1 | %/* |
---|
2 | % * Sun RPC is a product of Sun Microsystems, Inc. and is provided for |
---|
3 | % * unrestricted use provided that this legend is included on all tape |
---|
4 | % * media and as a part of the software program in whole or part. Users |
---|
5 | % * may copy or modify Sun RPC without charge, but are not authorized |
---|
6 | % * to license or distribute it to anyone else except as part of a product or |
---|
7 | % * program developed by the user. |
---|
8 | % * |
---|
9 | % * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE |
---|
10 | % * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR |
---|
11 | % * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. |
---|
12 | % * |
---|
13 | % * Sun RPC is provided with no support and without any obligation on the |
---|
14 | % * part of Sun Microsystems, Inc. to assist in its use, correction, |
---|
15 | % * modification or enhancement. |
---|
16 | % * |
---|
17 | % * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE |
---|
18 | % * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC |
---|
19 | % * OR ANY PART THEREOF. |
---|
20 | % * |
---|
21 | % * In no event will Sun Microsystems, Inc. be liable for any lost revenue |
---|
22 | % * or profits or other special, indirect and consequential damages, even if |
---|
23 | % * Sun has been advised of the possibility of such damages. |
---|
24 | % * |
---|
25 | % * Sun Microsystems, Inc. |
---|
26 | % * 2550 Garcia Avenue |
---|
27 | % * Mountain View, California 94043 |
---|
28 | % */ |
---|
29 | /* |
---|
30 | * Key server protocol definition |
---|
31 | * Copyright (C) 1990, 1991 Sun Microsystems, Inc. |
---|
32 | * |
---|
33 | * The keyserver is a public key storage/encryption/decryption service |
---|
34 | * The encryption method used is based on the Diffie-Hellman exponential |
---|
35 | * key exchange technology. |
---|
36 | * |
---|
37 | * The key server is local to each machine, akin to the portmapper. |
---|
38 | * Under TI-RPC, communication with the keyserver is through the |
---|
39 | * loopback transport. |
---|
40 | * |
---|
41 | * NOTE: This .x file generates the USER level headers for the keyserver. |
---|
42 | * the KERNEL level headers are created by hand as they kernel has special |
---|
43 | * requirements. |
---|
44 | */ |
---|
45 | |
---|
46 | %/* From: #pragma ident "@(#)key_prot.x 1.7 94/04/29 SMI" */ |
---|
47 | % |
---|
48 | %/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ |
---|
49 | % |
---|
50 | %/* |
---|
51 | % * Compiled from key_prot.x using rpcgen. |
---|
52 | % * DO NOT EDIT THIS FILE! |
---|
53 | % * This is NOT source code! |
---|
54 | % */ |
---|
55 | |
---|
56 | /* |
---|
57 | * PROOT and MODULUS define the way the Diffie-Hellman key is generated. |
---|
58 | * |
---|
59 | * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, |
---|
60 | * where p is also prime. |
---|
61 | * |
---|
62 | * PROOT satisfies the following two conditions: |
---|
63 | * (1) (PROOT ** 2) % MODULUS != 1 |
---|
64 | * (2) (PROOT ** p) % MODULUS != 1 |
---|
65 | * |
---|
66 | */ |
---|
67 | |
---|
68 | const PROOT = 3; |
---|
69 | const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; |
---|
70 | |
---|
71 | const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ |
---|
72 | const KEYSIZE = 192; /* KEYSIZE == bit length of key */ |
---|
73 | const KEYBYTES = 24; /* byte length of key */ |
---|
74 | |
---|
75 | /* |
---|
76 | * The first 16 hex digits of the encrypted secret key are used as |
---|
77 | * a checksum in the database. |
---|
78 | */ |
---|
79 | const KEYCHECKSUMSIZE = 16; |
---|
80 | |
---|
81 | /* |
---|
82 | * status of operation |
---|
83 | */ |
---|
84 | enum keystatus { |
---|
85 | KEY_SUCCESS, /* no problems */ |
---|
86 | KEY_NOSECRET, /* no secret key stored */ |
---|
87 | KEY_UNKNOWN, /* unknown netname */ |
---|
88 | KEY_SYSTEMERR /* system error (out of memory, encryption failure) */ |
---|
89 | }; |
---|
90 | |
---|
91 | typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ |
---|
92 | |
---|
93 | typedef string netnamestr<MAXNETNAMELEN>; |
---|
94 | |
---|
95 | /* |
---|
96 | * Argument to ENCRYPT or DECRYPT |
---|
97 | */ |
---|
98 | struct cryptkeyarg { |
---|
99 | netnamestr remotename; |
---|
100 | des_block deskey; |
---|
101 | }; |
---|
102 | |
---|
103 | /* |
---|
104 | * Argument to ENCRYPT_PK or DECRYPT_PK |
---|
105 | */ |
---|
106 | struct cryptkeyarg2 { |
---|
107 | netnamestr remotename; |
---|
108 | netobj remotekey; /* Contains a length up to 1024 bytes */ |
---|
109 | des_block deskey; |
---|
110 | }; |
---|
111 | |
---|
112 | |
---|
113 | /* |
---|
114 | * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK |
---|
