Commit | Line | Data |
---|---|---|
8fd80d14 | 1 | /*- |
8aa89157 KB |
2 | * Copyright (c) 1991, 1993 |
3 | * The Regents of the University of California. All rights reserved. | |
8fd80d14 | 4 | * |
ad787160 C |
5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | |
8 | * 1. Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | |
13 | * 3. All advertising materials mentioning features or use of this software | |
14 | * must display the following acknowledgement: | |
15 | * This product includes software developed by the University of | |
16 | * California, Berkeley and its contributors. | |
17 | * 4. Neither the name of the University nor the names of its contributors | |
18 | * may be used to endorse or promote products derived from this software | |
19 | * without specific prior written permission. | |
20 | * | |
21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
31 | * SUCH DAMAGE. | |
8fd80d14 DB |
32 | */ |
33 | ||
34 | #ifndef lint | |
ad787160 | 35 | static char sccsid[] = "@(#)encrypt.c 8.1 (Berkeley) 6/4/93"; |
8fd80d14 DB |
36 | #endif /* not lint */ |
37 | ||
38 | /* | |
39 | * Copyright (C) 1990 by the Massachusetts Institute of Technology | |
40 | * | |
41 | * Export of this software from the United States of America is assumed | |
42 | * to require a specific license from the United States Government. | |
43 | * It is the responsibility of any person or organization contemplating | |
44 | * export to obtain such a license before exporting. | |
45 | * | |
46 | * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and | |
47 | * distribute this software and its documentation for any purpose and | |
48 | * without fee is hereby granted, provided that the above copyright | |
49 | * notice appear in all copies and that both that copyright notice and | |
50 | * this permission notice appear in supporting documentation, and that | |
51 | * the name of M.I.T. not be used in advertising or publicity pertaining | |
52 | * to distribution of the software without specific, written prior | |
53 | * permission. M.I.T. makes no representations about the suitability of | |
54 | * this software for any purpose. It is provided "as is" without express | |
55 | * or implied warranty. | |
56 | */ | |
57 | ||
e0badf3e | 58 | #ifdef ENCRYPTION |
8fd80d14 DB |
59 | |
60 | #define ENCRYPT_NAMES | |
61 | #include <arpa/telnet.h> | |
62 | ||
63 | #include "encrypt.h" | |
64 | #include "misc.h" | |
65 | ||
66 | #ifdef __STDC__ | |
67 | #include <stdlib.h> | |
68 | #endif | |
69 | #ifdef NO_STRING_H | |
70 | #include <strings.h> | |
71 | #else | |
72 | #include <string.h> | |
73 | #endif | |
74 | ||
75 | /* | |
76 | * These functions pointers point to the current routines | |
77 | * for encrypting and decrypting data. | |
78 | */ | |
79 | void (*encrypt_output) P((unsigned char *, int)); | |
80 | int (*decrypt_input) P((int)); | |
81 | ||
82 | int encrypt_debug_mode = 0; | |
83 | static int decrypt_mode = 0; | |
84 | static int encrypt_mode = 0; | |
85 | static int encrypt_verbose = 0; | |
86 | static int autoencrypt = 0; | |
87 | static int autodecrypt = 0; | |
88 | static int havesessionkey = 0; | |
8fd80d14 DB |
89 | static int Server = 0; |
90 | static char *Name = "Noname"; | |
91 | ||
92 | #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) | |
93 | ||
b7c8f459 DB |
94 | static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) |
95 | | typemask(ENCTYPE_DES_OFB64); | |
96 | static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64) | |
97 | | typemask(ENCTYPE_DES_OFB64); | |
98 | static long i_wont_support_encrypt = 0; | |
99 | static long i_wont_support_decrypt = 0; | |
100 | #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) | |
101 | #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) | |
102 | ||
8fd80d14 DB |
103 | static long remote_supports_encrypt = 0; |
104 | static long remote_supports_decrypt = 0; | |
