1 /*- 2 * Copyright (c) 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #include <sys/cdefs.h> 31 32 __FBSDID("$FreeBSD$"); 33 34 #ifndef lint 35 #if 0 36 static const char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95"; 37 #endif 38 #endif /* not lint */ 39 40 /* 41 * Copyright (C) 1990 by the Massachusetts Institute of Technology 42 * 43 * Export of this software from the United States of America is assumed 44 * to require a specific license from the United States Government. 45 * It is the responsibility of any person or organization contemplating 46 * export to obtain such a license before exporting. 47 * 48 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 49 * distribute this software and its documentation for any purpose and 50 * without fee is hereby granted, provided that the above copyright 51 * notice appear in all copies and that both that copyright notice and 52 * this permission notice appear in supporting documentation, and that 53 * the name of M.I.T. not be used in advertising or publicity pertaining 54 * to distribution of the software without specific, written prior 55 * permission. M.I.T. makes no representations about the suitability of 56 * this software for any purpose. It is provided "as is" without express 57 * or implied warranty. 58 */ 59 60 #ifdef ENCRYPTION 61 62 #include <sys/types.h> 63 #define ENCRYPT_NAMES 64 #include <arpa/telnet.h> 65 #include <stdio.h> 66 #include <stdlib.h> 67 #include <string.h> 68 69 #include "encrypt.h" 70 #include "misc.h" 71 72 int EncryptType(char *type, char *mode); 73 int EncryptStart(char *mode); 74 int EncryptStop(char *mode); 75 int EncryptStartInput(void); 76 int EncryptStartOutput(void); 77 int EncryptStopInput(void); 78 int EncryptStopOutput(void); 79 80 int encrypt_debug_mode = 0; 81 static int decrypt_mode = 0; 82 static int encrypt_mode = 0; 83 static int encrypt_verbose = 0; 84 static int autoencrypt = 0; 85 static int autodecrypt = 0; 86 static int havesessionkey = 0; 87 static int Server = 0; 88 static const char *Name = "Noname"; 89 90 #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) 91 92 static u_long i_support_encrypt = 0 93 | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64) 94 |0; 95 static u_long i_support_decrypt = 0 96 | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64) 97 |0; 98 99 static u_long i_wont_support_encrypt = 0; 100 static u_long i_wont_support_decrypt = 0; 101 #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) 102 #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) 103 104 static u_long remote_supports_encrypt = 0; 105 static u_long remote_supports_decrypt = 0; 106 107 static Encryptions encryptions[] = { 108 { "DES_CFB64", ENCTYPE_DES_CFB64, 109 cfb64_encrypt, 110 cfb64_decrypt, 111 cfb64_init, 112 cfb64_start, 113 cfb64_is, 114 cfb64_reply, 115 cfb64_session, 116 cfb64_keyid, 117 cfb64_printsub }, 118 { "DES_OFB64", ENCTYPE_DES_OFB64, 119 ofb64_encrypt, 120 ofb64_decrypt, 121 ofb64_init, 122 ofb64_start, 123 ofb64_is, 124 ofb64_reply, 125 ofb64_session, 126 ofb64_keyid, 127 ofb64_printsub }, 128 { NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, 129 }; 130 131 static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, 132 ENCRYPT_SUPPORT }; 133 static unsigned char str_suplen = 0; 134 