diff options
Diffstat (limited to 'tirpc/rpcsvc')
-rw-r--r-- | tirpc/rpcsvc/crypt.h | 109 | ||||
-rw-r--r-- | tirpc/rpcsvc/crypt.x | 87 | ||||
-rw-r--r-- | tirpc/rpcsvc/key_prot.x | 283 |
3 files changed, 479 insertions, 0 deletions
diff --git a/tirpc/rpcsvc/crypt.h b/tirpc/rpcsvc/crypt.h new file mode 100644 index 0000000..da1f9cc --- /dev/null +++ b/tirpc/rpcsvc/crypt.h @@ -0,0 +1,109 @@ +/* + * Please do not edit this file. + * It was generated using rpcgen. + */ + +#ifndef _CRYPT_H_RPCGEN +#define _CRYPT_H_RPCGEN + +#include <rpc/rpc.h> + +#ifndef IXDR_GET_INT32 +#define IXDR_GET_INT32(buf) IXDR_GET_LONG((buf)) +#endif +#ifndef IXDR_PUT_INT32 +#define IXDR_PUT_INT32(buf, v) IXDR_PUT_LONG((buf), (v)) +#endif +#ifndef IXDR_GET_U_INT32 +#define IXDR_GET_U_INT32(buf) IXDR_GET_U_LONG((buf)) +#endif +#ifndef IXDR_PUT_U_INT32 +#define IXDR_PUT_U_INT32(buf, v) IXDR_PUT_U_LONG((buf), (v)) +#endif + +enum des_dir { + ENCRYPT_DES = 0, + DECRYPT_DES = 1, +}; +typedef enum des_dir des_dir; +#ifdef __cplusplus +extern "C" bool_t xdr_des_dir(XDR *, des_dir*); +#elif __STDC__ +extern bool_t xdr_des_dir(XDR *, des_dir*); +#else /* Old Style C */ +bool_t xdr_des_dir(); +#endif /* Old Style C */ + + +enum des_mode { + CBC_DES = 0, + ECB_DES = 1, +}; +typedef enum des_mode des_mode; +#ifdef __cplusplus +extern "C" bool_t xdr_des_mode(XDR *, des_mode*); +#elif __STDC__ +extern bool_t xdr_des_mode(XDR *, des_mode*); +#else /* Old Style C */ +bool_t xdr_des_mode(); +#endif /* Old Style C */ + + +struct desargs { + u_char des_key[8]; + des_dir des_dir; + des_mode des_mode; + u_char des_ivec[8]; + struct { + u_int desbuf_len; + char *desbuf_val; + } desbuf; +}; +typedef struct desargs desargs; +#ifdef __cplusplus +extern "C" bool_t xdr_desargs(XDR *, desargs*); +#elif __STDC__ +extern bool_t xdr_desargs(XDR *, desargs*); +#else /* Old Style C */ +bool_t xdr_desargs(); +#endif /* Old Style C */ + + +struct desresp { + struct { + u_int desbuf_len; + char *desbuf_val; + } desbuf; + u_char des_ivec[8]; + int stat; +}; +typedef struct desresp desresp; +#ifdef __cplusplus +extern "C" bool_t xdr_desresp(XDR *, desresp*); +#elif __STDC__ +extern bool_t xdr_desresp(XDR *, desresp*); +#else /* Old Style C */ +bool_t xdr_desresp(); +#endif /* Old Style C */ + + +#define CRYPT_PROG ((u_int32_t)600100029) +#define CRYPT_VERS ((u_int32_t)1) + +#ifdef __cplusplus +#define DES_CRYPT ((u_int32_t)1) +extern "C" desresp * des_crypt_1(desargs *, CLIENT *); +extern "C" desresp * des_crypt_1_svc(desargs *, struct svc_req *); + +#elif __STDC__ +#define DES_CRYPT ((u_int32_t)1) +extern desresp * des_crypt_1(desargs *, CLIENT *); +extern desresp * des_crypt_1_svc(desargs *, struct svc_req *); + +#else /* Old Style C */ +#define DES_CRYPT ((u_int32_t)1) +extern desresp * des_crypt_1(); +extern desresp * des_crypt_1_svc(); +#endif /* Old Style C */ + +#endif /* !_CRYPT_H_RPCGEN */ diff --git a/tirpc/rpcsvc/crypt.x b/tirpc/rpcsvc/crypt.x new file mode 100644 index 0000000..b50cf8d --- /dev/null +++ b/tirpc/rpcsvc/crypt.x @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1996 + * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Bill Paul. + * 4. