projects / unix-history / blame
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
BSD 4_4 release
[unix-history] / usr / src / lib / libtelnet / libtelnet / encrypt.c
CommitLineData
8fd80d14 1/*-
8aa89157
KB		 2 * Copyright (c) 1991, 1993
3 * The Regents of the University of California. All rights reserved.
8fd80d14 4 *
ad787160
C		 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
8fd80d14
DB		 32 */
33
34#ifndef lint
ad787160 35static char sccsid[] = "@(#)encrypt.c 8.1 (Berkeley) 6/4/93";
8fd80d14
DB		 36#endif /* not lint */
37
38/*
39 * Copyright (C) 1990 by the Massachusetts Institute of Technology
40 *
41 * Export of this software from the United States of America is assumed
42 * to require a specific license from the United States Government.
43 * It is the responsibility of any person or organization contemplating
44 * export to obtain such a license before exporting.
45 *
46 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
47 * distribute this software and its documentation for any purpose and
48 * without fee is hereby granted, provided that the above copyright
49 * notice appear in all copies and that both that copyright notice and
50 * this permission notice appear in supporting documentation, and that
51 * the name of M.I.T. not be used in advertising or publicity pertaining
52 * to distribution of the software without specific, written prior
53 * permission. M.I.T. makes no representations about the suitability of
54 * this software for any purpose. It is provided "as is" without express
55 * or implied warranty.
56 */
57
e0badf3e 58#ifdef ENCRYPTION
8fd80d14
DB		 59
60#define ENCRYPT_NAMES
61#include <arpa/telnet.h>
62
63#include "encrypt.h"
64#include "misc.h"
65
66#ifdef __STDC__
67#include <stdlib.h>
68#endif
69#ifdef NO_STRING_H
70#include <strings.h>
71#else
72#include <string.h>
73#endif
74
75/*
76 * These functions pointers point to the current routines
77 * for encrypting and decrypting data.
78 */
79void (*encrypt_output) P((unsigned char *, int));
80int (*decrypt_input) P((int));
81
82int encrypt_debug_mode = 0;
83static int decrypt_mode = 0;
84static int encrypt_mode = 0;
85static int encrypt_verbose = 0;
86static int autoencrypt = 0;
87static int autodecrypt = 0;
88static int havesessionkey = 0;
8fd80d14
DB		 89static int Server = 0;
90static char *Name = "Noname";
91
92#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
93
b7c8f459
DB		 94static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
95 | typemask(ENCTYPE_DES_OFB64);
96static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
97 | typemask(ENCTYPE_DES_OFB64);
98static long i_wont_support_encrypt = 0;
99static long i_wont_support_decrypt = 0;
100#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
101#define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt)
102
8fd80d14
DB		 103static long remote_supports_encrypt = 0;
104static long remote_supports_decrypt = 0;
105
106static Encryptions encryptions[] = {
e0badf3e 107#ifdef DES_ENCRYPTION
b7c8f459
DB		 108 { "DES_CFB64", ENCTYPE_DES_CFB64,
109 cfb64_encrypt,
110 cfb64_decrypt,
111 cfb64_init,
112 cfb64_start,
113 cfb64_is,
114 cfb64_reply,
115 cfb64_session,
116 cfb64_keyid,
117 cfb64_printsub },
118 { "DES_OFB64", ENCTYPE_DES_OFB64,
119 ofb64_encrypt,
120 ofb64_decrypt,
121 ofb64_init,
122 ofb64_start,
123 ofb64_is,
124 ofb64_reply,
125 ofb64_session,
126 ofb64_keyid,
127 ofb64_printsub },
e0badf3e 128#endif /* DES_ENCRYPTION */
8fd80d14
DB		 129 { 0, },
130};
131
132static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
b7c8f459 133 ENCRYPT_SUPPORT };
8fd80d14 134static unsigned char str_suplen = 0;
b7c8f459 135static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
