xref: /freebsd/include/rpcsvc/key_prot.x (revision 5521ff5a4d1929056e7ffc982fac3341ca54df7c) 
1 %/*
2 % * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3 % * unrestricted use provided that this legend is included on all tape
4 % * media and as a part of the software program in whole or part.  Users
5 % * may copy or modify Sun RPC without charge, but are not authorized
6 % * to license or distribute it to anyone else except as part of a product or
7 % * program developed by the user.
8 % *
9 % * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10 % * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11 % * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12 % *
13 % * Sun RPC is provided with no support and without any obligation on the
14 % * part of Sun Microsystems, Inc. to assist in its use, correction,
15 % * modification or enhancement.
16 % *
17 % * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18 % * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19 % * OR ANY PART THEREOF.
20 % *
21 % * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22 % * or profits or other special, indirect and consequential damages, even if
23 % * Sun has been advised of the possibility of such damages.
24 % *
25 % * Sun Microsystems, Inc.
26 % * 2550 Garcia Avenue
27 % * Mountain View, California  94043
28 % */
29 /*
30  * Key server protocol definition
31  * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
32  *
33  * The keyserver is a public key storage/encryption/decryption service
34  * The encryption method used is based on the Diffie-Hellman exponential
35  * key exchange technology.
36  *
37  * The key server is local to each machine, akin to the portmapper.
38  * Under TI-RPC, communication with the keyserver is through the
39  * loopback transport.
40  *
41  * NOTE: This .x file generates the USER level headers for the keyserver.
42  * the KERNEL level headers are created by hand as they kernel has special
43  * requirements.
44  */
45 
46 %/* From: #pragma ident	"@(#)key_prot.x	1.7	94/04/29 SMI" */
47 %/* $FreeBSD$ */
48 %/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
49 %
50 %/*
51 % * Compiled from key_prot.x using rpcgen.
52 % * DO NOT EDIT THIS FILE!
53 % * This is NOT source code!
54 % */
55 
56 /*
57  * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
58  *
59  * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
60  * where p is also prime.
61  *
62  * PROOT satisfies the following two conditions:
63  * (1) (PROOT ** 2) % MODULUS != 1
64  * (2) (PROOT ** p) % MODULUS != 1
65  *
66  */
67 
68 const PROOT = 3;
69 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
70 
71 const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
72 const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
73 const KEYBYTES = 24;		/* byte length of key */
74 
75 /*
76  * The first 16 hex digits of the encrypted secret key are used as
77  * a checksum in the database.
78  */
79 const KEYCHECKSUMSIZE = 16;
80 
81 /*
82  * status of operation
83  */
84 enum keystatus {
85 	KEY_SUCCESS,	/* no problems */
86 	KEY_NOSECRET,	/* no secret key stored */
87 	KEY_UNKNOWN,	/* unknown netname */
88 	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
89 };
90 
91 typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
92 
93 typedef string netnamestr<MAXNETNAMELEN>;
94 
95 /*
96  * Argument to ENCRYPT or DECRYPT
97  */
98 struct cryptkeyarg {
99 	netnamestr remotename;
100 	des_block deskey;
101 };
102 
103 /*
104  * Argument to ENCRYPT_PK or DECRYPT_PK
105  */
106 struct cryptkeyarg2 {
107 	netnamestr remotename;
108 	netobj	remotekey;	/* Contains a length up to 1024 bytes */
109 	des_block deskey;
110 };
111 
112 
113 /*
114  * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
115  */
116 union cryptkeyres switch (keystatus status) {
117 case KEY_SUCCESS:
118 	des_block deskey;
119 default:
120 	void;
121 };
122 
123 const MAXGIDS  = 16;	/* max number of gids in gid list */
124 
125 /*
126  * Unix credential
127  */
128 struct unixcred {
129 	u_int uid;
130 	u_int gid;
131 	u_int gids<MAXGIDS>;
132 };
133 
134 /*
135  * Result returned from GETCRED
136  */
137 union getcredres switch (keystatus status) {
138 case KEY_SUCCESS:
139 	unixcred cred;
140 default:
141 	void;
142 };
143 /*
144  * key_netstarg;
145  */
146 
147 struct key_netstarg {
148 	keybuf st_priv_key;
149 	keybuf st_pub_key;
150 	netnamestr st_netname;
151 };
152 
153 union key_netstres switch (keystatus status){
154 case KEY_SUCCESS:
155 	key_netstarg knet;
156 default:
157 	void;
158 };
159 
160 #ifdef RPC_HDR
161 %
162 %#ifndef opaque
163 %#define opaque char
164 %#endif
165 %
166 #endif
167 program KEY_PROG {
168 	version KEY_VERS {
169 
170 		/*
171 		 * This is my secret key.
