1%/*
2% * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3% * unrestricted use provided that this legend is included on all tape
4% * media and as a part of the software program in whole or part.  Users
5% * may copy or modify Sun RPC without charge, but are not authorized
6% * to license or distribute it to anyone else except as part of a product or
7% * program developed by the user.
8% *
9% * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10% * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11% * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12% *
13% * Sun RPC is provided with no support and without any obligation on the
14% * part of Sun Microsystems, Inc. to assist in its use, correction,
15% * modification or enhancement.
16% *
17% * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18% * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19% * OR ANY PART THEREOF.
20% *
21% * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22% * or profits or other special, indirect and consequential damages, even if
23% * Sun has been advised of the possibility of such damages.
24% *
25% * Sun Microsystems, Inc.
26% * 2550 Garcia Avenue
27% * Mountain View, California  94043
28% */
29/*
30 * Key server protocol definition
31 * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
32 *
33 * The keyserver is a public key storage/encryption/decryption service
34 * The encryption method used is based on the Diffie-Hellman exponential
35 * key exchange technology.
36 *
37 * The key server is local to each machine, akin to the portmapper.
38 * Under TI-RPC, communication with the keyserver is through the
39 * loopback transport.
40 *
41 * NOTE: This .x file generates the USER level headers for the keyserver.
42 * the KERNEL level headers are created by hand as they kernel has special
43 * requirements.
44 */
45
46%/* From: #pragma ident	"@(#)key_prot.x	1.7	94/04/29 SMI" */
47%/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
48%#include <sys/cdefs.h>
49%__FBSDID("$FreeBSD$");
50%
51%/*
52% * Compiled from key_prot.x using rpcgen.
53% * DO NOT EDIT THIS FILE!
54% * This is NOT source code!
55% */
56
57/*
58 * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
59 *
60 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
61 * where p is also prime.
62 *
63 * PROOT satisfies the following two conditions:
64 * (1) (PROOT ** 2) % MODULUS != 1
65 * (2) (PROOT ** p) % MODULUS != 1
66 *
67 */
68
69const PROOT = 3;
70const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
71
72const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
73const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
74const KEYBYTES = 24;		/* byte length of key */
75
76/*
77 * The first 16 hex digits of the encrypted secret key are used as
78 * a checksum in the database.
79 */
80const KEYCHECKSUMSIZE = 16;
81
82/*
83 * status of operation
84 */
85enum keystatus {
86	KEY_SUCCESS,	/* no problems */
87	KEY_NOSECRET,	/* no secret key stored */
88	KEY_UNKNOWN,	/* unknown netname */
89	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
90};
91
92typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
93
94typedef string netnamestr<MAXNETNAMELEN>;
95
96/*
97 * Argument to ENCRYPT or DECRYPT
98 */
99struct cryptkeyarg {
100	netnamestr remotename;
101	des_block deskey;
102};
103
104/*
105 * Argument to ENCRYPT_PK or DECRYPT_PK
106 */
107struct cryptkeyarg2 {
108	netnamestr remotename;
109	netobj	remotekey;	/* Contains a length up to 1024 bytes */
110	des_block deskey;
111};
112
113
114/*
115 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
116 */
117union cryptkeyres switch (keystatus status) {
118case KEY_SUCCESS:
119	des_block deskey;
120default:
121	void;
122};
123
124const MAXGIDS  = 16;	/* max number of gids in gid list */
125
126/*
127 * Unix credential
128 */
129struct unixcred {
130	u_int uid;
131	u_int gid;
132	u_int gids<MAXGIDS>;
133};
134
135/*
136 * Result returned from GETCRED
137 */
138union getcredres switch (keystatus status) {
139case KEY_SUCCESS:
140	unixcred cred;
141default:
142	void;
143};
144/*
145 * key_netstarg;
146 */
147
148struct key_netstarg {
149	keybuf st_priv_key;
150	keybuf st_pub_key;
151	netnamestr st_netname;
152};
153
154union key_netstres switch (keystatus status){
155case KEY_SUCCESS:
156	key_netstarg knet;
157default:
158	void;
159};
160
161#ifdef RPC_HDR
162%
163%#ifndef opaque
164%#define opaque char
165%#endif
166%
167#endif
168program KEY_PROG {
169	version KEY_VERS {
170
171		/*
172		 * This is my secret key.
173	 	 * Store it for me.
174		 */
175		keystatus
176		KEY_SET(keybuf) = 1;
177
178		/*
179		 * I want to talk to X.
180		 * Encrypt a conversation key for me.
181	 	 */
182		cryptkeyres
183		KEY_ENCRYPT(cryptkeyarg) = 2;
184
185		/*
186		 * X just sent me a message.
187		 * Decrypt the conversation key for me.
188		 */
189		cryptkeyres
190		KEY_DECRYPT(cryptkeyarg) = 3;
191
192		/*
193		 * Generate a secure conversation key for me
194		 */
195		des_block
196		KEY_GEN(void) = 4;
197
198		/*
199		 * Get me the uid, gid and group-access-list associated
200		 * with this netname (for kernel which cannot use NIS)
201		 */
202		getcredres
203		KEY_GETCRED(netnamestr) = 5;
204	} = 1;
205	version KEY_VERS2 {
206
207		/*
208		 * #######
209		 * Procedures 1-5 are identical to version 1
210		 * #######
211		 */
212
213		/*
214		 * This is my secret key.
215	 	 * Store it for me.
216		 */
217		keystatus
218		KEY_SET(keybuf) = 1;
219
220		/*
221		 * I want to talk to X.
222		 * Encrypt a conversation key for me.
223	 	 */
224		cryptkeyres
225		KEY_ENCRYPT(cryptkeyarg) = 2;
226
227		/*
228		 * X just sent me a message.
229		 * Decrypt the conversation key for me.
230		 */
231		cryptkeyres
232		KEY_DECRYPT(cryptkeyarg) = 3;
233
234		/*
235		 * Generate a secure conversation key for me
236		 */
237		des_block
238		KEY_GEN(void) = 4;
239
240		/*
241		 * Get me the uid, gid and group-access-list associated
242		 * with this netname (for kernel which cannot use NIS)
243		 */
244		getcredres
245		KEY_GETCRED(netnamestr) = 5;
246
247		/*
248		 * I want to talk to X. and I know X's public key
249		 * Encrypt a conversation key for me.
250	 	 */
251		cryptkeyres
252		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
253
254		/*
255		 * X just sent me a message. and I know X's public key
256		 * Decrypt the conversation key for me.
257		 */
258		cryptkeyres
259		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
260
261		/*
262		 * Store my public key, netname and private key.
263		 */
264		keystatus
265		KEY_NET_PUT(key_netstarg) = 8;
266
267		/*
268		 * Retrieve my public key, netname and private key.
269		 */
270 		key_netstres
271		KEY_NET_GET(void) = 9;
272
273		/*
274		 * Return me the conversation key that is constructed
275		 * from my secret key and this publickey.
276		 */
277
278		cryptkeyres
279		KEY_GET_CONV(keybuf) = 10;
280
281
282	} = 2;
283} = 100029;
284
285
286