1272850Shrs%/*- 2272850Shrs% * Copyright (c) 2010, Oracle America, Inc. 326206Swpaul% * 4272850Shrs% * Redistribution and use in source and binary forms, with or without 5272850Shrs% * modification, are permitted provided that the following conditions are 6272850Shrs% * met: 726206Swpaul% * 8272850Shrs% * * Redistributions of source code must retain the above copyright 9272850Shrs% * notice, this list of conditions and the following disclaimer. 10272850Shrs% * * Redistributions in binary form must reproduce the above 11272850Shrs% * copyright notice, this list of conditions and the following 12272850Shrs% * disclaimer in the documentation and/or other materials 13272850Shrs% * provided with the distribution. 14272850Shrs% * * Neither the name of the "Oracle America, Inc." nor the names of its 15272850Shrs% * contributors may be used to endorse or promote products derived 16272850Shrs% * from this software without specific prior written permission. 1726206Swpaul% * 18272850Shrs% * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19272850Shrs% * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20272850Shrs% * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 21272850Shrs% * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 22272850Shrs% * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 23272850Shrs% * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24272850Shrs% * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 25272850Shrs% * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26272850Shrs% * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 27272850Shrs% * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 28272850Shrs% * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29272850Shrs% * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 3026206Swpaul% */ 3126206Swpaul/* 3226206Swpaul * Key server protocol definition 3326206Swpaul * Copyright (C) 1990, 1991 Sun Microsystems, Inc. 3426206Swpaul * 3526206Swpaul * The keyserver is a public key storage/encryption/decryption service 3626206Swpaul * The encryption method used is based on the Diffie-Hellman exponential 3726206Swpaul * key exchange technology. 3826206Swpaul * 3926206Swpaul * The key server is local to each machine, akin to the portmapper. 4026206Swpaul * Under TI-RPC, communication with the keyserver is through the 4126206Swpaul * loopback transport. 4226206Swpaul * 4326206Swpaul * NOTE: This .x file generates the USER level headers for the keyserver. 4426206Swpaul * the KERNEL level headers are created by hand as they kernel has special 4526206Swpaul * requirements. 4626206Swpaul */ 4726206Swpaul 4832554Sbde%/* From: #pragma ident "@(#)key_prot.x 1.7 94/04/29 SMI" */ 4926206Swpaul%/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ 50114629Sobrien%#include <sys/cdefs.h> 51114629Sobrien%__FBSDID("$FreeBSD: releng/10.2/include/rpcsvc/key_prot.x 272850 2014-10-09 23:05:32Z hrs $"); 5226206Swpaul% 5326206Swpaul%/* 5426206Swpaul% * Compiled from key_prot.x using rpcgen. 5526206Swpaul% * DO NOT EDIT THIS FILE! 5626206Swpaul% * This is NOT source code! 5726206Swpaul% */ 5826206Swpaul 5926206Swpaul/* 6026206Swpaul * PROOT and MODULUS define the way the Diffie-Hellman key is generated. 6126206Swpaul * 6226206Swpaul * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, 6326206Swpaul * where p is also prime. 