK= 0,
`
`/* no error */
`
`NFSERR_PERM=l,
`
`NFSERR_NOENT=2,
`NFSERR_IO=5,
`
`NFSERR_NXIO=6,
`
`NFSERR_ACCES=l3,
`
`NFSERR_EXIST=l7,
`
`NFSERR_NODEV=l9,
`
`/*
`
`/*
`
`Not owner */
`
`No such file or directory */
`I/O error */
`
`No such device or address */
`
`Permission denied */
`
`File exists */
`
`No such device */
`
`NFSERR_NOTDIR=20,
`
`Not a directory*/
`
`NFSERR_ISDIR=2l,
`
`Is a directory */
`
`NFSERR_FBIG=27,
`
`File too large */
`
`NFSERR_NOSPC=28,
`
`No space left on device */
`
`NFSERR_ROFS=30,
`
`Read—only file system */
`
`NFSERR_NAMETOOLONG=63,
`
`/* File name too long */
`
`NFSERR_NOTEMPTY=66,
`
`Directory not empty */
`
`NFSERR_DQUOT=69,
`
`NFSERR_STALE=70,
`
`NFSERR_WFLUSH=99
`
`Disc quota exceeded */
`Stale NFS file handle */
`
`write cache flushed */
`
`/*
`
`/*
`
`};
`
`/*
`
`* File types
`*/
`
`enum ftype {
`NFNON = O,
`
`/* non-file */
`
`NFREG = l,
`
`/* regular file */
`
`NFDIR = 2,
`
`/* directory */
`
`NFBLK = 3,
`NFCHR = 4,
`
`/* block special */
`/*
`
`character special */
`
`NFLNK = 5,
`NFSOCK = 6,
`
`/* symbolic link */
`unix domain sockets */
`/*
`
`NFBAD = 7,
`
`/* unused */
`
`NFFIFO = 8
`
`/* named pipe */
`
`};
`
`/*
`* File access handle
`
`*/
`
`struct nfs_fh {
`opaque data[NFS_FHSIZE];
`
`};
`
`/*
`* Timeval
`
`*/
`
`struct nfstime {
`unsigned seconds;
`
`unsigned useconds;
`
`};
`
`/*
`* File attributes
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 239
`
`

`
`*/
`
`struct fattr {
`ftype type;
`
`/* file type */
`
`unsigned mode;
`
`/* protection mode bits */
`
`unsigned nlink;
`
`/* # hard links */
`
`unsigned uid;
`
`unsigned gid;
`
`/* owner user id */
`
`/* owner group id */
`
`unsigned size;
`
`/* file size in bytes */
`
`unsigned blocksize;
`
`/* prefered block size */
`
`unsigned rdev;
`
`/* special device # */
`
`unsigned blocks;
`
`/* Kb of disk used by file */
`
`unsigned fsid;
`
`/* device # */
`
`unsigned fileid;
`nfstime atime;
`
`/* inode # */
`/* time of last access */
`
`nfstime mtime;
`
`/* time of last modification */
`
`nfstime ctime;
`
`/* time of last change */
`
`};
`
`/*
`* File attributes which can be set
`
`*/
`
`struct sattr {
`unsigned mode;
`
`/* protection mode bits */
`
`unsigned uid;
`
`/* owner user id */
`
`unsigned gid;
`
`/* owner group id */
`
`unsigned size;
`nfstime atime;
`
`/* file size in bytes */
`/* time of last access */
`
`nfstime mtime;
`
`/* time of last modification */
`
`typedef string filename<NFS_MAXNAMLEN>;
`
`typedef string nfspath<NFS_MAXPATHLEN>;
`
`/*
`
`* Reply status with file attributes
`*/
`
`union attrstat switch (nfsstat status)
`case NFS_OK:
`fattr attributes;
`default:
`
`{
`
`void;
`
`};
`
`struct sattrargs {
`nfs_fh file;
`sattr attributes;
`
`};
`
`/*
`
`* Arguments for directory operations
`*/
`
`struct diropargs {
`nfs_fh dir;
`
`/* directory file handle */
`
`filename name’
`
`/* name (“P t0 NFS—MAXNA“LEN bYte1%)etifi<§ner Oracle-Apple-Exhibit1010-Page 240
`
`};
`
`EXNbflD
`
`

