| blob | 3e318f312e49e9b0f43522558da7e4c32c80502e |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Key server protocol definition
24 * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
25 *
26 * The keyserver is a public key storage/encryption/decryption service
27 * The encryption method used is based on the Diffie-Hellman exponential
28 * key exchange technology.
29 *
30 * The key server is local to each machine, akin to the portmapper.
31 * Under TI-RPC, communication with the keyserver is through the
32 * loopback transport.
33 *
34 * NOTE: This .x file generates the USER level headers for the keyserver.
35 * the KERNEL level headers are created by hand as they kernel has special
36 * requirements.
37 */
39 %#pragma ident "%Z%%M% %I% %E% SMI"
40 %
41 %/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */
42 %
43 %/*
44 % * Compiled from key_prot.x using rpcgen.
45 % * DO NOT EDIT THIS FILE!
46 % * This is NOT source code!
47 % */
49 /*
50 * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
51 *
52 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
53 * where p is also prime.
54 *
55 * PROOT satisfies the following two conditions:
56 * (1) (PROOT ** 2) % MODULUS != 1
57 * (2) (PROOT ** p) % MODULUS != 1
58 *
59 */
61 const PROOT = 3;
62 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
64 const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */
65 const KEYSIZE = 192; /* KEYSIZE == bit length of key */
66 const KEYBYTES = 24; /* byte length of key */
68 /*
69 * The first 16 hex digits of the encrypted secret key are used as
70 * a checksum in the database.
71 */
72 const KEYCHECKSUMSIZE = 16;
74 /*
75 * status of operation
76 */
77 enum keystatus {
78 KEY_SUCCESS, /* no problems */
79 KEY_NOSECRET, /* no secret key stored */
80 KEY_UNKNOWN, /* unknown netname */
81 KEY_SYSTEMERR, /* system error (out of memory, encryption failure) */
82 KEY_BADALG, /* unknown algorithm type */
83 KEY_BADLEN /* unsupported keysize */
84 };
86 typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */
87 typedef opaque keybuf3<>; /* store key in binary */
89 typedef string netnamestr<MAXNETNAMELEN>;
91 /*
92 * algorithm type & key size
93 */
94 typedef int keylen_t;
95 typedef int algtype_t;
97 struct mechtype {
98 keylen_t keylen;
99 algtype_t algtype;
100 };
102 /*
103 * number of keys for KEY_GEN_3 to return
104 */
105 typedef int keynum_t;
107 /*
108 * Result of KEY_GEN_3
109 */
110 typedef des_block deskeyarray<>;
112 /*
113 * Argument to ENCRYPT or DECRYPT
114 */
115 struct cryptkeyarg {
116 netnamestr remotename;
117 des_block deskey;
118 };
120 /*
121 * Argument to ENCRYPT_PK or DECRYPT_PK
122 */
123 struct cryptkeyarg2 {
124 netnamestr remotename;
125 netobj remotekey; /* Contains a length up to 1024 bytes */
126 des_block deskey;
127 };
129 /*
130 * Argument to ENCRYPT_3, ENCRYPT_PK_3, DECRYPT_3, DECRYPT_PK_3
131 */
132 struct cryptkeyarg3 {
133 netnamestr remotename;
134 keybuf3 remotekey;
135 deskeyarray deskey;
136 algtype_t algtype;
137 keylen_t keylen;
138 };
140 /*
141 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, DECRYPT_PK, KEY_GET_CONV
142 */
143 union cryptkeyres switch (keystatus status) {
144 case KEY_SUCCESS:
145 des_block deskey;
146 default:
147 void;
148 };
150 /*
151 * Result of ENCRYPT_3, DECRYPT_3, ENCRYPT_PK_3, DECRYPT_PK_3, KEY_GET_CONV_3
152 */
153 union cryptkeyres3 switch (keystatus status) {
154 case KEY_SUCCESS:
155 deskeyarray deskey;
156 default:
157 void;
158 };
160 const MAXGIDS = 16; /* max number of gids in gid list */
162 /*
163 * Unix credential