6426206Swpaul * 6526206Swpaul * PROOT satisfies the following two conditions: 6626206Swpaul * (1) (PROOT ** 2) % MODULUS != 1 6726206Swpaul * (2) (PROOT ** p) % MODULUS != 1 6826206Swpaul * 6926206Swpaul */ 7026206Swpaul 7126206Swpaulconst PROOT = 3; 7226206Swpaulconst HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; 7326206Swpaul 7426206Swpaulconst HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ 7526206Swpaulconst KEYSIZE = 192; /* KEYSIZE == bit length of key */ 7626206Swpaulconst KEYBYTES = 24; /* byte length of key */ 7726206Swpaul 7826206Swpaul/* 7926206Swpaul * The first 16 hex digits of the encrypted secret key are used as 8026206Swpaul * a checksum in the database. 8126206Swpaul */ 8226206Swpaulconst KEYCHECKSUMSIZE = 16; 8326206Swpaul 8426206Swpaul/* 8526206Swpaul * status of operation 8626206Swpaul */ 8726206Swpaulenum keystatus { 8826206Swpaul KEY_SUCCESS, /* no problems */ 8926206Swpaul KEY_NOSECRET, /* no secret key stored */ 9026206Swpaul KEY_UNKNOWN, /* unknown netname */ 9126206Swpaul KEY_SYSTEMERR /* system error (out of memory, encryption failure) */ 9226206Swpaul}; 9326206Swpaul 9426206Swpaultypedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ 9526206Swpaul 9626206Swpaultypedef string netnamestr<MAXNETNAMELEN>; 9726206Swpaul 9826206Swpaul/* 9926206Swpaul * Argument to ENCRYPT or DECRYPT 10026206Swpaul */ 10126206Swpaulstruct cryptkeyarg { 10226206Swpaul netnamestr remotename; 10326206Swpaul des_block deskey; 10426206Swpaul}; 10526206Swpaul 10626206Swpaul/* 10726206Swpaul * Argument to ENCRYPT_PK or DECRYPT_PK 10826206Swpaul */ 10926206Swpaulstruct cryptkeyarg2 { 11026206Swpaul netnamestr remotename; 11126206Swpaul netobj remotekey; /* Contains a length up to 1024 bytes */ 11226206Swpaul des_block deskey; 11326206Swpaul}; 11426206Swpaul 11526206Swpaul 11626206Swpaul/* 11726206Swpaul * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK 11826206Swpaul */ 11926206Swpaulunion cryptkeyres switch (keystatus status) { 12026206Swpaulcase KEY_SUCCESS: 12126206Swpaul des_block deskey; 12226206Swpauldefault: 12326206Swpaul void; 12426206Swpaul}; 12526206Swpaul 12626206Swpaulconst MAXGIDS = 16; /* max number of gids in gid list */ 12726206Swpaul 12826206Swpaul/* 12926206Swpaul * Unix credential 13026206Swpaul */ 13126206Swpaulstruct unixcred { 13226206Swpaul u_int uid; 13326206Swpaul u_int gid; 13426206Swpaul u_int gids<MAXGIDS>; 13526206Swpaul}; 13626206Swpaul 13726206Swpaul/* 13826206Swpaul * Result returned from GETCRED 13926206Swpaul */ 14026206Swpaulunion getcredres switch (keystatus status) { 14126206Swpaulcase KEY_SUCCESS: 14226206Swpaul unixcred cred; 14326206Swpauldefault: 14426206Swpaul void; 14526206Swpaul}; 14626206Swpaul/* 14726206Swpaul * key_netstarg; 14826206Swpaul */ 14926206Swpaul 15026206Swpaulstruct key_netstarg { 15126206Swpaul keybuf st_priv_key; 15226206Swpaul keybuf st_pub_key; 15326206Swpaul netnamestr st_netname; 15426206Swpaul}; 15526206Swpaul 15626206Swpaulunion key_netstres switch (keystatus status){ 15726206Swpaulcase KEY_SUCCESS: 15826206Swpaul key_netstarg knet; 15926206Swpauldefault: 16026206Swpaul void; 16126206Swpaul}; 16226206Swpaul 16326206Swpaul#ifdef RPC_HDR 16426206Swpaul% 16526206Swpaul%#ifndef opaque 16626206Swpaul%#define opaque char 16726206Swpaul%#endif 16826206Swpaul% 16926206Swpaul#endif 17026206Swpaulprogram KEY_PROG { 17126206Swpaul version KEY_VERS { 17226206Swpaul 17326206Swpaul /* 17426206Swpaul * This is my secret key. 17526206Swpaul * Store it for me. 17626206Swpaul */ 17726206Swpaul keystatus 17826206Swpaul KEY_SET(keybuf) = 1; 17926206Swpaul 18026206Swpaul /* 18126206Swpaul * I want to talk to X. 18226206Swpaul * Encrypt a conversation key for me. 18326206Swpaul */ 18426206Swpaul cryptkeyres 18526206Swpaul KEY_ENCRYPT(cryptkeyarg) = 2; 18626206Swpaul 18726206Swpaul /* 18826206Swpaul * X just sent me a message. 