`
`struct diropokres {
`nfs_fh file;
`fattr attributes;
`
`};
`
`/*
`
`* Results from directory operation
`*/
`
`union diropres switch (nfsstat status)
`case NFS_OK:
`diropokres diropres;
`default:
`
`{
`
`void;
`
`};
`
`union readlinkres switch (nfsstat status)
`case NFS_OK:
`nfspath data;
`default:
`
`{
`
`void;
`
`};
`
`/*
`
`* Arguments to remote read
`*/
`
`struct readargs {
`nfs_fh file;
`unsigned offset;
`
`/* handle for file */
`/* byte offset in file */
`
`unsigned count;
`
`/* immediate read count */
`
`unsigned totalcount;
`
`/* total read count
`
`(from this offset)*/
`
`};
`
`/*
`
`* Status OK portion of remote read reply
`*/
`
`struct readokres {
`fattr
`attributes;
`
`/* attributes, need for pagin*/
`
`opaque data<NFS_MAXDATA>;
`
`};
`
`union readres switch (nfsstat status)
`case NFS_OK:
`readokres reply;
`default:
`
`{
`
`void;
`
`};
`
`/*
`
`* Arguments to remote write
`*/
`
`struct writeargs {
`/* handle for file */
`nfs_fh file;
`unsigned beginoffset;
`/* beginning byte offset in file */
`
`unsigned Offset’
`unsigned totalcount;
`EXNbflD
`
`/* Current byte Offset in file */ Petitioner Oracle-Apple-Exhibit1010-Page 241
`/* total write count
`(to this offset)*/
`
`

`
`opaque data<NFS_MAXDATA>;
`
`};
`
`struct createargs {
`diropargs where;
`sattr attributes;
`
`};
`
`struct renameargs {
`diropargs from;
`
`diropargs to;
`
`};
`
`struct linkargs {
`nfs_fh from;
`diropargs to;
`
`};
`
`struct symlinkargs {
`diropargs from;
`nfspath to;
`sattr attributes;
`
`};
`
`typedef opaque nfscookie[NFS_COOKIESIZE];
`
`/*
`
`* Arguments to readdir
`*/
`
`struct readdirargs {
`/* directory handle */
`nfs_fh dir;
`nfscookie cookie;
`
`unsigned count;
`
`/* number of directory bytes to read */
`
`};
`
`struct entry {
`unsigned fileid;
`filename name;
`
`nfscookie cookie;
`
`entry *nextentry;
`
`};
`
`struct dirlist {
`entry *entries;
`bool eof;
`
`};
`
`union readdirres switch (nfsstat status)
`case NFS_OK:
`dirlist reply;
`default:
`
`{
`
`void;
`
`};
`
`struct statfsokres {
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 242
`
`

`
`unsigned tsize;
`
`/* preferred transfer size in bytes */
`
`unsigned bsize;
`
`/* fundamental file system block size */
`
`unsigned blocks;
`
`/* total blocks in file system */
`
`unsigned bfree;
`
`/* free blocks in fs */
`
`unsigned bavail;
`
`/* free blocks avail to non—superuser */
`
`};
`
`union statfsres switch (nfsstat status)
`case NFS_OK:
`statfsokres reply;
`default:
`
`{
`
`void;
`
`};
`
`/*
`* Remote file service routines
`
`*/
`
`program NFS_PROGRAM {
`
`Version NFS_VERSION {
`Void
`
`NFSPROC_NULL(Void)
`
`= 0;
`
`attrstat
`
`NFSPROC_GETATTR(nfs_fh)
`
`=
`
`1;
`
`attrstat
`
`NFSPROC_SETATTR(sattrargs)
`
`= 2;
`
`Void
`
`NFSPROC_ROOT(VOid)
`
`= 3;
`
`diropres
`
`NFSPROC_LOOKUP(diropargs)
`
`= 4;
`
`readlinkres
`
`NFSPROC_READLINK(nfs_fh)
`
`= 5;
`
`readres
`
`NFSPROC_READ(readargs)
`
`= 6;
`
`Void
`
`NFSPROC_WRITECACHE(VOid)
`
`= 7;
`
`attrstat
`
`NFSPROC_WRITE(writeargs)
`
`= 8;
`
`diropres
`
`NFSPROC_CREATE(createargs)
`
`= 9;
`
`nfsstat
`
`NFSPROC_REMOVE(diropargs)
`
`= 10;
`
`nfsstat
`
`NFSPROC_RENAME(renameargs)
`
`= 11;
`
`nfsstat
`
`ExmbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 243
`
`

