xref: /illumos-gate/usr/src/uts/common/rpc/key_prot.x (revision 45d3dd981abb9025d8ac994cf4cc8ce8cb1a9480)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Key server protocol definition
24  * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
25  *
26  * The keyserver is a public key storage/encryption/decryption service
27  * The encryption method used is based on the Diffie-Hellman exponential
28  * key exchange technology.
29  *
30  * The key server is local to each machine, akin to the portmapper.
31  * Under TI-RPC, communication with the keyserver is through the
32  * loopback transport.
33  *
34  * NOTE: This .x file generates the USER level headers for the keyserver.
35  * the KERNEL level headers are created by hand as they kernel has special
36  * requirements.
37  */
38 
39 %#pragma ident	"%Z%%M%	%I%	%E% SMI"
40 %
41 %/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
42 %
43 %/*
44 % * Compiled from key_prot.x using rpcgen.
45 % * DO NOT EDIT THIS FILE!
46 % * This is NOT source code!
47 % */
48 
49 /*
50  * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
51  *
52  * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
53  * where p is also prime.
54  *
55  * PROOT satisfies the following two conditions:
56  * (1) (PROOT ** 2) % MODULUS != 1
57  * (2) (PROOT ** p) % MODULUS != 1
58  *
59  */
60 
61 const PROOT = 3;
62 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
63 
64 const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
65 const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
66 const KEYBYTES = 24;		/* byte length of key */
67 
68 /*
69  * The first 16 hex digits of the encrypted secret key are used as
70  * a checksum in the database.
71  */
72 const KEYCHECKSUMSIZE = 16;
73 
74 /*
75  * status of operation
76  */
77 enum keystatus {
78 	KEY_SUCCESS,	/* no problems */
79 	KEY_NOSECRET,	/* no secret key stored */
80 	KEY_UNKNOWN,	/* unknown netname */
81 	KEY_SYSTEMERR, 	/* system error (out of memory, encryption failure) */
82 	KEY_BADALG,	/* unknown algorithm type */
83 	KEY_BADLEN	/* unsupported keysize */
84 };
85 
86 typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
87 typedef opaque keybuf3<>;		/* store key in binary */
88 
89 typedef string netnamestr<MAXNETNAMELEN>;
90 
91 /*
92  * algorithm type & key size
93  */
94 typedef int keylen_t;
95 typedef int algtype_t;
96 
97 struct mechtype {
98 	keylen_t keylen;
99 	algtype_t algtype;
100 };
101 
102 /*
103  * number of keys for KEY_GEN_3 to return
104  */
105 typedef int keynum_t;
106 
107 /*
108  * Result of KEY_GEN_3
109  */
110 typedef des_block deskeyarray<>;
111 
112 /*
113  * Argument to ENCRYPT or DECRYPT
114  */
115 struct cryptkeyarg {
116 	netnamestr remotename;
117 	des_block deskey;
118 };
119 
120 /*
121  * Argument to ENCRYPT_PK or DECRYPT_PK
122  */
123 struct cryptkeyarg2 {
124 	netnamestr remotename;
125 	netobj	remotekey;	/* Contains a length up to 1024 bytes */
126 	des_block deskey;
127 };
128 
129 /*
130  * Argument to ENCRYPT_3, ENCRYPT_PK_3, DECRYPT_3, DECRYPT_PK_3
131  */
132 struct cryptkeyarg3 {
133 	netnamestr remotename;
134 	keybuf3 remotekey;
135 	deskeyarray deskey;
136 	algtype_t algtype;
137 	keylen_t keylen;
138 };
139 
140 /*
141  * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, DECRYPT_PK, KEY_GET_CONV
142  */
143 union cryptkeyres switch (keystatus status) {
144 case KEY_SUCCESS:
145 	des_block deskey;
146 default:
147 	void;
148 };
149 
150 /*
151  * Result of ENCRYPT_3, DECRYPT_3, ENCRYPT_PK_3, DECRYPT_PK_3, KEY_GET_CONV_3
152  */
153 union cryptkeyres3 switch (keystatus status) {
154 case KEY_SUCCESS:
155 	deskeyarray deskey;
156 default:
157 	void;
158 };
159 
160 const MAXGIDS  = 16;	/* max number of gids in gid list */
161 
162 /*
163  * Unix credential
164  */
165 struct unixcred {
166 	u_int uid;
167 	u_int gid;
168 	u_int gids<MAXGIDS>;
169 };
170 
171 /*
172  * Unix credential, without arbitrary limit
173  */
174 struct unixcred3 {