164 */
165 struct unixcred {
166 u_int uid;
167 u_int gid;
168 u_int gids<MAXGIDS>;
169 };
171 /*
172 * Unix credential, without arbitrary limit
173 */
174 struct unixcred3 {
175 u_int uid;
176 u_int gid;
177 u_int gids<>;
178 };
180 /*
181 * Result returned from GETCRED
182 */
183 union getcredres switch (keystatus status) {
184 case KEY_SUCCESS:
185 unixcred cred;
186 default:
187 void;
188 };
190 /*
191 * Result returned from GETCRED_3
192 */
193 union getcredres3 switch (keystatus status) {
194 case KEY_SUCCESS:
195 unixcred3 cred;
196 default:
197 void;
198 };
200 /*
201 * key_netstarg;
202 */
203 struct key_netstarg {
204 keybuf st_priv_key;
205 keybuf st_pub_key;
206 netnamestr st_netname;
207 };
209 struct key_netstarg3 {
210 keybuf3 st_priv_key;
211 keybuf3 st_pub_key;
212 netnamestr st_netname;
213 algtype_t algtype;
214 keylen_t keylen;
215 des_block userkey;
216 };
218 union key_netstres switch (keystatus status){
219 case KEY_SUCCESS:
220 key_netstarg knet;
221 default:
222 void;
223 };
225 union key_netstres3 switch (keystatus status){
226 case KEY_SUCCESS:
227 key_netstarg3 knet;
228 default:
229 void;
230 };
232 /*
233 * Argument to KEY_GET_CONV_3
234 */
235 struct deskeyarg3 {
236 keybuf3 pub_key;
237 int nkeys;
238 algtype_t algtype ;
239 keylen_t keylen;
240 };
242 /*
243 * Argument to KEY_SET_3
244 */
245 struct setkeyarg3 {
246 keybuf3 key;
247 des_block userkey;
248 algtype_t algtype ;
249 keylen_t keylen;
250 };
252 #ifdef RPC_HDR
253 %
254 %#ifndef opaque
255 %#define opaque char
256 %#endif
257 %
258 #endif
259 program KEY_PROG {
260 version KEY_VERS {
262 /*
263 * This is my secret key.
264 * Store it for me.
265 */
266 keystatus
267 KEY_SET(keybuf) = 1;
269 /*
270 * I want to talk to X.
271 * Encrypt a conversation key for me.
272 */
273 cryptkeyres
274 KEY_ENCRYPT(cryptkeyarg) = 2;
276 /*
277 * X just sent me a message.
278 * Decrypt the conversation key for me.
279 */
280 cryptkeyres
281 KEY_DECRYPT(cryptkeyarg) = 3;
283 /*
284 * Generate a secure conversation key for me
285 */
286 des_block
287 KEY_GEN(void) = 4;
289 /*
290 * Get me the uid, gid and group-access-list associated
291 * with this netname (for kernel which cannot use NIS)
292 */
293 getcredres
294 KEY_GETCRED(netnamestr) = 5;
295 } = 1;
296 version KEY_VERS2 {
298 /*
299 * #######
300 * Procedures 1-5 are identical to version 1
301 * #######
302 */
304 /*
305 * This is my secret key.
306 * Store it for me.
307 */
308 keystatus
309 KEY_SET(keybuf) = 1;
311 /*
312 * I want to talk to X.
313 * Encrypt a conversation key for me.
314 */
315 cryptkeyres
316 KEY_ENCRYPT(cryptkeyarg) = 2;
318 /*
319 * X just sent me a message.
320 * Decrypt the conversation key for me.
321 */
322 cryptkeyres
323 KEY_DECRYPT(cryptkeyarg) = 3;
325 /*
326 * Generate a secure conversation key for me
327 */
328 des_block
329 KEY_GEN(void) = 4;
331 /*
332 * Get me the uid, gid and group-access-list associated
333 * with this netname (for kernel which cannot use NIS)
334 */
335 getcredres
336 KEY_GETCRED(netnamestr) = 5;
338 /*
339 * I want to talk to X. and I know X's public key
340 * Encrypt a conversation key for me.
341 */
342 cryptkeyres
343 KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
345 /*
346 * X just sent me a message. and I know X's public key
347 * Decrypt the conversation key for me.
348 */
349 cryptkeyres
350 KEY_DECRYPT_PK(cryptkeyarg2) = 7;
352 /*
353 * Store my public key, netname and private key.
354 */
355 keystatus
356 KEY_NET_PUT(key_netstarg) = 8;
358 /*
359 * Retrieve my public key, netname and private key.