105 | ||
106 | static Encryptions encryptions[] = { | |
e0badf3e | 107 | #ifdef DES_ENCRYPTION |
b7c8f459 DB |
108 | { "DES_CFB64", ENCTYPE_DES_CFB64, |
109 | cfb64_encrypt, | |
110 | cfb64_decrypt, | |
111 | cfb64_init, | |
112 | cfb64_start, | |
113 | cfb64_is, | |
114 | cfb64_reply, | |
115 | cfb64_session, | |
116 | cfb64_keyid, | |
117 | cfb64_printsub }, | |
118 | { "DES_OFB64", ENCTYPE_DES_OFB64, | |
119 | ofb64_encrypt, | |
120 | ofb64_decrypt, | |
121 | ofb64_init, | |
122 | ofb64_start, | |
123 | ofb64_is, | |
124 | ofb64_reply, | |
125 | ofb64_session, | |
126 | ofb64_keyid, | |
127 | ofb64_printsub }, | |
e0badf3e | 128 | #endif /* DES_ENCRYPTION */ |
8fd80d14 DB |
129 | { 0, }, |
130 | }; | |
131 | ||
132 | static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, | |
b7c8f459 | 133 | ENCRYPT_SUPPORT }; |
8fd80d14 | 134 | static unsigned char str_suplen = 0; |
b7c8f459 | 135 | static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; |
8fd80d14 DB |
136 | static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; |
137 | ||
138 | Encryptions * | |
139 | findencryption(type) | |
140 | int type; | |
141 | { | |
142 | Encryptions *ep = encryptions; | |
143 | ||
b7c8f459 | 144 | if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) |
8fd80d14 DB |
145 | return(0); |
146 | while (ep->type && ep->type != type) | |
147 | ++ep; | |
148 | return(ep->type ? ep : 0); | |
149 | } | |
150 | ||
151 | Encryptions * | |
152 | finddecryption(type) | |
153 | int type; | |
154 | { | |
155 | Encryptions *ep = encryptions; | |
156 | ||
b7c8f459 | 157 | if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) |
8fd80d14 DB |
158 | return(0); |
159 | while (ep->type && ep->type != type) | |
160 | ++ep; | |
161 | return(ep->type ? ep : 0); | |
162 | } | |
163 | ||
b7c8f459 DB |
164 | #define MAXKEYLEN 64 |
165 | ||
166 | static struct key_info { | |
167 | unsigned char keyid[MAXKEYLEN]; | |
168 | int keylen; | |
169 | int dir; | |
170 | int *modep; | |
171 | Encryptions *(*getcrypt)(); | |
172 | } ki[2] = { | |
173 | { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, | |
174 | { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, | |
175 | }; | |
176 | ||
8fd80d14 DB |
177 | void |
178 | encrypt_init(name, server) | |
179 | char *name; | |
180 | int server; | |
181 | { | |
182 | Encryptions *ep = encryptions; | |
183 | ||
184 | Name = name; | |
185 | Server = server; | |
186 | i_support_encrypt = i_support_decrypt = 0; | |
187 | remote_supports_encrypt = remote_supports_decrypt = 0; | |
188 | encrypt_mode = 0; | |
189 | decrypt_mode = 0; | |
190 | encrypt_output = 0; | |
191 | decrypt_input = 0; | |
192 | #ifdef notdef | |
193 | encrypt_verbose = !server; | |
194 | #endif | |
195 | ||
196 | str_suplen = 4; | |
197 | ||
198 | while (ep->type) { | |
199 | if (encrypt_debug_mode) | |
200 | printf(">>>%s: I will support %s\r\n", | |
201 | Name, ENCTYPE_NAME(ep->type)); | |
202 | i_support_encrypt |= typemask(ep->type); | |
203 | i_support_decrypt |= typemask(ep->type); | |
b7c8f459 DB |
204 | if ((i_wont_support_decrypt & typemask(ep->type)) == 0) |
205 | if ((str_send[str_suplen++] = ep->type) == IAC) | |
206 | str_send[str_suplen++] = IAC; | |
8fd80d14 DB |
207 | if (ep->init) |
208 | (*ep->init)(Server); | |
209 | ++ep; | |
210 | } | |
211 | str_send[str_suplen++] = IAC; | |
212 | str_send[str_suplen++] = SE; | |
213 | } | |
214 | ||
215 | void | |
216 | encrypt_list_types() | |
217 | { | |
218 | Encryptions *ep = encryptions; | |
219 | ||
220 | printf("Valid encryption types:\n"); | |
221 | while (ep->type) { | |
b7c8f459 | 222 | printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); |
8fd80d14 DB |
223 | ++ep; |
224 | } | |
225 | } | |
226 | ||
227 | int | |
228 | EncryptEnable(type, mode) | |
229 | char *type, *mode; | |
230 | { | |
231 | if (isprefix(type, "help") || isprefix(type, "?")) { | |