`
`NFSPROC_LINK(1inkargs)
`
`= 12;
`
`nfsstat
`
`NFSPROC_SYMLINK(symlinkargs)
`
`= 13;
`
`diropres
`
`NFSPROC_MKDIR(createargs)
`
`= 14;
`
`nfsstat
`
`NFSPROC_RMDIR(diropargs)
`
`= 15;
`
`readdirres
`
`NFSPROC_READDIR(readdirargs)
`
`= 16;
`
`statfsres
`
`NFSPROC_STATFS(nfs_fh)
`
`= 17;
`
`}=2:
`
`} = 100003;
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 244
`
`

`
`notes .II1S
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 245
`
`

`
`.TL
`
`CFS Version 1.3.2
`
`Installation and Operation
`.AU
`
`Matt Blaze
`.AI
`
`AT&T Bell Laboratories
`
`600 Mountain Avenue, Room 2A-360C
`
`Murray Hill, NJ 07974
`
`mab@research.att.com
`
`(for cfs questions, use cfs@research.att.com)
`
`.NH
`
`General
`.PP
`
`CFS pushes encryption services into the Unix(tm) file system.
`
`It
`
`supports secure storage at the system level through a standard Unix
`
`file system interface to encrypted files. Users associate a
`
`cryptographic key with the directories they wish to protect. Files in
`
`these directories (as well as their pathname components) are
`
`transparently encrypted and decrypted with the specified key without
`further user intervention; cleartext is never stored on a disk or sent
`
`to a remote file server.
`
`CFS employs a novel combination of DES
`
`stream and codebook cipher modes to provide high security with good
`
`performance on a modern workstation.
`
`CFS can use any available file
`
`system for its underlying storage without modification,
`
`including
`
`remote file servers such as NFS.
`
`System management functions, such as
`
`file backup, work in a normal manner and without knowledge of the key.
`.PP
`
`CFS as distributed runs under SunOS and, with a little coaxing,
`
`It has also
`several other BSD—derived systems including BSD/386.
`been ported by users to Solaris, Ultrix, Linux, and several other popular
`
`Oss, but is unlikely to work on such systems "out of the box".
`
`"#ifdefs" for most of these systems are included in the distribution;
`
`see the Makefile for compilation details. User—contributed patches for
`
`porting CFS to platforms not
`
`included in the distribution are made available
`
`in the CFS-USERS mailing list archive. You should check the archive
`
`before undertaking a major porting effort.
`
`(Of course,
`
`I encourage you
`
`to share any ports, patches or enhancements you develop.)
`.PP
`
`CFS runs entirely at user level, as a local NFS server running on the
`
`client machine's "loopback" interface.
`.B
`
`The system consists of
`
`cfsd
`.R
`
`(the CFS server daemon), and a small suite of tools
`.B
`
`(cmkdir, cattach, cdetach,
`.R
`
`and
`.B
`
`ssh)
`.R
`
`that create encrypted directories and manage keys as theyF%irifio|;i1§re6r,ac|e_App|e_Exhibit1010_Page246
`CFS, and the motivation and principles behind it,
`is described in
`EXNbflD
`
`

