1 /* $NetBSD: encrypt.c,v 1.7 2000/06/22 06:47:43 thorpej Exp $ */ 2 3 /*- 4 * Copyright (c) 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #if 0 38 static char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95"; 39 #else 40 __RCSID("$NetBSD: encrypt.c,v 1.7 2000/06/22 06:47:43 thorpej Exp $"); 41 #endif /* not lint */ 42 43 /* 44 * Copyright (C) 1990 by the Massachusetts Institute of Technology 45 * 46 * Export of this software from the United States of America is assumed 47 * to require a specific license from the United States Government. 48 * It is the responsibility of any person or organization contemplating 49 * export to obtain such a license before exporting. 50 * 51 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 52 * distribute this software and its documentation for any purpose and 53 * without fee is hereby granted, provided that the above copyright 54 * notice appear in all copies and that both that copyright notice and 55 * this permission notice appear in supporting documentation, and that 56 * the name of M.I.T. not be used in advertising or publicity pertaining 57 * to distribution of the software without specific, written prior 58 * permission. M.I.T. makes no representations about the suitability of 59 * this software for any purpose. It is provided "as is" without express 60 * or implied warranty. 61 */ 62 63 #ifdef ENCRYPTION 64 65 #include <stdio.h> 66 #define ENCRYPT_NAMES 67 #include <arpa/telnet.h> 68 69 #include "encrypt.h" 70 #include "misc.h" 71 72 #ifdef __STDC__ 73 #include <stdlib.h> 74 #endif 75 #ifdef NO_STRING_H 76 #include <strings.h> 77 #else 78 #include <string.h> 79 #endif 80 81 #include <sys/cdefs.h> 82 #define P __P 83 84 /* 85 * These functions pointers point to the current routines 86 * for encrypting and decrypting data. 87 */ 88 void (*encrypt_output) P((unsigned char *, int)); 89 int (*decrypt_input) P((int)); 90 91 int encrypt_debug_mode = 0; 92 static int decrypt_mode = 0; 93 static int encrypt_mode = 0; 94 static int encrypt_verbose = 0; 95 static int autoencrypt = 0; 96 static int autodecrypt = 0; 97 static int havesessionkey = 0; 98 static int Server = 0; 99 static const char *Name = "Noname"; 100 101 /* XXX This should be prototyped in some header file! */ 102 extern char **genget __P((char *, char **, int)); 103 104 #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) 105 106 static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) 107 | typemask(ENCTYPE_DES_OFB64); 108 static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64) 109 | typemask(ENCTYPE_DES_OFB64); 110 static long i_wont_support_encrypt = 0; 111 static long i_wont_support_decrypt = 0; 112 #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) 113 #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) 114 115 static long remote_supports_encrypt = 0; 116 static long remote_supports_decrypt = 0; 117 118 static Encryptions encryptions[] = { 119 #ifdef DES_ENCRYPTION 120 { "DES_CFB64", ENCTYPE_DES_CFB64, 121 cfb64_encrypt, 122 cfb64_decrypt, 123 cfb64_init, 124 cfb64_start, 125 cfb64_is, 126 cfb64_reply, 127 cfb64_session, 128 cfb64_keyid, 129 cfb64_printsub }, 130 { "DES_OFB64", ENCTYPE_DES_OFB64, 131 ofb64_encrypt, 132 ofb64_decrypt, 133 ofb64_init, 134 ofb64_start, 135 ofb64_is, 136 ofb64_reply, 137 ofb64_session, 138 ofb64_keyid, 139 ofb64_printsub }, 140 #endif /* DES_ENCRYPTION */ 141 { 