1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Key server protocol definition 24 * Copyright (C) 1990, 1991 Sun Microsystems, Inc. 25 * 26 * The keyserver is a public key storage/encryption/decryption service 27 * The encryption method used is based on the Diffie-Hellman exponential 28 * key exchange technology. 29 * 30 * The key server is local to each machine, akin to the portmapper. 31 * Under TI-RPC, communication with the keyserver is through the 32 * loopback transport. 33 * 34 * NOTE: This .x file generates the USER level headers for the keyserver. 35 * the KERNEL level headers are created by hand as they kernel has special 36 * requirements. 37 */ 38 39 %#pragma ident "%Z%%M% %I% %E% SMI" 40 % 41 %/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ 42 % 43 %/* 44 % * Compiled from key_prot.x using rpcgen. 45 % * DO NOT EDIT THIS FILE! 46 % * This is NOT source code! 47 % */ 48 49 /* 50 * PROOT and MODULUS define the way the Diffie-Hellman key is generated. 51 * 52 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, 53 * where p is also prime. 54 * 55 * PROOT satisfies the following two conditions: 56 * (1) (PROOT ** 2) % MODULUS != 1 57 * (2) (PROOT ** p) % MODULUS != 1 58 * 59 */ 60 61 const PROOT = 3; 62 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; 63 64 const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ 65 const KEYSIZE = 192; /* KEYSIZE == bit length of key */ 66 const KEYBYTES = 24; /* byte length of key */ 67 68 /* 69 * The first 16 hex digits of the encrypted secret key are used as 70 * a checksum in the database. 71 */ 72 const KEYCHECKSUMSIZE = 16; 73 74 /* 75 * status of operation 76 */ 77 enum keystatus { 78 KEY_SUCCESS, /* no problems */ 79 KEY_NOSECRET, /* no secret key stored */ 80 KEY_UNKNOWN, /* unknown netname */ 81 KEY_SYSTEMERR, /* system error (out of memory, encryption failure) */ 82 KEY_BADALG, /* unknown algorithm type */ 83 KEY_BADLEN /* unsupported keysize */ 84 }; 85 86 typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ 87 typedef opaque keybuf3<>; /* store key in binary */ 88 89 typedef string netnamestr<MAXNETNAMELEN>; 90 91 /* 92 * algorithm type & key size 93 */ 94 typedef int keylen_t; 95 typedef int algtype_t; 96 97 struct mechtype { 98 keylen_t keylen; 99 algtype_t algtype; 100 }; 101 102 /* 103 * number of keys for KEY_GEN_3 to return 104 */ 105 typedef int keynum_t; 106 107 /* 108 * Result of KEY_GEN_3 109 */ 110 typedef des_block deskeyarray<>; 111 112 /* 113 * Argument to ENCRYPT or DECRYPT 114 */ 115 struct cryptkeyarg { 116 netnamestr remotename; 117 des_block deskey; 118 }; 119 120 /* 121 * Argument to ENCRYPT_PK or DECRYPT_PK 122 */ 123 struct cryptkeyarg2 { 124 netnamestr remotename; 125 netobj remotekey; /* Contains a length up to 1024 bytes */ 126 des_block deskey; 127 }; 128 129 /* 130 * Argument to ENCRYPT_3, ENCRYPT_PK_3, DECRYPT_3, DECRYPT_PK_3 131 */ 132 struct cryptkeyarg3 { 133 netnamestr remotename; 134 keybuf3 remotekey; 135 deskeyarray deskey; 136 algtype_t algtype; 137 keylen_t keylen; 138 }; 139 140 /* 141 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, DECRYPT_PK, KEY_GET_CONV 142 */ 143 union cryptkeyres switch (keystatus status) { 144 case KEY_SUCCESS: 145 des_block deskey; 146 default: 147 void; 148 }; 149 150 /* 151 * Result of ENCRYPT_3, DECRYPT_3, ENCRYPT_PK_3, DECRYPT_PK_3, KEY_GET_CONV_3 152 */ 153 union cryptkeyres3 switch (keystatus status) { 154 case KEY_SUCCESS: 155 deskeyarray deskey; 156 default: 157 void; 158 }; 159 160 const MAXGIDS = 16; /* max number of gids in gid list */ 161 162 /* 163 * Unix