key_prot.x revision 32554 
1%/*
2% * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3% * unrestricted use provided that this legend is included on all tape
4% * media and as a part of the software program in whole or part.  Users
5% * may copy or modify Sun RPC without charge, but are not authorized
6% * to license or distribute it to anyone else except as part of a product or
7% * program developed by the user.
8% *
9% * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10% * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11% * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12% *
13% * Sun RPC is provided with no support and without any obligation on the
14% * part of Sun Microsystems, Inc. to assist in its use, correction,
15% * modification or enhancement.
16% *
17% * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18% * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19% * OR ANY PART THEREOF.
20% *
21% * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22% * or profits or other special, indirect and consequential damages, even if
23% * Sun has been advised of the possibility of such damages.
24% *
25% * Sun Microsystems, Inc.
26% * 2550 Garcia Avenue
27% * Mountain View, California  94043
28% */
29/*
30 * Key server protocol definition
31 * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
32 *
33 * The keyserver is a public key storage/encryption/decryption service
34 * The encryption method used is based on the Diffie-Hellman exponential
35 * key exchange technology.
36 *
37 * The key server is local to each machine, akin to the portmapper.
38 * Under TI-RPC, communication with the keyserver is through the
39 * loopback transport.
40 *
41 * NOTE: This .x file generates the USER level headers for the keyserver.
42 * the KERNEL level headers are created by hand as they kernel has special
43 * requirements.
44 */
45
46%/* From: #pragma ident	"@(#)key_prot.x	1.7	94/04/29 SMI" */
47%
48%/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
49%
50%/*
51% * Compiled from key_prot.x using rpcgen.
52% * DO NOT EDIT THIS FILE!
53% * This is NOT source code!
54% */
55
56/*
57 * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
58 *
59 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
60 * where p is also prime.
61 *
62 * PROOT satisfies the following two conditions:
63 * (1) (PROOT ** 2) % MODULUS != 1
64 * (2) (PROOT ** p) % MODULUS != 1
65 *
66 */
67
68const PROOT = 3;
69const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
70
71const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
72const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
73const KEYBYTES = 24;		/* byte length of key */
74
75/*
76 * The first 16 hex digits of the encrypted secret key are used as
77 * a checksum in the database.
78 */
79const KEYCHECKSUMSIZE = 16;
80
81/*
82 * status of operation
83 */
84enum keystatus {
85	KEY_SUCCESS,	/* no problems */
86	KEY_NOSECRET,	/* no secret key stored */
87	KEY_UNKNOWN,	/* unknown netname */
88	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
89};
90
91typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
92
93typedef string netnamestr<MAXNETNAMELEN>;
94
95/*
96 * Argument to ENCRYPT or DECRYPT
97 */
98struct cryptkeyarg {
99	netnamestr remotename;
100	des_block deskey;
101};
102
103/*
104 * Argument to ENCRYPT_PK or DECRYPT_PK
105 */
106struct cryptkeyarg2 {
107	netnamestr remotename;
108	netobj	remotekey;	/* Contains a length up to 1024 bytes */
109	des_block deskey;
110};
111
112
113/*
114 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
115 */
116union cryptkeyres switch (keystatus status) {
117case KEY_SUCCESS:
118	des_block deskey;
119default:
120	void;
121};
122
123const MAXGIDS  = 16;	/* max number of gids in gid list */
124
125/*
126 * Unix credential
127 */
128struct unixcred {
129	u_int uid;
130	u_int gid;
131	u_int gids<MAXGIDS>;
132};
133
134/*
135 * Result returned from GETCRED
136 */
137union getcredres switch (keystatus status) {
138case KEY_SUCCESS:
139	unixcred cred;
140default:
141	void;
142};
143/*
144 * key_netstarg;
145 */
146
147struct key_netstarg {
148	keybuf st_priv_key;
149	keybuf st_pub_key;
150	netnamestr st_netname;
151};
152
153union key_netstres switch (keystatus status){
154case KEY_SUCCESS:
155	key_netstarg knet;
156default:
157	void;
158};
159
160#ifdef RPC_HDR
161%
162%#ifndef opaque
163%#define opaque char
164%#endif
165%
166#endif
167program KEY_PROG {
168	version KEY_VERS {
169
170		/*
171		 * This is my secret key.
172	 	 * Store it for me.
173		 */
174		keystatus
175		KEY_SET(keybuf) = 1;
176
177		/*
178		 * I want to talk to X.
179		 * Encrypt a conversation key for me.
180	 	 */
181		cryptkeyres
182		KEY_ENCRYPT(cryptkeyarg) = 2;
183
184		/*
185		 * X just sent me a message.
186		 * Decrypt the conversation key for me.
187		 */
188		cryptkeyres
189		KEY_DECRYPT(cryptkeyarg) = 3;
190
191		/*
192		 * Generate a secure conversation key for me
193		 */
194		des_block
195		KEY_GEN(void) = 4;
196
197		/*
198		 * Get me the uid, gid and group-access-list associated
199		 * with this netname (for kernel which cannot use NIS)
200		 */
201		getcredres
202		KEY_GETCRED(netnamestr) = 5;
203	} = 1;
204	version KEY_VERS2 {
205
206		/*
207		 * #######
208		 * Procedures 1-5 are identical to version 1
209		 * #######
210		 */
211
212		/*
213		 * This is my secret key.
214	 	 * Store it for me.
215		 */
216		keystatus
217		KEY_SET(keybuf) = 1;
218
219		/*
220		 * I want to talk to X.
221		 * Encrypt a conversation key for me.
222	 	 */
223		cryptkeyres
224		KEY_ENCRYPT(cryptkeyarg) = 2;
225
226		/*
227		 * X just sent me a message.
228		 * Decrypt the conversation key for me.
229		 */
230		cryptkeyres
231		KEY_DECRYPT(cryptkeyarg) = 3;
232
233		/*
234		 * Generate a secure conversation key for me
235		 */
236		des_block
237		KEY_GEN(void) = 4;
238
239		/*
240		 * Get me the uid, gid and group-access-list associated
241		 * with this netname (for kernel which cannot use NIS)
242		 */
243		getcredres
244		KEY_GETCRED(netnamestr) = 5;
245
246		/*
247		 * I want to talk to X. and I know X's public key
248		 * Encrypt a conversation key for me.
249	 	 */
250		cryptkeyres
251		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
252
253		/*
254		 * X just sent me a message. and I know X's public key
255		 * Decrypt the conversation key for me.
256		 */
257		cryptkeyres
258		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
259
260		/*
261		 * Store my public key, netname and private key.
262		 */
263		keystatus
264		KEY_NET_PUT(key_netstarg) = 8;
265
266		/*
267		 * Retrieve my public key, netname and private key.
268		 */
269 		key_netstres
270		KEY_NET_GET(void) = 9;
271
272		/*
273		 * Return me the conversation key that is constructed
274		 * from my secret key and this publickey.
275		 */
276
277		cryptkeyres
278		KEY_GET_CONV(keybuf) = 10;
279
280
281	} = 2;
282} = 100029;
283
284
285