8fd80d14
DB		 136static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
137
138 Encryptions *
139findencryption(type)
140 int type;
141{
142 Encryptions *ep = encryptions;
143
b7c8f459 144 if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
8fd80d14
DB		 145 return(0);
146 while (ep->type && ep->type != type)
147 ++ep;
148 return(ep->type ? ep : 0);
149}
150
151 Encryptions *
152finddecryption(type)
153 int type;
154{
155 Encryptions *ep = encryptions;
156
b7c8f459 157 if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
8fd80d14
DB		 158 return(0);
159 while (ep->type && ep->type != type)
160 ++ep;
161 return(ep->type ? ep : 0);
162}
163
b7c8f459
DB		 164#define MAXKEYLEN 64
165
166static struct key_info {
167 unsigned char keyid[MAXKEYLEN];
168 int keylen;
169 int dir;
170 int *modep;
171 Encryptions *(*getcrypt)();
172} ki[2] = {
173 { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
174 { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
175};
176
8fd80d14
DB		 177 void
178encrypt_init(name, server)
179 char *name;
180 int server;
181{
182 Encryptions *ep = encryptions;
183
184 Name = name;
185 Server = server;
186 i_support_encrypt = i_support_decrypt = 0;
187 remote_supports_encrypt = remote_supports_decrypt = 0;
188 encrypt_mode = 0;
189 decrypt_mode = 0;
190 encrypt_output = 0;
191 decrypt_input = 0;
192#ifdef notdef
193 encrypt_verbose = !server;
194#endif
195
196 str_suplen = 4;
197
198 while (ep->type) {
199 if (encrypt_debug_mode)
200 printf(">>>%s: I will support %s\r\n",
201 Name, ENCTYPE_NAME(ep->type));
202 i_support_encrypt |= typemask(ep->type);
203 i_support_decrypt |= typemask(ep->type);
b7c8f459
DB		 204 if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
205 if ((str_send[str_suplen++] = ep->type) == IAC)
206 str_send[str_suplen++] = IAC;
8fd80d14
DB		 207 if (ep->init)
208 (*ep->init)(Server);
209 ++ep;
210 }
211 str_send[str_suplen++] = IAC;
212 str_send[str_suplen++] = SE;
213}
214
215 void
216encrypt_list_types()
217{
218 Encryptions *ep = encryptions;
219
220 printf("Valid encryption types:\n");
221 while (ep->type) {
b7c8f459 222 printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
8fd80d14
DB		 223 ++ep;
224 }
225}
226
227 int
228EncryptEnable(type, mode)
229 char *type, *mode;
230{
231 if (isprefix(type, "help") || isprefix(type, "?")) {
232 printf("Usage: encrypt enable <type> [input|output]\n");
233 encrypt_list_types();
234 return(0);
235 }
236 if (EncryptType(type, mode))
237 return(EncryptStart(mode));
238 return(0);
239}
240
b7c8f459
DB		 241 int
242EncryptDisable(type, mode)
243 char *type, *mode;
244{
245 register Encryptions *ep;
246 int ret = 0;
247
248 if (isprefix(type, "help") || isprefix(type, "?")) {
249 printf("Usage: encrypt disable <type> [input|output]\n");
250 encrypt_list_types();
251 } else if ((ep = (Encryptions *)genget(type, encryptions,
252 sizeof(Encryptions))) == 0) {
253 printf("%s: invalid encryption type\n", type);
254 } else if (Ambiguous(ep)) {
255 printf("Ambiguous type '%s'\n", type);
256 } else {
257 if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
258 if (decrypt_mode == ep->type)
259 EncryptStopInput();
260 i_wont_support_decrypt |= typemask(ep->type);
261 ret = 1;
262 }
263 if ((mode == 0) || (isprefix(mode, "output"))) {
264 if (encrypt_mode == ep->type)
265 EncryptStopOutput();
266 i_wont_support_encrypt |= typemask(ep->type);
267 ret = 1;
268 }
269 if (ret == 0)
270 printf("%s: invalid encryption mode\n", mode);
271 }
272 return(ret);
273}
274
8fd80d14
DB		 275 int
276EncryptType(type, mode)
277 char *type;
278 char *mode;
279{
280 register Encryptions *ep;