static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; 135 static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; 136 137 Encryptions * 138 findencryption(int type) 139 { 140 Encryptions *ep = encryptions; 141 142 if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & (unsigned)typemask(type))) 143 return(0); 144 while (ep->type && ep->type != type) 145 ++ep; 146 return(ep->type ? ep : 0); 147 } 148 149 static Encryptions * 150 finddecryption(int type) 151 { 152 Encryptions *ep = encryptions; 153 154 if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & (unsigned)typemask(type))) 155 return(0); 156 while (ep->type && ep->type != type) 157 ++ep; 158 return(ep->type ? ep : 0); 159 } 160 161 #define MAXKEYLEN 64 162 163 static struct key_info { 164 unsigned char keyid[MAXKEYLEN]; 165 int keylen; 166 int dir; 167 int *modep; 168 Encryptions *(*getcrypt)(int); 169 } ki[2] = { 170 { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, 171 { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, 172 }; 173 174 static void encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len); 175 176 void 177 encrypt_init(const char *name, int server) 178 { 179 Encryptions *ep = encryptions; 180 181 Name = name; 182 Server = server; 183 i_support_encrypt = i_support_decrypt = 0; 184 remote_supports_encrypt = remote_supports_decrypt = 0; 185 encrypt_mode = 0; 186 decrypt_mode = 0; 187 encrypt_output = 0; 188 decrypt_input = 0; 189 190 str_suplen = 4; 191 192 while (ep->type) { 193 if (encrypt_debug_mode) 194 printf(">>>%s: I will support %s\r\n", 195 Name, ENCTYPE_NAME(ep->type)); 196 i_support_encrypt |= typemask(ep->type); 197 i_support_decrypt |= typemask(ep->type); 198 if ((i_wont_support_decrypt & typemask(ep->type)) == 0) 199 if ((str_send[str_suplen++] = ep->type) == IAC) 200 str_send[str_suplen++] = IAC; 201 if (ep->init) 202 (*ep->init)(Server); 203 ++ep; 204 } 205 str_send[str_suplen++] = IAC; 206 str_send[str_suplen++] = SE; 207 } 208 209 static void 210 encrypt_list_types(void) 211 { 212 Encryptions *ep = encryptions; 213 214 printf("Valid encryption types:\n"); 215 while (ep->type) { 216 printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); 217 ++ep; 218 } 219 } 220 221 int 222 EncryptEnable(char *type, char *mode) 223 { 224 if (isprefix(type, "help") || isprefix(type, "?")) { 225 printf("Usage: encrypt enable <type> [input|output]\n"); 226 encrypt_list_types(); 227 return(0); 228 } 229 if (EncryptType(type, mode)) 230 return(EncryptStart(mode)); 231 return(0); 232 } 233 234 int 235 EncryptDisable(char *type, char *mode) 236 { 237 Encryptions *ep; 238 int ret = 0; 239 240 if (isprefix(type, "help") || isprefix(type, "?")) { 241 printf("Usage: encrypt disable <type> [input|output]\n"); 242 encrypt_list_types(); 243 } else if ((ep = (Encryptions *)genget(type, (char **)encryptions, 244 sizeof(Encryptions))) == 0) { 245 printf("%s: invalid encryption type\n", type); 246 } else if (Ambiguous((char **)ep)) { 247 printf("Ambiguous type '%s'\n", type); 248 } else { 249 if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { 250 if (decrypt_mode == ep->type) 251 EncryptStopInput(); 252 i_wont_support_decrypt |= typemask(ep->type); 253 ret = 1; 254 } 255 if ((mode == 0) || (isprefix(mode, "output"))) { 256 if (encrypt_mode == ep->type) 257 EncryptStopOutput(); 