232 | printf("Usage: encrypt enable <type> [input|output]\n"); | |
233 | encrypt_list_types(); | |
234 | return(0); | |
235 | } | |
236 | if (EncryptType(type, mode)) | |
237 | return(EncryptStart(mode)); | |
238 | return(0); | |
239 | } | |
240 | ||
b7c8f459 DB |
241 | int |
242 | EncryptDisable(type, mode) | |
243 | char *type, *mode; | |
244 | { | |
245 | register Encryptions *ep; | |
246 | int ret = 0; | |
247 | ||
248 | if (isprefix(type, "help") || isprefix(type, "?")) { | |
249 | printf("Usage: encrypt disable <type> [input|output]\n"); | |
250 | encrypt_list_types(); | |
251 | } else if ((ep = (Encryptions *)genget(type, encryptions, | |
252 | sizeof(Encryptions))) == 0) { | |
253 | printf("%s: invalid encryption type\n", type); | |
254 | } else if (Ambiguous(ep)) { | |
255 | printf("Ambiguous type '%s'\n", type); | |
256 | } else { | |
257 | if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { | |
258 | if (decrypt_mode == ep->type) | |
259 | EncryptStopInput(); | |
260 | i_wont_support_decrypt |= typemask(ep->type); | |
261 | ret = 1; | |
262 | } | |
263 | if ((mode == 0) || (isprefix(mode, "output"))) { | |
264 | if (encrypt_mode == ep->type) | |
265 | EncryptStopOutput(); | |
266 | i_wont_support_encrypt |= typemask(ep->type); | |
267 | ret = 1; | |
268 | } | |
269 | if (ret == 0) | |
270 | printf("%s: invalid encryption mode\n", mode); | |
271 | } | |
272 | return(ret); | |
273 | } | |
274 | ||
8fd80d14 DB |
275 | int |
276 | EncryptType(type, mode) | |
277 | char *type; | |
278 | char *mode; | |
279 | { | |
280 | register Encryptions *ep; | |
b7c8f459 | 281 | int ret = 0; |
8fd80d14 DB |
282 | |
283 | if (isprefix(type, "help") || isprefix(type, "?")) { | |
284 | printf("Usage: encrypt type <type> [input|output]\n"); | |
285 | encrypt_list_types(); | |
b7c8f459 DB |
286 | } else if ((ep = (Encryptions *)genget(type, encryptions, |
287 | sizeof(Encryptions))) == 0) { | |
8fd80d14 | 288 | printf("%s: invalid encryption type\n", type); |
b7c8f459 | 289 | } else if (Ambiguous(ep)) { |
8fd80d14 | 290 | printf("Ambiguous type '%s'\n", type); |
b7c8f459 DB |
291 | } else { |
292 | if ((mode == 0) || isprefix(mode, "input")) { | |
8fd80d14 | 293 | decrypt_mode = ep->type; |
b7c8f459 DB |
294 | i_wont_support_decrypt &= ~typemask(ep->type); |
295 | ret = 1; | |
296 | } | |
297 | if ((mode == 0) || isprefix(mode, "output")) { | |
8fd80d14 | 298 | encrypt_mode = ep->type; |
b7c8f459 DB |
299 | i_wont_support_encrypt &= ~typemask(ep->type); |
300 | ret = 1; | |
8fd80d14 | 301 | } |
b7c8f459 DB |
302 | if (ret == 0) |
303 | printf("%s: invalid encryption mode\n", mode); | |
304 | } | |
305 | return(ret); | |
8fd80d14 DB |
306 | } |
307 | ||
308 | int | |
309 | EncryptStart(mode) | |
310 | char *mode; | |
311 | { | |
312 | register int ret = 0; | |
313 | if (mode) { | |
314 | if (isprefix(mode, "input")) | |
315 | return(EncryptStartInput()); | |
316 | if (isprefix(mode, "output")) | |
317 | return(EncryptStartOutput()); | |
318 | if (isprefix(mode, "help") || isprefix(mode, "?")) { | |
319 | printf("Usage: encrypt start [input|output]\n"); | |
320 | return(0); | |
321 | } | |
322 | printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); | |
323 | return(0); | |
324 | } | |
325 | ret += EncryptStartInput(); | |
326 | ret += EncryptStartOutput(); | |
327 | return(ret); | |
328 | } | |
329 | ||
330 | int | |
331 | EncryptStartInput() | |
332 | { | |
333 | if (decrypt_mode) { | |
334 | encrypt_send_request_start(); | |
335 | return(1); | |
336 | } | |
337 | printf("No previous decryption mode, decryption not enabled\r\n"); | |
338 | return(0); | |
339 | } | |
340 | ||
341 | int | |
342 | EncryptStartOutput() | |
343 | { | |
344 | if (encrypt_mode) { | |
345 | encrypt_start_output(encrypt_mode); | |
346 | return(1); | |
347 | } | |
348 | printf("No previous encryption mode, encryption not enabled\r\n"); | |
349 | return(0); | |
350 | } | |