b7c8f459 281 int ret = 0;
8fd80d14
DB		 282
283 if (isprefix(type, "help") || isprefix(type, "?")) {
284 printf("Usage: encrypt type <type> [input|output]\n");
285 encrypt_list_types();
b7c8f459
DB		 286 } else if ((ep = (Encryptions *)genget(type, encryptions,
287 sizeof(Encryptions))) == 0) {
8fd80d14 288 printf("%s: invalid encryption type\n", type);
b7c8f459 289 } else if (Ambiguous(ep)) {
8fd80d14 290 printf("Ambiguous type '%s'\n", type);
b7c8f459
DB		 291 } else {
292 if ((mode == 0) || isprefix(mode, "input")) {
8fd80d14 293 decrypt_mode = ep->type;
b7c8f459
DB		 294 i_wont_support_decrypt &= ~typemask(ep->type);
295 ret = 1;
296 }
297 if ((mode == 0) || isprefix(mode, "output")) {
8fd80d14 298 encrypt_mode = ep->type;
b7c8f459
DB		 299 i_wont_support_encrypt &= ~typemask(ep->type);
300 ret = 1;
8fd80d14 301 }
b7c8f459
DB		 302 if (ret == 0)
303 printf("%s: invalid encryption mode\n", mode);
304 }
305 return(ret);
8fd80d14
DB		 306}
307
308 int
309EncryptStart(mode)
310 char *mode;
311{
312 register int ret = 0;
313 if (mode) {
314 if (isprefix(mode, "input"))
315 return(EncryptStartInput());
316 if (isprefix(mode, "output"))
317 return(EncryptStartOutput());
318 if (isprefix(mode, "help") || isprefix(mode, "?")) {
319 printf("Usage: encrypt start [input|output]\n");
320 return(0);
321 }
322 printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
323 return(0);
324 }
325 ret += EncryptStartInput();
326 ret += EncryptStartOutput();
327 return(ret);
328}
329
330 int
331EncryptStartInput()
332{
333 if (decrypt_mode) {
334 encrypt_send_request_start();
335 return(1);
336 }
337 printf("No previous decryption mode, decryption not enabled\r\n");
338 return(0);
339}
340
341 int
342EncryptStartOutput()
343{
344 if (encrypt_mode) {
345 encrypt_start_output(encrypt_mode);
346 return(1);
347 }
348 printf("No previous encryption mode, encryption not enabled\r\n");
349 return(0);
350}
351
352 int
353EncryptStop(mode)
354 char *mode;
355{
356 int ret = 0;
357 if (mode) {
358 if (isprefix(mode, "input"))
359 return(EncryptStopInput());
360 if (isprefix(mode, "output"))
361 return(EncryptStopOutput());
362 if (isprefix(mode, "help") || isprefix(mode, "?")) {
363 printf("Usage: encrypt stop [input|output]\n");
364 return(0);
365 }
366 printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
367 return(0);
368 }
369 ret += EncryptStopInput();
370 ret += EncryptStopOutput();
371 return(ret);
372}
373
374 int
375EncryptStopInput()
376{
377 encrypt_send_request_end();
378 return(1);
379}
380
381 int
382EncryptStopOutput()
383{
384 encrypt_send_end();
385 return(1);
386}
387
388 void
389encrypt_display()
390{
391 if (encrypt_output)
392 printf("Currently encrypting output with %s\r\n",
393 ENCTYPE_NAME(encrypt_mode));
394 if (decrypt_input)
395 printf("Currently decrypting input with %s\r\n",
396 ENCTYPE_NAME(decrypt_mode));
397}
398
399 int
400EncryptStatus()
401{
402 if (encrypt_output)
403 printf("Currently encrypting output with %s\r\n",
404 ENCTYPE_NAME(encrypt_mode));
405 else if (encrypt_mode) {
406 printf("Currently output is clear text.\r\n");
407 printf("Last encryption mode was %s\r\n",
408 ENCTYPE_NAME(encrypt_mode));
409 }
410 if (decrypt_input) {
411 printf("Currently decrypting input with %s\r\n",
412 ENCTYPE_NAME(decrypt_mode));
413 } else if (decrypt_mode) {
414 printf("Currently input is clear text.\r\n");
415 printf("Last decryption mode was %s\r\n",
416 ENCTYPE_NAME(decrypt_mode));
417 }
418 return 1;
419}
420
421 void
422encrypt_send_support()
423{
424 if (str_suplen) {
425 /*
426 * If the user has requested that decryption start
427 * immediatly, then send a "REQUEST START" before
428 * we negotiate the type.