0, }, 142 }; 143 144 static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, 145 ENCRYPT_SUPPORT }; 146 static unsigned char str_suplen = 0; 147 static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; 148 static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; 149 150 Encryptions * 151 findencryption(type) 152 int type; 153 { 154 Encryptions *ep = encryptions; 155 156 if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) 157 return(0); 158 while (ep->type && ep->type != type) 159 ++ep; 160 return(ep->type ? ep : 0); 161 } 162 163 Encryptions * 164 finddecryption(type) 165 int type; 166 { 167 Encryptions *ep = encryptions; 168 169 if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) 170 return(0); 171 while (ep->type && ep->type != type) 172 ++ep; 173 return(ep->type ? ep : 0); 174 } 175 176 #define MAXKEYLEN 64 177 178 static struct key_info { 179 unsigned char keyid[MAXKEYLEN]; 180 int keylen; 181 int dir; 182 int *modep; 183 Encryptions *(*getcrypt) P((int)); 184 } ki[2] = { 185 { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, 186 { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, 187 }; 188 189 void 190 encrypt_init(name, server) 191 const char *name; 192 int server; 193 { 194 Encryptions *ep = encryptions; 195 196 Name = name; 197 Server = server; 198 i_support_encrypt = i_support_decrypt = 0; 199 remote_supports_encrypt = remote_supports_decrypt = 0; 200 encrypt_mode = 0; 201 decrypt_mode = 0; 202 encrypt_output = 0; 203 decrypt_input = 0; 204 #ifdef notdef 205 encrypt_verbose = !server; 206 #endif 207 208 str_suplen = 4; 209 210 while (ep->type) { 211 if (encrypt_debug_mode) 212 printf(">>>%s: I will support %s\r\n", 213 Name, ENCTYPE_NAME(ep->type)); 214 i_support_encrypt |= typemask(ep->type); 215 i_support_decrypt |= typemask(ep->type); 216 if ((i_wont_support_decrypt & typemask(ep->type)) == 0) 217 if ((str_send[str_suplen++] = ep->type) == IAC) 218 str_send[str_suplen++] = IAC; 219 if (ep->init) 220 (*ep->init)(Server); 221 ++ep; 222 } 223 str_send[str_suplen++] = IAC; 224 str_send[str_suplen++] = SE; 225 } 226 227 void 228 encrypt_list_types() 229 { 230 Encryptions *ep = encryptions; 231 232 printf("Valid encryption types:\n"); 233 while (ep->type) { 234 printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); 235 ++ep; 236 } 237 } 238 239 int 240 EncryptEnable(type, mode) 241 char *type, *mode; 242 { 243 if (isprefix(type, "help") || isprefix(type, "?")) { 244 printf("Usage: encrypt enable <type> [input|output]\n"); 245 encrypt_list_types(); 246 return(0); 247 } 248 if (EncryptType(type, mode)) 249 return(EncryptStart(mode)); 250 return(0); 251 } 252 253 int 254 EncryptDisable(type, mode) 255 char *type, *mode; 256 { 257 register Encryptions *ep; 258 int ret = 0; 259 260 if (isprefix(type, "help") || isprefix(type, "?")) { 261 printf("Usage: encrypt disable <type> [input|output]\n"); 262 encrypt_list_types(); 263 } else if ((ep = (Encryptions *)genget(type, (char **)encryptions, 264 sizeof(Encryptions))) == 0) { 265 printf("%s: invalid encryption type\n", type); 266 } else if (Ambiguous(ep)) { 267 printf("Ambiguous type '%s'\n", type); 268 } else { 269 if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { 270 if (decrypt_mode == ep->type) 271 EncryptStopInput(); 272 i_wont_support_decrypt |= typemask(ep->type); 273 ret = 1; 274 } 275 if ((mode == 0) || (isprefix(mode, "output"))) { 276 