258 i_wont_support_encrypt |= typemask(ep->type); 259 ret = 1; 260 } 261 if (ret == 0) 262 printf("%s: invalid encryption mode\n", mode); 263 } 264 return(ret); 265 } 266 267 int 268 EncryptType(char *type, char *mode) 269 { 270 Encryptions *ep; 271 int ret = 0; 272 273 if (isprefix(type, "help") || isprefix(type, "?")) { 274 printf("Usage: encrypt type <type> [input|output]\n"); 275 encrypt_list_types(); 276 } else if ((ep = (Encryptions *)genget(type, (char **)encryptions, 277 sizeof(Encryptions))) == 0) { 278 printf("%s: invalid encryption type\n", type); 279 } else if (Ambiguous((char **)ep)) { 280 printf("Ambiguous type '%s'\n", type); 281 } else { 282 if ((mode == 0) || isprefix(mode, "input")) { 283 decrypt_mode = ep->type; 284 i_wont_support_decrypt &= ~typemask(ep->type); 285 ret = 1; 286 } 287 if ((mode == 0) || isprefix(mode, "output")) { 288 encrypt_mode = ep->type; 289 i_wont_support_encrypt &= ~typemask(ep->type); 290 ret = 1; 291 } 292 if (ret == 0) 293 printf("%s: invalid encryption mode\n", mode); 294 } 295 return(ret); 296 } 297 298 int 299 EncryptStart(char *mode) 300 { 301 int ret = 0; 302 if (mode) { 303 if (isprefix(mode, "input")) 304 return(EncryptStartInput()); 305 if (isprefix(mode, "output")) 306 return(EncryptStartOutput()); 307 if (isprefix(mode, "help") || isprefix(mode, "?")) { 308 printf("Usage: encrypt start [input|output]\n"); 309 return(0); 310 } 311 printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); 312 return(0); 313 } 314 ret += EncryptStartInput(); 315 ret += EncryptStartOutput(); 316 return(ret); 317 } 318 319 int 320 EncryptStartInput(void) 321 { 322 if (decrypt_mode) { 323 encrypt_send_request_start(); 324 return(1); 325 } 326 printf("No previous decryption mode, decryption not enabled\r\n"); 327 return(0); 328 } 329 330 int 331 EncryptStartOutput(void) 332 { 333 if (encrypt_mode) { 334 encrypt_start_output(encrypt_mode); 335 return(1); 336 } 337 printf("No previous encryption mode, encryption not enabled\r\n"); 338 return(0); 339 } 340 341 int 342 EncryptStop(char *mode) 343 { 344 int ret = 0; 345 if (mode) { 346 if (isprefix(mode, "input")) 347 return(EncryptStopInput()); 348 if (isprefix(mode, "output")) 349 return(EncryptStopOutput()); 350 if (isprefix(mode, "help") || isprefix(mode, "?")) { 351 printf("Usage: encrypt stop [input|output]\n"); 352 return(0); 353 } 354 printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); 355 return(0); 356 } 357 ret += EncryptStopInput(); 358 ret += EncryptStopOutput(); 359 return(ret); 360 } 361 362 int 363 EncryptStopInput(void) 364 { 365 encrypt_send_request_end(); 366 return(1); 367 } 368 369 int 370 EncryptStopOutput(void) 371 { 372 encrypt_send_end(); 373 return(1); 374 } 375 376 void 377 encrypt_display(void) 378 { 379 if (encrypt_output) 380 printf("Currently encrypting output with %s\r\n", 381 ENCTYPE_NAME(encrypt_mode)); 382 if (decrypt_input) 383 printf("Currently decrypting input with %s\r\n", 384 ENCTYPE_NAME(decrypt_mode)); 385 } 386 387 int 388 EncryptStatus(void) 389 { 390 if (encrypt_output) 391 printf("Currently encrypting output with %s\r\n", 392 ENCTYPE_NAME(encrypt_mode)); 393 else if (encrypt_mode) { 394 printf("Currently output is clear text.