429 */
430 if (!Server && autodecrypt)
431 encrypt_send_request_start();
432 net_write(str_send, str_suplen);
433 printsub('>', &str_send[2], str_suplen - 2);
434 str_suplen = 0;
435 }
436}
437
438 int
b7c8f459
DB		 439EncryptDebug(on)
440 int on;
8fd80d14 441{
b7c8f459
DB		 442 if (on < 0)
443 encrypt_debug_mode ^= 1;
444 else
445 encrypt_debug_mode = on;
8fd80d14
DB		 446 printf("Encryption debugging %s\r\n",
447 encrypt_debug_mode ? "enabled" : "disabled");
448 return(1);
449}
450
451 int
b7c8f459
DB		 452EncryptVerbose(on)
453 int on;
8fd80d14 454{
b7c8f459
DB		 455 if (on < 0)
456 encrypt_verbose ^= 1;
457 else
458 encrypt_verbose = on;
8fd80d14
DB		 459 printf("Encryption %s verbose\r\n",
460 encrypt_verbose ? "is" : "is not");
461 return(1);
462}
463
464 int
b7c8f459
DB		 465EncryptAutoEnc(on)
466 int on;
8fd80d14 467{
b7c8f459
DB		 468 encrypt_auto(on);
469 printf("Automatic encryption of output is %s\r\n",
8fd80d14
DB		 470 autoencrypt ? "enabled" : "disabled");
471 return(1);
472}
473
b7c8f459
DB		 474 int
475EncryptAutoDec(on)
476 int on;
477{
478 decrypt_auto(on);
479 printf("Automatic decryption of input is %s\r\n",
480 autodecrypt ? "enabled" : "disabled");
481 return(1);
482}
8fd80d14
DB		 483
484/*
485 * Called when ENCRYPT SUPPORT is received.
486 */
487 void
488encrypt_support(typelist, cnt)
489 unsigned char *typelist;
490 int cnt;
491{
492 register int type, use_type = 0;
493 Encryptions *ep;
494
495 /*
496 * Forget anything the other side has previously told us.
497 */
498 remote_supports_decrypt = 0;
499
500 while (cnt-- > 0) {
501 type = *typelist++;
502 if (encrypt_debug_mode)
503 printf(">>>%s: He is supporting %s (%d)\r\n",
504 Name,
505 ENCTYPE_NAME(type), type);
506 if ((type < ENCTYPE_CNT) &&
b7c8f459 507 (I_SUPPORT_ENCRYPT & typemask(type))) {
8fd80d14
DB		 508 remote_supports_decrypt |= typemask(type);
509 if (use_type == 0)
510 use_type = type;
511 }
512 }
513 if (use_type) {
514 ep = findencryption(use_type);
515 if (!ep)
516 return;
517 type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
518 if (encrypt_debug_mode)
519 printf(">>>%s: (*ep->start)() returned %d\r\n",
520 Name, type);
521 if (type < 0)
522 return;
b7c8f459 523 encrypt_mode = use_type;
8fd80d14
DB		 524 if (type == 0)
525 encrypt_start_output(use_type);
526 }
527}
528
529 void
530encrypt_is(data, cnt)
531 unsigned char *data;
532 int cnt;
533{
534 Encryptions *ep;
535 register int type, ret;
536
537 if (--cnt < 0)
538 return;
539 type = *data++;
540 if (type < ENCTYPE_CNT)
541 remote_supports_encrypt |= typemask(type);
542 if (!(ep = finddecryption(type))) {
543 if (encrypt_debug_mode)
544 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
545 Name,
b7c8f459
DB		 546 ENCTYPE_NAME_OK(type)
547 ? ENCTYPE_NAME(type) : "(unknown)",
548 type);
8fd80d14
DB		 549 return;
550 }
551 if (!ep->is) {
552 if (encrypt_debug_mode)
553 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
554 Name,
b7c8f459
DB		 555 ENCTYPE_NAME_OK(type)
556 ? ENCTYPE_NAME(type) : "(unknown)",
557 type);
8fd80d14
DB		 558 ret = 0;
559 } else {
560 ret = (*ep->is)(data, cnt);
b7c8f459
DB		 561 if (encrypt_debug_mode)
562 printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt,
563 (ret < 0) ? "FAIL " :
564 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
8fd80d14
DB		 565 }
566 if (ret < 0) {
567 autodecrypt = 0;
568 } else {
569 decrypt_mode = type;
570 if (ret == 0 && autodecrypt)
571 encrypt_send_request_start();