351 | ||
352 | int | |
353 | EncryptStop(mode) | |
354 | char *mode; | |
355 | { | |
356 | int ret = 0; | |
357 | if (mode) { | |
358 | if (isprefix(mode, "input")) | |
359 | return(EncryptStopInput()); | |
360 | if (isprefix(mode, "output")) | |
361 | return(EncryptStopOutput()); | |
362 | if (isprefix(mode, "help") || isprefix(mode, "?")) { | |
363 | printf("Usage: encrypt stop [input|output]\n"); | |
364 | return(0); | |
365 | } | |
366 | printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); | |
367 | return(0); | |
368 | } | |
369 | ret += EncryptStopInput(); | |
370 | ret += EncryptStopOutput(); | |
371 | return(ret); | |
372 | } | |
373 | ||
374 | int | |
375 | EncryptStopInput() | |
376 | { | |
377 | encrypt_send_request_end(); | |
378 | return(1); | |
379 | } | |
380 | ||
381 | int | |
382 | EncryptStopOutput() | |
383 | { | |
384 | encrypt_send_end(); | |
385 | return(1); | |
386 | } | |
387 | ||
388 | void | |
389 | encrypt_display() | |
390 | { | |
391 | if (encrypt_output) | |
392 | printf("Currently encrypting output with %s\r\n", | |
393 | ENCTYPE_NAME(encrypt_mode)); | |
394 | if (decrypt_input) | |
395 | printf("Currently decrypting input with %s\r\n", | |
396 | ENCTYPE_NAME(decrypt_mode)); | |
397 | } | |
398 | ||
399 | int | |
400 | EncryptStatus() | |
401 | { | |
402 | if (encrypt_output) | |
403 | printf("Currently encrypting output with %s\r\n", | |
404 | ENCTYPE_NAME(encrypt_mode)); | |
405 | else if (encrypt_mode) { | |
406 | printf("Currently output is clear text.\r\n"); | |
407 | printf("Last encryption mode was %s\r\n", | |
408 | ENCTYPE_NAME(encrypt_mode)); | |
409 | } | |
410 | if (decrypt_input) { | |
411 | printf("Currently decrypting input with %s\r\n", | |
412 | ENCTYPE_NAME(decrypt_mode)); | |
413 | } else if (decrypt_mode) { | |
414 | printf("Currently input is clear text.\r\n"); | |
415 | printf("Last decryption mode was %s\r\n", | |
416 | ENCTYPE_NAME(decrypt_mode)); | |
417 | } | |
418 | return 1; | |
419 | } | |
420 | ||
421 | void | |
422 | encrypt_send_support() | |
423 | { | |
424 | if (str_suplen) { | |
425 | /* | |
426 | * If the user has requested that decryption start | |
427 | * immediatly, then send a "REQUEST START" before | |
428 | * we negotiate the type. | |
429 | */ | |
430 | if (!Server && autodecrypt) | |
431 | encrypt_send_request_start(); | |
432 | net_write(str_send, str_suplen); | |
433 | printsub('>', &str_send[2], str_suplen - 2); | |
434 | str_suplen = 0; | |
435 | } | |
436 | } | |
437 | ||
438 | int | |
b7c8f459 DB |
439 | EncryptDebug(on) |
440 | int on; | |
8fd80d14 | 441 | { |
b7c8f459 DB |
442 | if (on < 0) |
443 | encrypt_debug_mode ^= 1; | |
444 | else | |
445 | encrypt_debug_mode = on; | |
8fd80d14 DB |
446 | printf("Encryption debugging %s\r\n", |
447 | encrypt_debug_mode ? "enabled" : "disabled"); | |
448 | return(1); | |
449 | } | |
450 | ||
451 | int | |
b7c8f459 DB |
452 | EncryptVerbose(on) |
453 | int on; | |
8fd80d14 | 454 | { |
b7c8f459 DB |
455 | if (on < 0) |
456 | encrypt_verbose ^= 1; | |
457 | else | |
458 | encrypt_verbose = on; | |
8fd80d14 DB |
459 | printf("Encryption %s verbose\r\n", |
460 | encrypt_verbose ? "is" : "is not"); | |
461 | return(1); | |
462 | } | |
463 | ||
464 | int | |
b7c8f459 DB |
465 | EncryptAutoEnc(on) |
466 | int on; | |
8fd80d14 | 467 | { |
b7c8f459 DB |
468 | encrypt_auto(on); |
469 | printf("Automatic encryption of output is %s\r\n", | |
8fd80d14 DB |
470 | autoencrypt ? "enabled" : "disabled"); |
471 | return(1); | |
472 | } | |
473 | ||
b7c8f459 DB |
474 | int |
475 | EncryptAutoDec(on) | |
476 | int on; | |
477 | { | |
478 | decrypt_auto(on); | |
479 | printf("Automatic decryption of input is %s\r\n", | |
480 | autodecrypt ? "enabled" : "disabled"); | |
481 | return(1); | |
482 | } | |
8fd80d14 DB |
483 | |
484 | /* | |
485 | * Called when ENCRYPT SUPPORT is received. | |
486 | */ | |
487 | void | |