if (encrypt_mode == ep->type) 277 EncryptStopOutput(); 278 i_wont_support_encrypt |= typemask(ep->type); 279 ret = 1; 280 } 281 if (ret == 0) 282 printf("%s: invalid encryption mode\n", mode); 283 } 284 return(ret); 285 } 286 287 int 288 EncryptType(type, mode) 289 char *type; 290 char *mode; 291 { 292 register Encryptions *ep; 293 int ret = 0; 294 295 if (isprefix(type, "help") || isprefix(type, "?")) { 296 printf("Usage: encrypt type <type> [input|output]\n"); 297 encrypt_list_types(); 298 } else if ((ep = (Encryptions *)genget(type, (char **)encryptions, 299 sizeof(Encryptions))) == 0) { 300 printf("%s: invalid encryption type\n", type); 301 } else if (Ambiguous(ep)) { 302 printf("Ambiguous type '%s'\n", type); 303 } else { 304 if ((mode == 0) || isprefix(mode, "input")) { 305 decrypt_mode = ep->type; 306 i_wont_support_decrypt &= ~typemask(ep->type); 307 ret = 1; 308 } 309 if ((mode == 0) || isprefix(mode, "output")) { 310 encrypt_mode = ep->type; 311 i_wont_support_encrypt &= ~typemask(ep->type); 312 ret = 1; 313 } 314 if (ret == 0) 315 printf("%s: invalid encryption mode\n", mode); 316 } 317 return(ret); 318 } 319 320 int 321 EncryptStart(mode) 322 char *mode; 323 { 324 register int ret = 0; 325 if (mode) { 326 if (isprefix(mode, "input")) 327 return(EncryptStartInput()); 328 if (isprefix(mode, "output")) 329 return(EncryptStartOutput()); 330 if (isprefix(mode, "help") || isprefix(mode, "?")) { 331 printf("Usage: encrypt start [input|output]\n"); 332 return(0); 333 } 334 printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); 335 return(0); 336 } 337 ret += EncryptStartInput(); 338 ret += EncryptStartOutput(); 339 return(ret); 340 } 341 342 int 343 EncryptStartInput() 344 { 345 if (decrypt_mode) { 346 encrypt_send_request_start(); 347 return(1); 348 } 349 printf("No previous decryption mode, decryption not enabled\r\n"); 350 return(0); 351 } 352 353 int 354 EncryptStartOutput() 355 { 356 if (encrypt_mode) { 357 encrypt_start_output(encrypt_mode); 358 return(1); 359 } 360 printf("No previous encryption mode, encryption not enabled\r\n"); 361 return(0); 362 } 363 364 int 365 EncryptStop(mode) 366 char *mode; 367 { 368 int ret = 0; 369 if (mode) { 370 if (isprefix(mode, "input")) 371 return(EncryptStopInput()); 372 if (isprefix(mode, "output")) 373 return(EncryptStopOutput()); 374 if (isprefix(mode, "help") || isprefix(mode, "?")) { 375 printf("Usage: encrypt stop [input|output]\n"); 376 return(0); 377 } 378 printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); 379 return(0); 380 } 381 ret += EncryptStopInput(); 382 ret += EncryptStopOutput(); 383 return(ret); 384 } 385 386 int 387 EncryptStopInput() 388 { 389 encrypt_send_request_end(); 390 return(1); 391 } 392 393 int 394 EncryptStopOutput() 395 { 396 encrypt_send_end(); 397 return(1); 398 } 399 400 void 401 encrypt_display() 402 { 403 if (encrypt_output) 404 printf("Currently encrypting output with %s\r\n", 405 ENCTYPE_NAME(encrypt_mode)); 406 if (decrypt_input) 407 printf("Currently decrypting input with %s\r\n", 408 ENCTYPE_NAME(decrypt_mode)); 409 } 410 411 int 412 EncryptStatus() 413 { 414 if (encrypt_output) 415 printf("Currently encrypting output with %s\r\n", 416 ENCTYPE_NAME(encrypt_mode)); 417 else if (encrypt_mode) { 418 printf("Currently output is clear text.