/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Key server protocol definition * Copyright (C) 1990, 1991 Sun Microsystems, Inc. * * The keyserver is a public key storage/encryption/decryption service * The encryption method used is based on the Diffie-Hellman exponential * key exchange technology. * * The key server is local to each machine, akin to the portmapper. * Under TI-RPC, communication with the keyserver is through the * loopback transport. * * NOTE: This .x file generates the USER level headers for the keyserver. * the KERNEL level headers are created by hand as they kernel has special * requirements. */ %#pragma ident "%Z%%M% %I% %E% SMI" % %/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ % %/* % * Compiled from key_prot.x using rpcgen. % * DO NOT EDIT THIS FILE! % * This is NOT source code! % */ /* * PROOT and MODULUS define the way the Diffie-Hellman key is generated. * * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, * where p is also prime. * * PROOT satisfies the following two conditions: * (1) (PROOT ** 2) % MODULUS != 1 * (2) (PROOT ** p) % MODULUS != 1 * */ const PROOT = 3; const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ const KEYSIZE = 192; /* KEYSIZE == bit length of key */ const KEYBYTES = 24; /* byte length of key */ /* * The first 16 hex digits of the encrypted secret key are used as * a checksum in the database. */ const KEYCHECKSUMSIZE = 16; /* * status of operation */ enum keystatus { KEY_SUCCESS, /* no problems */ KEY_NOSECRET, /* no secret key stored */ KEY_UNKNOWN, /* unknown netname */ KEY_SYSTEMERR, /* system error (out of memory, encryption failure) */ KEY_BADALG, /* unknown algorithm type */ KEY_BADLEN /* unsupported keysize */ }; typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ typedef opaque keybuf3<>; /* store key in binary */ typedef string netnamestr; /* * algorithm type & key size */ typedef int keylen_t; typedef int algtype_t; struct mechtype { keylen_t keylen; algtype_t algtype; }; /* * number of keys for KEY_GEN_3 to return */ typedef int keynum_t; /* * Result of KEY_GEN_3 */ typedef des_block deskeyarray<>; /* * Argument to ENCRYPT or DECRYPT */ struct cryptkeyarg { netnamestr remotename; des_block deskey; }; /* * Argument to ENCRYPT_PK or DECRYPT_PK */ struct cryptkeyarg2 { netnamestr remotename; netobj remotekey; /* Contains a length up to 1024 bytes */ des_block deskey; }; /* * Argument to ENCRYPT_3, ENCRYPT_PK_3, DECRYPT_3, DECRYPT_PK_3 */ struct cryptkeyarg3 { netnamestr remotename; keybuf3 remotekey; deskeyarray deskey; algtype_t algtype; keylen_t keylen; }; /* * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, DECRYPT_PK, KEY_GET_CONV */ union cryptkeyres switch (keystatus status) { case KEY_SUCCESS: des_block deskey; default: void; }; /* * Result of ENCRYPT_3, DECRYPT_3, ENCRYPT_PK_3, DECRYPT_PK_3, KEY_GET_CONV_3 */ union cryptkeyres3 switch (keystatus status) { case KEY_SUCCESS: deskeyarray deskey; default: void; }; const MAXGIDS = 16; /* max number of gids in gid list */ /* * Unix credential */ struct unixcred { u_int uid; u_int gid; u_int gids; }; /* * Unix credential, without arbitrary limit */ struct unixcred3 { u_int uid; u_int gid; u_int gids<>; }; /* * Result returned from GETCRED */ union getcredres switch (keystatus status) { case KEY_SUCCESS: unixcred cred; default: void; }; /* * Result returned from GETCRED_3 */ union getcredres3 switch (keystatus status) { case KEY_SUCCESS: unixcred3 cred; default: void; }; /* * key_netstarg; */ struct key_netstarg { keybuf st_priv_key; keybuf st_pub_key; netnamestr st_netname; }; struct key_netstarg3 { keybuf3 st_priv_key; keybuf3 st_pub_key; netnamestr st_netname; algtype_t algtype; keylen_t keylen; des_block userkey; }; union key_netstres switch (keystatus status){ case KEY_SUCCESS: key_netstarg knet; default: void; }; union key_netstres3 switch (keystatus status){ case KEY_SUCCESS: key_netstarg3 knet; default: void; }; /* * Argument to KEY_GET_CONV_3 */ struct deskeyarg3 { keybuf3 pub_key; int nkeys; algtype_t algtype ; keylen_t keylen; }; /* * Argument to KEY_SET_3 */ struct setkeyarg3 { keybuf3 key; des_block userkey; algtype_t algtype ; keylen_t keylen; }; #ifdef RPC_HDR % %#ifndef opaque %#define opaque char %#endif % #endif program KEY_PROG { version KEY_VERS { /* * This is my secret key. * Store it for me. */ keystatus KEY_SET(keybuf) = 1; /* * I