credential 164 */ 165 struct unixcred { 166 u_int uid; 167 u_int gid; 168 u_int gids<MAXGIDS>; 169 }; 170 171 /* 172 * Unix credential, without arbitrary limit 173 */ 174 struct unixcred3 { 175 u_int uid; 176 u_int gid; 177 u_int gids<>; 178 }; 179 180 /* 181 * Result returned from GETCRED 182 */ 183 union getcredres switch (keystatus status) { 184 case KEY_SUCCESS: 185 unixcred cred; 186 default: 187 void; 188 }; 189 190 /* 191 * Result returned from GETCRED_3 192 */ 193 union getcredres3 switch (keystatus status) { 194 case KEY_SUCCESS: 195 unixcred3 cred; 196 default: 197 void; 198 }; 199 200 /* 201 * key_netstarg; 202 */ 203 struct key_netstarg { 204 keybuf st_priv_key; 205 keybuf st_pub_key; 206 netnamestr st_netname; 207 }; 208 209 struct key_netstarg3 { 210 keybuf3 st_priv_key; 211 keybuf3 st_pub_key; 212 netnamestr st_netname; 213 algtype_t algtype; 214 keylen_t keylen; 215 des_block userkey; 216 }; 217 218 union key_netstres switch (keystatus status){ 219 case KEY_SUCCESS: 220 key_netstarg knet; 221 default: 222 void; 223 }; 224 225 union key_netstres3 switch (keystatus status){ 226 case KEY_SUCCESS: 227 key_netstarg3 knet; 228 default: 229 void; 230 }; 231 232 /* 233 * Argument to KEY_GET_CONV_3 234 */ 235 struct deskeyarg3 { 236 keybuf3 pub_key; 237 int nkeys; 238 algtype_t algtype ; 239 keylen_t keylen; 240 }; 241 242 /* 243 * Argument to KEY_SET_3 244 */ 245 struct setkeyarg3 { 246 keybuf3 key; 247 des_block userkey; 248 algtype_t algtype ; 249 keylen_t keylen; 250 }; 251 252 #ifdef RPC_HDR 253 % 254 %#ifndef opaque 255 %#define opaque char 256 %#endif 257 % 258 #endif 259 program KEY_PROG { 260 version KEY_VERS { 261 262 /* 263 * This is my secret key. 264 * Store it for me. 265 */ 266 keystatus 267 KEY_SET(keybuf) = 1; 268 269 /* 270 * I want to talk to X. 271 * Encrypt a conversation key for me. 272 */ 273 cryptkeyres 274 KEY_ENCRYPT(cryptkeyarg) = 2; 275 276 /* 277 * X just sent me a message. 278 * Decrypt the conversation key for me. 279 */ 280 cryptkeyres 281 KEY_DECRYPT(cryptkeyarg) = 3; 282 283 /* 284 * Generate a secure conversation key for me 285 */ 286 des_block 287 KEY_GEN(void) = 4; 288 289 /* 290 * Get me the uid, gid and group-access-list associated 291 * with this netname (for kernel which cannot use NIS) 292 */ 293 getcredres 294 KEY_GETCRED(netnamestr) = 5; 295 } = 1; 296 version KEY_VERS2 { 297 298 /* 299 * ####### 300 * Procedures 1-5 are identical to version 1 301 * ####### 302 */ 303 304 /* 305 * This is my secret key. 306 * Store it for me. 307 */ 308 keystatus 309 KEY_SET(keybuf) = 1; 310 311 /* 312 * I want to talk to X. 313 * Encrypt a conversation key for me. 314 */ 315 cryptkeyres 316 KEY_ENCRYPT(cryptkeyarg) = 2; 317 318 /* 319 * X just sent me a message. 320 * Decrypt the conversation key for me. 321 */ 322 cryptkeyres 323 KEY_DECRYPT(cryptkeyarg) = 3; 324 325 /* 326 * Generate a secure conversation key for me 327 */ 328 des_block 329 KEY_GEN(void) = 4; 330 331 /* 332 * Get me the uid, gid and group-access-list associated 333 * with this netname (for kernel which cannot use NIS) 334 */ 335 getcredres 336 KEY_GETCRED(netnamestr) = 5; 337 338 /* 339 * I want to talk to X. and I know X's public key 340 * Encrypt a conversation key for me. 341 */ 342 cryptkeyres 343 KEY_ENCRYPT_PK(cryptkeyarg2) = 6; 344 345 /* 346 * X just sent me a message. and I know X's public key 347 * Decrypt the conversation key for me. 348 */ 349 cryptkeyres 350 KEY_DECRYPT_PK(cryptkeyarg2) = 7; 351 352 /* 353 * Store my public key, netname and private key. 354 */ 355 keystatus 356 KEY_NET_PUT(key_netstarg) = 8; 357 358 /* 359 * Retrieve my public key, netname and private key. 360 */ 361 key_netstres 362 KEY_NET_GET(void) = 9; 363 364 /* 365 * Return me the conversation (common) key that is constructed 366 * from my secret key and this publickey. 