\r\n"); 395 printf("Last encryption mode was %s\r\n", 396 ENCTYPE_NAME(encrypt_mode)); 397 } 398 if (decrypt_input) { 399 printf("Currently decrypting input with %s\r\n", 400 ENCTYPE_NAME(decrypt_mode)); 401 } else if (decrypt_mode) { 402 printf("Currently input is clear text.\r\n"); 403 printf("Last decryption mode was %s\r\n", 404 ENCTYPE_NAME(decrypt_mode)); 405 } 406 return 1; 407 } 408 409 void 410 encrypt_send_support(void) 411 { 412 if (str_suplen) { 413 /* 414 * If the user has requested that decryption start 415 * immediatly, then send a "REQUEST START" before 416 * we negotiate the type. 417 */ 418 if (!Server && autodecrypt) 419 encrypt_send_request_start(); 420 net_write(str_send, str_suplen); 421 printsub('>', &str_send[2], str_suplen - 2); 422 str_suplen = 0; 423 } 424 } 425 426 int 427 EncryptDebug(int on) 428 { 429 if (on < 0) 430 encrypt_debug_mode ^= 1; 431 else 432 encrypt_debug_mode = on; 433 printf("Encryption debugging %s\r\n", 434 encrypt_debug_mode ? "enabled" : "disabled"); 435 return(1); 436 } 437 438 int 439 EncryptVerbose(int on) 440 { 441 if (on < 0) 442 encrypt_verbose ^= 1; 443 else 444 encrypt_verbose = on; 445 printf("Encryption %s verbose\r\n", 446 encrypt_verbose ? "is" : "is not"); 447 return(1); 448 } 449 450 int 451 EncryptAutoEnc(int on) 452 { 453 encrypt_auto(on); 454 printf("Automatic encryption of output is %s\r\n", 455 autoencrypt ? "enabled" : "disabled"); 456 return(1); 457 } 458 459 int 460 EncryptAutoDec(int on) 461 { 462 decrypt_auto(on); 463 printf("Automatic decryption of input is %s\r\n", 464 autodecrypt ? "enabled" : "disabled"); 465 return(1); 466 } 467 468 /* 469 * Called when ENCRYPT SUPPORT is received. 470 */ 471 void 472 encrypt_support(unsigned char *typelist, int cnt) 473 { 474 int type, use_type = 0; 475 Encryptions *ep; 476 477 /* 478 * Forget anything the other side has previously told us. 479 */ 480 remote_supports_decrypt = 0; 481 482 while (cnt-- > 0) { 483 type = *typelist++; 484 if (encrypt_debug_mode) 485 printf(">>>%s: He is supporting %s (%d)\r\n", 486 Name, 487 ENCTYPE_NAME(type), type); 488 if ((type < ENCTYPE_CNT) && 489 (I_SUPPORT_ENCRYPT & typemask(type))) { 490 remote_supports_decrypt |= typemask(type); 491 if (use_type == 0) 492 use_type = type; 493 } 494 } 495 if (use_type) { 496 ep = findencryption(use_type); 497 if (!ep) 498 return; 499 type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; 500 if (encrypt_debug_mode) 501 printf(">>>%s: (*ep->start)() returned %d\r\n", 502 Name, type); 503 if (type < 0) 504 return; 505 encrypt_mode = use_type; 506 if (type == 0) 507 encrypt_start_output(use_type); 508 } 509 } 510 511 void 512 encrypt_is(unsigned char *data, int cnt) 513 { 514 Encryptions *ep; 515 int type, ret; 516 517 if (--cnt < 0) 518 return; 519 type = *data++; 520 if (type < ENCTYPE_CNT) 521 remote_supports_encrypt |= typemask(type); 522 if (!(ep = finddecryption(type))) { 523 if (encrypt_debug_mode) 524 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", 525 Name, 526 ENCTYPE_NAME_OK(type) 527 ? ENCTYPE_NAME(type) : "(unknown)", 528 type); 529 return; 530 } 531 if (!ep->is) { 532 if (encrypt_debug_mode) 533 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", 534 Name, 535 ENCTYPE_NAME_OK(type) 536 ? ENCTYPE_NAME(type) : "(unknown)", 537 type); 538 ret = 0; 539 } else { 540 ret = (*ep->is)(data, cnt); 541 if (encrypt_debug_mode) 542 printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt, 543 (ret < 0) ? "FAIL " : 544 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); 545 } 546 if (ret < 0) { 547 autodecrypt = 0; 548 } else { 549 decrypt_mode = type; 550 if (ret == 0 && autodecrypt) 551 encrypt_send_request_start(); 552 } 553 } 554 555 void 556 encrypt_reply(unsigned char *data, int cnt) 557 { 558 Encryptions *ep; 559 int ret, type; 560 561 if (--cnt < 0) 562 return; 563 type = *data++; 564 if (!