key_prot.x revision 272850
1%/*- 2% * Copyright (c) 2010, Oracle America, Inc. 3% * 4% * Redistribution and use in source and binary forms, with or without 5% * modification, are permitted provided that the following conditions are 6% * met: 7% * 8% * * Redistributions of source code must retain the above copyright 9% * notice, this list of conditions and the following disclaimer. 10% * * Redistributions in binary form must reproduce the above 11% * copyright notice, this list of conditions and the following 12% * disclaimer in the documentation and/or other materials 13% * provided with the distribution. 14% * * Neither the name of the "Oracle America, Inc." nor the names of its 15% * contributors may be used to endorse or promote products derived 16% * from this software without specific prior written permission. 17% * 18% * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19% * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20% * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 21% * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 22% * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 23% * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24% * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 25% * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26% * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27% * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28% * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29% * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30% */ 31/* 32 * Key server protocol definition 33 * Copyright (C) 1990, 1991 Sun Microsystems, Inc. 34 * 35 * The keyserver is a public key storage/encryption/decryption service 36 * The encryption method used is based on the Diffie-Hellman exponential 37 * key exchange technology. 38 * 39 * The key server is local to each machine, akin to the portmapper. 40 * Under TI-RPC, communication with the keyserver is through the 41 * loopback transport. 42 * 43 * NOTE: This .x file generates the USER level headers for the keyserver. 44 * the KERNEL level headers are created by hand as they kernel has special 45 * requirements. 46 */ 47 48%/* From: #pragma ident "@(#)key_prot.x 1.7 94/04/29 SMI" */ 49%/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ 50%#include <sys/cdefs.h> 51%__FBSDID("$FreeBSD: stable/10/include/rpcsvc/key_prot.x 272850 2014-10-09 23:05:32Z hrs $"); 52% 53%/* 54% * Compiled from key_prot.x using rpcgen. 55% * DO NOT EDIT THIS FILE! 56% * This is NOT source code! 57% */ 58 59/* 60 * PROOT and MODULUS define the way the Diffie-Hellman key is generated. 61 * 62 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, 63 * where p is also prime. 64 * 65 * PROOT satisfies the following two conditions: 66 * (1) (PROOT ** 2) % MODULUS != 1 67 * (2) (PROOT ** p) % MODULUS != 1 68 * 69 */ 70 71const PROOT = 3; 72const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; 73 74const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ 75const KEYSIZE = 192; /* KEYSIZE == bit length of key */ 76const KEYBYTES = 24; /* byte length of key */ 77 78/* 79 * The first 16 hex digits of the encrypted secret key are used as 80 * a checksum in the database. 81 */ 82const KEYCHECKSUMSIZE = 16; 83 84/* 85 * status of operation 86 */ 87enum keystatus { 88 KEY_SUCCESS, /* no problems */ 89 KEY_NOSECRET, /* no secret key stored */ 90 KEY_UNKNOWN, /* unknown netname */ 91 KEY_SYSTEMERR /* system error (out of memory, encryption failure) */ 92}; 93 94typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ 95 96typedef string netnamestr<MAXNETNAMELEN>; 97 98/* 99 * Argument to ENCRYPT or DECRYPT 100 */ 101struct cryptkeyarg { 102 netnamestr remotename; 103 des_block deskey; 104}; 105 106/* 107 * Argument to ENCRYPT_PK or DECRYPT_PK 108 */ 109struct cryptkeyarg2 { 110 netnamestr remotename; 111 netobj remotekey; /* Contains a length up to 1024 bytes */ 112 des_block deskey; 113}; 114 115 116/* 117 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK 118 */ 119union cryptkeyres switch (keystatus status) { 120case KEY_SUCCESS: 121 des_block deskey; 122default: 123 void; 124}; 125 126const MAXGIDS = 16; /* max number of gids in gid list */ 127 128/* 129 * Unix credential 130 */ 131struct unixcred { 132 u_int uid; 133 u_int gid; 134 u_int gids<MAXGIDS>; 135}; 136 137/* 138 * Result returned from GETCRED 139 */ 140union getcredres switch (keystatus status) { 141case KEY_SUCCESS: 142 unixcred cred; 143default: 144 void; 145}; 146/* 147 * key_netstarg; 148 */ 149 150struct key_netstarg { 151 keybuf st_priv_key; 152 keybuf st_pub_key; 153 netnamestr st_netname; 154}; 155 156union key_netstres switch (keystatus status){ 157case KEY_SUCCESS: 158 key_netstarg knet; 159default: 160 void; 161}; 162 163#ifdef RPC_HDR 164% 165%#ifndef opaque 166%#define opaque char 167%#endif 168% 169#endif 170program KEY_PROG { 171 version KEY_VERS { 172 173 /* 174 * This is my secret key. 175 * Store it for me. 176 */ 177 keystatus 178 KEY_SET(keybuf) = 1; 179 180 /* 181 * I want to talk to X. 182 * Encrypt a conversation key for me. 183 */ 184 cryptkeyres 185 KEY_ENCRYPT(cryptkeyarg) = 2; 186 187 /* 188 * X just sent me a message. 189 * Decrypt the conversation key for me. 190 */ 191 cryptkeyres 192 KEY_DECRYPT(cryptkeyarg) = 3; 193 194 /* 195 * Generate a secure conversation key for me 196 */ 197 des_block 198 KEY_GEN(void) = 4; 199 200 /* 201 * Get me the uid, gid and group-access-list associated 202 * with this netname (for kernel which cannot use NIS) 203 */ 204 getcredres 205 KEY_GETCRED(netnamestr) = 5; 206 } = 1; 207 version KEY_VERS2 { 208 209 /* 210 * ####### 211 * Procedures 1-5 are identical to version 1 212 * ####### 213 */ 214 215 /* 216 * This is my secret key. 217 * Store it for me. 218 */ 219 keystatus 220 KEY_SET(keybuf) = 1; 221 222 /* 223 * I want to talk to X. 224 * Encrypt a conversation key for me. 225 */ 226 cryptkeyres 227 KEY_ENCRYPT(cryptkeyarg) = 2; 228 229 /* 230 * X just sent me a message. 231 * Decrypt the conversation key for me. 232 */ 233 cryptkeyres 234 KEY_DECRYPT(cryptkeyarg) = 3; 235 236 /* 237 * Generate a secure conversation key for me 238 */ 239 des_block 240 KEY_GEN(void) = 4; 241 242 /* 243 * Get me the uid, gid and group-access-list associated 244 * with this netname (for kernel which cannot use NIS) 245 */ 246 getcredres 247 KEY_GETCRED(netnamestr) = 5; 248 249 /* 250 * I want to talk to X. and I know X's public key 251 * Encrypt a conversation key for me. 252 */ 253 cryptkeyres 254 KEY_ENCRYPT_PK(cryptkeyarg2) = 6; 255 256 /* 257 * X just sent me a message. and I know X's public key 258 * Decrypt the conversation key for me. 259 */ 260 cryptkeyres 261 KEY_DECRYPT_PK(cryptkeyarg2) = 7; 262 263 /* 264 * Store my public key, netname and private key. 265 */ 266 keystatus 267 KEY_NET_PUT(key_netstarg) = 8; 268 269 /* 270 * Retrieve my public key, netname and private key. 271 */ 272 key_netstres 273 KEY_NET_GET(void) = 9; 274 275 /* 276 * Return me the conversation key that is constructed 277 * from my secret key and this publickey. 278 */ 279 280 cryptkeyres 281 KEY_GET_CONV(keybuf) = 10; 282 283 284 } = 2; 285} = 100029; 286 287 288