1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
%/* @(#)key_prot.x 2.1 88/08/07 4.0 RPCSRC; from 1.7 88/02/08 SMI */
%
%/*
% * Copyright (c) 1988 by Sun Microsystems, Inc.
% */
%
%/*
% * Compiled from key_prot.x using rpcgen.
% * DO NOT EDIT THIS FILE!
% * This is NOT source code!
% */
/*
* Key server protocol definition
* Copyright (C) 1987 Sun Microsystems, Inc.
*
* The keyserver is a public key storage/encryption/decryption service
* The encryption method used is Diffie-Hellman with 128 bit keys.
*
* The key server is local to each machine, akin to the portmapper.
* Only privileged processes may talk to the key server, so
* user processes must communicate through a privileged dispatcher (such
* as the kernel or a set-uid-root process).
*/
program KEY_PROG {
version KEY_VERS {
/*
* This is my secret key.
* Store it for me.
*/
int
KEY_SET(keybuf) = 1;
/*
* I want to talk to X.
* Encrypt a conversation key for me.
*/
cryptkeyres
KEY_ENCRYPT(cryptkeyarg) = 2;
/*
* X just sent me a message.
* Decrypt the conversation key for me.
*/
cryptkeyres
KEY_DECRYPT(cryptkeyarg) = 3;
/*
* Generate a secure conversation key for me
*/
des_block
KEY_GEN(void) = 4;
/*
* Get me the uid, gid and group-access-list associated
* with this netname (for kernel which cannot use yp)
*/
getcredres
KEY_GETCRED(netnamestr) = 5;
} = 1;
} = 100029;
/*
* PROOT and MODULUS define the way the Diffie-Hellman key is generated.
*
* MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
* where p is also prime.
*
* PROOT satisfies the following two conditions:
* (1) (PROOT ** 2) % MODULUS != 1
* (2) (PROOT ** p) % MODULUS != 1
*
*/
const PROOT = 3;
const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */
const KEYSIZE = 192; /* KEYSIZE == bit length of key */
const KEYBYTES = 24; /* byte length of key */
/*
* The first 16 hex digits of the encrypted secret key are used as
* a checksum in the database.
*/
const KEYCHECKSUMSIZE = 16;
/*
* status of operation
*/
enum keystatus {
KEY_SUCCESS, /* no problems */
KEY_NOSECRET, /* no secret key stored */
KEY_UNKNOWN, /* unknown netname */
KEY_SYSTEMERR /* system error (out of memory, encryption failure) */
};
/*
* The kernel doesn't use keybuf, so we insure that it
* is ifdef'd out in the output files. The proper way to do
* this is to #ifndef KERNEL it here, and have the kernel build
* use rpcgen, but config doesn't understand rpcgen files so
* it is done this way.
*/
#ifndef RPC_SVC
%#ifndef KERNEL
typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */
%#endif
#endif
typedef string netnamestr<MAXNETNAMELEN>;
/*
* Argument to ENCRYPT or DECRYPT
*/
struct cryptkeyarg {
netnamestr remotename;
des_block deskey;
};
/*
* Result of ENCRYPT or DECRYPT
*/
union cryptkeyres switch (keystatus status) {
case KEY_SUCCESS:
des_block deskey;
default:
void;
};
const MAXGIDS = 16; /* max number of gids in gid list */
/*
* Unix credential
*/
struct unixcred {
int uid;
int gid;
int gids<MAXGIDS>;
};
/*
* Result returned from GETCRED
*/
union getcredres switch (keystatus status) {
case KEY_SUCCESS:
unixcred cred;
default:
void;
};
|
