xref: /freebsd/include/rpcsvc/key_prot.x (revision ea906c4152774dff300bb26fbfc1e4188351c89a)
1 %/*
2 % * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3 % * unrestricted use provided that this legend is included on all tape
4 % * media and as a part of the software program in whole or part.  Users
5 % * may copy or modify Sun RPC without charge, but are not authorized
6 % * to license or distribute it to anyone else except as part of a product or
7 % * program developed by the user.
8 % *
9 % * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10 % * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11 % * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12 % *
13 % * Sun RPC is provided with no support and without any obligation on the
14 % * part of Sun Microsystems, Inc. to assist in its use, correction,
15 % * modification or enhancement.
16 % *
17 % * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18 % * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19 % * OR ANY PART THEREOF.
20 % *
21 % * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22 % * or profits or other special, indirect and consequential damages, even if
23 % * Sun has been advised of the possibility of such damages.
24 % *
25 % * Sun Microsystems, Inc.
26 % * 2550 Garcia Avenue
27 % * Mountain View, California  94043
28 % */
29 /*
30  * Key server protocol definition
31  * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
32  *
33  * The keyserver is a public key storage/encryption/decryption service
34  * The encryption method used is based on the Diffie-Hellman exponential
35  * key exchange technology.
36  *
37  * The key server is local to each machine, akin to the portmapper.
38  * Under TI-RPC, communication with the keyserver is through the
39  * loopback transport.
40  *
41  * NOTE: This .x file generates the USER level headers for the keyserver.
42  * the KERNEL level headers are created by hand as they kernel has special
43  * requirements.
44  */
45 
46 %/* From: #pragma ident	"@(#)key_prot.x	1.7	94/04/29 SMI" */
47 %/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
48 %#include <sys/cdefs.h>
49 %__FBSDID("$FreeBSD$");
50 %
51 %/*
52 % * Compiled from key_prot.x using rpcgen.
53 % * DO NOT EDIT THIS FILE!
54 % * This is NOT source code!
55 % */
56 
57 /*
58  * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
59  *
60  * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
61  * where p is also prime.
62  *
63  * PROOT satisfies the following two conditions:
64  * (1) (PROOT ** 2) % MODULUS != 1
65  * (2) (PROOT ** p) % MODULUS != 1
66  *
67  */
68 
69 const PROOT = 3;
70 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
71 
72 const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
73 const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
74 const KEYBYTES = 24;		/* byte length of key */
75 
76 /*
77  * The first 16 hex digits of the encrypted secret key are used as
78  * a checksum in the database.
79  */
80 const KEYCHECKSUMSIZE = 16;
81 
82 /*
83  * status of operation
84  */
85 enum keystatus {
86 	KEY_SUCCESS,	/* no problems */
87 	KEY_NOSECRET,	/* no secret key stored */
88 	KEY_UNKNOWN,	/* unknown netname */
89 	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
90 };
91 
92 typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
93 
94 typedef string netnamestr<MAXNETNAMELEN>;
95 
96 /*
97  * Argument to ENCRYPT or DECRYPT
98  */
99 struct cryptkeyarg {
100 	netnamestr remotename;
101 	des_block deskey;
102 };
103 
104 /*
105  * Argument to ENCRYPT_PK or DECRYPT_PK
106  */
107 struct cryptkeyarg2 {
108 	netnamestr remotename;
109 	netobj	remotekey;	/* Contains a length up to 1024 bytes */
110 	des_block deskey;
111 };
112 
113 
114 /*
115  * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
116  */
117 union cryptkeyres switch (keystatus status) {
118 case KEY_SUCCESS:
119 	des_block deskey;
120 default:
121 	void;
122 };
123 
124 const MAXGIDS  = 16;	/* max number of gids in gid list */
125 
126 /*
127  * Unix credential
128  */
129 struct unixcred {
130 	u_int uid;
131 	u_int gid;
132 	u_int gids<MAXGIDS>;
133 };
134 
135 /*
136  * Result returned from GETCRED
137  */
138 union getcredres switch (keystatus status) {
139 case KEY_SUCCESS:
140 	unixcred cred;
141 default:
142 	void;
143 };
144 /*
145  * key_netstarg;
146  */
147 
148 struct key_netstarg {
149 	keybuf st_priv_key;
150 	keybuf st_pub_key;
151 	netnamestr st_netname;
152 };
153 
154 union key_netstres switch (keystatus status){
155 case KEY_SUCCESS:
156 	key_netstarg knet;
157 default:
158 	void;
159 };
160 
161 #ifdef RPC_HDR
162 %
163 %#ifndef opaque
164 %#define opaque char
165 %#endif
166 %
167 #endif
168 program KEY_PROG {
169 	version KEY_VERS {
170 
171 		/*
172 		 * This is my secret key.
