1%/*-
2% * Copyright (c) 2010, Oracle America, Inc.
3% *
4% * Redistribution and use in source and binary forms, with or without
5% * modification, are permitted provided that the following conditions are
6% * met:
7% *
8% *     * Redistributions of source code must retain the above copyright
9% *       notice, this list of conditions and the following disclaimer.
10% *     * Redistributions in binary form must reproduce the above
11% *       copyright notice, this list of conditions and the following
12% *       disclaimer in the documentation and/or other materials
13% *       provided with the distribution.
14% *     * Neither the name of the "Oracle America, Inc." nor the names of its
15% *       contributors may be used to endorse or promote products derived
16% *       from this software without specific prior written permission.
17% *
18% *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19% *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20% *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21% *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22% *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23% *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24% *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
25% *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26% *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27% *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28% *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29% *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30% */
31/*
32 * Key server protocol definition
33 * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
34 *
35 * The keyserver is a public key storage/encryption/decryption service
36 * The encryption method used is based on the Diffie-Hellman exponential
37 * key exchange technology.
38 *
39 * The key server is local to each machine, akin to the portmapper.
40 * Under TI-RPC, communication with the keyserver is through the
41 * loopback transport.
42 *
43 * NOTE: This .x file generates the USER level headers for the keyserver.
44 * the KERNEL level headers are created by hand as they kernel has special
45 * requirements.
46 */
47
48%/*
49% * Compiled from key_prot.x using rpcgen.
50% * DO NOT EDIT THIS FILE!
51% * This is NOT source code!
52% */
53
54/*
55 * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
56 *
57 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
58 * where p is also prime.
59 *
60 * PROOT satisfies the following two conditions:
61 * (1) (PROOT ** 2) % MODULUS != 1
62 * (2) (PROOT ** p) % MODULUS != 1
63 *
64 */
65
66const PROOT = 3;
67const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
68
69const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
70const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
71const KEYBYTES = 24;		/* byte length of key */
72
73/*
74 * The first 16 hex digits of the encrypted secret key are used as
75 * a checksum in the database.
76 */
77const KEYCHECKSUMSIZE = 16;
78
79/*
80 * status of operation
81 */
82enum keystatus {
83	KEY_SUCCESS,	/* no problems */
84	KEY_NOSECRET,	/* no secret key stored */
85	KEY_UNKNOWN,	/* unknown netname */
86	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
87};
88
89typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
90
91typedef string netnamestr<MAXNETNAMELEN>;
92
93/*
94 * Argument to ENCRYPT or DECRYPT
95 */
96struct cryptkeyarg {
97	netnamestr remotename;
98	des_block deskey;
99};
100
101/*
102 * Argument to ENCRYPT_PK or DECRYPT_PK
103 */
104struct cryptkeyarg2 {
105	netnamestr remotename;
106	netobj	remotekey;	/* Contains a length up to 1024 bytes */
107	des_block deskey;
108};
109
110
111/*
112 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
113 */
114union cryptkeyres switch (keystatus status) {
115case KEY_SUCCESS:
116	des_block deskey;
117default:
118	void;
119};
120
121const MAXGIDS  = 16;	/* max number of gids in gid list */
122
123/*
124 * Unix credential
125 */
126struct unixcred {
127	u_int uid;
128	u_int gid;
129	u_int gids<MAXGIDS>;
130};
131
132/*
133 * Result returned from GETCRED
134 */
135union getcredres switch (keystatus status) {
136case KEY_SUCCESS:
137	unixcred cred;
138default:
139	void;
140};
141/*
142 * key_netstarg;
143 */
144
145struct key_netstarg {
146	keybuf st_priv_key;
147	keybuf st_pub_key;
148	netnamestr st_netname;
149};
150
151union key_netstres switch (keystatus status){
152case KEY_SUCCESS:
153	key_netstarg knet;
154default:
155	void;
156};
157
158#ifdef RPC_HDR
159%
160%#ifndef opaque
161%#define opaque char
162%#endif
163%
164#endif
165program KEY_PROG {
166	version KEY_VERS {
167
168		/*
169		 * This is my secret key.
170	 	 * Store it for me.
171		 */
172		keystatus
173		KEY_SET(keybuf) = 1;
174
175		/*
176		 * I want to talk to X.
177		 * Encrypt a conversation key for me.
178	 	 */
179		cryptkeyres
180		KEY_ENCRYPT(cryptkeyarg) = 2;
181
182		/*
183		 * X just sent me a message.
184		 * Decrypt the conversation key for me.
185		 */
186		cryptkeyres
187		KEY_DECRYPT(cryptkeyarg) = 3;
188
189		/*
190		 * Generate a secure conversation key for me
191		 */
192		des_block
193		KEY_GEN(void) = 4;
194
195		/*
196		 * Get me the uid, gid and group-access-list associated
197		 * with this netname (for kernel which cannot use NIS)
198		 */
199		getcredres
200		KEY_GETCRED(netnamestr) = 5;
201	} = 1;
202	version KEY_VERS2 {
203
204		/*
205		 * #######
206		 * Procedures 1-5 are identical to version 1
207		 * #######
208		 */
209
210		/*
211		 * This is my secret key.
212	 	 * Store it for me.
213		 */
214		keystatus
215		KEY_SET(keybuf) = 1;
216
217		/*
218		 * I want to talk to X.
219		 * Encrypt a conversation key for me.
220	 	 */
221		cryptkeyres
222		KEY_ENCRYPT(cryptkeyarg) = 2;
223
224		/*
225		 * X just sent me a message.
226		 * Decrypt the conversation key for me.
227		 */
228		cryptkeyres
229		KEY_DECRYPT(cryptkeyarg) = 3;
230
231		/*
232		 * Generate a secure conversation key for me
233		 */
234		des_block
235		KEY_GEN(void) = 4;
236
237		/*
238		 * Get me the uid, gid and group-access-list associated
239		 * with this netname (for kernel which cannot use NIS)
240		 */
241		getcredres
242		KEY_GETCRED(netnamestr) = 5;
243
244		/*
245		 * I want to talk to X. and I know X's public key
246		 * Encrypt a conversation key for me.
247	 	 */
248		cryptkeyres
249		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
250
251		/*
252		 * X just sent me a message. and I know X's public key
253		 * Decrypt the conversation key for me.
254		 */
255		cryptkeyres
256		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
257
258		/*
259		 * Store my public key, netname and private key.
260		 */
261		keystatus
262		KEY_NET_PUT(key_netstarg) = 8;
263
264		/*
265		 * Retrieve my public key, netname and private key.
266		 */
267 		key_netstres
268		KEY_NET_GET(void) = 9;
269
270		/*
271		 * Return me the conversation key that is constructed
272		 * from my secret key and this publickey.
273		 */
274
275		cryptkeyres
276		KEY_GET_CONV(keybuf) = 10;
277
278
279	} = 2;
280} = 100029;
281
282
283