`
`detail in:
`. IP
`
`Matt Blaze,
`. I
`
`"A Cryptographic File System for Unix."
`
`Proc. 1st ACM Conference on Computer and Communications Security,
`. R
`
`Fairfax, VA, November 1993.
`. PP
`
`Another paper describes a key management scheme for CFS that, while
`
`included in this distribution, may be of interest.
`
`not
`. IP
`
`Matt Blaze,
`. I
`
`"Key Management in an Encrypting File System."
`
`Proc. USENIX Summer 1994 Technical Conference,
`. R
`
`Boston, MA, June 1994.
`. PP
`
`The CFS distribution also includes "ESM", an encrypting session
`
`manager that allows shell-to-shell encrypted sessions across insecure
`network links.
`It is described in the
`. B "README . esm"
`
`file in the distribution directory and in more detail in the paper
`. IP
`
`Matt Blaze and Steve Bellovin. "Session—layer Encryption."
`. I
`
`Proc. 1995 USENIX Security Workshop,
`. R
`
`Salt Lake City, June 1995.
`. PP
`
`These papers are available for anonymous ftp from research.att.com,
`
`in
`
`the files /dist/mab/cfs*.ps and /dist/mab/sesscrypt.ps. You should
`
`read them before attempting to install and use CFS. Details on the
`
`usage of each of the CFS commands
`
`(cattach, etc.) can be found in the
`
`man pages included in this distribution. You can print them with
`
`troff —man, and should install them wherever local man pages go on
`your system.
`. PP
`
`Basically, CFS provides a mechanism to associate "real" directories
`
`(on other file systems)
`
`that contain encrypted data with temporary
`
`"virtual" names through which users can read and write cleartext.
`
`These virtual names appear under the CFS mount point, which is usually
`
`called /crypt (this document assumes that convention). Users create
`
`encrypted directories on regular file systems (e.g.,
`
`in their home
`
`directories) using the
`.B cmkdir
`
`command, which creates the directory and assigns to it a cryptographic
`
`"passphrase" which will be used to encrypt its contents.
`
`To actually
`
`use an encrypted directory, it must be "attached" to CFS using the
`.B cattach
`
`command, which asks for the passphrase and installs an association
`
`between the "real" directory and a temporary name under /crypt.
`
`Cleartext is read and written under the virtual directory in /crypt,
`but the files are stored in encrypted form (with encrypted names)
`in
`
`the real directory. When the directory is not in use,
`
`the association
`
`is removed with the
`.B cdetach
`
`EXMDHD
`
`Petitioner Oracle-Apple — Exhibit 1010 — Page 247
`
`

`
`command, which deletes the cleartext virtual directory under /crypt
`
`(but not the ciphertext files, of course). When CFS is run on a
`
`client workstation,
`
`the cleartext data (and the cryptographic key
`
`passphrase) are never stored on a disk or sent over a network, even
`
`when the real directory is located on a remote file server.
`
`the virtual memory system can theoretically violate this
`(Actually,
`rule; see the "Internals" section, below.)
`.PP
`
`CFS is implemented as a server, called
`.B cfsd,
`
`for the Sun Network File System (NFS) protocol plus extensions for
`
`associating keys with directories.
`
`cfsd monitors the localhost
`
`virtual network interface for remote procedure call requests from the
`local machine. Once the local machine invokes an NFS "mount" on the
`
`localhost interface for the CFS mount point (/crypt), cfsd handles
`
`file system operations for the mounted file system as if it were a
`
`remote file server.
`
`Initially,
`
`/crypt appears completely empty.
`
`The
`
`user interface programs (such as the
`.B cattach
`
`command) send RPCs to cfsd giving the information required to manage
`
`the attached virtual directories that appear under /crypt (e.g., what
`
`name to use, what key to use,
`
`the name of the directory on the real
`
`file system, etc.).
`.NH 2
`
`License
`.IP
`
`.ce 9999
`
`Copyright
`.ce 0
`
`.IP
`
`(c) 1992, 1993, 1994, 1995 by AT&T.
`
`Permission to use, Copy, and modify this software without fee
`
`is hereby granted, provided that this entire notice is included in
`
`all copies of any software which is or includes a copy or
`
`modification of this software and in all copies of the supporting
`documentation for such software.
`.IP
`
`This software is subject to United States export controls.
`.IP
`
`THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
`
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`WARRANTY.
`REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`
`OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`.PP
`
`Please abide by the restrictions in the above license agreement.
`
`The
`
`limitations on distribution are there to meet legal requirements that
`
`are taken quite seriously by the government and by AT&T's lawyers.
`
`If
`
`you violate them, you risk creating all sorts of unpleasantness for
`
`yourself and for others (e.g., me).
`
`If the export requirements are
`
`not generally abided by, it will also make it increasingly difficult
`to release future such efforts.
`.PP
`
`It would be a good idea to check with me before including CFS as part
`of some other software distribution.
`
`.NH
`
`Installation
`
`EXMDHD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 248
`
`

