1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Key server protocol definition 24 * Copyright (C) 1990, 1991 Sun Microsystems, Inc. 25 * 26 * The keyserver is a public key storage/encryption/decryption service 27 * The encryption method used is based on the Diffie-Hellman exponential 28 * key exchange technology. 29 * 30 * The key server is local to each machine, akin to the portmapper. 31 * Under TI-RPC, communication with the keyserver is through the 32 * loopback transport. 33 * 34 * NOTE: This .x file generates the USER level headers for the keyserver. 35 * the KERNEL level headers are created by hand as they kernel has special 36 * requirements. 37 */ 38 39 % 40 %/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ 41 % 42 %/* 43 % * Compiled from key_prot.x using rpcgen. 44 % * DO NOT EDIT THIS FILE! 45 % * This is NOT source code! 46 % */ 47 48 /* 49 * PROOT and MODULUS define the way the Diffie-Hellman key is generated. 50 * 51 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, 52 * where p is also prime. 53 * 54 * PROOT satisfies the following two conditions: 55 * (1) (PROOT ** 2) % MODULUS != 1 56 * (2) (PROOT ** p) % MODULUS != 1 57 * 58 */ 59 60 const PROOT = 3; 61 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; 62 63 const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ 64 const KEYSIZE = 192; /* KEYSIZE == bit length of key */ 65 const KEYBYTES = 24; /* byte length of key */ 66 67 /* 68 * The first 16 hex digits of the encrypted secret key are used as 69 * a checksum in the database. 70 */ 71 const KEYCHECKSUMSIZE = 16; 72 73 /* 74 * status of operation 75 */ 76 enum keystatus { 77 KEY_SUCCESS, /* no problems */ 78 KEY_NOSECRET, /* no secret key stored */ 79 KEY_UNKNOWN, /* unknown netname */ 80 KEY_SYSTEMERR, /* system error (out of memory, encryption failure) */ 81 KEY_BADALG, /* unknown algorithm type */ 82 KEY_BADLEN /* unsupported keysize */ 83 }; 84 85 typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ 86 typedef opaque keybuf3<>; /* store key in binary */ 87 88 typedef string netnamestr<MAXNETNAMELEN>; 89 90 /* 91 * algorithm type & key size 92 */ 93 typedef int keylen_t; 94 typedef int algtype_t; 95 96 struct mechtype { 97 keylen_t keylen; 98 algtype_t algtype; 99 }; 100 101 /* 102 * number of keys for KEY_GEN_3 to return 103 */ 104 typedef int keynum_t; 105 106 /* 107 * Result of KEY_GEN_3 108 */ 109 typedef des_block deskeyarray<>; 110 111 /* 112 * Argument to ENCRYPT or DECRYPT 113 */ 114 struct cryptkeyarg { 115 netnamestr remotename; 116 des_block deskey; 117 }; 118 119 /* 120 * Argument to ENCRYPT_PK or DECRYPT_PK 121 */ 122 struct cryptkeyarg2 { 123 netnamestr remotename; 124 netobj remotekey; /* Contains a length up to 1024 bytes */ 125 des_block deskey; 126 }; 127 128 /* 129 * Argument to ENCRYPT_3, ENCRYPT_PK_3, DECRYPT_3, DECRYPT_PK_3 130 */ 131 struct cryptkeyarg3 { 132 netnamestr remotename; 133 keybuf3 remotekey; 134 deskeyarray deskey; 135 algtype_t algtype; 136 keylen_t keylen; 137 }; 138 139 /* 140 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, DECRYPT_PK, KEY_GET_CONV 141 */ 142 union cryptkeyres switch (keystatus status) { 143 case KEY_SUCCESS: 144 des_block deskey; 145 default: 146 void; 147 }; 148 149 /* 150 * Result of ENCRYPT_3, DECRYPT_3, ENCRYPT_PK_3, DECRYPT_PK_3, KEY_GET_CONV_3 151 */ 152 union cryptkeyres3 switch (keystatus status) { 153 case KEY_SUCCESS: 154 deskeyarray deskey; 155 default: 156 void; 157 }; 158 159 const MAXGIDS = 16; /* max number of gids in gid list */ 160 161 /* 162 * Unix credential 163 */ 164 struct