(ep = findencryption(type))) { 565 if (encrypt_debug_mode) 566 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", 567 Name, 568 ENCTYPE_NAME_OK(type) 569 ? ENCTYPE_NAME(type) : "(unknown)", 570 type); 571 return; 572 } 573 if (!ep->reply) { 574 if (encrypt_debug_mode) 575 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", 576 Name, 577 ENCTYPE_NAME_OK(type) 578 ? ENCTYPE_NAME(type) : "(unknown)", 579 type); 580 ret = 0; 581 } else { 582 ret = (*ep->reply)(data, cnt); 583 if (encrypt_debug_mode) 584 printf("(*ep->reply)(%p, %d) returned %s(%d)\n", 585 data, cnt, 586 (ret < 0) ? "FAIL " : 587 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); 588 } 589 if (encrypt_debug_mode) 590 printf(">>>%s: encrypt_reply returned %d\n", Name, ret); 591 if (ret < 0) { 592 autoencrypt = 0; 593 } else { 594 encrypt_mode = type; 595 if (ret == 0 && autoencrypt) 596 encrypt_start_output(type); 597 } 598 } 599 600 /* 601 * Called when a ENCRYPT START command is received. 602 */ 603 void 604 encrypt_start(unsigned char *data __unused, int cnt __unused) 605 { 606 Encryptions *ep; 607 608 if (!decrypt_mode) { 609 /* 610 * Something is wrong. We should not get a START 611 * command without having already picked our 612 * decryption scheme. Send a REQUEST-END to 613 * attempt to clear the channel... 614 */ 615 printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); 616 encrypt_send_request_end(); 617 return; 618 } 619 620 if ((ep = finddecryption(decrypt_mode))) { 621 decrypt_input = ep->input; 622 if (encrypt_verbose) 623 printf("[ Input is now decrypted with type %s ]\r\n", 624 ENCTYPE_NAME(decrypt_mode)); 625 if (encrypt_debug_mode) 626 printf(">>>%s: Start to decrypt input with type %s\r\n", 627 Name, ENCTYPE_NAME(decrypt_mode)); 628 } else { 629 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", 630 Name, 631 ENCTYPE_NAME_OK(decrypt_mode) 632 ? ENCTYPE_NAME(decrypt_mode) 633 : "(unknown)", 634 decrypt_mode); 635 encrypt_send_request_end(); 636 } 637 } 638 639 void 640 encrypt_session_key( Session_Key *key, int server) 641 { 642 Encryptions *ep = encryptions; 643 644 havesessionkey = 1; 645 646 while (ep->type) { 647 if (ep->session) 648 (*ep->session)(key, server); 649 ++ep; 650 } 651 } 652 653 /* 654 * Called when ENCRYPT END is received. 655 */ 656 void 657 encrypt_end(void) 658 { 659 decrypt_input = 0; 660 if (encrypt_debug_mode) 661 printf(">>>%s: Input is back to clear text\r\n", Name); 662 if (encrypt_verbose) 663 printf("[ Input is now clear text ]\r\n"); 664 } 665 666 /* 667 * Called when ENCRYPT REQUEST-END is received. 