1%/*- 2% * Copyright (c) 2010, Oracle America, Inc. 3% * 4% * Redistribution and use in source and binary forms, with or without 5% * modification, are permitted provided that the following conditions are 6% * met: 7% * 8% * * Redistributions of source code must retain the above copyright 9% * notice, this list of conditions and the following disclaimer. 10% * * Redistributions in binary form must reproduce the above 11% * copyright notice, this list of conditions and the following 12% * disclaimer in the documentation and/or other materials 13% * provided with the distribution. 14% * * Neither the name of the "Oracle America, Inc." nor the names of its 15% * contributors may be used to endorse or promote products derived 16% * from this software without specific prior written permission. 17% * 18% * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19% * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20% * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 21% * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 22% * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 23% * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24% * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 25% * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26% * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27% * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28% * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29% * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30% */ 31/* 32 * Key server protocol definition 33 * Copyright (C) 1990, 1991 Sun Microsystems, Inc. 34 * 35 * The keyserver is a public key storage/encryption/decryption service 36 * The encryption method used is based on the Diffie-Hellman exponential 37 * key exchange technology. 38 * 39 * The key server is local to each machine, akin to the portmapper. 40 * Under TI-RPC, communication with the keyserver is through the 41 * loopback transport. 42 * 43 * NOTE: This .x file generates the USER level headers for the keyserver. 44 * the KERNEL level headers are created by hand as they kernel has special 45 * requirements. 46 */ 47 48%/* 49% * Compiled from key_prot.x using rpcgen. 50% * DO NOT EDIT THIS FILE! 51% * This is NOT source code! 52% */ 53 54/* 55 * PROOT and MODULUS define the way the Diffie-Hellman key is generated. 56 * 57 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, 58 * where p is also prime. 59 * 60 * PROOT satisfies the following two conditions: 61 * (1) (PROOT ** 2) % MODULUS != 1 62 * (2) (PROOT ** p) % MODULUS != 1 63 * 64 */ 65 66const PROOT = 3; 67const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; 68 69const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ 70const KEYSIZE = 192; /* KEYSIZE == bit length of key */ 71const KEYBYTES = 24; /* byte length of key */ 72 73/* 74 * The first 16 hex digits of the encrypted secret key are used as 75 * a checksum in the database. 76 */ 77const KEYCHECKSUMSIZE = 16; 78 79/* 80 * status of operation 81 */ 82enum keystatus { 83 KEY_SUCCESS, /* no problems */ 84 KEY_NOSECRET, /* no secret key stored */ 85 KEY_UNKNOWN, /* unknown netname */ 86 KEY_SYSTEMERR /* system error (out of memory, encryption failure) */ 87}; 88 89typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ 90 91typedef string netnamestr<MAXNETNAMELEN>; 92 93/* 94 * Argument to ENCRYPT or DECRYPT 95 */ 96struct cryptkeyarg { 97 netnamestr remotename; 98 des_block deskey; 99}; 100 101/* 102 * Argument to ENCRYPT_PK or DECRYPT_PK 103 */ 104struct cryptkeyarg2 { 105 netnamestr remotename; 106 netobj remotekey; /* Contains a length up to 1024 bytes */ 107 des_block deskey; 108}; 109 110 111/* 112 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK 113 */ 114union cryptkeyres switch (keystatus status) { 115case KEY_SUCCESS: 116 des_block deskey; 117default: 118 void; 119}; 120 121const MAXGIDS = 16; /* max number of gids in gid list */ 122 123/* 124 * Unix credential 125 */ 126struct unixcred { 127 u_int uid; 128 u_int gid; 129 u_int gids<MAXGIDS>; 130}; 131 132/* 133 * Result returned from GETCRED 134 */ 135union getcredres switch (keystatus status) { 136case KEY_SUCCESS: 137 unixcred cred; 138default: 139 void; 140}; 141/* 142 * key_netstarg; 143 */ 144 145struct key_netstarg { 146 keybuf st_priv_key; 147 keybuf st_pub_key; 148 netnamestr st_netname; 149}; 150 151union key_netstres switch (keystatus status){ 152case KEY_SUCCESS: 153 key_netstarg knet; 154default: 155 void; 156}; 157 158#ifdef RPC_HDR 159% 160%#ifndef opaque 161%#define opaque char 162%#endif 163% 164#endif 165program KEY_PROG { 166 version KEY_VERS { 167 168 /* 169 * This is my secret key. 170 * Store it for me. 171 */ 172 keystatus 173 KEY_SET(keybuf) = 1; 174 175 /* 176 * I want to talk to X. 177 * Encrypt a conversation key for me. 178 */ 179 cryptkeyres 180 KEY_ENCRYPT(cryptkeyarg) = 2; 181 182 /* 183 * X just sent me a message. 184 * Decrypt the conversation key for me. 185 */ 186 cryptkeyres 187 KEY_DECRYPT(cryptkeyarg) = 3; 188 189 /* 190 * Generate a secure conversation key for me 191 */ 192 des_block 193 KEY_GEN(void) = 4; 194 195 /* 196 * Get me the uid, gid and group-access-list associated 197 * with this netname (for kernel which cannot use NIS) 198 */ 199 getcredres 200 KEY_GETCRED(netnamestr) = 5; 201 } = 1; 202 version KEY_VERS2 { 203 204 /* 205 * ####### 206 * Procedures 1-5 are identical to version 1 207 * ####### 208 */ 209 210 /* 211 * This is my secret key. 212 * Store it for me. 213 */ 214 keystatus 215 KEY_SET(keybuf) = 1; 216 217 /* 218 * I want to talk to X. 219 * Encrypt a conversation key for me. 220 */ 221 cryptkeyres 222 KEY_ENCRYPT(cryptkeyarg) = 2; 223 224 /* 225 * X just sent me a message. 226 * Decrypt the conversation key for me. 227 */ 228 cryptkeyres 229 KEY_DECRYPT(cryptkeyarg) = 3; 230 231 /* 232 * Generate a secure conversation key for me 233 */ 234 des_block 235 KEY_GEN(void) = 4; 236 237 /* 238 * Get me the uid, gid and group-access-list associated 239 * with this netname (for kernel which cannot use NIS) 240 */ 241 getcredres 242 KEY_GETCRED(netnamestr) = 5; 243 244 /* 245 * I want to talk to X. and I know X's public key 246 * Encrypt a conversation key for me. 247 */ 248 cryptkeyres 249 KEY_ENCRYPT_PK(cryptkeyarg2) = 6; 250 251 /* 252 * X just sent me a message. and I know X's public key 253 * Decrypt the conversation key for me. 254 */ 255 cryptkeyres 256 KEY_DECRYPT_PK(cryptkeyarg2) = 7; 257 258 /* 259 * Store my public key, netname and private key. 260 */ 261 keystatus 262 KEY_NET_PUT(key_netstarg) = 8; 263 264 /* 265 * Retrieve my public key, netname and private key. 266 */ 267 key_netstres 268 KEY_NET_GET(void) = 9; 269 270 /* 271 * Return me the conversation key that is constructed 272 * from my secret key and this publickey. 273 */ 274 275 cryptkeyres 276 KEY_GET_CONV(keybuf) = 10; 277 278 279 } = 2; 280} = 100029; 281 282 283