unixcred { 165 u_int uid; 166 u_int gid; 167 u_int gids<MAXGIDS>; 168 }; 169 170 /* 171 * Unix credential, without arbitrary limit 172 */ 173 struct unixcred3 { 174 u_int uid; 175 u_int gid; 176 u_int gids<>; 177 }; 178 179 /* 180 * Result returned from GETCRED 181 */ 182 union getcredres switch (keystatus status) { 183 case KEY_SUCCESS: 184 unixcred cred; 185 default: 186 void; 187 }; 188 189 /* 190 * Result returned from GETCRED_3 191 */ 192 union getcredres3 switch (keystatus status) { 193 case KEY_SUCCESS: 194 unixcred3 cred; 195 default: 196 void; 197 }; 198 199 /* 200 * key_netstarg; 201 */ 202 struct key_netstarg { 203 keybuf st_priv_key; 204 keybuf st_pub_key; 205 netnamestr st_netname; 206 }; 207 208 struct key_netstarg3 { 209 keybuf3 st_priv_key; 210 keybuf3 st_pub_key; 211 netnamestr st_netname; 212 algtype_t algtype; 213 keylen_t keylen; 214 des_block userkey; 215 }; 216 217 union key_netstres switch (keystatus status){ 218 case KEY_SUCCESS: 219 key_netstarg knet; 220 default: 221 void; 222 }; 223 224 union key_netstres3 switch (keystatus status){ 225 case KEY_SUCCESS: 226 key_netstarg3 knet; 227 default: 228 void; 229 }; 230 231 /* 232 * Argument to KEY_GET_CONV_3 233 */ 234 struct deskeyarg3 { 235 keybuf3 pub_key; 236 int nkeys; 237 algtype_t algtype ; 238 keylen_t keylen; 239 }; 240 241 /* 242 * Argument to KEY_SET_3 243 */ 244 struct setkeyarg3 { 245 keybuf3 key; 246 des_block userkey; 247 algtype_t algtype ; 248 keylen_t keylen; 249 }; 250 251 #ifdef RPC_HDR 252 % 253 %#ifndef opaque 254 %#define opaque char 255 %#endif 256 % 257 #endif 258 program KEY_PROG { 259 version KEY_VERS { 260 261 /* 262 * This is my secret key. 263 * Store it for me. 264 */ 265 keystatus 266 KEY_SET(keybuf) = 1; 267 268 /* 269 * I want to talk to X. 270 * Encrypt a conversation key for me. 271 */ 272 cryptkeyres 273 KEY_ENCRYPT(cryptkeyarg) = 2; 274 275 /* 276 * X just sent me a message. 277 * Decrypt the conversation key for me. 278 */ 279 cryptkeyres 280 KEY_DECRYPT(cryptkeyarg) = 3; 281 282 /* 283 * Generate a secure conversation key for me 284 */ 285 des_block 286 KEY_GEN(void) = 4; 287 288 /* 289 * Get me the uid, gid and group-access-list associated 290 * with this netname (for kernel which cannot use NIS) 291 */ 292 getcredres 293 KEY_GETCRED(netnamestr) = 5; 294 } = 1; 295 version KEY_VERS2 { 296 297 /* 298 * ####### 299 * Procedures 1-5 are identical to version 1 300 * ####### 301 */ 302 303 /* 304 * This is my secret key. 305 * Store it for me. 306 */ 307 keystatus 308 KEY_SET(keybuf) = 1; 309 310 /* 311 * I want to talk to X. 312 * Encrypt a conversation key for me. 313 */ 314 cryptkeyres 315 KEY_ENCRYPT(cryptkeyarg) = 2; 316 317 /* 318 * X just sent me a message. 319 * Decrypt the conversation key for me. 320 */ 321 cryptkeyres 322 KEY_DECRYPT(cryptkeyarg) = 3; 323 324 /* 325 * Generate a secure conversation key for me 326 */ 327 des_block 328 KEY_GEN(void) = 4; 329 330 /* 331 * Get me the uid, gid and group-access-list associated 332 * with this netname (for kernel which cannot use NIS) 333 */ 334 getcredres 335 KEY_GETCRED(netnamestr) = 5; 336 337 /* 338 * I want to talk to X. and I know X's public key 339 * Encrypt a conversation key for me. 340 */ 341 cryptkeyres 342 KEY_ENCRYPT_PK(cryptkeyarg2) = 6; 343 344 /* 345 * X just sent me a message. and I know X's public key 346 * Decrypt the conversation key for me. 347 */ 348 cryptkeyres 349 KEY_DECRYPT_PK(cryptkeyarg2) = 7; 350 351 /* 352 * Store my public key, netname and private key. 353 */ 354 keystatus 355 KEY_NET_PUT(key_netstarg) = 8; 356 357 /* 358 * Retrieve my public key, netname and private key. 359 */ 360 key_netstres 361 KEY_NET_GET(void) = 9; 362 363 /* 364 * Return me the conversation (common) key that is constructed 365 * from my secret key and this publickey. 