1 /* 2 * Key server protocol definition 3 * Copyright (c) 2010, Oracle America, Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are 7 * met: 8 * 9 * * Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * * Redistributions in binary form must reproduce the above 12 * copyright notice, this list of conditions and the following 13 * disclaimer in the documentation and/or other materials 14 * provided with the distribution. 15 * * Neither the name of the "Oracle America, Inc." nor the names of its 16 * contributors may be used to endorse or promote products derived 17 * from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 26 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 28 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 29 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 * 32 * The keyserver is a public key storage/encryption/decryption service 33 * The encryption method used is based on the Diffie-Hellman exponential 34 * key exchange technology. 35 * 36 * The key server is local to each machine, akin to the portmapper. 37 * Under TI-RPC, communication with the keyserver is through the 38 * loopback transport. 39 * 40 * NOTE: This .x file generates the USER level headers for the keyserver. 41 * the KERNEL level headers are created by hand as they kernel has special 42 * requirements. 43 */ 44 45 %#if 0 46 %#pragma ident "@(#)key_prot.x 1.7 94/04/29 SMI" 47 %#endif 48 % 49 %/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ 50 % 51 %/* 52 % * Compiled from key_prot.x using rpcgen. 53 % * DO NOT EDIT THIS FILE! 54 % * This is NOT source code! 55 % */ 56 57 /* 58 * PROOT and MODULUS define the way the Diffie-Hellman key is generated. 59 * 60 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, 61 * where p is also prime. 62 * 63 * PROOT satisfies the following two conditions: 64 * (1) (PROOT ** 2) % MODULUS != 1 65 * (2) (PROOT ** p) % MODULUS != 1 66 * 67 */ 68 69 const PROOT = 3; 70 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; 71 72 const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ 73 const KEYSIZE = 192; /* KEYSIZE == bit length of key */ 74 const KEYBYTES = 24; /* byte length of key */ 75 76 /* 77 * The first 16 hex digits of the encrypted secret key are used as 78 * a checksum in the database. 79 */ 80 const KEYCHECKSUMSIZE = 16; 81 82 /* 83 * status of operation 84 */ 85 enum keystatus { 86 KEY_SUCCESS, /* no problems */ 87 KEY_NOSECRET, /* no secret key stored */ 88 KEY_UNKNOWN, /* unknown netname */ 89 KEY_SYSTEMERR /* system error (out of memory, encryption failure) */ 90 }; 91 92 typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ 93 94 typedef string netnamestr<MAXNETNAMELEN>; 95 96 /* 97 * Argument to ENCRYPT or DECRYPT 98 */ 99 struct cryptkeyarg { 100 netnamestr remotename; 101 des_block deskey; 102 }; 103 104 /* 105 * Argument to ENCRYPT_PK or DECRYPT_PK 106 */ 107 struct cryptkeyarg2 { 108 netnamestr remotename; 109 netobj remotekey; /* Contains a length up to 1024 bytes */ 110 des_block deskey; 111 }; 112 113 114 /* 115 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK 116 */ 117 union cryptkeyres switch (keystatus status) { 118 case KEY_SUCCESS: 119 des_block deskey; 120 default: 121 void; 122 }; 123 124 const MAXGIDS = 16; /* max number of gids in gid list */ 125 126 /* 127 * Unix credential 128 */ 129 struct unixcred { 130 u_int uid; 131 u_int gid; 132 u_int gids<MAXGIDS>; 133 }; 134 135 /* 136 * Result returned from GETCRED 137 */ 138 union getcredres switch (keystatus status) { 139 case KEY_SUCCESS: 140 unixcred cred; 141 default: 142 void; 143 }; 144 /* 145 * key_netstarg; 146 */ 147 148 struct key_netstarg { 149 keybuf st_priv_key; 150 keybuf st_pub_key; 151 netnamestr st_netname; 152 }; 153 154 union key_netstres switch (keystatus status){ 155 case KEY_SUCCESS: 156 key_netstarg knet; 157 default: 158 void; 159 }; 160 161 #ifdef RPC_HDR 162 % 163 %#ifndef opaque 164 %#define opaque char 165 %#endif 166 % 167 #endif 168 program KEY_PROG { 169 version KEY_VERS { 170 171 /* 172 * This is my secret key. 173 * Store it for me. 174 */ 175 keystatus 176 KEY_SET(keybuf) = 1; 177 178 /* 179 * I want to talk to X. 180 * Encrypt a conversation key for me. 181 */ 182 cryptkeyres 183 KEY_ENCRYPT(cryptkeyarg) = 2; 184 185 /* 186 * X just sent me a message. 187 * Decrypt the conversation key for me. 188 */ 189 cryptkeyres 190 KEY_DECRYPT(cryptkeyarg) = 3; 191 192 /* 193 * Generate a secure conversation key for me 194 */ 195 des_block 196 KEY_GEN(void) = 4; 197 198 /* 199 * Get me the uid, gid and group-access-list associated 200 * with this netname (for kernel which cannot use NIS) 201 */ 202 getcredres 203 KEY_GETCRED(netnamestr) = 5; 204 } = 1; 205 version KEY_VERS2 { 206 207 /* 208 * ####### 209 * Procedures 1-5 are identical to version 1 210 * ####### 211 */ 212 213 /* 214 * This is my secret key. 215 * Store it for me. 216 */ 217 keystatus 218 KEY_SET(keybuf) = 1; 219 220 /* 221 * I want to talk to X. 222 * Encrypt a conversation key for me. 223 */ 224 cryptkeyres 225 KEY_ENCRYPT(cryptkeyarg) = 2; 226 227 /* 228 * X just sent me a message. 229 * Decrypt the conversation key for me. 230 */ 231 cryptkeyres 232 KEY_DECRYPT(cryptkeyarg) = 3; 233 234 /* 235 * Generate a secure conversation key for me 236 */ 237 des_block 238 KEY_GEN(void) = 4; 239 240 /* 241 * Get me the uid, gid and group-access-list associated 242 * with this netname (for kernel which cannot use NIS) 243 */ 244 getcredres 245 KEY_GETCRED(netnamestr) = 5; 246 247 /* 248 * I want to talk to X. and I know X's public key 249 * Encrypt a conversation key for me. 250 */ 251 cryptkeyres 252 KEY_ENCRYPT_PK(cryptkeyarg2) = 6; 253 254 /* 255 * X just sent me a message. and I know X's public key 256 * Decrypt the conversation key for me. 257 */ 258 cryptkeyres 259 KEY_DECRYPT_PK(cryptkeyarg2) = 7; 260 261 /* 262 * Store my public key, netname and private key. 263 */ 264 keystatus 265 KEY_NET_PUT(key_netstarg) = 8; 266 267 /* 268 * Retrieve my public key, netname and private key. 269 */ 270 key_netstres 271 KEY_NET_GET(void) = 9; 272 273 /* 274 * Return me the conversation key that is constructed 275 * from my secret key and this publickey. 276 */ 277 278 cryptkeyres 279 KEY_GET_CONV(keybuf) = 10; 280 281 282 } = 2; 283 } = 100029; 284