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef RPC_HDR +%#include <sys/cdefs.h> +%__FBSDID("$FreeBSD: src/include/rpcsvc/crypt.x,v 1.5 2003/05/04 02:51:42 obrien Exp $"); +#endif + +/* + * This protocol definition exists because of the U.S. government and + * its stupid export laws. We can't export DES code from the United + * States to other countries (even though the code already exists + * outside the U.S. -- go figure that one out) but we need to make + * Secure RPC work. The normal way around this is to break the DES + * code out into a shared library; we can then provide a dummy lib + * in the base OS and provide the real lib in the secure dist, which + * the user can install later. But we need Secure RPC for NIS+, and + * there are several system programs that use NIS+ which are statically + * linked. We would have to provide replacements for these programs + * in the secure dist, but there are a lot, and this is a pain. The + * shared lib trick won't work for these programs, and we can't change + * them once they're compiled. + * + * One solution for this problem is to do the DES encryption as a system + * call; no programs need to be changed and we can even supply the DES + * support as an LKM. But this bloats the kernel. Maybe if we have + * Secure NFS one day this will be worth it, but for now we should keep + * this mess in user space. + * + * So we have this second solution: we provide a server that does the + * DES encryption for us. In this case, the server is keyserv (we need + * it to make Secure RPC work anyway) and we use this protocol to ship + * the data back and forth between keyserv and the application. + */ + +enum des_dir { ENCRYPT_DES, DECRYPT_DES }; +enum des_mode { CBC_DES, ECB_DES }; + +struct desargs { + u_char des_key[8]; /* key (with low bit parity) */ + des_dir des_dir; /* direction */ + des_mode des_mode; /* mode */ + u_char des_ivec[8]; /* input vector */ + opaque desbuf<>; +}; + +struct desresp { + opaque desbuf<>; + u_char des_ivec[8]; + int stat; +}; + +program CRYPT_PROG { + version CRYPT_VERS { + desresp + DES_CRYPT(desargs) = 1; + } = 1; +} = 600100029; diff --git a/tirpc/rpcsvc/key_prot.x b/tirpc/rpcsvc/key_prot.x new file mode 100644 index 0000000..9baf943 --- /dev/null +++ b/tirpc/rpcsvc/key_prot.x @@ -0,0 +1,283 @@ +/* + * Key server protocol definition + * Copyright (c) 2010, Oracle America, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * * Neither the name of the "Oracle America, Inc." nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * The keyserver is a public key storage/encryption/decryption service + * The encryption method used is based on the Diffie-Hellman exponential + * key exchange technology. + * + * The key server is local to each machine, akin to the portmapper. + * Under TI-RPC, communication with the keyserver is through the + * loopback transport. + * + * NOTE: This .x file generates the USER level headers for the keyserver. + * the KERNEL level headers are created by hand as they kernel has special + * requirements. + */ + +%#if 0 +%#pragma ident "@(#)key_prot.x 1.7 94/04/29 SMI" +%#endif +% +%/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */ +% +%/* +% * Compiled from key_prot.x using rpcgen. +% * DO NOT EDIT THIS FILE! +% * This is NOT source code! +% */ + +/* + * PROOT and MODULUS define the way the Diffie-Hellman key is generated. + * + * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1, + * where p is also prime. + * + * PROOT satisfies the following two conditions: + * (1) (PROOT ** 2) % MODULUS != 1 + * (2) (PROOT ** p) % MODULUS != 1 + * + */ + +const PROOT = 3; +const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"; + +const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */ +const KEYSIZE = 192; /* KEYSIZE == bit length of key */ +const KEYBYTES = 24; /* byte length of key */ + +/* + * The first 16 hex digits of the encrypted secret key are used as + * a checksum in the database. + */ +const KEYCHECKSUMSIZE = 16; + +/* + * status of operation + */ +enum keystatus { + KEY_SUCCESS, /* no problems */ + KEY_NOSECRET, /* no secret key stored */ + KEY_UNKNOWN, /* unknown netname */ + KEY_SYSTEMERR /* system error (out of memory, encryption failure) */ +}; + +typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */ + +typedef string netnamestr<MAXNETNAMELEN>; + +/* + * Argument to ENCRYPT or DECRYPT + */ +struct cryptkeyarg { + netnamestr remotename; + des_block deskey; +}; + +/* + * Argument to ENCRYPT_PK or DECRYPT_PK + */ +struct cryptkeyarg2 { + netnamestr remotename; + netobj remotekey; /* Contains a length up to 1024 bytes */ + des_block deskey; +}; + + +/* + * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK + */ +union cryptkeyres switch (keystatus status) { +case KEY_SUCCESS: + des_block deskey; +default: + void; +}; + +const MAXGIDS = 16; /* max number of gids in gid list */ + +/* + * Unix credential + */ +struct unixcred { + u_int uid; + u_int gid; + u_int gids<MAXGIDS>; +}; + +/* + * Result returned from GETCRED + */ +union getcredres switch (keystatus status) { +case KEY_SUCCESS: + unixcred cred; +default: + void; +}; +/* + * key_netstarg; + */ + +struct key_netstarg { + keybuf st_priv_key; + keybuf st_pub_key; + netnamestr st_netname; +}; + +union key_netstres switch (keystatus status){ +case KEY_SUCCESS: + key_netstarg knet; +default: + void; +}; + +#ifdef RPC_HDR +% +%#ifndef opaque +%#define opaque char +%#endif +% +#endif +program KEY_PROG { + version KEY_VERS { + + /* + * This is my secret key. + * Store it for me. + */ + keystatus + KEY_SET(keybuf) = 1; + + /* + * I want to talk to X. + * Encrypt a conversation key for me. + */ + cryptkeyres + KEY_ENCRYPT(cryptkeyarg) = 2; + + /* + * X just sent me a message. + * Decrypt the conversation key for me. + */ + cryptkeyres + KEY_DECRYPT(cryptkeyarg) = 3; + + /* + * Generate a secure conversation key for me + */ + des_block + KEY_GEN(void) = 4; + + /* + * Get me the uid, gid and group-access-list associated + * with this netname (for kernel which cannot use NIS) + */ + getcredres + KEY_GETCRED(netnamestr) = 5; + } = 1; + version KEY_VERS2 { + + /* + * ####### + * Procedures 1-5 are identical to version 1 + * ####### + */ + + /* + * This is my secret key. + * Store it for me. + */ + keystatus + KEY_SET(keybuf) = 1; + + /* + * I want to talk to X. + * Encrypt a conversation key for me. + */ + cryptkeyres + KEY_ENCRYPT(cryptkeyarg) = 2; + + /* + * X just sent me a message. + * Decrypt the conversation key for me. + */ + cryptkeyres + KEY_DECRYPT(cryptkeyarg) = 3; + + /* + * Generate a secure conversation key for me + */ + des_block + KEY_GEN(void) = 4; + + /* + * Get me the uid, gid and group-access-list associated + * with this netname (for kernel which cannot use NIS) + */ + getcredres + KEY_GETCRED(netnamestr) = 5; + + /* + * I want to talk to X. and I know X's public key + * Encrypt a conversation key for me. + */ + cryptkeyres + KEY_ENCRYPT_PK(cryptkeyarg2) = 6; + + /* + * X just sent me a message. and I know X's public key + * Decrypt the conversation key for me. + */ + cryptkeyres + KEY_DECRYPT_PK(cryptkeyarg2) = 7; + + /* + * Store my public key, netname and private key. + */ + keystatus + KEY_NET_PUT(key_netstarg) = 8; + + /* + * Retrieve my public key, netname and private key. + */ + key_netstres + KEY_NET_GET(void) = 9; + + /* + * Return me the conversation key that is constructed + * from my secret key and this publickey. + */ + + cryptkeyres + KEY_GET_CONV(keybuf) = 10; + + + } = 2; +} = 100029; |