488 | encrypt_support(typelist, cnt) | |
489 | unsigned char *typelist; | |
490 | int cnt; | |
491 | { | |
492 | register int type, use_type = 0; | |
493 | Encryptions *ep; | |
494 | ||
495 | /* | |
496 | * Forget anything the other side has previously told us. | |
497 | */ | |
498 | remote_supports_decrypt = 0; | |
499 | ||
500 | while (cnt-- > 0) { | |
501 | type = *typelist++; | |
502 | if (encrypt_debug_mode) | |
503 | printf(">>>%s: He is supporting %s (%d)\r\n", | |
504 | Name, | |
505 | ENCTYPE_NAME(type), type); | |
506 | if ((type < ENCTYPE_CNT) && | |
b7c8f459 | 507 | (I_SUPPORT_ENCRYPT & typemask(type))) { |
8fd80d14 DB |
508 | remote_supports_decrypt |= typemask(type); |
509 | if (use_type == 0) | |
510 | use_type = type; | |
511 | } | |
512 | } | |
513 | if (use_type) { | |
514 | ep = findencryption(use_type); | |
515 | if (!ep) | |
516 | return; | |
517 | type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; | |
518 | if (encrypt_debug_mode) | |
519 | printf(">>>%s: (*ep->start)() returned %d\r\n", | |
520 | Name, type); | |
521 | if (type < 0) | |
522 | return; | |
b7c8f459 | 523 | encrypt_mode = use_type; |
8fd80d14 DB |
524 | if (type == 0) |
525 | encrypt_start_output(use_type); | |
526 | } | |
527 | } | |
528 | ||
529 | void | |
530 | encrypt_is(data, cnt) | |
531 | unsigned char *data; | |
532 | int cnt; | |
533 | { | |
534 | Encryptions *ep; | |
535 | register int type, ret; | |
536 | ||
537 | if (--cnt < 0) | |
538 | return; | |
539 | type = *data++; | |
540 | if (type < ENCTYPE_CNT) | |
541 | remote_supports_encrypt |= typemask(type); | |
542 | if (!(ep = finddecryption(type))) { | |
543 | if (encrypt_debug_mode) | |
544 | printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", | |
545 | Name, | |
b7c8f459 DB |
546 | ENCTYPE_NAME_OK(type) |
547 | ? ENCTYPE_NAME(type) : "(unknown)", | |
548 | type); | |
8fd80d14 DB |
549 | return; |
550 | } | |
551 | if (!ep->is) { | |
552 | if (encrypt_debug_mode) | |
553 | printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", | |
554 | Name, | |
b7c8f459 DB |
555 | ENCTYPE_NAME_OK(type) |
556 | ? ENCTYPE_NAME(type) : "(unknown)", | |
557 | type); | |
8fd80d14 DB |
558 | ret = 0; |
559 | } else { | |
560 | ret = (*ep->is)(data, cnt); | |
b7c8f459 DB |
561 | if (encrypt_debug_mode) |
562 | printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt, | |
563 | (ret < 0) ? "FAIL " : | |
564 | (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); | |
8fd80d14 DB |
565 | } |
566 | if (ret < 0) { | |
567 | autodecrypt = 0; | |
568 | } else { | |
569 | decrypt_mode = type; | |
570 | if (ret == 0 && autodecrypt) | |
571 | encrypt_send_request_start(); | |
572 | } | |
573 | } | |
574 | ||
575 | void | |
576 | encrypt_reply(data, cnt) | |
577 | unsigned char *data; | |
578 | int cnt; | |
579 | { | |
580 | Encryptions *ep; | |
581 | register int ret, type; | |
582 | ||
583 | if (--cnt < 0) | |
584 | return; | |
585 | type = *data++; | |
586 | if (!(ep = findencryption(type))) { | |
587 | if (encrypt_debug_mode) | |
588 | printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", | |
589 | Name, | |
b7c8f459 DB |
590 | ENCTYPE_NAME_OK(type) |
591 | ? ENCTYPE_NAME(type) : "(unknown)", | |
592 | type); | |
8fd80d14 DB |
593 | return; |
594 | } | |
595 | if (!ep->reply) { | |
596 | if (encrypt_debug_mode) | |
597 | printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", | |
598 | Name, | |
b7c8f459 DB |
599 | ENCTYPE_NAME_OK(type) |
600 | ? ENCTYPE_NAME(type) : "(unknown)", | |
601 | type); | |
8fd80d14 DB |
602 | ret = 0; |
603 | } else { | |
604 | ret = (*ep->reply)(data, cnt); | |
b7c8f459 DB |
605 | if (encrypt_debug_mode) |
606 | printf("(*ep->reply)(%x, %d) returned %s(%d)\n", | |
607 | data, cnt, | |
608 | (ret < 0) ? "FAIL " : | |
609 | (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); | |
8fd80d14 DB |
610 | } |
611 | if (encrypt_debug_mode) | |
