2 % * Copyright (c) 2010, Oracle America, Inc.
4 % * Redistribution and use in source and binary forms, with or without
5 % * modification, are permitted provided that the following conditions are
8 % * * Redistributions of source code must retain the above copyright
9 % * notice, this list of conditions and the following disclaimer.
10 % * * Redistributions in binary form must reproduce the above
11 % * copyright notice, this list of conditions and the following
12 % * disclaimer in the documentation and/or other materials
13 % * provided with the distribution.
14 % * * Neither the name of the "Oracle America, Inc." nor the names of its
15 % * contributors may be used to endorse or promote products derived
16 % * from this software without specific prior written permission.
18 % * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 % * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 % * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21 % * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22 % * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 % * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 % * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
25 % * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 % * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 % * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28 % * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 % * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * Key server protocol definition
33 * Copyright (C) 1990, 1991 Sun Microsystems, Inc.
35 * The keyserver is a public key storage/encryption/decryption service
36 * The encryption method used is based on the Diffie-Hellman exponential
37 * key exchange technology.
39 * The key server is local to each machine, akin to the portmapper.
40 * Under TI-RPC, communication with the keyserver is through the
43 * NOTE: This .x file generates the USER level headers for the keyserver.
44 * the KERNEL level headers are created by hand as they kernel has special
48 %/* From: #pragma ident "@(#)key_prot.x 1.7 94/04/29 SMI" */
49 %/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */
50 %#include <sys/cdefs.h>
51 %__FBSDID("$FreeBSD$");
54 % * Compiled from key_prot.x using rpcgen.
55 % * DO NOT EDIT THIS FILE!
56 % * This is NOT source code!
60 * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
62 * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
63 * where p is also prime.
65 * PROOT satisfies the following two conditions:
66 * (1) (PROOT ** 2) % MODULUS != 1
67 * (2) (PROOT ** p) % MODULUS != 1
72 const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
74 const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */
75 const KEYSIZE = 192; /* KEYSIZE == bit length of key */
76 const KEYBYTES = 24; /* byte length of key */
79 * The first 16 hex digits of the encrypted secret key are used as
80 * a checksum in the database.
82 const KEYCHECKSUMSIZE = 16;
88 KEY_SUCCESS, /* no problems */
89 KEY_NOSECRET, /* no secret key stored */
90 KEY_UNKNOWN, /* unknown netname */
91 KEY_SYSTEMERR /* system error (out of memory, encryption failure) */
94 typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */
96 typedef string netnamestr<MAXNETNAMELEN>;
99 * Argument to ENCRYPT or DECRYPT
102 netnamestr remotename;
107 * Argument to ENCRYPT_PK or DECRYPT_PK
109 struct cryptkeyarg2 {
110 netnamestr remotename;
111 netobj remotekey; /* Contains a length up to 1024 bytes */
117 * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
119 union cryptkeyres switch (keystatus status) {
126 const MAXGIDS = 16; /* max number of gids in gid list */
138 * Result returned from GETCRED
140 union getcredres switch (keystatus status) {
150 struct key_netstarg {
153 netnamestr st_netname;
156 union key_netstres switch (keystatus status){
174 * This is my secret key.
181 * I want to talk to X.
182 * Encrypt a conversation key for me.
185 KEY_ENCRYPT(cryptkeyarg) = 2;
188 * X just sent me a message.
189 * Decrypt the conversation key for me.
192 KEY_DECRYPT(cryptkeyarg) = 3;
195 * Generate a secure conversation key for me
201 * Get me the uid, gid and group-access-list associated
202 * with this netname (for kernel which cannot use NIS)
205 KEY_GETCRED(netnamestr) = 5;
211 * Procedures 1-5 are identical to version 1
216 * This is my secret key.
223 * I want to talk to X.
224 * Encrypt a conversation key for me.
227 KEY_ENCRYPT(cryptkeyarg) = 2;
230 * X just sent me a message.
231 * Decrypt the conversation key for me.
234 KEY_DECRYPT(cryptkeyarg) = 3;
237 * Generate a secure conversation key for me
243 * Get me the uid, gid and group-access-list associated
244 * with this netname (for kernel which cannot use NIS)
247 KEY_GETCRED(netnamestr) = 5;
250 * I want to talk to X. and I know X's public key
251 * Encrypt a conversation key for me.
254 KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
257 * X just sent me a message. and I know X's public key
258 * Decrypt the conversation key for me.
261 KEY_DECRYPT_PK(cryptkeyarg2) = 7;
264 * Store my public key, netname and private key.
267 KEY_NET_PUT(key_netstarg) = 8;
270 * Retrieve my public key, netname and private key.
273 KEY_NET_GET(void) = 9;
276 * Return me the conversation key that is constructed
277 * from my secret key and this publickey.
281 KEY_GET_CONV(keybuf) = 10;