366 */ 367 cryptkeyres 368 KEY_GET_CONV(keybuf) = 10; 369 } = 2; 370 version KEY_VERS3 { 371 372 /* 373 * ####### 374 * Procedures 1-10 are identical to versions 1 & 2 375 * ####### 376 */ 377 378 /* 379 * This is my secret key. 380 * Store it for me. 381 */ 382 keystatus 383 KEY_SET(keybuf) = 1; 384 385 /* 386 * I want to talk to X. 387 * Encrypt a conversation key for me. 388 */ 389 cryptkeyres 390 KEY_ENCRYPT(cryptkeyarg) = 2; 391 392 /* 393 * X just sent me a message. 394 * Decrypt the conversation key for me. 395 */ 396 cryptkeyres 397 KEY_DECRYPT(cryptkeyarg) = 3; 398 399 /* 400 * Generate a secure conversation key for me 401 */ 402 des_block 403 KEY_GEN(void) = 4; 404 405 /* 406 * Get me the uid, gid and group-access-list associated 407 * with this netname (for kernel which cannot use NIS) 408 */ 409 getcredres 410 KEY_GETCRED(netnamestr) = 5; 411 412 /* 413 * I want to talk to X. and I know X's public key 414 * Encrypt a conversation key for me. 415 */ 416 cryptkeyres 417 KEY_ENCRYPT_PK(cryptkeyarg2) = 6; 418 419 /* 420 * X just sent me a message. and I know X's public key 421 * Decrypt the conversation key for me. 422 */ 423 cryptkeyres 424 KEY_DECRYPT_PK(cryptkeyarg2) = 7; 425 426 /* 427 * Store my public key, netname and private key. 428 */ 429 keystatus 430 KEY_NET_PUT(key_netstarg) = 8; 431 432 /* 433 * Retrieve my public key, netname and private key. 434 */ 435 key_netstres 436 KEY_NET_GET(void) = 9; 437 438 /* 439 * Return me the conversation (common) key that is constructed 440 * from my secret key and this publickey. 441 */ 442 cryptkeyres 443 KEY_GET_CONV(keybuf) = 10; 444 445 /* 446 * ####### 447 * Procedures new in version 3 follow... 448 * ####### 449 */ 450 451 /* 452 * This is my secret key. 453 * Store it for me. 454 */ 455 keystatus 456 KEY_SET_3(setkeyarg3) = 11; 457 458 /* 459 * I want to talk to X. 460 * Encrypt a conversation key for me. 461 */ 462 cryptkeyres3 463 KEY_ENCRYPT_3(cryptkeyarg3) = 12; 464 465 /* 466 * X just sent me a message. 467 * Decrypt the conversation key for me. 468 */ 469 cryptkeyres3 470 KEY_DECRYPT_3(cryptkeyarg3) = 13; 471 472 /* 473 * Generate secure conversation key(s) for me 474 */ 475 deskeyarray 476 KEY_GEN_3(keynum_t) = 14; 477 478 /* 479 * Get me the uid, gid and group-access-list associated 480 * with this netname (for kernel which cannot use NIS) 481 */ 482 getcredres3 483 KEY_GETCRED_3(netnamestr) = 15; 484 485 /* 486 * I want to talk to X. and I know X's public key 487 * Encrypt a conversation key for me. 488 */ 489 cryptkeyres3 490 KEY_ENCRYPT_PK_3(cryptkeyarg3) = 16; 491 492 /* 493 * X just sent me a message. and I know X's public key 494 * Decrypt the conversation key for me. 495 */ 496 cryptkeyres3 497 KEY_DECRYPT_PK_3(cryptkeyarg3) = 17; 498 499 /* 500 * Store my public key, netname and private key. 501 */ 502 keystatus 503 KEY_NET_PUT_3(key_netstarg3) = 18; 504 505 /* 506 * Retrieve my public key, netname and private key. 507 */ 508 key_netstres3 509 KEY_NET_GET_3(key_netstarg3) = 19; 510 511 /* 512 * Return me the conversation (common) key that is constructed 513 * from my secret key and this publickey. 514 */ 515 cryptkeyres3 516 KEY_GET_CONV_3(deskeyarg3) = 20; 517 518 /* 519 * Clear all the secret/public/netname triplets for the caller 520 */ 521 keystatus 522 KEY_CLEAR_3(void) = 21; 523 524 } = 3; 525 } = 100029; 526