612 | printf(">>>%s: encrypt_reply returned %d\n", Name, ret); | |
613 | if (ret < 0) { | |
614 | autoencrypt = 0; | |
615 | } else { | |
616 | encrypt_mode = type; | |
617 | if (ret == 0 && autoencrypt) | |
618 | encrypt_start_output(type); | |
619 | } | |
620 | } | |
621 | ||
622 | /* | |
623 | * Called when a ENCRYPT START command is received. | |
624 | */ | |
625 | void | |
b7c8f459 DB |
626 | encrypt_start(data, cnt) |
627 | unsigned char *data; | |
628 | int cnt; | |
8fd80d14 DB |
629 | { |
630 | Encryptions *ep; | |
631 | ||
632 | if (!decrypt_mode) { | |
633 | /* | |
634 | * Something is wrong. We should not get a START | |
635 | * command without having already picked our | |
636 | * decryption scheme. Send a REQUEST-END to | |
637 | * attempt to clear the channel... | |
638 | */ | |
639 | printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); | |
640 | encrypt_send_request_end(); | |
641 | return; | |
642 | } | |
643 | ||
644 | if (ep = finddecryption(decrypt_mode)) { | |
645 | decrypt_input = ep->input; | |
646 | if (encrypt_verbose) | |
647 | printf("[ Input is now decrypted with type %s ]\r\n", | |
648 | ENCTYPE_NAME(decrypt_mode)); | |
649 | if (encrypt_debug_mode) | |
650 | printf(">>>%s: Start to decrypt input with type %s\r\n", | |
651 | Name, ENCTYPE_NAME(decrypt_mode)); | |
652 | } else { | |
653 | printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", | |
b7c8f459 DB |
654 | Name, |
655 | ENCTYPE_NAME_OK(decrypt_mode) | |
656 | ? ENCTYPE_NAME(decrypt_mode) | |
657 | : "(unknown)", | |
658 | decrypt_mode); | |
8fd80d14 DB |
659 | encrypt_send_request_end(); |
660 | } | |
661 | } | |
662 | ||
663 | void | |
664 | encrypt_session_key(key, server) | |
665 | Session_Key *key; | |
666 | int server; | |
667 | { | |
668 | Encryptions *ep = encryptions; | |
669 | ||
670 | havesessionkey = 1; | |
671 | ||
672 | while (ep->type) { | |
673 | if (ep->session) | |
674 | (*ep->session)(key, server); | |
0e39a0bc DB |
675 | #ifdef notdef |
676 | if (!encrypt_output && autoencrypt && !server) | |
677 | encrypt_start_output(ep->type); | |
678 | if (!decrypt_input && autodecrypt && !server) | |
679 | encrypt_send_request_start(); | |
680 | #endif | |
8fd80d14 DB |
681 | ++ep; |
682 | } | |
683 | } | |
684 | ||
685 | /* | |
686 | * Called when ENCRYPT END is received. | |
687 | */ | |
688 | void | |
689 | encrypt_end() | |
690 | { | |
691 | decrypt_input = 0; | |
692 | if (encrypt_debug_mode) | |
693 | printf(">>>%s: Input is back to clear text\r\n", Name); | |
694 | if (encrypt_verbose) | |
695 | printf("[ Input is now clear text ]\r\n"); | |
696 | } | |
697 | ||
698 | /* | |
699 | * Called when ENCRYPT REQUEST-END is received. | |
700 | */ | |
701 | void | |
702 | encrypt_request_end() | |
703 | { | |
704 | encrypt_send_end(); | |
705 | } | |
706 | ||
707 | /* | |
708 | * Called when ENCRYPT REQUEST-START is received. If we receive | |
709 | * this before a type is picked, then that indicates that the | |
710 | * other side wants us to start encrypting data as soon as we | |
711 | * can. | |
712 | */ | |
713 | void | |
b7c8f459 DB |
714 | encrypt_request_start(data, cnt) |
715 | unsigned char *data; | |
716 | int cnt; | |
8fd80d14 | 717 | { |
b7c8f459 DB |
718 | if (encrypt_mode == 0) { |
719 | if (Server) | |
720 | autoencrypt = 1; | |
8fd80d14 DB |
721 | return; |
722 | } | |
723 | encrypt_start_output(encrypt_mode); | |
724 | } | |
725 | ||
b7c8f459 DB |
726 | static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; |
727 | ||
728 | encrypt_enc_keyid(keyid, len) | |
729 | unsigned char *keyid; | |
730 | int len; | |
731 | { | |
732 | encrypt_keyid(&ki[1], keyid, len); | |
733 | } | |
734 | ||
735 | encrypt_dec_keyid(keyid, len) | |
736 | unsigned char *keyid; | |
737 | int len; | |
738 | { | |
739 | encrypt_keyid(&ki[0], keyid, len); | |
740 | } | |
741 | ||
742 | encrypt_keyid(kp, keyid, len) | |
