1 /*
2  * Key server protocol definition
3  * Copyright (c) 2010, Oracle America, Inc.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are
7  * met:
8  *
9  *     * Redistributions of source code must retain the above copyright
10  *       notice, this list of conditions and the following disclaimer.
11  *     * Redistributions in binary form must reproduce the above
12  *       copyright notice, this list of conditions and the following
13  *       disclaimer in the documentation and/or other materials
14  *       provided with the distribution.
15  *     * Neither the name of the "Oracle America, Inc." nor the names of its
16  *       contributors may be used to endorse or promote products derived
17  *       from this software without specific prior written permission.
18  *
19  *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22  *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23  *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24  *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
26  *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
28  *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
29  *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  *
32  * The keyserver is a public key storage/encryption/decryption service
33  * The encryption method used is based on the Diffie-Hellman exponential
34  * key exchange technology.
35  *
36  * The key server is local to each machine, akin to the portmapper.
37  * Under TI-RPC, communication with the keyserver is through the
38  * loopback transport.
39  *
40  * NOTE: This .x file generates the USER level headers for the keyserver.
41  * the KERNEL level headers are created by hand as they kernel has special
42  * requirements.
43  */
44 
45 %#if 0
46 %#pragma ident	"@(#)key_prot.x	1.7	94/04/29 SMI"
47 %#endif
48 %
49 %/* Copyright (c)  1990, 1991 Sun Microsystems, Inc. */
50 %
51 %/*
52 % * Compiled from key_prot.x using rpcgen.
53 % * DO NOT EDIT THIS FILE!
54 % * This is NOT source code!
55 % */
56 
57 /*
58  * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
59  *
60  * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
61  * where p is also prime.
62  *
63  * PROOT satisfies the following two conditions:
64  * (1) (PROOT ** 2) % MODULUS != 1
65  * (2) (PROOT ** p) % MODULUS != 1
66  *
67  */
68 
69 const PROOT = 3;
70 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
71 
72 const HEXKEYBYTES = 48;		/* HEXKEYBYTES == strlen(HEXMODULUS) */
73 const KEYSIZE = 192;		/* KEYSIZE == bit length of key */
74 const KEYBYTES = 24;		/* byte length of key */
75 
76 /*
77  * The first 16 hex digits of the encrypted secret key are used as
78  * a checksum in the database.
79  */
80 const KEYCHECKSUMSIZE = 16;
81 
82 /*
83  * status of operation
84  */
85 enum keystatus {
86 	KEY_SUCCESS,	/* no problems */
87 	KEY_NOSECRET,	/* no secret key stored */
88 	KEY_UNKNOWN,	/* unknown netname */
89 	KEY_SYSTEMERR 	/* system error (out of memory, encryption failure) */
90 };
91 
92 typedef opaque keybuf[HEXKEYBYTES];	/* store key in hex */
93 
94 typedef string netnamestr<MAXNETNAMELEN>;
95 
96 /*
97  * Argument to ENCRYPT or DECRYPT
98  */
99 struct cryptkeyarg {
100 	netnamestr remotename;
101 	des_block deskey;
102 };
103 
104 /*
105  * Argument to ENCRYPT_PK or DECRYPT_PK
106  */
107 struct cryptkeyarg2 {
108 	netnamestr remotename;
109 	netobj	remotekey;	/* Contains a length up to 1024 bytes */
110 	des_block deskey;
111 };
112 
113 
114 /*
115  * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
116  */
117 union cryptkeyres switch (keystatus status) {
118 case KEY_SUCCESS:
119 	des_block deskey;
120 default:
121 	void;
122 };
123 
124 const MAXGIDS  = 16;	/* max number of gids in gid list */
125 
126 /*
127  * Unix credential
128  */
129 struct unixcred {
130 	u_int uid;
131 	u_int gid;
132 	u_int gids<MAXGIDS>;
133 };
134 
135 /*
136  * Result returned from GETCRED
137  */
138 union getcredres switch (keystatus status) {
139 case KEY_SUCCESS:
140 	unixcred cred;
141 default:
142 	void;
143 };
144 /*
145  * key_netstarg;
146  */
147 
148 struct key_netstarg {
149 	keybuf st_priv_key;
150 	keybuf st_pub_key;
151 	netnamestr st_netname;
152 };
153 
154 union key_netstres switch (keystatus status){
155 case KEY_SUCCESS:
156 	key_netstarg knet;
157 default:
158 	void;
159 };
160 
161 #ifdef RPC_HDR
162 %
163 %#ifndef opaque
164 %#define opaque char
165 %#endif
166 %
167 #endif
168 program KEY_PROG {
169 	version KEY_VERS {
170 
171 		/*
172 		 * This is my secret key.