115 | */ |
---|
116 | union cryptkeyres switch (keystatus status) { |
---|
117 | case KEY_SUCCESS: |
---|
118 | des_block deskey; |
---|
119 | default: |
---|
120 | void; |
---|
121 | }; |
---|
122 | |
---|
123 | const MAXGIDS = 16; /* max number of gids in gid list */ |
---|
124 | |
---|
125 | /* |
---|
126 | * Unix credential |
---|
127 | */ |
---|
128 | struct unixcred { |
---|
129 | u_int uid; |
---|
130 | u_int gid; |
---|
131 | u_int gids<MAXGIDS>; |
---|
132 | }; |
---|
133 | |
---|
134 | /* |
---|
135 | * Result returned from GETCRED |
---|
136 | */ |
---|
137 | union getcredres switch (keystatus status) { |
---|
138 | case KEY_SUCCESS: |
---|
139 | unixcred cred; |
---|
140 | default: |
---|
141 | void; |
---|
142 | }; |
---|
143 | /* |
---|
144 | * key_netstarg; |
---|
145 | */ |
---|
146 | |
---|
147 | struct key_netstarg { |
---|
148 | keybuf st_priv_key; |
---|
149 | keybuf st_pub_key; |
---|
150 | netnamestr st_netname; |
---|
151 | }; |
---|
152 | |
---|
153 | union key_netstres switch (keystatus status){ |
---|
154 | case KEY_SUCCESS: |
---|
155 | key_netstarg knet; |
---|
156 | default: |
---|
157 | void; |
---|
158 | }; |
---|
159 | |
---|
160 | #ifdef RPC_HDR |
---|
161 | % |
---|
162 | %#ifndef opaque |
---|
163 | %#define opaque char |
---|
164 | %#endif |
---|
165 | % |
---|
166 | #endif |
---|
167 | program KEY_PROG { |
---|
168 | version KEY_VERS { |
---|
169 | |
---|
170 | /* |
---|
171 | * This is my secret key. |
---|
172 | * Store it for me. |
---|
173 | */ |
---|
174 | keystatus |
---|
175 | KEY_SET(keybuf) = 1; |
---|
176 | |
---|
177 | /* |
---|
178 | * I want to talk to X. |
---|
179 | * Encrypt a conversation key for me. |
---|
180 | */ |
---|
181 | cryptkeyres |
---|
182 | KEY_ENCRYPT(cryptkeyarg) = 2; |
---|
183 | |
---|
184 | /* |
---|
185 | * X just sent me a message. |
---|
186 | * Decrypt the conversation key for me. |
---|
187 | */ |
---|
188 | cryptkeyres |
---|
189 | KEY_DECRYPT(cryptkeyarg) = 3; |
---|
190 | |
---|
191 | /* |
---|
192 | * Generate a secure conversation key for me |
---|
193 | */ |
---|
194 | des_block |
---|
195 | KEY_GEN(void) = 4; |
---|
196 | |
---|
197 | /* |
---|
198 | * Get me the uid, gid and group-access-list associated |
---|
199 | * with this netname (for kernel which cannot use NIS) |
---|
200 | */ |
---|
201 | getcredres |
---|
202 | KEY_GETCRED(netnamestr) = 5; |
---|
203 | } = 1; |
---|
204 | version KEY_VERS2 { |
---|
205 | |
---|
206 | /* |
---|
207 | * ####### |
---|
208 | * Procedures 1-5 are identical to version 1 |
---|
209 | * ####### |
---|
210 | */ |
---|
211 | |
---|
212 | /* |
---|
213 | * This is my secret key. |
---|
214 | * Store it for me. |
---|
215 | */ |
---|
216 | keystatus |
---|
217 | KEY_SET(keybuf) = 1; |
---|
218 | |
---|
219 | /* |
---|
220 | * I want to talk to X. |
---|
221 | * Encrypt a conversation key for me. |
---|
222 | */ |
---|
223 | cryptkeyres |
---|
224 | KEY_ENCRYPT(cryptkeyarg) = 2; |
---|
225 | |
---|
226 | /* |
---|
227 | * X just sent me a message. |
---|
228 | * Decrypt the conversation key for me. |
---|
229 | */ |
---|
230 | cryptkeyres |
---|
231 | KEY_DECRYPT(cryptkeyarg) = 3; |
---|
232 | |
---|
233 | /* |
---|
234 | * Generate a secure conversation key for me |
---|
235 | */ |
---|
236 | des_block |
---|
237 | KEY_GEN(void) = 4; |
---|
238 | |
---|
239 | /* |
---|
240 | * Get me the uid, gid and group-access-list associated |
---|
241 | * with this netname (for kernel which cannot use NIS) |
---|
242 | */ |
---|
243 | getcredres |
---|
244 | KEY_GETCRED(netnamestr) = 5; |
---|
245 | |
---|
246 | /* |
---|
247 | * I want to talk to X. and I know X's public key |
---|
248 | * Encrypt a conversation key for me. |
---|
249 | */ |
---|
250 | cryptkeyres |
---|
251 | KEY_ENCRYPT_PK(cryptkeyarg2) = 6; |
---|
252 | |
---|
253 | /* |
---|
254 | * X just sent me a message. and I know X's public key |
---|
255 | * Decrypt the conversation key for me. |
---|
256 | */ |
---|
257 | cryptkeyres |
---|
258 | KEY_DECRYPT_PK(cryptkeyarg2) = 7; |
---|
259 | |
---|
260 | /* |
---|
261 | * Store my public key, netname and private key. |
---|
262 | */ |
---|
263 | keystatus |
---|
264 | KEY_NET_PUT(key_netstarg) = 8; |
---|
265 | |
---|
266 | /* |
---|
267 | * Retrieve my public key, netname and private key. |
---|
268 | */ |
---|
269 | key_netstres |
---|
270 | KEY_NET_GET(void) = 9; |
---|
271 | |
---|
272 | /* |
---|
273 | * Return me the conversation key that is constructed |
---|
274 | * from my secret key and this publickey. |
---|
275 | */ |
---|
276 | |
---|
277 | cryptkeyres |
---|
278 | KEY_GET_CONV(keybuf) = 10; |
---|
279 | |
---|
280 | |
---|
281 | } = 2; |
---|
282 | } = 100029; |
---|
283 | |
---|
284 | |
---|