172 	 	 * Store it for me.
173 		 */
174 		keystatus
175 		KEY_SET(keybuf) = 1;
176 
177 		/*
178 		 * I want to talk to X.
179 		 * Encrypt a conversation key for me.
180 	 	 */
181 		cryptkeyres
182 		KEY_ENCRYPT(cryptkeyarg) = 2;
183 
184 		/*
185 		 * X just sent me a message.
186 		 * Decrypt the conversation key for me.
187 		 */
188 		cryptkeyres
189 		KEY_DECRYPT(cryptkeyarg) = 3;
190 
191 		/*
192 		 * Generate a secure conversation key for me
193 		 */
194 		des_block
195 		KEY_GEN(void) = 4;
196 
197 		/*
198 		 * Get me the uid, gid and group-access-list associated
199 		 * with this netname (for kernel which cannot use NIS)
200 		 */
201 		getcredres
202 		KEY_GETCRED(netnamestr) = 5;
203 	} = 1;
204 	version KEY_VERS2 {
205 
206 		/*
207 		 * #######
208 		 * Procedures 1-5 are identical to version 1
209 		 * #######
210 		 */
211 
212 		/*
213 		 * This is my secret key.
214 	 	 * Store it for me.
215 		 */
216 		keystatus
217 		KEY_SET(keybuf) = 1;
218 
219 		/*
220 		 * I want to talk to X.
221 		 * Encrypt a conversation key for me.
222 	 	 */
223 		cryptkeyres
224 		KEY_ENCRYPT(cryptkeyarg) = 2;
225 
226 		/*
227 		 * X just sent me a message.
228 		 * Decrypt the conversation key for me.
229 		 */
230 		cryptkeyres
231 		KEY_DECRYPT(cryptkeyarg) = 3;
232 
233 		/*
234 		 * Generate a secure conversation key for me
235 		 */
236 		des_block
237 		KEY_GEN(void) = 4;
238 
239 		/*
240 		 * Get me the uid, gid and group-access-list associated
241 		 * with this netname (for kernel which cannot use NIS)
242 		 */
243 		getcredres
244 		KEY_GETCRED(netnamestr) = 5;
245 
246 		/*
247 		 * I want to talk to X. and I know X's public key
248 		 * Encrypt a conversation key for me.
249 	 	 */
250 		cryptkeyres
251 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
252 
253 		/*
254 		 * X just sent me a message. and I know X's public key
255 		 * Decrypt the conversation key for me.
256 		 */
257 		cryptkeyres
258 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
259 
260 		/*
261 		 * Store my public key, netname and private key.
262 		 */
263 		keystatus
264 		KEY_NET_PUT(key_netstarg) = 8;
265 
266 		/*
267 		 * Retrieve my public key, netname and private key.
268 		 */
269  		key_netstres
270 		KEY_NET_GET(void) = 9;
271 
272 		/*
273 		 * Return me the conversation key that is constructed
274 		 * from my secret key and this publickey.
275 		 */
276 
277 		cryptkeyres
278 		KEY_GET_CONV(keybuf) = 10;
279 
280 
281 	} = 2;
282 } = 100029;
283 
284 
285