173 	 	 * Store it for me.
174 		 */
175 		keystatus
176 		KEY_SET(keybuf) = 1;
177 
178 		/*
179 		 * I want to talk to X.
180 		 * Encrypt a conversation key for me.
181 	 	 */
182 		cryptkeyres
183 		KEY_ENCRYPT(cryptkeyarg) = 2;
184 
185 		/*
186 		 * X just sent me a message.
187 		 * Decrypt the conversation key for me.
188 		 */
189 		cryptkeyres
190 		KEY_DECRYPT(cryptkeyarg) = 3;
191 
192 		/*
193 		 * Generate a secure conversation key for me
194 		 */
195 		des_block
196 		KEY_GEN(void) = 4;
197 
198 		/*
199 		 * Get me the uid, gid and group-access-list associated
200 		 * with this netname (for kernel which cannot use NIS)
201 		 */
202 		getcredres
203 		KEY_GETCRED(netnamestr) = 5;
204 	} = 1;
205 	version KEY_VERS2 {
206 
207 		/*
208 		 * #######
209 		 * Procedures 1-5 are identical to version 1
210 		 * #######
211 		 */
212 
213 		/*
214 		 * This is my secret key.
215 	 	 * Store it for me.
216 		 */
217 		keystatus
218 		KEY_SET(keybuf) = 1;
219 
220 		/*
221 		 * I want to talk to X.
222 		 * Encrypt a conversation key for me.
223 	 	 */
224 		cryptkeyres
225 		KEY_ENCRYPT(cryptkeyarg) = 2;
226 
227 		/*
228 		 * X just sent me a message.
229 		 * Decrypt the conversation key for me.
230 		 */
231 		cryptkeyres
232 		KEY_DECRYPT(cryptkeyarg) = 3;
233 
234 		/*
235 		 * Generate a secure conversation key for me
236 		 */
237 		des_block
238 		KEY_GEN(void) = 4;
239 
240 		/*
241 		 * Get me the uid, gid and group-access-list associated
242 		 * with this netname (for kernel which cannot use NIS)
243 		 */
244 		getcredres
245 		KEY_GETCRED(netnamestr) = 5;
246 
247 		/*
248 		 * I want to talk to X. and I know X's public key
249 		 * Encrypt a conversation key for me.
250 	 	 */
251 		cryptkeyres
252 		KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
253 
254 		/*
255 		 * X just sent me a message. and I know X's public key
256 		 * Decrypt the conversation key for me.
257 		 */
258 		cryptkeyres
259 		KEY_DECRYPT_PK(cryptkeyarg2) = 7;
260 
261 		/*
262 		 * Store my public key, netname and private key.
263 		 */
264 		keystatus
265 		KEY_NET_PUT(key_netstarg) = 8;
266 
267 		/*
268 		 * Retrieve my public key, netname and private key.
269 		 */
270  		key_netstres
271 		KEY_NET_GET(void) = 9;
272 
273 		/*
274 		 * Return me the conversation key that is constructed
275 		 * from my secret key and this publickey.
276 		 */
277 
278 		cryptkeyres
279 		KEY_GET_CONV(keybuf) = 10;
280 
281 
282 	} = 2;
283 } = 100029;
284