4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
23 * Key server protocol definition
24 * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
26 * The keyserver is a public key storage/encryption/decryption service
27 * The encryption method used is based on the Diffie-Hellman exponential
28 * key exchange technology.
30 * The key server is local to each machine, akin to the portmapper.
31 * Under TI-RPC, communication with the keyserver is through the
34 * NOTE: This .x file generates the USER level headers for the keyserver.
35 * the KERNEL level headers are created by hand as they kernel has special
39 %#pragma ident "%Z%%M% %I% %E% SMI"
41 %/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */
44 % * Compiled from key_prot.x using rpcgen.
45 % * DO NOT EDIT THIS FILE!
46 % * This is NOT source code!
50 * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
52 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
53 * where p is also prime.
55 * PROOT satisfies the following two conditions:
56 * (1) (PROOT ** 2) % MODULUS != 1
57 * (2) (PROOT ** p) % MODULUS != 1
62 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
64 const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */
65 const KEYSIZE = 192; /* KEYSIZE == bit length of key */
66 const KEYBYTES = 24; /* byte length of key */
69 * The first 16 hex digits of the encrypted secret key are used as
70 * a checksum in the database.
72 const KEYCHECKSUMSIZE = 16;
78 KEY_SUCCESS, /* no problems */
79 KEY_NOSECRET, /* no secret key stored */
80 KEY_UNKNOWN, /* unknown netname */
81 KEY_SYSTEMERR, /* system error (out of memory, encryption failure) */
82 KEY_BADALG, /* unknown algorithm type */
83 KEY_BADLEN /* unsupported keysize */
86 typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */
87 typedef opaque keybuf3<>; /* store key in binary */
89 typedef string netnamestr<MAXNETNAMELEN>;
92 * algorithm type & key size
95 typedef int algtype_t;
103 * number of keys for KEY_GEN_3 to return
105 typedef int keynum_t;
108 * Result of KEY_GEN_3
110 typedef des_block deskeyarray<>;
113 * Argument to ENCRYPT or DECRYPT
116 netnamestr remotename;
121 * Argument to ENCRYPT_PK or DECRYPT_PK
123 struct cryptkeyarg2 {
124 netnamestr remotename;
125 netobj remotekey; /* Contains a length up to 1024 bytes */
130 * Argument to ENCRYPT_3, ENCRYPT_PK_3, DECRYPT_3, DECRYPT_PK_3
132 struct cryptkeyarg3 {
133 netnamestr remotename;
141 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, DECRYPT_PK, KEY_GET_CONV
143 union cryptkeyres switch (keystatus status) {
151 * Result of ENCRYPT_3, DECRYPT_3, ENCRYPT_PK_3, DECRYPT_PK_3, KEY_GET_CONV_3
153 union cryptkeyres3 switch (keystatus status) {
160 const MAXGIDS = 16; /* max number of gids in gid list */
172 * Unix credential, without arbitrary limit
181 * Result returned from GETCRED
183 union getcredres switch (keystatus status) {
191 * Result returned from GETCRED_3
193 union getcredres3 switch (keystatus status) {
203 struct key_netstarg {
206 netnamestr st_netname;
209 struct key_netstarg3 {
212 netnamestr st_netname;
218 union key_netstres switch (keystatus status){
225 union key_netstres3 switch (keystatus status){
233 * Argument to KEY_GET_CONV_3
243 * Argument to KEY_SET_3
263 * This is my secret key.
270 * I want to talk to X.
271 * Encrypt a conversation key for me.
274 KEY_ENCRYPT(cryptkeyarg) = 2;
277 * X just sent me a message.
278 * Decrypt the conversation key for me.
281 KEY_DECRYPT(cryptkeyarg) = 3;
284 * Generate a secure conversation key for me
290 * Get me the uid, gid and group-access-list associated
291 * with this netname (for kernel which cannot use NIS)
294 KEY_GETCRED(netnamestr) = 5;
300 * Procedures 1-5 are identical to version 1
305 * This is my secret key.