175 	u_int uid;
176 	u_int gid;
177 	u_int gids<>;
178 };
179 
180 /*
181  * Result returned from GETCRED
182  */
183 union getcredres switch (keystatus status) {
184 case KEY_SUCCESS:
185 	unixcred cred;
186 default:
187 	void;
188 };
189 
190 /*
191  * Result returned from GETCRED_3
192  */
193 union getcredres3 switch (keystatus status) {
194 case KEY_SUCCESS:
195 	unixcred3 cred;
196 default:
197 	void;
198 };
199 
200 /*
201  * key_netstarg;
202  */
203 struct key_netstarg {
204 	keybuf st_priv_key;
205 	keybuf st_pub_key;
206 	netnamestr st_netname;
207 };
208 
209 struct key_netstarg3 {
210 	keybuf3 st_priv_key;
211 	keybuf3 st_pub_key;
212 	netnamestr st_netname;
213 	algtype_t algtype;
214 	keylen_t keylen;
215 	des_block userkey;
216 };
217 
218 union key_netstres switch (keystatus status){
219 case KEY_SUCCESS:
220 	key_netstarg knet;
221 default:
222 	void;
223 };
224 
225 union key_netstres3 switch (keystatus status){
226 case KEY_SUCCESS:
227 	key_netstarg3 knet;
228 default:
229 	void;
230 };
231 
232 /*
233  * Argument to KEY_GET_CONV_3
234  */
235 struct deskeyarg3 {
236 	keybuf3 pub_key;
237 	int nkeys;
238 	algtype_t algtype ;
239 	keylen_t keylen;
240 };
241 
242 /*
243  * Argument to KEY_SET_3
244  */
245 struct setkeyarg3 {
246 	keybuf3 key;
247 	des_block userkey;
248 	algtype_t algtype ;
249 	keylen_t keylen;
250 };
251 
252 #ifdef RPC_HDR
253 %
254 %#ifndef opaque
255 %#define	opaque char
256 %#endif
257 %
258 #endif
259 program KEY_PROG {
260 	version KEY_VERS {
261 
262 		/*
263 		 * This is my secret key.
264 	 	 * Store it for me.
265 		 */
266 		keystatus
267 		KEY_SET(keybuf) = 1;
268 
269 		/*
270 		 * I want to talk to X.
271 		 * Encrypt a conversation key for me.
272 	 	 */
273 		cryptkeyres
274 		KEY_ENCRYPT(cryptkeyarg) = 2;
275 
276 		/*
277 		 * X just sent me a message.
278 		 * Decrypt the conversation key for me.
279 		 */
280 		cryptkeyres
281 		KEY_DECRYPT(cryptkeyarg) = 3;
282 
283 		/*
284 		 * Generate a secure conversation key for me
285 		 */
286 		des_block
287 		KEY_GEN(void) = 4;
288 
289 		/*
290 		 * Get me the uid, gid and group-access-list associated
291 		 * with this netname (for kernel which cannot use NIS)
292 		 */
293 		getcredres
294 		KEY_GETCRED(netnamestr) = 5;
295 	} = 1;
296 	version KEY_VERS2 {
297 
298 		/*
299 		 * #######
300 		 * Procedures 1-5 are identical to version 1
301 		 * #######
302 		 */
303 
304 		/*
305 		 * This is my secret key.
306 	 	 * Store it for me.
307 		 */
308 		keystatus
309 		KEY_SET(keybuf) = 1;
310 
311 		/*
312 		 * I want to talk to X.
313 		 * Encrypt a conversation key for me.
314 	 	 */
315 		cryptkeyres
316 		KEY_ENCRYPT(cryptkeyarg) = 2;
317 
318 		/*
319 		 * X just sent me a message.
320 		 * Decrypt the conversation key for me.
321 		 */
322 		cryptkeyres
323 		KEY_DECRYPT(cryptkeyarg) = 3;
324 
325 		/*
326 		 * Generate a secure conversation key for me
327 		 */
328 		des_block
329 		KEY_GEN(void) = 4;
330 
331 		/*
332 		 * Get me the uid, gid and group-access-list associated
333 		 * with this netname (for kernel which cannot use NIS)
334 		 */
335 		getcredres
336 		KEY_GETCRED(netnamestr) = 5;
337 
338 		/*
339 		 * I want to talk to X. and I know X's public key
340 		 * Encrypt a conversation key for me.
341 	 	 */
342 		cryptkeyres
343 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
344 
345 		/*
346 		 * X just sent me a message. and I know X's public key
347 		 * Decrypt the conversation key for me.
348 		 */
349 		cryptkeyres
350 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
351 
352 		/*
353 		 * Store my public key, netname and private key.
354 		 */
355 		keystatus
356 		KEY_NET_PUT(key_netstarg) = 8;
357 
358 		/*
359 		 * Retrieve my public key, netname and private key.
360 		 */
361  		key_netstres
362 		KEY_NET_GET(void) = 9;
363 
364 		/*
365 		 * Return me the conversation (common) key that is constructed
366 		 * from my secret key and this publickey.