173 	 	 * Store it for me.
174 		 */
175 		keystatus
176 		KEY_SET(keybuf) = 1;
177 
178 		/*
179 		 * I want to talk to X.
180 		 * Encrypt a conversation key for me.
181 	 	 */
182 		cryptkeyres
183 		KEY_ENCRYPT(cryptkeyarg) = 2;
184 
185 		/*
186 		 * X just sent me a message.
187 		 * Decrypt the conversation key for me.
188 		 */
189 		cryptkeyres
190 		KEY_DECRYPT(cryptkeyarg) = 3;
191 
192 		/*
193 		 * Generate a secure conversation key for me
194 		 */
195 		des_block
196 		KEY_GEN(void) = 4;
197 
198 		/*
199 		 * Get me the uid, gid and group-access-list associated
200 		 * with this netname (for kernel which cannot use NIS)
201 		 */
202 		getcredres
203 		KEY_GETCRED(netnamestr) = 5;
204 	} = 1;
205 	version KEY_VERS2 {
206 
207 		/*
208 		 * #######
209 		 * Procedures 1-5 are identical to version 1
210 		 * #######
211 		 */
212 
213 		/*
214 		 * This is my secret key.
215 	 	 * Store it for me.
216 		 */
217 		keystatus
218 		KEY_SET(keybuf) = 1;
219 
220 		/*
221 		 * I want to talk to X.
222 		 * Encrypt a conversation key for me.
223 	 	 */
224 		cryptkeyres
225 		KEY_ENCRYPT(cryptkeyarg) = 2;
226 
227 		/*
228 		 * X just sent me a message.
229 		 * Decrypt the conversation key for me.
230 		 */
231 		cryptkeyres
232 		KEY_DECRYPT(cryptkeyarg) = 3;
233 
234 		/*
235 		 * Generate a secure conversation key for me
236 		 */
237 		des_block
238 		KEY_GEN(void) = 4;
239 
240 		/*
241 		 * Get me the uid, gid and group-access-list associated
242 		 * with this netname (for kernel which cannot use NIS)
243 		 */
244 		getcredres
245 		KEY_GETCRED(netnamestr) = 5;
246 
247 		/*
248 		 * I want to talk to X. and I know X's public key
249 		 * Encrypt a conversation key for me.
250 	 	 */
251 		cryptkeyres
252 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
253 
254 		/*
255 		 * X just sent me a message. and I know X's public key
256 		 * Decrypt the conversation key for me.
257 		 */
258 		cryptkeyres
259 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
260 
261 		/*
262 		 * Store my public key, netname and private key.
263 		 */
264 		keystatus
265 		KEY_NET_PUT(key_netstarg) = 8;
266 
267 		/*
268 		 * Retrieve my public key, netname and private key.
269 		 */
270  		key_netstres
271 		KEY_NET_GET(void) = 9;
272 
273 		/*
274 		 * Return me the conversation key that is constructed
275 		 * from my secret key and this publickey.
276 		 */
277 
278 		cryptkeyres
279 		KEY_GET_CONV(keybuf) = 10;
280 
281 
282 	} = 2;
283 } = 100029;
284 
285 
286