xref: /freebsd/include/rpcsvc/key_prot.x (revision 5e3934b15a2741b2de6b217e77dc9d798d740804)
1 %/*-
2 % * Copyright (c) 2010, Oracle America, Inc.
3 % *
4 % * Redistribution and use in source and binary forms, with or without
5 % * modification, are permitted provided that the following conditions are
6 % * met:
7 % *
8 % *     * Redistributions of source code must retain the above copyright
9 % *       notice, this list of conditions and the following disclaimer.
10 % *     * Redistributions in binary form must reproduce the above
11 % *       copyright notice, this list of conditions and the following
12 % *       disclaimer in the documentation and/or other materials
13 % *       provided with the distribution.
14 % *     * Neither the name of the "Oracle America, Inc." nor the names of its
15 % *       contributors may be used to endorse or promote products derived
16 % *       from this software without specific prior written permission.
17 % *
18 % *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 % *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 % *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21 % *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22 % *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 % *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 % *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
25 % *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 % *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 % *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28 % *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 % *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 % */
31 /*
32  * Key server protocol definition
33  * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
34  *
35  * The keyserver is a public key storage/encryption/decryption service
36  * The encryption method used is based on the Diffie-Hellman exponential
37  * key exchange technology.
38  *
39  * The key server is local to each machine, akin to the portmapper.
40  * Under TI-RPC, communication with the keyserver is through the
41  * loopback transport.
42  *
43  * NOTE: This .x file generates the USER level headers for the keyserver.
44  * the KERNEL level headers are created by hand as they kernel has special
45  * requirements.
46  */
47 
48 %/*
49 % * Compiled from key_prot.x using rpcgen.
50 % * DO NOT EDIT THIS FILE!
51 % * This is NOT source code!
52 % */
53 
54 /*
55  * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
56  *
57  * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
58  * where p is also prime.
59  *
60  * PROOT satisfies the following two conditions:
61  * (1) (PROOT ** 2) % MODULUS != 1
62  * (2) (PROOT ** p) % MODULUS != 1
63  *
64  */
65 
66 const PROOT = 3;
67 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
68 
69 const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
70 const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
71 const KEYBYTES = 24;		/* byte length of key */
72 
73 /*
74  * The first 16 hex digits of the encrypted secret key are used as
75  * a checksum in the database.
76  */
77 const KEYCHECKSUMSIZE = 16;
78 
79 /*
80  * status of operation
81  */
82 enum keystatus {
83 	KEY_SUCCESS,	/* no problems */
84 	KEY_NOSECRET,	/* no secret key stored */
85 	KEY_UNKNOWN,	/* unknown netname */
86 	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
87 };
88 
89 typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
90 
91 typedef string netnamestr<MAXNETNAMELEN>;
92 
93 /*
94  * Argument to ENCRYPT or DECRYPT
95  */
96 struct cryptkeyarg {
97 	netnamestr remotename;
98 	des_block deskey;
99 };
100 
101 /*
102  * Argument to ENCRYPT_PK or DECRYPT_PK
103  */
104 struct cryptkeyarg2 {
105 	netnamestr remotename;
106 	netobj	remotekey;	/* Contains a length up to 1024 bytes */
107 	des_block deskey;
108 };
109 
110 
111 /*
112  * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
113  */
114 union cryptkeyres switch (keystatus status) {
115 case KEY_SUCCESS:
116 	des_block deskey;
117 default:
118 	void;
119 };
120 
121 const MAXGIDS  = 16;	/* max number of gids in gid list */
122 
123 /*
124  * Unix credential
125  */
126 struct unixcred {
127 	u_int uid;
128 	u_int gid;
129 	u_int gids<MAXGIDS>;
130 };
131 
132 /*
133  * Result returned from GETCRED
134  */
135 union getcredres switch (keystatus status) {
136 case KEY_SUCCESS:
137 	unixcred cred;
138 default:
139 	void;
140 };
141 /*
142  * key_netstarg;
143  */
144 
145 struct key_netstarg {
146 	keybuf st_priv_key;
147 	keybuf st_pub_key;
148 	netnamestr st_netname;
149 };
150 
151 union key_netstres switch (keystatus status){
152 case KEY_SUCCESS:
153 	key_netstarg knet;
154 default:
155 	void;
156 };
157 
158 #ifdef RPC_HDR
159 %
160 %#ifndef opaque
161 %#define opaque char
162 %#endif
163 %
164 #endif
165 program KEY_PROG {
166 	version KEY_VERS {
167 
168 		/*
169 		 * This is my secret key.
170 	 	 * Store it for me.
171 		 */
172 		keystatus
173 		KEY_SET(keybuf) = 1;
174 
175 		/*
176 		 * I want to talk to X.
177 		 * Encrypt a conversation key for me.
178 	 	 */
179 		cryptkeyres
180 		KEY_ENCRYPT(cryptkeyarg) = 2;
181 
182 		/*
183 		 * X just sent me a message.
184 		 * Decrypt the conversation key for me.
185 		 */
186 		cryptkeyres
187 		KEY_DECRYPT(cryptkeyarg) = 3;
188 
189 		/*
190 		 * Generate a secure conversation key for me
191 		 */
192 		des_block
193 		KEY_GEN(void) = 4;
194 
195 		/*
196 		 * Get me the uid, gid and group-access-list associated
197 		 * with this netname (for kernel which cannot use NIS)
198 		 */
199 		getcredres
200 		KEY_GETCRED(netnamestr) = 5;
201 	} = 1;
202 	version KEY_VERS2 {
203 
204 		/*
205 		 * #######
206 		 * Procedures 1-5 are identical to version 1
207 		 * #######
208 		 */
209 
210 		/*
211 		 * This is my secret key.
212 	 	 * Store it for me.
213 		 */
214 		keystatus
215 		KEY_SET(keybuf) = 1;
216 
217 		/*
218 		 * I want to talk to X.
219 		 * Encrypt a conversation key for me.
220 	 	 */
221 		cryptkeyres
222 		KEY_ENCRYPT(cryptkeyarg) = 2;
223 
224 		/*
225 		 * X just sent me a message.
226 		 * Decrypt the conversation key for me.
227 		 */
228 		cryptkeyres
229 		KEY_DECRYPT(cryptkeyarg) = 3;
230 
231 		/*
232 		 * Generate a secure conversation key for me
233 		 */
234 		des_block
235 		KEY_GEN(void) = 4;
236 
237 		/*
238 		 * Get me the uid, gid and group-access-list associated
239 		 * with this netname (for kernel which cannot use NIS)
240 		 */
241 		getcredres
242 		KEY_GETCRED(netnamestr) = 5;
243 
244 		/*
245 		 * I want to talk to X. and I know X's public key
246 		 * Encrypt a conversation key for me.
247 	 	 */
248 		cryptkeyres
249 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
250 
251 		/*
252 		 * X just sent me a message. and I know X's public key
253 		 * Decrypt the conversation key for me.
254 		 */
255 		cryptkeyres
256 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
257 
258 		/*
259 		 * Store my public key, netname and private key.
260 		 */
261 		keystatus
262 		KEY_NET_PUT(key_netstarg) = 8;
263 
264 		/*
265 		 * Retrieve my public key, netname and private key.
266 		 */
267  		key_netstres
268 		KEY_NET_GET(void) = 9;
269 
270 		/*
271 		 * Return me the conversation key that is constructed
272 		 * from my secret key and this publickey.
273 		 */
274 
275 		cryptkeyres
276 		KEY_GET_CONV(keybuf) = 10;
277 
278 
279 	} = 2;
280 } = 100029;
281 
282 
283