xref: /illumos-gate/usr/src/uts/common/rpc/key_prot.x (revision dd72704bd9e794056c558153663c739e2012d721)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Key server protocol definition
24  * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
25  *
26  * The keyserver is a public key storage/encryption/decryption service
27  * The encryption method used is based on the Diffie-Hellman exponential
28  * key exchange technology.
29  *
30  * The key server is local to each machine, akin to the portmapper.
31  * Under TI-RPC, communication with the keyserver is through the
32  * loopback transport.
33  *
34  * NOTE: This .x file generates the USER level headers for the keyserver.
35  * the KERNEL level headers are created by hand as they kernel has special
36  * requirements.
37  */
38 
39 %
40 %/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
41 %
42 %/*
43 % * Compiled from key_prot.x using rpcgen.
44 % * DO NOT EDIT THIS FILE!
45 % * This is NOT source code!
46 % */
47 
48 /*
49  * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
50  *
51  * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
52  * where p is also prime.
53  *
54  * PROOT satisfies the following two conditions:
55  * (1) (PROOT ** 2) % MODULUS != 1
56  * (2) (PROOT ** p) % MODULUS != 1
57  *
58  */
59 
60 const PROOT = 3;
61 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
62 
63 const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
64 const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
65 const KEYBYTES = 24;		/* byte length of key */
66 
67 /*
68  * The first 16 hex digits of the encrypted secret key are used as
69  * a checksum in the database.
70  */
71 const KEYCHECKSUMSIZE = 16;
72 
73 /*
74  * status of operation
75  */
76 enum keystatus {
77 	KEY_SUCCESS,	/* no problems */
78 	KEY_NOSECRET,	/* no secret key stored */
79 	KEY_UNKNOWN,	/* unknown netname */
80 	KEY_SYSTEMERR, 	/* system error (out of memory, encryption failure) */
81 	KEY_BADALG,	/* unknown algorithm type */
82 	KEY_BADLEN	/* unsupported keysize */
83 };
84 
85 typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
86 typedef opaque keybuf3<>;		/* store key in binary */
87 
88 typedef string netnamestr<MAXNETNAMELEN>;
89 
90 /*
91  * algorithm type & key size
92  */
93 typedef int keylen_t;
94 typedef int algtype_t;
95 
96 struct mechtype {
97 	keylen_t keylen;
98 	algtype_t algtype;
99 };
100 
101 /*
102  * number of keys for KEY_GEN_3 to return
103  */
104 typedef int keynum_t;
105 
106 /*
107  * Result of KEY_GEN_3
108  */
109 typedef des_block deskeyarray<>;
110 
111 /*
112  * Argument to ENCRYPT or DECRYPT
113  */
114 struct cryptkeyarg {
115 	netnamestr remotename;
116 	des_block deskey;
117 };
118 
119 /*
120  * Argument to ENCRYPT_PK or DECRYPT_PK
121  */
122 struct cryptkeyarg2 {
123 	netnamestr remotename;
124 	netobj	remotekey;	/* Contains a length up to 1024 bytes */
125 	des_block deskey;
126 };
127 
128 /*
129  * Argument to ENCRYPT_3, ENCRYPT_PK_3, DECRYPT_3, DECRYPT_PK_3
130  */
131 struct cryptkeyarg3 {
132 	netnamestr remotename;
133 	keybuf3 remotekey;
134 	deskeyarray deskey;
135 	algtype_t algtype;
136 	keylen_t keylen;
137 };
138 
139 /*
140  * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, DECRYPT_PK, KEY_GET_CONV
141  */
142 union cryptkeyres switch (keystatus status) {
143 case KEY_SUCCESS:
144 	des_block deskey;
145 default:
146 	void;
147 };
148 
149 /*
150  * Result of ENCRYPT_3, DECRYPT_3, ENCRYPT_PK_3, DECRYPT_PK_3, KEY_GET_CONV_3
151  */
152 union cryptkeyres3 switch (keystatus status) {
153 case KEY_SUCCESS:
154 	deskeyarray deskey;
155 default:
156 	void;
157 };
158 
159 const MAXGIDS  = 16;	/* max number of gids in gid list */
160 
161 /*
162  * Unix credential
163  */
164 struct unixcred {
165 	u_int uid;
166 	u_int gid;
167 	u_int gids<MAXGIDS>;
168 };
169 
170 /*
171  * Unix credential, without arbitrary limit
172  */
173 struct unixcred3 {
174 	u_int uid;