want to talk to X. * Encrypt a conversation key for me. */ cryptkeyres KEY_ENCRYPT(cryptkeyarg) = 2; /* * X just sent me a message. * Decrypt the conversation key for me. */ cryptkeyres KEY_DECRYPT(cryptkeyarg) = 3; /* * Generate a secure conversation key for me */ des_block KEY_GEN(void) = 4; /* * Get me the uid, gid and group-access-list associated * with this netname (for kernel which cannot use NIS) */ getcredres KEY_GETCRED(netnamestr) = 5; } = 1; version KEY_VERS2 { /* * ####### * Procedures 1-5 are identical to version 1 * ####### */ /* * This is my secret key. * Store it for me. */ keystatus KEY_SET(keybuf) = 1; /* * I want to talk to X. * Encrypt a conversation key for me. */ cryptkeyres KEY_ENCRYPT(cryptkeyarg) = 2; /* * X just sent me a message. * Decrypt the conversation key for me. */ cryptkeyres KEY_DECRYPT(cryptkeyarg) = 3; /* * Generate a secure conversation key for me */ des_block KEY_GEN(void) = 4; /* * Get me the uid, gid and group-access-list associated * with this netname (for kernel which cannot use NIS) */ getcredres KEY_GETCRED(netnamestr) = 5; /* * I want to talk to X. and I know X's public key * Encrypt a conversation key for me. */ cryptkeyres KEY_ENCRYPT_PK(cryptkeyarg2) = 6; /* * X just sent me a message. and I know X's public key * Decrypt the conversation key for me. */ cryptkeyres KEY_DECRYPT_PK(cryptkeyarg2) = 7; /* * Store my public key, netname and private key. */ keystatus KEY_NET_PUT(key_netstarg) = 8; /* * Retrieve my public key, netname and private key. */ key_netstres KEY_NET_GET(void) = 9; /* * Return me the conversation (common) key that is constructed * from my secret key and this publickey. */ cryptkeyres KEY_GET_CONV(keybuf) = 10; } = 2; version KEY_VERS3 { /* * ####### * Procedures 1-10 are identical to versions 1 & 2 * ####### */ /* * This is my secret key. * Store it for me. */ keystatus KEY_SET(keybuf) = 1; /* * I want to talk to X. * Encrypt a conversation key for me. */ cryptkeyres KEY_ENCRYPT(cryptkeyarg) = 2; /* * X just sent me a message. * Decrypt the conversation key for me. */ cryptkeyres KEY_DECRYPT(cryptkeyarg) = 3; /* * Generate a secure conversation key for me */ des_block KEY_GEN(void) = 4; /* * Get me the uid, gid and group-access-list associated * with this netname (for kernel which cannot use NIS) */ getcredres KEY_GETCRED(netnamestr) = 5; /* * I want to talk to X. and I know X's public key * Encrypt a conversation key for me. */ cryptkeyres KEY_ENCRYPT_PK(cryptkeyarg2) = 6; /* * X just sent me a message. and I know X's public key * Decrypt the conversation key for me. */ cryptkeyres KEY_DECRYPT_PK(cryptkeyarg2) = 7; /* * Store my public key, netname and private key. */ keystatus KEY_NET_PUT(key_netstarg) = 8; /* * Retrieve my public key, netname and private key. */ key_netstres KEY_NET_GET(void) = 9; /* * Return me the conversation (common) key that is constructed * from my secret key and this publickey. */ cryptkeyres KEY_GET_CONV(keybuf) = 10; /* * ####### * Procedures new in version 3 follow... * ####### */ /* * This is my secret key. * Store it for me. */ keystatus KEY_SET_3(setkeyarg3) = 11; /* * I want to talk to X. * Encrypt a conversation key for me. */ cryptkeyres3 KEY_ENCRYPT_3(cryptkeyarg3) = 12; /* * X just sent me a message. * Decrypt the conversation key for me. */ cryptkeyres3 KEY_DECRYPT_3(cryptkeyarg3) = 13; /* * Generate secure conversation key(s) for me */ deskeyarray KEY_GEN_3(keynum_t) = 14; /* * Get me the uid, gid and group-access-list associated * with this netname (for kernel which cannot use NIS) */ getcredres3 KEY_GETCRED_3(netnamestr) = 15; /* * I want to talk to X. and I know X's public key * Encrypt a conversation key for me. */ cryptkeyres3 KEY_ENCRYPT_PK_3(cryptkeyarg3) = 16; /* * X just sent me a message. and I know X's public key * Decrypt the conversation key for me. */ cryptkeyres3 KEY_DECRYPT_PK_3(cryptkeyarg3) = 17; /* * Store my public key, netname and private key. */ keystatus KEY_NET_PUT_3(key_netstarg3) = 18; /* * Retrieve my public key, netname and private key. */ key_netstres3 KEY_NET_GET_3(key_netstarg3) = 19; /* * Return me the conversation (common) key that is constructed * from my secret key and this publickey. */ cryptkeyres3 KEY_GET_CONV_3(deskeyarg3) = 20; /* * Clear all the secret/public/netname triplets for the caller */ keystatus KEY_CLEAR_3(void) = 21; } = 3; } = 100029;