312 * I want to talk to X.
313 * Encrypt a conversation key for me.
316 KEY_ENCRYPT(cryptkeyarg) = 2;
319 * X just sent me a message.
320 * Decrypt the conversation key for me.
323 KEY_DECRYPT(cryptkeyarg) = 3;
326 * Generate a secure conversation key for me
332 * Get me the uid, gid and group-access-list associated
333 * with this netname (for kernel which cannot use NIS)
336 KEY_GETCRED(netnamestr) = 5;
339 * I want to talk to X. and I know X's public key
340 * Encrypt a conversation key for me.
343 KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
346 * X just sent me a message. and I know X's public key
347 * Decrypt the conversation key for me.
350 KEY_DECRYPT_PK(cryptkeyarg2) = 7;
353 * Store my public key, netname and private key.
356 KEY_NET_PUT(key_netstarg) = 8;
359 * Retrieve my public key, netname and private key.
362 KEY_NET_GET(void) = 9;
365 * Return me the conversation (common) key that is constructed
366 * from my secret key and this publickey.
369 KEY_GET_CONV(keybuf) = 10;
375 * Procedures 1-10 are identical to versions 1 & 2
380 * This is my secret key.
387 * I want to talk to X.
388 * Encrypt a conversation key for me.
391 KEY_ENCRYPT(cryptkeyarg) = 2;
394 * X just sent me a message.
395 * Decrypt the conversation key for me.
398 KEY_DECRYPT(cryptkeyarg) = 3;
401 * Generate a secure conversation key for me
407 * Get me the uid, gid and group-access-list associated
408 * with this netname (for kernel which cannot use NIS)
411 KEY_GETCRED(netnamestr) = 5;
414 * I want to talk to X. and I know X's public key
415 * Encrypt a conversation key for me.
418 KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
421 * X just sent me a message. and I know X's public key
422 * Decrypt the conversation key for me.
425 KEY_DECRYPT_PK(cryptkeyarg2) = 7;
428 * Store my public key, netname and private key.
431 KEY_NET_PUT(key_netstarg) = 8;
434 * Retrieve my public key, netname and private key.
437 KEY_NET_GET(void) = 9;
440 * Return me the conversation (common) key that is constructed
441 * from my secret key and this publickey.
444 KEY_GET_CONV(keybuf) = 10;
448 * Procedures new in version 3 follow...
453 * This is my secret key.
457 KEY_SET_3(setkeyarg3) = 11;
460 * I want to talk to X.
461 * Encrypt a conversation key for me.
464 KEY_ENCRYPT_3(cryptkeyarg3) = 12;
467 * X just sent me a message.
468 * Decrypt the conversation key for me.
471 KEY_DECRYPT_3(cryptkeyarg3) = 13;
474 * Generate secure conversation key(s) for me
477 KEY_GEN_3(keynum_t) = 14;
480 * Get me the uid, gid and group-access-list associated
481 * with this netname (for kernel which cannot use NIS)
484 KEY_GETCRED_3(netnamestr) = 15;
487 * I want to talk to X. and I know X's public key
488 * Encrypt a conversation key for me.
491 KEY_ENCRYPT_PK_3(cryptkeyarg3) = 16;
494 * X just sent me a message. and I know X's public key
495 * Decrypt the conversation key for me.
498 KEY_DECRYPT_PK_3(cryptkeyarg3) = 17;
501 * Store my public key, netname and private key.
504 KEY_NET_PUT_3(key_netstarg3) = 18;
507 * Retrieve my public key, netname and private key.
510 KEY_NET_GET_3(key_netstarg3) = 19;
513 * Return me the conversation (common) key that is constructed
514 * from my secret key and this publickey.
517 KEY_GET_CONV_3(deskeyarg3) = 20;
520 * Clear all the secret/public/netname triplets for the caller
523 KEY_CLEAR_3(void) = 21;