175 	u_int gid;
176 	u_int gids<>;
177 };
178 
179 /*
180  * Result returned from GETCRED
181  */
182 union getcredres switch (keystatus status) {
183 case KEY_SUCCESS:
184 	unixcred cred;
185 default:
186 	void;
187 };
188 
189 /*
190  * Result returned from GETCRED_3
191  */
192 union getcredres3 switch (keystatus status) {
193 case KEY_SUCCESS:
194 	unixcred3 cred;
195 default:
196 	void;
197 };
198 
199 /*
200  * key_netstarg;
201  */
202 struct key_netstarg {
203 	keybuf st_priv_key;
204 	keybuf st_pub_key;
205 	netnamestr st_netname;
206 };
207 
208 struct key_netstarg3 {
209 	keybuf3 st_priv_key;
210 	keybuf3 st_pub_key;
211 	netnamestr st_netname;
212 	algtype_t algtype;
213 	keylen_t keylen;
214 	des_block userkey;
215 };
216 
217 union key_netstres switch (keystatus status){
218 case KEY_SUCCESS:
219 	key_netstarg knet;
220 default:
221 	void;
222 };
223 
224 union key_netstres3 switch (keystatus status){
225 case KEY_SUCCESS:
226 	key_netstarg3 knet;
227 default:
228 	void;
229 };
230 
231 /*
232  * Argument to KEY_GET_CONV_3
233  */
234 struct deskeyarg3 {
235 	keybuf3 pub_key;
236 	int nkeys;
237 	algtype_t algtype ;
238 	keylen_t keylen;
239 };
240 
241 /*
242  * Argument to KEY_SET_3
243  */
244 struct setkeyarg3 {
245 	keybuf3 key;
246 	des_block userkey;
247 	algtype_t algtype ;
248 	keylen_t keylen;
249 };
250 
251 #ifdef RPC_HDR
252 %
253 %#ifndef opaque
254 %#define	opaque char
255 %#endif
256 %
257 #endif
258 program KEY_PROG {
259 	version KEY_VERS {
260 
261 		/*
262 		 * This is my secret key.
263 	 	 * Store it for me.
264 		 */
265 		keystatus
266 		KEY_SET(keybuf) = 1;
267 
268 		/*
269 		 * I want to talk to X.
270 		 * Encrypt a conversation key for me.
271 	 	 */
272 		cryptkeyres
273 		KEY_ENCRYPT(cryptkeyarg) = 2;
274 
275 		/*
276 		 * X just sent me a message.
277 		 * Decrypt the conversation key for me.
278 		 */
279 		cryptkeyres
280 		KEY_DECRYPT(cryptkeyarg) = 3;
281 
282 		/*
283 		 * Generate a secure conversation key for me
284 		 */
285 		des_block
286 		KEY_GEN(void) = 4;
287 
288 		/*
289 		 * Get me the uid, gid and group-access-list associated
290 		 * with this netname (for kernel which cannot use NIS)
291 		 */
292 		getcredres
293 		KEY_GETCRED(netnamestr) = 5;
294 	} = 1;
295 	version KEY_VERS2 {
296 
297 		/*
298 		 * #######
299 		 * Procedures 1-5 are identical to version 1
300 		 * #######
301 		 */
302 
303 		/*
304 		 * This is my secret key.
305 	 	 * Store it for me.
306 		 */
307 		keystatus
308 		KEY_SET(keybuf) = 1;
309 
310 		/*
311 		 * I want to talk to X.
312 		 * Encrypt a conversation key for me.
313 	 	 */
314 		cryptkeyres
315 		KEY_ENCRYPT(cryptkeyarg) = 2;
316 
317 		/*
318 		 * X just sent me a message.
319 		 * Decrypt the conversation key for me.
320 		 */
321 		cryptkeyres
322 		KEY_DECRYPT(cryptkeyarg) = 3;
323 
324 		/*
325 		 * Generate a secure conversation key for me
326 		 */
327 		des_block
328 		KEY_GEN(void) = 4;
329 
330 		/*
331 		 * Get me the uid, gid and group-access-list associated
332 		 * with this netname (for kernel which cannot use NIS)
333 		 */
334 		getcredres
335 		KEY_GETCRED(netnamestr) = 5;
336 
337 		/*
338 		 * I want to talk to X. and I know X's public key
339 		 * Encrypt a conversation key for me.
340 	 	 */
341 		cryptkeyres
342 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
343 
344 		/*
345 		 * X just sent me a message. and I know X's public key
346 		 * Decrypt the conversation key for me.
347 		 */
348 		cryptkeyres
349 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
350 
351 		/*
352 		 * Store my public key, netname and private key.
353 		 */
354 		keystatus
355 		KEY_NET_PUT(key_netstarg) = 8;
356 
357 		/*
358 		 * Retrieve my public key, netname and private key.
359 		 */
360  		key_netstres
361 		KEY_NET_GET(void) = 9;
362 
363 		/*
364 		 * Return me the conversation (common) key that is constructed
365 		 * from my secret key and this publickey.