572 }
573}
574
575 void
576encrypt_reply(data, cnt)
577 unsigned char *data;
578 int cnt;
579{
580 Encryptions *ep;
581 register int ret, type;
582
583 if (--cnt < 0)
584 return;
585 type = *data++;
586 if (!(ep = findencryption(type))) {
587 if (encrypt_debug_mode)
588 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
589 Name,
b7c8f459
DB		 590 ENCTYPE_NAME_OK(type)
591 ? ENCTYPE_NAME(type) : "(unknown)",
592 type);
8fd80d14
DB		 593 return;
594 }
595 if (!ep->reply) {
596 if (encrypt_debug_mode)
597 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
598 Name,
b7c8f459
DB		 599 ENCTYPE_NAME_OK(type)
600 ? ENCTYPE_NAME(type) : "(unknown)",
601 type);
8fd80d14
DB		 602 ret = 0;
603 } else {
604 ret = (*ep->reply)(data, cnt);
b7c8f459
DB		 605 if (encrypt_debug_mode)
606 printf("(*ep->reply)(%x, %d) returned %s(%d)\n",
607 data, cnt,
608 (ret < 0) ? "FAIL " :
609 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
8fd80d14
DB		 610 }
611 if (encrypt_debug_mode)
612 printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
613 if (ret < 0) {
614 autoencrypt = 0;
615 } else {
616 encrypt_mode = type;
617 if (ret == 0 && autoencrypt)
618 encrypt_start_output(type);
619 }
620}
621
622/*
623 * Called when a ENCRYPT START command is received.
624 */
625 void
b7c8f459
DB		 626encrypt_start(data, cnt)
627 unsigned char *data;
628 int cnt;
8fd80d14
DB		 629{
630 Encryptions *ep;
631
632 if (!decrypt_mode) {
633 /*
634 * Something is wrong. We should not get a START
635 * command without having already picked our
636 * decryption scheme. Send a REQUEST-END to
637 * attempt to clear the channel...
638 */
639 printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
640 encrypt_send_request_end();
641 return;
642 }
643
644 if (ep = finddecryption(decrypt_mode)) {
645 decrypt_input = ep->input;
646 if (encrypt_verbose)
647 printf("[ Input is now decrypted with type %s ]\r\n",
648 ENCTYPE_NAME(decrypt_mode));
649 if (encrypt_debug_mode)
650 printf(">>>%s: Start to decrypt input with type %s\r\n",
651 Name, ENCTYPE_NAME(decrypt_mode));
652 } else {
653 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
b7c8f459
DB		 654 Name,
655 ENCTYPE_NAME_OK(decrypt_mode)
656 ? ENCTYPE_NAME(decrypt_mode)
657 : "(unknown)",
658 decrypt_mode);
8fd80d14
DB		 659 encrypt_send_request_end();
660 }
661}
662
663 void
664encrypt_session_key(key, server)
665 Session_Key *key;
666 int server;
667{
668 Encryptions *ep = encryptions;
669
670 havesessionkey = 1;
671
672 while (ep->type) {
673 if (ep->session)
674 (*ep->session)(key, server);
0e39a0bc
DB		 675#ifdef notdef
676 if (!encrypt_output && autoencrypt && !server)
677 encrypt_start_output(ep->type);
678 if (!decrypt_input && autodecrypt && !server)
679 encrypt_send_request_start();
680#endif
8fd80d14
DB		 681 ++ep;
682 }
683}
684
685/*
686 * Called when ENCRYPT END is received.
687 */
688 void
689encrypt_end()
690{
691 decrypt_input = 0;
692 if (encrypt_debug_mode)
693 printf(">>>%s: Input is back to clear text\r\n", Name);
694 if (encrypt_verbose)
695 printf("[ Input is now clear text ]\r\n");
696}
697
698/*
699 * Called when ENCRYPT REQUEST-END is received.
700 */
701 void
702encrypt_request_end()
703{
704 encrypt_send_end();
705}
706
707/*
708 * Called when ENCRYPT REQUEST-START is received. If we receive
709 * this before a type is picked, then that indicates that the
710 * other side wants us to start encrypting data as soon as we
711 * can.