\r\n"); 419 printf("Last encryption mode was %s\r\n", 420 ENCTYPE_NAME(encrypt_mode)); 421 } 422 if (decrypt_input) { 423 printf("Currently decrypting input with %s\r\n", 424 ENCTYPE_NAME(decrypt_mode)); 425 } else if (decrypt_mode) { 426 printf("Currently input is clear text.\r\n"); 427 printf("Last decryption mode was %s\r\n", 428 ENCTYPE_NAME(decrypt_mode)); 429 } 430 return 1; 431 } 432 433 void 434 encrypt_send_support() 435 { 436 if (str_suplen) { 437 /* 438 * If the user has requested that decryption start 439 * immediatly, then send a "REQUEST START" before 440 * we negotiate the type. 441 */ 442 if (!Server && autodecrypt) 443 encrypt_send_request_start(); 444 telnet_net_write(str_send, str_suplen); 445 printsub('>', &str_send[2], str_suplen - 2); 446 str_suplen = 0; 447 } 448 } 449 450 int 451 EncryptDebug(on) 452 int on; 453 { 454 if (on < 0) 455 encrypt_debug_mode ^= 1; 456 else 457 encrypt_debug_mode = on; 458 printf("Encryption debugging %s\r\n", 459 encrypt_debug_mode ? "enabled" : "disabled"); 460 return(1); 461 } 462 463 int 464 EncryptVerbose(on) 465 int on; 466 { 467 if (on < 0) 468 encrypt_verbose ^= 1; 469 else 470 encrypt_verbose = on; 471 printf("Encryption %s verbose\r\n", 472 encrypt_verbose ? "is" : "is not"); 473 return(1); 474 } 475 476 int 477 EncryptAutoEnc(on) 478 int on; 479 { 480 encrypt_auto(on); 481 printf("Automatic encryption of output is %s\r\n", 482 autoencrypt ? "enabled" : "disabled"); 483 return(1); 484 } 485 486 int 487 EncryptAutoDec(on) 488 int on; 489 { 490 decrypt_auto(on); 491 printf("Automatic decryption of input is %s\r\n", 492 autodecrypt ? "enabled" : "disabled"); 493 return(1); 494 } 495 496 /* 497 * Called when ENCRYPT SUPPORT is received. 498 */ 499 void 500 encrypt_support(typelist, cnt) 501 unsigned char *typelist; 502 int cnt; 503 { 504 register int type, use_type = 0; 505 Encryptions *ep; 506 507 /* 508 * Forget anything the other side has previously told us. 509 */ 510 remote_supports_decrypt = 0; 511 512 while (cnt-- > 0) { 513 type = *typelist++; 514 if (encrypt_debug_mode) 515 printf(">>>%s: He is supporting %s (%d)\r\n", 516 Name, 517 ENCTYPE_NAME(type), type); 518 if ((type < ENCTYPE_CNT) && 519 (I_SUPPORT_ENCRYPT & typemask(type))) { 520 remote_supports_decrypt |= typemask(type); 521 if (use_type == 0) 522 use_type = type; 523 } 524 } 525 if (use_type) { 526 ep = findencryption(use_type); 527 if (!ep) 528 return; 529 type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; 530 if (encrypt_debug_mode) 531 printf(">>>%s: (*ep->start)() returned %d\r\n", 532 Name, type); 533 if (type < 0) 534 return; 535 encrypt_mode = use_type; 536 if (type == 0) 537 encrypt_start_output(use_type); 538 } 539 } 540 541 void 542 encrypt_is(data, cnt) 543 unsigned char *data; 544 int cnt; 545 { 546 Encryptions *ep; 547 register int type, ret; 548 549 if (--cnt < 0) 550 return; 551 type = *data++; 552 if (type < ENCTYPE_CNT) 553 remote_supports_encrypt |= typemask(type); 554 if (!(ep = finddecryption(type))) { 555 if (encrypt_debug_mode) 556 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", 557 Name, 558 ENCTYPE_NAME_OK(type) 559 ? ENCTYPE_NAME(type) : "(unknown)", 560 type); 561 return; 562 } 563 if (!ep->is) { 564 if (encrypt_debug_mode) 565 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", 566 Name, 567 ENCTYPE_NAME_OK(type) 568 ? ENCTYPE_NAME(type) : "(unknown)", 569 type); 570 ret = 0; 571 } else { 572 ret = (*ep->is)(data, cnt); 573 if (encrypt_debug_mode) 574 printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt, 575 (ret < 0) ? "FAIL " : 576 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); 577 } 578 if (ret < 0) { 579 autodecrypt = 0; 580 } else { 581 decrypt_mode = type; 582 if (ret == 0 && autodecrypt) 583 encrypt_send_request_start(); 584 } 585 } 586 587 void 588 encrypt_reply(data, cnt) 589 unsigned char *data; 590 int cnt; 591 { 592 Encryptions *ep; 593 register int ret, type; 594 595 if (--cnt < 0) 596 return; 597 type = *data++; 598 if (!