1%/*-
  2% * Copyright (c) 2010, Oracle America, Inc.
  3% *
  4% * Redistribution and use in source and binary forms, with or without
  5% * modification, are permitted provided that the following conditions are
  6% * met:
  7% *
  8% *     * Redistributions of source code must retain the above copyright
  9% *       notice, this list of conditions and the following disclaimer.
 10% *     * Redistributions in binary form must reproduce the above
 11% *       copyright notice, this list of conditions and the following
 12% *       disclaimer in the documentation and/or other materials
 13% *       provided with the distribution.
 14% *     * Neither the name of the "Oracle America, Inc." nor the names of its
 15% *       contributors may be used to endorse or promote products derived
 16% *       from this software without specific prior written permission.
 17% *
 18% *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 19% *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 20% *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 21% *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 22% *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 23% *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 24% *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
 25% *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26% *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 27% *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 28% *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 29% *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 30% */
 31/*
 32 * Key server protocol definition
 33 * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
 34 *
 35 * The keyserver is a public key storage/encryption/decryption service
 36 * The encryption method used is based on the Diffie-Hellman exponential
 37 * key exchange technology.
 38 *
 39 * The key server is local to each machine, akin to the portmapper.
 40 * Under TI-RPC, communication with the keyserver is through the
 41 * loopback transport.
 42 *
 43 * NOTE: This .x file generates the USER level headers for the keyserver.
 44 * the KERNEL level headers are created by hand as they kernel has special
 45 * requirements.
 46 */
 47
 48%/* From: #pragma ident	"@(#)key_prot.x	1.7	94/04/29 SMI" */
 49%/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
 50%#include <sys/cdefs.h>
 51%
 52%/* 
 53% * Compiled from key_prot.x using rpcgen.
 54% * DO NOT EDIT THIS FILE!
 55% * This is NOT source code!
 56% */
 57
 58/*
 59 * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
 60 *
 61 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
 62 * where p is also prime.
 63 *
 64 * PROOT satisfies the following two conditions:
 65 * (1) (PROOT ** 2) % MODULUS != 1
 66 * (2) (PROOT ** p) % MODULUS != 1
 67 *
 68 */
 69
 70const PROOT = 3;
 71const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
 72
 73const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
 74const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
 75const KEYBYTES = 24;		/* byte length of key */
 76
 77/*
 78 * The first 16 hex digits of the encrypted secret key are used as
 79 * a checksum in the database.
 80 */
 81const KEYCHECKSUMSIZE = 16;
 82
 83/*
 84 * status of operation
 85 */
 86enum keystatus {
 87	KEY_SUCCESS,	/* no problems */
 88	KEY_NOSECRET,	/* no secret key stored */
 89	KEY_UNKNOWN,	/* unknown netname */
 90	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
 91};
 92
 93typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
 94
 95typedef string netnamestr<MAXNETNAMELEN>;
 96
 97/*
 98 * Argument to ENCRYPT or DECRYPT 
 99 */
100struct cryptkeyarg {
101	netnamestr remotename;
102	des_block deskey;
103};
104
105/*
106 * Argument to ENCRYPT_PK or DECRYPT_PK
107 */
108struct cryptkeyarg2 {
109	netnamestr remotename;
110	netobj	remotekey;	/* Contains a length up to 1024 bytes */
111	des_block deskey;
112};
113
114
115/*
116 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
117 */
118union cryptkeyres switch (keystatus status) {
119case KEY_SUCCESS:
120	des_block deskey;
121default:
122	void;
123};
124
125const MAXGIDS  = 16;	/* max number of gids in gid list */
126
127/*
128 * Unix credential 
129 */	
130struct unixcred {
131	u_int uid;
132	u_int gid;
133	u_int gids<MAXGIDS>;	
134};
135
136/*
137 * Result returned from GETCRED
138 */
139union getcredres switch (keystatus status) {
140case KEY_SUCCESS:
141	unixcred cred;
142default:
143	void;
144};
145/*
146 * key_netstarg;
147 */
148
149struct key_netstarg {
150	keybuf st_priv_key;
151	keybuf st_pub_key;
152	netnamestr st_netname;
153};
154
155union key_netstres switch (keystatus status){
156case KEY_SUCCESS:
157	key_netstarg knet;
158default:
159	void;
160};	
161
162#ifdef RPC_HDR
163%
164%#ifndef opaque
165%#define opaque char
166%#endif
167%
168#endif
169program KEY_PROG {
170	version KEY_VERS {
171
172		/*
173		 * This is my secret key.
174	 	 * Store it for me.
175		 */
176		keystatus 
177		KEY_SET(keybuf) = 1;	
178	
179		/*
180		 * I want to talk to X.
181		 * Encrypt a conversation key for me.
182	 	 */
183		cryptkeyres
184		KEY_ENCRYPT(cryptkeyarg) = 2;	
185
186		/*
187		 * X just sent me a message.
188		 * Decrypt the conversation key for me.
189		 */
190		cryptkeyres
191		KEY_DECRYPT(cryptkeyarg) = 3;
192
193		/*
194		 * Generate a secure conversation key for me
195		 */
196		des_block 
197		KEY_GEN(void) = 4;
198
199		/*
200		 * Get me the uid, gid and group-access-list associated
201		 * with this netname (for kernel which cannot use NIS)
202		 */
203		getcredres
204		KEY_GETCRED(netnamestr) = 5;
205	} = 1;
206	version KEY_VERS2 {
207
208		/*
209		 * #######
210		 * Procedures 1-5 are identical to version 1
211		 * #######
212		 */
213
214		/*
215		 * This is my secret key.
216	 	 * Store it for me.
217		 */
218		keystatus 
219		KEY_SET(keybuf) = 1;	
220	
221		/*
222		 * I want to talk to X.
223		 * Encrypt a conversation key for me.
224	 	 */
225		cryptkeyres
226		KEY_ENCRYPT(cryptkeyarg) = 2;	
227
228		/*
229		 * X just sent me a message.
230		 * Decrypt the conversation key for me.
231		 */
232		cryptkeyres
233		KEY_DECRYPT(cryptkeyarg) = 3;
234
235		/*
236		 * Generate a secure conversation key for me
237		 */
238		des_block 
239		KEY_GEN(void) = 4;
240
241		/*
242		 * Get me the uid, gid and group-access-list associated
243		 * with this netname (for kernel which cannot use NIS)
244		 */
245		getcredres
246		KEY_GETCRED(netnamestr) = 5;
247		
248		/*
249		 * I want to talk to X. and I know X's public key
250		 * Encrypt a conversation key for me.
251	 	 */
252		cryptkeyres
253		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;	
254
255		/*
256		 * X just sent me a message. and I know X's public key
257		 * Decrypt the conversation key for me.
258		 */
259		cryptkeyres
260		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
261		
262		/* 
263		 * Store my public key, netname and private key. 
264		 */
265		keystatus
266		KEY_NET_PUT(key_netstarg) = 8;
267		
268		/*
269		 * Retrieve my public key, netname and private key. 
270		 */
271 		key_netstres
272		KEY_NET_GET(void) = 9;
273		
274		/*
275		 * Return me the conversation key that is constructed 
276		 * from my secret key and this publickey. 
277		 */
278
279		cryptkeyres 
280		KEY_GET_CONV(keybuf) = 10; 
281
282		
283	} = 2;
284} = 100029;