712 */
713 void
b7c8f459
DB		 714encrypt_request_start(data, cnt)
715 unsigned char *data;
716 int cnt;
8fd80d14 717{
b7c8f459
DB		 718 if (encrypt_mode == 0) {
719 if (Server)
720 autoencrypt = 1;
8fd80d14
DB		 721 return;
722 }
723 encrypt_start_output(encrypt_mode);
724}
725
b7c8f459
DB		 726static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
727
728encrypt_enc_keyid(keyid, len)
729 unsigned char *keyid;
730 int len;
731{
732 encrypt_keyid(&ki[1], keyid, len);
733}
734
735encrypt_dec_keyid(keyid, len)
736 unsigned char *keyid;
737 int len;
738{
739 encrypt_keyid(&ki[0], keyid, len);
740}
741
742encrypt_keyid(kp, keyid, len)
743 struct key_info *kp;
744 unsigned char *keyid;
745 int len;
746{
747 Encryptions *ep;
748 unsigned char *strp, *cp;
749 int dir = kp->dir;
750 register int ret = 0;
751
752 if (!(ep = (*kp->getcrypt)(*kp->modep))) {
753 if (len == 0)
754 return;
755 kp->keylen = 0;
756 } else if (len == 0) {
757 /*
758 * Empty option, indicates a failure.
759 */
760 if (kp->keylen == 0)
761 return;
762 kp->keylen = 0;
763 if (ep->keyid)
764 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
765
766 } else if ((len != kp->keylen) || (bcmp(keyid, kp->keyid, len) != 0)) {
767 /*
768 * Length or contents are different
769 */
770 kp->keylen = len;
771 bcopy(keyid, kp->keyid, len);
772 if (ep->keyid)
773 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
774 } else {
775 if (ep->keyid)
776 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
777 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
778 encrypt_start_output(*kp->modep);
779 return;
780 }
781
782 encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
783}
784
8fd80d14 785 void
b7c8f459
DB		 786encrypt_send_keyid(dir, keyid, keylen, saveit)
787 int dir;
788 unsigned char *keyid;
789 int keylen;
790 int saveit;
791{
792 unsigned char *strp;
793
794 str_keyid[3] = (dir == DIR_ENCRYPT)
795 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
796 if (saveit) {
797 struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
798 bcopy(keyid, kp->keyid, keylen);
799 kp->keylen = keylen;
800 }
801
802 for (strp = &str_keyid[4]; keylen > 0; --keylen) {
803 if ((*strp++ = *keyid++) == IAC)
804 *strp++ = IAC;
805 }
806 *strp++ = IAC;
807 *strp++ = SE;
808 net_write(str_keyid, strp - str_keyid);
809 printsub('>', &str_keyid[2], strp - str_keyid - 2);
810}
811
812 void
813encrypt_auto(on)
814 int on;
815{
816 if (on < 0)
817 autoencrypt ^= 1;
818 else
819 autoencrypt = on ? 1 : 0;
820}
821
822 void
823decrypt_auto(on)
824 int on;
8fd80d14 825{
b7c8f459
DB		 826 if (on < 0)
827 autodecrypt ^= 1;
828 else
829 autodecrypt = on ? 1 : 0;
8fd80d14
DB		 830}
831
832 void
833encrypt_start_output(type)
834 int type;
835{
836 Encryptions *ep;
b7c8f459
DB		 837 register unsigned char *p;
838 register int i;
8fd80d14
DB		 839
840 if (!(ep = findencryption(type))) {
841 if (encrypt_debug_mode) {
b7c8f459 842 printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
8fd80d14 843 Name,
b7c8f459
DB		 844 ENCTYPE_NAME_OK(type)
845 ? ENCTYPE_NAME(type) : "(unknown)",
846 type);
8fd80d14 847 }
8fd80d14
DB		 848 return;
849 }
850 if (ep->start) {
b7c8f459
DB		 851 i = (*ep->start)(DIR_ENCRYPT, Server);
852 if (encrypt_debug_mode) {
853 printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
854 Name,
855 (i < 0) ? "failed" :
856 "initial negotiation in progress",
857 i, ENCTYPE_NAME(type));
8fd80d14 858 }
b7c8f459
DB		 859 if (i)
860 return;
861 }
862 p = str_start + 3;
863 *p++ = ENCRYPT_START;
864 for (i = 0; i < ki[0].keylen; ++i) {
865 if ((*p++ = ki[0].keyid[i]) == IAC)
866 *p++ = IAC;
8fd80d14 867 }
b7c8f459
DB		 868 *p++ = IAC;
869 *p++ = SE;
870 net_write(str_start, p - str_start);
8fd80d14 871 net_encrypt();
b7c8f459 872 printsub('>', &str_start[2], p - &str_start[2]);
8fd80d14
DB		 873 /*
874 * If we are already encrypting in some mode, then
875 * encrypt the ring (which includes our request) in
876 * the old mode, mark it all as "clear text" and then
877 * switch to the new mode.