360 */
361 key_netstres
362 KEY_NET_GET(void) = 9;
364 /*
365 * Return me the conversation (common) key that is constructed
366 * from my secret key and this publickey.
367 */
368 cryptkeyres
369 KEY_GET_CONV(keybuf) = 10;
370 } = 2;
371 version KEY_VERS3 {
373 /*
374 * #######
375 * Procedures 1-10 are identical to versions 1 & 2
376 * #######
377 */
379 /*
380 * This is my secret key.
381 * Store it for me.
382 */
383 keystatus
384 KEY_SET(keybuf) = 1;
386 /*
387 * I want to talk to X.
388 * Encrypt a conversation key for me.
389 */
390 cryptkeyres
391 KEY_ENCRYPT(cryptkeyarg) = 2;
393 /*
394 * X just sent me a message.
395 * Decrypt the conversation key for me.
396 */
397 cryptkeyres
398 KEY_DECRYPT(cryptkeyarg) = 3;
400 /*
401 * Generate a secure conversation key for me
402 */
403 des_block
404 KEY_GEN(void) = 4;
406 /*
407 * Get me the uid, gid and group-access-list associated
408 * with this netname (for kernel which cannot use NIS)
409 */
410 getcredres
411 KEY_GETCRED(netnamestr) = 5;
413 /*
414 * I want to talk to X. and I know X's public key
415 * Encrypt a conversation key for me.
416 */
417 cryptkeyres
418 KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
420 /*
421 * X just sent me a message. and I know X's public key
422 * Decrypt the conversation key for me.
423 */
424 cryptkeyres
425 KEY_DECRYPT_PK(cryptkeyarg2) = 7;
427 /*
428 * Store my public key, netname and private key.
429 */
430 keystatus
431 KEY_NET_PUT(key_netstarg) = 8;
433 /*
434 * Retrieve my public key, netname and private key.
435 */
436 key_netstres
437 KEY_NET_GET(void) = 9;
439 /*
440 * Return me the conversation (common) key that is constructed
441 * from my secret key and this publickey.
442 */
443 cryptkeyres
444 KEY_GET_CONV(keybuf) = 10;
446 /*
447 * #######
448 * Procedures new in version 3 follow...
449 * #######
450 */
452 /*
453 * This is my secret key.
454 * Store it for me.
455 */
456 keystatus
457 KEY_SET_3(setkeyarg3) = 11;
459 /*
460 * I want to talk to X.
461 * Encrypt a conversation key for me.
462 */
463 cryptkeyres3
464 KEY_ENCRYPT_3(cryptkeyarg3) = 12;
466 /*
467 * X just sent me a message.
468 * Decrypt the conversation key for me.
469 */
470 cryptkeyres3
471 KEY_DECRYPT_3(cryptkeyarg3) = 13;
473 /*
474 * Generate secure conversation key(s) for me
475 */
476 deskeyarray
477 KEY_GEN_3(keynum_t) = 14;
479 /*
480 * Get me the uid, gid and group-access-list associated
481 * with this netname (for kernel which cannot use NIS)
482 */
483 getcredres3
484 KEY_GETCRED_3(netnamestr) = 15;
486 /*
487 * I want to talk to X. and I know X's public key
488 * Encrypt a conversation key for me.
489 */
490 cryptkeyres3
491 KEY_ENCRYPT_PK_3(cryptkeyarg3) = 16;
493 /*
494 * X just sent me a message. and I know X's public key
495 * Decrypt the conversation key for me.
496 */
497 cryptkeyres3
498 KEY_DECRYPT_PK_3(cryptkeyarg3) = 17;
500 /*
501 * Store my public key, netname and private key.
502 */
503 keystatus
504 KEY_NET_PUT_3(key_netstarg3) = 18;
506 /*
507 * Retrieve my public key, netname and private key.
508 */
509 key_netstres3
510 KEY_NET_GET_3(key_netstarg3) = 19;
512 /*
513 * Return me the conversation (common) key that is constructed
514 * from my secret key and this publickey.
515 */
516 cryptkeyres3
517 KEY_GET_CONV_3(deskeyarg3) = 20;
519 /*
520 * Clear all the secret/public/netname triplets for the caller
521 */
522 keystatus
523 KEY_CLEAR_3(void) = 21;
525 } = 3;
526 } = 100029;