743 | struct key_info *kp; | |
744 | unsigned char *keyid; | |
745 | int len; | |
746 | { | |
747 | Encryptions *ep; | |
748 | unsigned char *strp, *cp; | |
749 | int dir = kp->dir; | |
750 | register int ret = 0; | |
751 | ||
752 | if (!(ep = (*kp->getcrypt)(*kp->modep))) { | |
753 | if (len == 0) | |
754 | return; | |
755 | kp->keylen = 0; | |
756 | } else if (len == 0) { | |
757 | /* | |
758 | * Empty option, indicates a failure. | |
759 | */ | |
760 | if (kp->keylen == 0) | |
761 | return; | |
762 | kp->keylen = 0; | |
763 | if (ep->keyid) | |
764 | (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); | |
765 | ||
766 | } else if ((len != kp->keylen) || (bcmp(keyid, kp->keyid, len) != 0)) { | |
767 | /* | |
768 | * Length or contents are different | |
769 | */ | |
770 | kp->keylen = len; | |
771 | bcopy(keyid, kp->keyid, len); | |
772 | if (ep->keyid) | |
773 | (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); | |
774 | } else { | |
775 | if (ep->keyid) | |
776 | ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); | |
777 | if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) | |
778 | encrypt_start_output(*kp->modep); | |
779 | return; | |
780 | } | |
781 | ||
782 | encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); | |
783 | } | |
784 | ||
8fd80d14 | 785 | void |
b7c8f459 DB |
786 | encrypt_send_keyid(dir, keyid, keylen, saveit) |
787 | int dir; | |
788 | unsigned char *keyid; | |
789 | int keylen; | |
790 | int saveit; | |
791 | { | |
792 | unsigned char *strp; | |
793 | ||
794 | str_keyid[3] = (dir == DIR_ENCRYPT) | |
795 | ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; | |
796 | if (saveit) { | |
797 | struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; | |
798 | bcopy(keyid, kp->keyid, keylen); | |
799 | kp->keylen = keylen; | |
800 | } | |
801 | ||
802 | for (strp = &str_keyid[4]; keylen > 0; --keylen) { | |
803 | if ((*strp++ = *keyid++) == IAC) | |
804 | *strp++ = IAC; | |
805 | } | |
806 | *strp++ = IAC; | |
807 | *strp++ = SE; | |
808 | net_write(str_keyid, strp - str_keyid); | |
809 | printsub('>', &str_keyid[2], strp - str_keyid - 2); | |
810 | } | |
811 | ||
812 | void | |
813 | encrypt_auto(on) | |
814 | int on; | |
815 | { | |
816 | if (on < 0) | |
817 | autoencrypt ^= 1; | |
818 | else | |
819 | autoencrypt = on ? 1 : 0; | |
820 | } | |
821 | ||
822 | void | |
823 | decrypt_auto(on) | |
824 | int on; | |
8fd80d14 | 825 | { |
b7c8f459 DB |
826 | if (on < 0) |
827 | autodecrypt ^= 1; | |
828 | else | |
829 | autodecrypt = on ? 1 : 0; | |
8fd80d14 DB |
830 | } |
831 | ||
832 | void | |
833 | encrypt_start_output(type) | |
834 | int type; | |
835 | { | |
836 | Encryptions *ep; | |
b7c8f459 DB |
837 | register unsigned char *p; |
838 | register int i; | |
8fd80d14 DB |
839 | |
840 | if (!(ep = findencryption(type))) { | |
841 | if (encrypt_debug_mode) { | |
b7c8f459 | 842 | printf(">>>%s: Can't encrypt with type %s (%d)\r\n", |
8fd80d14 | 843 | Name, |
b7c8f459 DB |
844 | ENCTYPE_NAME_OK(type) |
845 | ? ENCTYPE_NAME(type) : "(unknown)", | |
846 | type); | |
8fd80d14 | 847 | } |
8fd80d14 DB |
848 | return; |
849 | } | |
850 | if (ep->start) { | |
b7c8f459 DB |
851 | i = (*ep->start)(DIR_ENCRYPT, Server); |
852 | if (encrypt_debug_mode) { | |
853 | printf(">>>%s: Encrypt start: %s (%d) %s\r\n", | |
854 | Name, | |
855 | (i < 0) ? "failed" : | |
856 | "initial negotiation in progress", | |
857 | i, ENCTYPE_NAME(type)); | |
8fd80d14 | 858 | } |
b7c8f459 DB |
859 | if (i) |
860 | return; | |
861 | } | |
862 | p = str_start + 3; | |
863 | *p++ = ENCRYPT_START; | |
864 | for (i = 0; i < ki[0].keylen; ++i) { | |
865 | if ((*p++ = ki[0].keyid[i]) == IAC) | |
866 | *p++ = IAC; | |
8fd80d14 | 867 | } |
b7c8f459 DB |
868 | *p++ = IAC; |
869 | *p++ = SE; | |
870 | net_write(str_start, p - str_start); | |
8fd80d14 | 871 | net_encrypt(); |
b7c8f459 | 872 | printsub('>', &str_start[2], p - &str_start[2]); |