367 */ 368 cryptkeyres 369 KEY_GET_CONV(keybuf) = 10; 370 } = 2; 371 version KEY_VERS3 { 372 373 /* 374 * ####### 375 * Procedures 1-10 are identical to versions 1 & 2 376 * ####### 377 */ 378 379 /* 380 * This is my secret key. 381 * Store it for me. 382 */ 383 keystatus 384 KEY_SET(keybuf) = 1; 385 386 /* 387 * I want to talk to X. 388 * Encrypt a conversation key for me. 389 */ 390 cryptkeyres 391 KEY_ENCRYPT(cryptkeyarg) = 2; 392 393 /* 394 * X just sent me a message. 395 * Decrypt the conversation key for me. 396 */ 397 cryptkeyres 398 KEY_DECRYPT(cryptkeyarg) = 3; 399 400 /* 401 * Generate a secure conversation key for me 402 */ 403 des_block 404 KEY_GEN(void) = 4; 405 406 /* 407 * Get me the uid, gid and group-access-list associated 408 * with this netname (for kernel which cannot use NIS) 409 */ 410 getcredres 411 KEY_GETCRED(netnamestr) = 5; 412 413 /* 414 * I want to talk to X. and I know X's public key 415 * Encrypt a conversation key for me. 416 */ 417 cryptkeyres 418 KEY_ENCRYPT_PK(cryptkeyarg2) = 6; 419 420 /* 421 * X just sent me a message. and I know X's public key 422 * Decrypt the conversation key for me. 423 */ 424 cryptkeyres 425 KEY_DECRYPT_PK(cryptkeyarg2) = 7; 426 427 /* 428 * Store my public key, netname and private key. 429 */ 430 keystatus 431 KEY_NET_PUT(key_netstarg) = 8; 432 433 /* 434 * Retrieve my public key, netname and private key. 435 */ 436 key_netstres 437 KEY_NET_GET(void) = 9; 438 439 /* 440 * Return me the conversation (common) key that is constructed 441 * from my secret key and this publickey. 442 */ 443 cryptkeyres 444 KEY_GET_CONV(keybuf) = 10; 445 446 /* 447 * ####### 448 * Procedures new in version 3 follow... 449 * ####### 450 */ 451 452 /* 453 * This is my secret key. 454 * Store it for me. 455 */ 456 keystatus 457 KEY_SET_3(setkeyarg3) = 11; 458 459 /* 460 * I want to talk to X. 461 * Encrypt a conversation key for me. 462 */ 463 cryptkeyres3 464 KEY_ENCRYPT_3(cryptkeyarg3) = 12; 465 466 /* 467 * X just sent me a message. 468 * Decrypt the conversation key for me. 469 */ 470 cryptkeyres3 471 KEY_DECRYPT_3(cryptkeyarg3) = 13; 472 473 /* 474 * Generate secure conversation key(s) for me 475 */ 476 deskeyarray 477 KEY_GEN_3(keynum_t) = 14; 478 479 /* 480 * Get me the uid, gid and group-access-list associated 481 * with this netname (for kernel which cannot use NIS) 482 */ 483 getcredres3 484 KEY_GETCRED_3(netnamestr) = 15; 485 486 /* 487 * I want to talk to X. and I know X's public key 488 * Encrypt a conversation key for me. 489 */ 490 cryptkeyres3 491 KEY_ENCRYPT_PK_3(cryptkeyarg3) = 16; 492 493 /* 494 * X just sent me a message. and I know X's public key 495 * Decrypt the conversation key for me. 496 */ 497 cryptkeyres3 498 KEY_DECRYPT_PK_3(cryptkeyarg3) = 17; 499 500 /* 501 * Store my public key, netname and private key. 502 */ 503 keystatus 504 KEY_NET_PUT_3(key_netstarg3) = 18; 505 506 /* 507 * Retrieve my public key, netname and private key. 508 */ 509 key_netstres3 510 KEY_NET_GET_3(key_netstarg3) = 19; 511 512 /* 513 * Return me the conversation (common) key that is constructed 514 * from my secret key and this publickey. 515 */ 516 cryptkeyres3 517 KEY_GET_CONV_3(deskeyarg3) = 20; 518 519 /* 520 * Clear all the secret/public/netname triplets for the caller 521 */ 522 keystatus 523 KEY_CLEAR_3(void) = 21; 524 525 } = 3; 526 } = 100029; 527