xref: /freebsd/include/rpcsvc/key_prot.x (revision b0d29bc47dba79f6f38e67eabadfb4b32ffd9390)
1 %/*-
2 % * Copyright (c) 2010, Oracle America, Inc.
3 % *
4 % * Redistribution and use in source and binary forms, with or without
5 % * modification, are permitted provided that the following conditions are
6 % * met:
7 % *
8 % *     * Redistributions of source code must retain the above copyright
9 % *       notice, this list of conditions and the following disclaimer.
10 % *     * Redistributions in binary form must reproduce the above
11 % *       copyright notice, this list of conditions and the following
12 % *       disclaimer in the documentation and/or other materials
13 % *       provided with the distribution.
14 % *     * Neither the name of the "Oracle America, Inc." nor the names of its
15 % *       contributors may be used to endorse or promote products derived
16 % *       from this software without specific prior written permission.
17 % *
18 % *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 % *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 % *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21 % *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22 % *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 % *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 % *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
25 % *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 % *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 % *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28 % *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 % *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 % */
31 /*
32  * Key server protocol definition
33  * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
34  *
35  * The keyserver is a public key storage/encryption/decryption service
36  * The encryption method used is based on the Diffie-Hellman exponential
37  * key exchange technology.
38  *
39  * The key server is local to each machine, akin to the portmapper.
40  * Under TI-RPC, communication with the keyserver is through the
41  * loopback transport.
42  *
43  * NOTE: This .x file generates the USER level headers for the keyserver.
44  * the KERNEL level headers are created by hand as they kernel has special
45  * requirements.
46  */
47 
48 %/* From: #pragma ident	"@(#)key_prot.x	1.7	94/04/29 SMI" */
49 %/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
50 %#include <sys/cdefs.h>
51 %__FBSDID("$FreeBSD$");
52 %
53 %/*
54 % * Compiled from key_prot.x using rpcgen.
55 % * DO NOT EDIT THIS FILE!
56 % * This is NOT source code!
57 % */
58 
59 /*
60  * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
61  *
62  * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
63  * where p is also prime.
64  *
65  * PROOT satisfies the following two conditions:
66  * (1) (PROOT ** 2) % MODULUS != 1
67  * (2) (PROOT ** p) % MODULUS != 1
68  *
69  */
70 
71 const PROOT = 3;
72 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
73 
74 const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
75 const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
76 const KEYBYTES = 24;		/* byte length of key */
77 
78 /*
79  * The first 16 hex digits of the encrypted secret key are used as
80  * a checksum in the database.
81  */
82 const KEYCHECKSUMSIZE = 16;
83 
84 /*
85  * status of operation
86  */
87 enum keystatus {
88 	KEY_SUCCESS,	/* no problems */
89 	KEY_NOSECRET,	/* no secret key stored */
90 	KEY_UNKNOWN,	/* unknown netname */
91 	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
92 };
93 
94 typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
95 
96 typedef string netnamestr<MAXNETNAMELEN>;
97 
98 /*
99  * Argument to ENCRYPT or DECRYPT
100  */
101 struct cryptkeyarg {
102 	netnamestr remotename;
103 	des_block deskey;
104 };
105 
106 /*
107  * Argument to ENCRYPT_PK or DECRYPT_PK
108  */
109 struct cryptkeyarg2 {
110 	netnamestr remotename;
111 	netobj	remotekey;	/* Contains a length up to 1024 bytes */
112 	des_block deskey;
113 };
114 
115 
116 /*
117  * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
118  */
119 union cryptkeyres switch (keystatus status) {
120 case KEY_SUCCESS:
121 	des_block deskey;
122 default:
123 	void;
124 };
125 
126 const MAXGIDS  = 16;	/* max number of gids in gid list */
127 
128 /*
129  * Unix credential
130  */
131 struct unixcred {
132 	u_int uid;
133 	u_int gid;
134 	u_int gids<MAXGIDS>;
135 };
136 
137 /*
138  * Result returned from GETCRED
139  */
140 union getcredres switch (keystatus status) {
141 case KEY_SUCCESS:
142 	unixcred cred;
143 default:
144 	void;
145 };
146 /*
147  * key_netstarg;
148  */
149 
150 struct key_netstarg {
151 	keybuf st_priv_key;
152 	keybuf st_pub_key;
153 	netnamestr st_netname;
154 };
155 
156 union key_netstres switch (keystatus status){
157 case KEY_SUCCESS:
158 	key_netstarg knet;
159 default:
160 	void;
161 };
162 
163 #ifdef RPC_HDR
164 %
165 %#ifndef opaque
166 %#define opaque char
167 %#endif
168 %
169 #endif
170 program KEY_PROG {
171 	version KEY_VERS {
172 
173 		/*
174 		 * This is my secret key.