18926206Swpaul * Decrypt the conversation key for me. 19026206Swpaul */ 19126206Swpaul cryptkeyres 19226206Swpaul KEY_DECRYPT(cryptkeyarg) = 3; 19326206Swpaul 19426206Swpaul /* 19526206Swpaul * Generate a secure conversation key for me 19626206Swpaul */ 19726206Swpaul des_block 19826206Swpaul KEY_GEN(void) = 4; 19926206Swpaul 20026206Swpaul /* 20126206Swpaul * Get me the uid, gid and group-access-list associated 20226206Swpaul * with this netname (for kernel which cannot use NIS) 20326206Swpaul */ 20426206Swpaul getcredres 20526206Swpaul KEY_GETCRED(netnamestr) = 5; 20626206Swpaul } = 1; 20726206Swpaul version KEY_VERS2 { 20826206Swpaul 20926206Swpaul /* 21026206Swpaul * ####### 21126206Swpaul * Procedures 1-5 are identical to version 1 21226206Swpaul * ####### 21326206Swpaul */ 21426206Swpaul 21526206Swpaul /* 21626206Swpaul * This is my secret key. 21726206Swpaul * Store it for me. 21826206Swpaul */ 21926206Swpaul keystatus 22026206Swpaul KEY_SET(keybuf) = 1; 22126206Swpaul 22226206Swpaul /* 22326206Swpaul * I want to talk to X. 22426206Swpaul * Encrypt a conversation key for me. 22526206Swpaul */ 22626206Swpaul cryptkeyres 22726206Swpaul KEY_ENCRYPT(cryptkeyarg) = 2; 22826206Swpaul 22926206Swpaul /* 23026206Swpaul * X just sent me a message. 23126206Swpaul * Decrypt the conversation key for me. 23226206Swpaul */ 23326206Swpaul cryptkeyres 23426206Swpaul KEY_DECRYPT(cryptkeyarg) = 3; 23526206Swpaul 23626206Swpaul /* 23726206Swpaul * Generate a secure conversation key for me 23826206Swpaul */ 23926206Swpaul des_block 24026206Swpaul KEY_GEN(void) = 4; 24126206Swpaul 24226206Swpaul /* 24326206Swpaul * Get me the uid, gid and group-access-list associated 24426206Swpaul * with this netname (for kernel which cannot use NIS) 24526206Swpaul */ 24626206Swpaul getcredres 24726206Swpaul KEY_GETCRED(netnamestr) = 5; 24826206Swpaul 24926206Swpaul /* 25026206Swpaul * I want to talk to X. and I know X's public key 25126206Swpaul * Encrypt a conversation key for me. 25226206Swpaul */ 25326206Swpaul cryptkeyres 25426206Swpaul KEY_ENCRYPT_PK(cryptkeyarg2) = 6; 25526206Swpaul 25626206Swpaul /* 25726206Swpaul * X just sent me a message. and I know X's public key 25826206Swpaul * Decrypt the conversation key for me. 25926206Swpaul */ 26026206Swpaul cryptkeyres 26126206Swpaul KEY_DECRYPT_PK(cryptkeyarg2) = 7; 26226206Swpaul 26326206Swpaul /* 26426206Swpaul * Store my public key, netname and private key. 26526206Swpaul */ 26626206Swpaul keystatus 26726206Swpaul KEY_NET_PUT(key_netstarg) = 8; 26826206Swpaul 26926206Swpaul /* 27026206Swpaul * Retrieve my public key, netname and private key. 27126206Swpaul */ 27226206Swpaul key_netstres 27326206Swpaul KEY_NET_GET(void) = 9; 27426206Swpaul 27526206Swpaul /* 27626206Swpaul * Return me the conversation key that is constructed 27726206Swpaul * from my secret key and this publickey. 27826206Swpaul */ 27926206Swpaul 28026206Swpaul cryptkeyres 28126206Swpaul KEY_GET_CONV(keybuf) = 10; 28226206Swpaul 28326206Swpaul 28426206Swpaul } = 2; 28526206Swpaul} = 100029; 28626206Swpaul 28726206Swpaul 288