(ep = findencryption(type))) { 599 if (encrypt_debug_mode) 600 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", 601 Name, 602 ENCTYPE_NAME_OK(type) 603 ? ENCTYPE_NAME(type) : "(unknown)", 604 type); 605 return; 606 } 607 if (!ep->reply) { 608 if (encrypt_debug_mode) 609 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", 610 Name, 611 ENCTYPE_NAME_OK(type) 612 ? ENCTYPE_NAME(type) : "(unknown)", 613 type); 614 ret = 0; 615 } else { 616 ret = (*ep->reply)(data, cnt); 617 if (encrypt_debug_mode) 618 printf("(*ep->reply)(%p, %d) returned %s(%d)\n", 619 data, cnt, 620 (ret < 0) ? "FAIL " : 621 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); 622 } 623 if (encrypt_debug_mode) 624 printf(">>>%s: encrypt_reply returned %d\n", Name, ret); 625 if (ret < 0) { 626 autoencrypt = 0; 627 } else { 628 encrypt_mode = type; 629 if (ret == 0 && autoencrypt) 630 encrypt_start_output(type); 631 } 632 } 633 634 /* 635 * Called when a ENCRYPT START command is received. 636 */ 637 void 638 encrypt_start(data, cnt) 639 unsigned char *data; 640 int cnt; 641 { 642 Encryptions *ep; 643 644 if (!decrypt_mode) { 645 /* 646 * Something is wrong. We should not get a START 647 * command without having already picked our 648 * decryption scheme. Send a REQUEST-END to 649 * attempt to clear the channel... 650 */ 651 printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); 652 encrypt_send_request_end(); 653 return; 654 } 655 656 if ((ep = finddecryption(decrypt_mode)) != NULL) { 657 decrypt_input = ep->input; 658 if (encrypt_verbose) 659 printf("[ Input is now decrypted with type %s ]\r\n", 660 ENCTYPE_NAME(decrypt_mode)); 661 if (encrypt_debug_mode) 662 printf(">>>%s: Start to decrypt input with type %s\r\n", 663 Name, ENCTYPE_NAME(decrypt_mode)); 664 } else { 665 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", 666 Name, 667 ENCTYPE_NAME_OK(decrypt_mode) 668 ? ENCTYPE_NAME(decrypt_mode) 669 : "(unknown)", 670 decrypt_mode); 671 encrypt_send_request_end(); 672 } 673 } 674 675 void 676 encrypt_session_key(key, server) 677 Session_Key *key; 678 int server; 679 { 680 Encryptions *ep = encryptions; 681 682 havesessionkey = 1; 683 684 while (ep->type) { 685 if (ep->session) 686 (*ep->session)(key, server); 687 #ifdef notdef 688 if (!encrypt_output && autoencrypt && !server) 689 encrypt_start_output(ep->type); 690 if (!decrypt_input && autodecrypt && !server) 691 encrypt_send_request_start(); 692 #endif 693 ++ep; 694 } 695 } 696 697 /* 698 * Called when ENCRYPT END is received. 699 */ 700 void 701 encrypt_end() 702 { 703 decrypt_input = 0; 704 if (encrypt_debug_mode) 705 printf(">>>%s: Input is back to clear text\r\n", Name); 706 if (encrypt_verbose) 707 printf("[ Input is now clear text ]\r\n"); 708 } 709 710 /* 711 * Called when ENCRYPT REQUEST-END is received. 