366 		 */
367 		cryptkeyres
368 		KEY_GET_CONV(keybuf) = 10;
369 	} = 2;
370 	version KEY_VERS3 {
371 
372 		/*
373 		 * #######
374 		 * Procedures 1-10 are identical to versions 1 & 2
375 		 * #######
376 		 */
377 
378 		/*
379 		 * This is my secret key.
380 	 	 * Store it for me.
381 		 */
382 		keystatus
383 		KEY_SET(keybuf) = 1;
384 
385 		/*
386 		 * I want to talk to X.
387 		 * Encrypt a conversation key for me.
388 	 	 */
389 		cryptkeyres
390 		KEY_ENCRYPT(cryptkeyarg) = 2;
391 
392 		/*
393 		 * X just sent me a message.
394 		 * Decrypt the conversation key for me.
395 		 */
396 		cryptkeyres
397 		KEY_DECRYPT(cryptkeyarg) = 3;
398 
399 		/*
400 		 * Generate a secure conversation key for me
401 		 */
402 		des_block
403 		KEY_GEN(void) = 4;
404 
405 		/*
406 		 * Get me the uid, gid and group-access-list associated
407 		 * with this netname (for kernel which cannot use NIS)
408 		 */
409 		getcredres
410 		KEY_GETCRED(netnamestr) = 5;
411 
412 		/*
413 		 * I want to talk to X. and I know X's public key
414 		 * Encrypt a conversation key for me.
415 	 	 */
416 		cryptkeyres
417 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
418 
419 		/*
420 		 * X just sent me a message. and I know X's public key
421 		 * Decrypt the conversation key for me.
422 		 */
423 		cryptkeyres
424 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
425 
426 		/*
427 		 * Store my public key, netname and private key.
428 		 */
429 		keystatus
430 		KEY_NET_PUT(key_netstarg) = 8;
431 
432 		/*
433 		 * Retrieve my public key, netname and private key.
434 		 */
435  		key_netstres
436 		KEY_NET_GET(void) = 9;
437 
438 		/*
439 		 * Return me the conversation (common) key that is constructed
440 		 * from my secret key and this publickey.
441 		 */
442 		cryptkeyres
443 		KEY_GET_CONV(keybuf) = 10;
444 
445 		/*
446 		 * #######
447 		 * Procedures new in version 3 follow...
448 		 * #######
449 		 */
450 
451 		/*
452 		 * This is my secret key.
453 	 	 * Store it for me.
454 		 */
455 		keystatus
456 		KEY_SET_3(setkeyarg3) = 11;
457 
458 		/*
459 		 * I want to talk to X.
460 		 * Encrypt a conversation key for me.
461 	 	 */
462 		cryptkeyres3
463 		KEY_ENCRYPT_3(cryptkeyarg3) = 12;
464 
465 		/*
466 		 * X just sent me a message.
467 		 * Decrypt the conversation key for me.
468 		 */
469 		cryptkeyres3
470 		KEY_DECRYPT_3(cryptkeyarg3) = 13;
471 
472 		/*
473 		 * Generate secure conversation key(s) for me
474 		 */
475 		deskeyarray
476 		KEY_GEN_3(keynum_t) = 14;
477 
478 		/*
479 		 * Get me the uid, gid and group-access-list associated
480 		 * with this netname (for kernel which cannot use NIS)
481 		 */
482 		getcredres3
483 		KEY_GETCRED_3(netnamestr) = 15;
484 
485 		/*
486 		 * I want to talk to X. and I know X's public key
487 		 * Encrypt a conversation key for me.
488 	 	 */
489 		cryptkeyres3
490 		KEY_ENCRYPT_PK_3(cryptkeyarg3) = 16;
491 
492 		/*
493 		 * X just sent me a message. and I know X's public key
494 		 * Decrypt the conversation key for me.
495 		 */
496 		cryptkeyres3
497 		KEY_DECRYPT_PK_3(cryptkeyarg3) = 17;
498 
499 		/*
500 		 * Store my public key, netname and private key.
501 		 */
502 		keystatus
503 		KEY_NET_PUT_3(key_netstarg3) = 18;
504 
505 		/*
506 		 * Retrieve my public key, netname and private key.
507 		 */
508  		key_netstres3
509 		KEY_NET_GET_3(key_netstarg3) = 19;
510 
511 		/*
512 		 * Return me the conversation (common) key that is constructed
513 		 * from my secret key and this publickey.
514 		 */
515 		cryptkeyres3
516 		KEY_GET_CONV_3(deskeyarg3) = 20;
517 
518 		/*
519 		 * Clear all the secret/public/netname triplets for the caller
520 		 */
521 		keystatus
522 		KEY_CLEAR_3(void) = 21;
523 
524 	} = 3;
525 } = 100029;
526