`
`.PP
`
`CFS was developed under SunOS 4.1.2 and BSD/386 (BSDI).
`
`I have not
`
`tested it, or even compiled it, on
`.I any
`
`other platforms.
`
`If you are interested in porting it to something
`
`different, such as SYSV or whatever, you should first
`
`get it running under one of the known configurations so that you know
`
`what to expect and are sure you have the complete system. You should
`also read and understand the "Internals" section below.
`The rest of
`
`this section assumes you are using one of the known systems.
`
`I'm afraid
`
`we do not have the resources to help you install or port CFS; you're
`on your own.
`.PP
`
`The system is designed to be installed on individual single—user
`
`workstations. You really should not install
`
`(or use) it on a shared
`
`file or compute server, even though such a configuration is
`
`technically possible. There are three main reasons for this. First,
`
`CFS trades off encryption speed for memory by precomputing large
`
`stream ciphers for each attached directory. While this is usually
`fine for a small number of attaches, more than four or five at a time
`
`can quickly reduce a system to thrashing.
`
`Furthermore, cfsd is
`
`single—threaded, and therefore does not handle many concurrent I/O
`
`operations very well.
`
`Second, any time an attach is active, an
`
`attacker who can log in to the target system and spoof either the UID
`
`of the legitimate user or "root" can potentially compromise the
`
`cleartext or learn the key by examining the address space of the cfsd
`
`process. Finally, if the connection between the user and the machine
`
`running CFS is compromised (e.g., by watching the Ethernet traffic
`
`between a terminal server and the host), an attacker can potentially
`
`observe the the entire dialog between the user and CFS,
`
`including any
`
`passphrases given to cattach and any cleartext written to /crypt.
`
`In
`
`fact, most successful attacks on cryptographically strong systems do
`
`not attack the encryption scheme at all, but instead rely on poorly
`
`managed installation, key management, and usage protocols.
`
`Be sure
`
`your users understand what parts of the system they are trusting
`
`before CFS is used to protect sensitive data.
`.PP
`
`CFS is a user-level NFS server.
`.I mount
`
`It does not, however,
`
`include the
`
`protocol, so you'll also need to have /etc/mountd (sometimes called
`
`/usr/etc/rpc.mountd)
`
`installed on your system. You will need the
`
`ability to become "root" on the target machine.
`.PP
`
`To install, first edit the Makefile for your local configuration.
`
`Everything you should have to edit is toward the beginning of the
`file. Make sure BINDIR and ETCDIR are set to the correct directories.
`
`Check the LIBS and COMPAT variables; for SunOS,
`
`these should be empty,
`
`but other systems may require —lrpc and —lcompat.
`
`CFLAGS should be
`
`just -0 for SunOS.
`
`If you're running a variant of BSD4.4, add
`
`-DBSD44.
`
`To support the BSD4.4 filesystem's short symbolic links (the link
`
`pointer is kept in the directory inode), add —DSHORTLINKS.
`
`If your client system does not put NFS requests on a
`
`p