712 */ 713 void 714 encrypt_request_end() 715 { 716 encrypt_send_end(); 717 } 718 719 /* 720 * Called when ENCRYPT REQUEST-START is received. If we receive 721 * this before a type is picked, then that indicates that the 722 * other side wants us to start encrypting data as soon as we 723 * can. 724 */ 725 void 726 encrypt_request_start(data, cnt) 727 unsigned char *data; 728 int cnt; 729 { 730 if (encrypt_mode == 0) { 731 if (Server) 732 autoencrypt = 1; 733 return; 734 } 735 encrypt_start_output(encrypt_mode); 736 } 737 738 static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; 739 740 void 741 encrypt_enc_keyid(keyid, len) 742 unsigned char *keyid; 743 int len; 744 { 745 encrypt_keyid(&ki[1], keyid, len); 746 } 747 748 void 749 encrypt_dec_keyid(keyid, len) 750 unsigned char *keyid; 751 int len; 752 { 753 encrypt_keyid(&ki[0], keyid, len); 754 } 755 756 void 757 encrypt_keyid(kp, keyid, len) 758 struct key_info *kp; 759 unsigned char *keyid; 760 int len; 761 { 762 Encryptions *ep; 763 int dir = kp->dir; 764 register int ret = 0; 765 766 if (!(ep = (*kp->getcrypt)(*kp->modep))) { 767 if (len == 0) 768 return; 769 kp->keylen = 0; 770 } else if (len == 0) { 771 /* 772 * Empty option, indicates a failure. 773 */ 774 if (kp->keylen == 0) 775 return; 776 kp->keylen = 0; 777 if (ep->keyid) 778 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 779 780 } else if ((len != kp->keylen) || 781 (memcmp(keyid, kp->keyid, len) != 0)) { 782 /* 783 * Length or contents are different 784 */ 785 kp->keylen = len; 786 memmove(kp->keyid, keyid, len); 787 if (ep->keyid) 788 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 789 } else { 790 if (ep->keyid) 791 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); 792 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) 793 encrypt_start_output(*kp->modep); 794 return; 795 } 796 797 encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); 798 } 799 800 void 801 encrypt_send_keyid(dir, keyid, keylen, saveit) 802 int dir; 803 unsigned char *keyid; 804 int keylen; 805 int saveit; 806 { 807 unsigned char *strp; 808 809 str_keyid[3] = (dir == DIR_ENCRYPT) 810 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; 811 if (saveit) { 812 struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; 813 memmove(kp->keyid, keyid, keylen); 814 kp->keylen = keylen; 815 } 816 817 for (strp = &str_keyid[4]; keylen > 0; --keylen) { 818 if ((*strp++ = *keyid++) == IAC) 819 *strp++ = IAC; 820 } 821 *strp++ = IAC; 822 *strp++ = SE; 823 telnet_net_write(str_keyid, strp - str_keyid); 824 printsub('>', &str_keyid[2], strp - str_keyid - 2); 825 } 826 827 void 828 encrypt_auto(on) 829 int on; 830 { 831 if (on < 0) 832 autoencrypt ^= 1; 833 else 834 autoencrypt = on ? 1 : 0; 835 } 836 837 void 838 decrypt_auto(on) 839 int on; 840 { 841 if (on < 0) 842 autodecrypt ^= 1; 843 else 844 autodecrypt = on ? 1 : 0; 845 } 846 847 void 848 encrypt_start_output(type) 849 int type; 850 { 851 Encryptions *ep; 852 register unsigned char *p; 853 register int i; 854 855 if (!