175 	 	 * Store it for me.
176 		 */
177 		keystatus
178 		KEY_SET(keybuf) = 1;
179 
180 		/*
181 		 * I want to talk to X.
182 		 * Encrypt a conversation key for me.
183 	 	 */
184 		cryptkeyres
185 		KEY_ENCRYPT(cryptkeyarg) = 2;
186 
187 		/*
188 		 * X just sent me a message.
189 		 * Decrypt the conversation key for me.
190 		 */
191 		cryptkeyres
192 		KEY_DECRYPT(cryptkeyarg) = 3;
193 
194 		/*
195 		 * Generate a secure conversation key for me
196 		 */
197 		des_block
198 		KEY_GEN(void) = 4;
199 
200 		/*
201 		 * Get me the uid, gid and group-access-list associated
202 		 * with this netname (for kernel which cannot use NIS)
203 		 */
204 		getcredres
205 		KEY_GETCRED(netnamestr) = 5;
206 	} = 1;
207 	version KEY_VERS2 {
208 
209 		/*
210 		 * #######
211 		 * Procedures 1-5 are identical to version 1
212 		 * #######
213 		 */
214 
215 		/*
216 		 * This is my secret key.
217 	 	 * Store it for me.
218 		 */
219 		keystatus
220 		KEY_SET(keybuf) = 1;
221 
222 		/*
223 		 * I want to talk to X.
224 		 * Encrypt a conversation key for me.
225 	 	 */
226 		cryptkeyres
227 		KEY_ENCRYPT(cryptkeyarg) = 2;
228 
229 		/*
230 		 * X just sent me a message.
231 		 * Decrypt the conversation key for me.
232 		 */
233 		cryptkeyres
234 		KEY_DECRYPT(cryptkeyarg) = 3;
235 
236 		/*
237 		 * Generate a secure conversation key for me
238 		 */
239 		des_block
240 		KEY_GEN(void) = 4;
241 
242 		/*
243 		 * Get me the uid, gid and group-access-list associated
244 		 * with this netname (for kernel which cannot use NIS)
245 		 */
246 		getcredres
247 		KEY_GETCRED(netnamestr) = 5;
248 
249 		/*
250 		 * I want to talk to X. and I know X's public key
251 		 * Encrypt a conversation key for me.
252 	 	 */
253 		cryptkeyres
254 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
255 
256 		/*
257 		 * X just sent me a message. and I know X's public key
258 		 * Decrypt the conversation key for me.
259 		 */
260 		cryptkeyres
261 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
262 
263 		/*
264 		 * Store my public key, netname and private key.
265 		 */
266 		keystatus
267 		KEY_NET_PUT(key_netstarg) = 8;
268 
269 		/*
270 		 * Retrieve my public key, netname and private key.
271 		 */
272  		key_netstres
273 		KEY_NET_GET(void) = 9;
274 
275 		/*
276 		 * Return me the conversation key that is constructed
277 		 * from my secret key and this publickey.
278 		 */
279 
280 		cryptkeyres
281 		KEY_GET_CONV(keybuf) = 10;
282 
283 
284 	} = 2;
285 } = 100029;
286 
287 
288