367 		 */
368 		cryptkeyres
369 		KEY_GET_CONV(keybuf) = 10;
370 	} = 2;
371 	version KEY_VERS3 {
372 
373 		/*
374 		 * #######
375 		 * Procedures 1-10 are identical to versions 1 & 2
376 		 * #######
377 		 */
378 
379 		/*
380 		 * This is my secret key.
381 	 	 * Store it for me.
382 		 */
383 		keystatus
384 		KEY_SET(keybuf) = 1;
385 
386 		/*
387 		 * I want to talk to X.
388 		 * Encrypt a conversation key for me.
389 	 	 */
390 		cryptkeyres
391 		KEY_ENCRYPT(cryptkeyarg) = 2;
392 
393 		/*
394 		 * X just sent me a message.
395 		 * Decrypt the conversation key for me.
396 		 */
397 		cryptkeyres
398 		KEY_DECRYPT(cryptkeyarg) = 3;
399 
400 		/*
401 		 * Generate a secure conversation key for me
402 		 */
403 		des_block
404 		KEY_GEN(void) = 4;
405 
406 		/*
407 		 * Get me the uid, gid and group-access-list associated
408 		 * with this netname (for kernel which cannot use NIS)
409 		 */
410 		getcredres
411 		KEY_GETCRED(netnamestr) = 5;
412 
413 		/*
414 		 * I want to talk to X. and I know X's public key
415 		 * Encrypt a conversation key for me.
416 	 	 */
417 		cryptkeyres
418 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
419 
420 		/*
421 		 * X just sent me a message. and I know X's public key
422 		 * Decrypt the conversation key for me.
423 		 */
424 		cryptkeyres
425 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
426 
427 		/*
428 		 * Store my public key, netname and private key.
429 		 */
430 		keystatus
431 		KEY_NET_PUT(key_netstarg) = 8;
432 
433 		/*
434 		 * Retrieve my public key, netname and private key.
435 		 */
436  		key_netstres
437 		KEY_NET_GET(void) = 9;
438 
439 		/*
440 		 * Return me the conversation (common) key that is constructed
441 		 * from my secret key and this publickey.
442 		 */
443 		cryptkeyres
444 		KEY_GET_CONV(keybuf) = 10;
445 
446 		/*
447 		 * #######
448 		 * Procedures new in version 3 follow...
449 		 * #######
450 		 */
451 
452 		/*
453 		 * This is my secret key.
454 	 	 * Store it for me.
455 		 */
456 		keystatus
457 		KEY_SET_3(setkeyarg3) = 11;
458 
459 		/*
460 		 * I want to talk to X.
461 		 * Encrypt a conversation key for me.
462 	 	 */
463 		cryptkeyres3
464 		KEY_ENCRYPT_3(cryptkeyarg3) = 12;
465 
466 		/*
467 		 * X just sent me a message.
468 		 * Decrypt the conversation key for me.
469 		 */
470 		cryptkeyres3
471 		KEY_DECRYPT_3(cryptkeyarg3) = 13;
472 
473 		/*
474 		 * Generate secure conversation key(s) for me
475 		 */
476 		deskeyarray
477 		KEY_GEN_3(keynum_t) = 14;
478 
479 		/*
480 		 * Get me the uid, gid and group-access-list associated
481 		 * with this netname (for kernel which cannot use NIS)
482 		 */
483 		getcredres3
484 		KEY_GETCRED_3(netnamestr) = 15;
485 
486 		/*
487 		 * I want to talk to X. and I know X's public key
488 		 * Encrypt a conversation key for me.
489 	 	 */
490 		cryptkeyres3
491 		KEY_ENCRYPT_PK_3(cryptkeyarg3) = 16;
492 
493 		/*
494 		 * X just sent me a message. and I know X's public key
495 		 * Decrypt the conversation key for me.
496 		 */
497 		cryptkeyres3
498 		KEY_DECRYPT_PK_3(cryptkeyarg3) = 17;
499 
500 		/*
501 		 * Store my public key, netname and private key.
502 		 */
503 		keystatus
504 		KEY_NET_PUT_3(key_netstarg3) = 18;
505 
506 		/*
507 		 * Retrieve my public key, netname and private key.
508 		 */
509  		key_netstres3
510 		KEY_NET_GET_3(key_netstarg3) = 19;
511 
512 		/*
513 		 * Return me the conversation (common) key that is constructed
514 		 * from my secret key and this publickey.
515 		 */
516 		cryptkeyres3
517 		KEY_GET_CONV_3(deskeyarg3) = 20;
518 
519 		/*
520 		 * Clear all the secret/public/netname triplets for the caller
521 		 */
522 		keystatus
523 		KEY_CLEAR_3(void) = 21;
524 
525 	} = 3;
526 } = 100029;
527