(ep = findencryption(type))) { 856 if (encrypt_debug_mode) { 857 printf(">>>%s: Can't encrypt with type %s (%d)\r\n", 858 Name, 859 ENCTYPE_NAME_OK(type) 860 ? ENCTYPE_NAME(type) : "(unknown)", 861 type); 862 } 863 return; 864 } 865 if (ep->start) { 866 i = (*ep->start)(DIR_ENCRYPT, Server); 867 if (encrypt_debug_mode) { 868 printf(">>>%s: Encrypt start: %s (%d) %s\r\n", 869 Name, 870 (i < 0) ? "failed" : 871 "initial negotiation in progress", 872 i, ENCTYPE_NAME(type)); 873 } 874 if (i) 875 return; 876 } 877 p = str_start + 3; 878 *p++ = ENCRYPT_START; 879 for (i = 0; i < ki[0].keylen; ++i) { 880 if ((*p++ = ki[0].keyid[i]) == IAC) 881 *p++ = IAC; 882 } 883 *p++ = IAC; 884 *p++ = SE; 885 telnet_net_write(str_start, p - str_start); 886 net_encrypt(); 887 printsub('>', &str_start[2], p - &str_start[2]); 888 /* 889 * If we are already encrypting in some mode, then 890 * encrypt the ring (which includes our request) in 891 * the old mode, mark it all as "clear text" and then 892 * switch to the new mode. 893 */ 894 encrypt_output = ep->output; 895 encrypt_mode = type; 896 if (encrypt_debug_mode) 897 printf(">>>%s: Started to encrypt output with type %s\r\n", 898 Name, ENCTYPE_NAME(type)); 899 if (encrypt_verbose) 900 printf("[ Output is now encrypted with type %s ]\r\n", 901 ENCTYPE_NAME(type)); 902 } 903 904 void 905 encrypt_send_end() 906 { 907 if (!encrypt_output) 908 return; 909 910 str_end[3] = ENCRYPT_END; 911 telnet_net_write(str_end, sizeof(str_end)); 912 net_encrypt(); 913 printsub('>', &str_end[2], sizeof(str_end) - 2); 914 /* 915 * Encrypt the output buffer now because it will not be done by 916 * netflush... 917 */ 918 encrypt_output = 0; 919 if (encrypt_debug_mode) 920 printf(">>>%s: Output is back to clear text\r\n", Name); 921 if (encrypt_verbose) 922 printf("[ Output is now clear text ]\r\n"); 923 } 924 925 void 926 encrypt_send_request_start() 927 { 928 register unsigned char *p; 929 register int i; 930 931 p = &str_start[3]; 932 *p++ = ENCRYPT_REQSTART; 933 for (i = 0; i < ki[1].keylen; ++i) { 934 if ((*p++ = ki[1].keyid[i]) == IAC) 935 *p++ = IAC; 936 } 937 *p++ = IAC; 938 *p++ = SE; 939 telnet_net_write(str_start, p - str_start); 940 printsub('>', &str_start[2], p - &str_start[2]); 941 if (encrypt_debug_mode) 942 printf(">>>%s: Request input to be encrypted\r\n", Name); 943 } 944 945 void 946 encrypt_send_request_end() 947 { 948 str_end[3] = ENCRYPT_REQEND; 949 telnet_net_write(str_end, sizeof(str_end)); 950 printsub('>', &str_end[2], sizeof(str_end) - 2); 951 952 if (encrypt_debug_mode) 953 printf(">>>%s: Request input to be clear text\r\n", Name); 954 } 955 956 void 957 encrypt_wait() 958 { 959 if (encrypt_debug_mode) 960 printf(">>>%s: in encrypt_wait\r\n", Name); 961 if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) 962 return; 963 while (autoencrypt && !encrypt_output) 964 if (telnet_spin()) 965 return; 966 } 967 968 void 969 encrypt_debug(mode) 970 int mode; 971 { 972 encrypt_debug_mode = mode; 973 } 974 975 void 976 encrypt_gen_printsub(data, cnt, buf, buflen) 977 unsigned char *data, *buf; 978 int cnt, buflen; 979 { 980 char tbuf[16], *cp; 981 982 cnt -= 2; 983 data += 2; 984 buf[buflen-1] = '\0'; 985 buf[buflen-2] = '*'; 986 buflen -= 2;; 987 for (; cnt > 0; cnt--, data++) { 988 sprintf(tbuf, " %d", *data); 989 for (cp = tbuf; *cp && buflen > 0; --buflen) 990 *buf++ = *cp++; 991 if (buflen <= 0) 992 return; 993 } 994 *buf = '\0'; 995 } 996 997 void 998 encrypt_printsub(data, cnt, buf, buflen) 999 unsigned char *data, *buf; 1000 int cnt, buflen; 1001 { 1002 Encryptions *ep; 1003 register int type = data[1]; 1004 1005 for (ep = encryptions; ep->type && ep->type != type; ep++) 1006 ; 1007 1008 if (ep->printsub) 1009 (*ep->printsub)(data, cnt, buf, buflen); 1010 else 1011 encrypt_gen_printsub(data, cnt, buf, buflen); 1012 } 1013 #endif /* ENCRYPTION */ 1014