878 */
879 encrypt_output = ep->output;
880 encrypt_mode = type;
881 if (encrypt_debug_mode)
882 printf(">>>%s: Started to encrypt output with type %s\r\n",
883 Name, ENCTYPE_NAME(type));
884 if (encrypt_verbose)
885 printf("[ Output is now encrypted with type %s ]\r\n",
886 ENCTYPE_NAME(type));
887}
888
889 void
890encrypt_send_end()
891{
892 if (!encrypt_output)
893 return;
894
895 str_end[3] = ENCRYPT_END;
896 net_write(str_end, sizeof(str_end));
897 net_encrypt();
898 printsub('>', &str_end[2], sizeof(str_end) - 2);
899 /*
900 * Encrypt the output buffer now because it will not be done by
901 * netflush...
902 */
903 encrypt_output = 0;
904 if (encrypt_debug_mode)
905 printf(">>>%s: Output is back to clear text\r\n", Name);
906 if (encrypt_verbose)
907 printf("[ Output is now clear text ]\r\n");
908}
909
910 void
911encrypt_send_request_start()
912{
b7c8f459
DB		 913 register unsigned char *p;
914 register int i;
8fd80d14 915
b7c8f459
DB		 916 p = &str_start[3];
917 *p++ = ENCRYPT_REQSTART;
918 for (i = 0; i < ki[1].keylen; ++i) {
919 if ((*p++ = ki[1].keyid[i]) == IAC)
920 *p++ = IAC;
8fd80d14 921 }
b7c8f459
DB		 922 *p++ = IAC;
923 *p++ = SE;
924 net_write(str_start, p - str_start);
925 printsub('>', &str_start[2], p - &str_start[2]);
8fd80d14
DB		 926 if (encrypt_debug_mode)
927 printf(">>>%s: Request input to be encrypted\r\n", Name);
928}
929
930 void
931encrypt_send_request_end()
932{
933 str_end[3] = ENCRYPT_REQEND;
934 net_write(str_end, sizeof(str_end));
935 printsub('>', &str_end[2], sizeof(str_end) - 2);
936
937 if (encrypt_debug_mode)
938 printf(">>>%s: Request input to be clear text\r\n", Name);
939}
940
941 void
942encrypt_wait()
943{
944 register int encrypt, decrypt;
945 if (encrypt_debug_mode)
946 printf(">>>%s: in encrypt_wait\r\n", Name);
b7c8f459 947 if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
8fd80d14
DB		 948 return;
949 while (autoencrypt && !encrypt_output)
950 if (telnet_spin())
951 return;
952}
953
954 void
955encrypt_debug(mode)
956 int mode;
957{
958 encrypt_debug_mode = mode;
959}
960
961 void
962encrypt_gen_printsub(data, cnt, buf, buflen)
963 unsigned char *data, *buf;
964 int cnt, buflen;
965{
966 char tbuf[16], *cp;
967
968 cnt -= 2;
969 data += 2;
970 buf[buflen-1] = '\0';
971 buf[buflen-2] = '*';
972 buflen -= 2;;
973 for (; cnt > 0; cnt--, data++) {
974 sprintf(tbuf, " %d", *data);
975 for (cp = tbuf; *cp && buflen > 0; --buflen)
976 *buf++ = *cp++;
977 if (buflen <= 0)
978 return;
979 }
980 *buf = '\0';
981}
982
983 void
984encrypt_printsub(data, cnt, buf, buflen)
985 unsigned char *data, *buf;
986 int cnt, buflen;
987{
988 Encryptions *ep;
989 register int type = data[1];
990
991 for (ep = encryptions; ep->type && ep->type != type; ep++)
992 ;
993
994 if (ep->printsub)
995 (*ep->printsub)(data, cnt, buf, buflen);
996 else
997 encrypt_gen_printsub(data, cnt, buf, buflen);
998}
e0badf3e 999#endif /* ENCRYPTION */
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.