8fd80d14 DB |
873 | /* |
874 | * If we are already encrypting in some mode, then | |
875 | * encrypt the ring (which includes our request) in | |
876 | * the old mode, mark it all as "clear text" and then | |
877 | * switch to the new mode. | |
878 | */ | |
879 | encrypt_output = ep->output; | |
880 | encrypt_mode = type; | |
881 | if (encrypt_debug_mode) | |
882 | printf(">>>%s: Started to encrypt output with type %s\r\n", | |
883 | Name, ENCTYPE_NAME(type)); | |
884 | if (encrypt_verbose) | |
885 | printf("[ Output is now encrypted with type %s ]\r\n", | |
886 | ENCTYPE_NAME(type)); | |
887 | } | |
888 | ||
889 | void | |
890 | encrypt_send_end() | |
891 | { | |
892 | if (!encrypt_output) | |
893 | return; | |
894 | ||
895 | str_end[3] = ENCRYPT_END; | |
896 | net_write(str_end, sizeof(str_end)); | |
897 | net_encrypt(); | |
898 | printsub('>', &str_end[2], sizeof(str_end) - 2); | |
899 | /* | |
900 | * Encrypt the output buffer now because it will not be done by | |
901 | * netflush... | |
902 | */ | |
903 | encrypt_output = 0; | |
904 | if (encrypt_debug_mode) | |
905 | printf(">>>%s: Output is back to clear text\r\n", Name); | |
906 | if (encrypt_verbose) | |
907 | printf("[ Output is now clear text ]\r\n"); | |
908 | } | |
909 | ||
910 | void | |
911 | encrypt_send_request_start() | |
912 | { | |
b7c8f459 DB |
913 | register unsigned char *p; |
914 | register int i; | |
8fd80d14 | 915 | |
b7c8f459 DB |
916 | p = &str_start[3]; |
917 | *p++ = ENCRYPT_REQSTART; | |
918 | for (i = 0; i < ki[1].keylen; ++i) { | |
919 | if ((*p++ = ki[1].keyid[i]) == IAC) | |
920 | *p++ = IAC; | |
8fd80d14 | 921 | } |
b7c8f459 DB |
922 | *p++ = IAC; |
923 | *p++ = SE; | |
924 | net_write(str_start, p - str_start); | |
925 | printsub('>', &str_start[2], p - &str_start[2]); | |
8fd80d14 DB |
926 | if (encrypt_debug_mode) |
927 | printf(">>>%s: Request input to be encrypted\r\n", Name); | |
928 | } | |
929 | ||
930 | void | |
931 | encrypt_send_request_end() | |
932 | { | |
933 | str_end[3] = ENCRYPT_REQEND; | |
934 | net_write(str_end, sizeof(str_end)); | |
935 | printsub('>', &str_end[2], sizeof(str_end) - 2); | |
936 | ||
937 | if (encrypt_debug_mode) | |
938 | printf(">>>%s: Request input to be clear text\r\n", Name); | |
939 | } | |
940 | ||
941 | void | |
942 | encrypt_wait() | |
943 | { | |
944 | register int encrypt, decrypt; | |
945 | if (encrypt_debug_mode) | |
946 | printf(">>>%s: in encrypt_wait\r\n", Name); | |
b7c8f459 | 947 | if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) |
8fd80d14 DB |
948 | return; |
949 | while (autoencrypt && !encrypt_output) | |
950 | if (telnet_spin()) | |
951 | return; | |
952 | } | |
953 | ||
954 | void | |
955 | encrypt_debug(mode) | |
956 | int mode; | |
957 | { | |
958 | encrypt_debug_mode = mode; | |
959 | } | |
960 | ||
961 | void | |
962 | encrypt_gen_printsub(data, cnt, buf, buflen) | |
963 | unsigned char *data, *buf; | |
964 | int cnt, buflen; | |
965 | { | |
966 | char tbuf[16], *cp; | |
967 | ||
968 | cnt -= 2; | |
969 | data += 2; | |
970 | buf[buflen-1] = '\0'; | |
971 | buf[buflen-2] = '*'; | |
972 | buflen -= 2;; | |
973 | for (; cnt > 0; cnt--, data++) { | |
974 | sprintf(tbuf, " %d", *data); | |
975 | for (cp = tbuf; *cp && buflen > 0; --buflen) | |
976 | *buf++ = *cp++; | |
977 | if (buflen <= 0) | |
978 | return; | |
979 | } | |
980 | *buf = '\0'; | |
981 | } | |
982 | ||
983 | void | |
984 | encrypt_printsub(data, cnt, buf, buflen) | |
985 | unsigned char *data, *buf; | |
986 | int cnt, buflen; | |
987 | { | |
988 | Encryptions *ep; | |
989 | register int type = data[1]; | |
990 | ||
991 | for (ep = encryptions; ep->type && ep->type != type; ep++) | |
992 | ; | |
993 | ||
994 | if (ep->printsub) | |
995 | (*ep->printsub)(data, cnt, buf, buflen); | |
996 | else | |
997 | encrypt_gen_printsub(data, cnt, buf, buflen); | |
998 | } | |
e0badf3e | 999 | #endif /* ENCRYPTION */ |