668 */ 669 void 670 encrypt_request_end(void) 671 { 672 encrypt_send_end(); 673 } 674 675 /* 676 * Called when ENCRYPT REQUEST-START is received. If we receive 677 * this before a type is picked, then that indicates that the 678 * other side wants us to start encrypting data as soon as we 679 * can. 680 */ 681 void 682 encrypt_request_start(unsigned char *data __unused, int cnt __unused) 683 { 684 if (encrypt_mode == 0) { 685 if (Server) 686 autoencrypt = 1; 687 return; 688 } 689 encrypt_start_output(encrypt_mode); 690 } 691 692 static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; 693 694 void 695 encrypt_enc_keyid(unsigned char *keyid, int len) 696 { 697 encrypt_keyid(&ki[1], keyid, len); 698 } 699 700 void 701 encrypt_dec_keyid(unsigned char *keyid, int len) 702 { 703 encrypt_keyid(&ki[0], keyid, len); 704 } 705 706 void 707 encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len) 708 { 709 Encryptions *ep; 710 int dir = kp->dir; 711 int ret = 0; 712 713 if (len > MAXKEYLEN) 714 len = MAXKEYLEN; 715 716 if (!(ep = (*kp->getcrypt)(*kp->modep))) { 717 if (len == 0) 718 return; 719 kp->keylen = 0; 720 } else if (len == 0) { 721 /* 722 * Empty option, indicates a failure. 723 */ 724 if (kp->keylen == 0) 725 return; 726 kp->keylen = 0; 727 if (ep->keyid) 728 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 729 730 } else if ((len != kp->keylen) || 731 (memcmp(keyid, kp->keyid, len) != 0)) { 732 /* 733 * Length or contents are different 734 */ 735 kp->keylen = len; 736 memmove(kp->keyid, keyid, len); 737 if (ep->keyid) 738 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 739 } else { 740 if (ep->keyid) 741 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); 742 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) 743 encrypt_start_output(*kp->modep); 744 return; 745 } 746 747 encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); 748 } 749 750 void 751 encrypt_send_keyid(int dir, const char *keyid, int keylen, int saveit) 752 { 753 unsigned char *strp; 754 755 str_keyid[3] = (dir == DIR_ENCRYPT) 756 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; 757 if (saveit) { 758 struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; 759 memmove(kp->keyid, keyid, keylen); 760 kp->keylen = keylen; 761 } 762 763 for (strp = &str_keyid[4]; keylen > 0; --keylen) { 764 if ((*strp++ = *keyid++) == IAC) 765 *strp++ = IAC; 766 } 767 *strp++ = IAC; 768 *strp++ = SE; 769 net_write(str_keyid, strp - str_keyid); 770 printsub('>', &str_keyid[2], strp - str_keyid - 2); 771 } 772 773 void 774 encrypt_auto(int on) 775 { 776 if (on < 0) 777 autoencrypt ^= 1; 778 else 779 autoencrypt = on ? 1 : 0; 780 } 781 782 void 783 decrypt_auto(int on) 784 { 785 if (on < 0) 786 autodecrypt ^= 1; 787 else 788 autodecrypt = on ? 1 : 0; 789 } 790 791 void 792 encrypt_start_output(int type) 793 { 794 Encryptions *ep; 795 unsigned char *p; 796 int i; 797 798 if (!(ep = findencryption(type))) { 799 if (encrypt_debug_mode) { 800 printf(">>>%s: Can't encrypt with type %s (%d)\r\n", 801 Name, 802 ENCTYPE_NAME_OK(type) 803 ? ENCTYPE_NAME(type) : "(unknown)", 804 type); 805 } 806 return; 807 } 808 if (ep->start) { 809 i = (*ep->start)(DIR_ENCRYPT, Server); 810 if (encrypt_debug_mode) { 811 printf(">>>%s: Encrypt start: %s (%d) %s\r\n", 812 Name, 813 (i < 0) ? "failed" : 814 "initial negotiation in progress", 815 i, ENCTYPE_NAME(type)); 816 } 817 if (i) 818 return; 819 } 820 p = str_start + 3; 821 *p++ = ENCRYPT_START; 822 for (i = 0; i < ki[0].keylen; ++i) { 823 if ((*p++ = ki[0].keyid[i]) == IAC) 824 *p++ = IAC; 825 } 826 *p++ = IAC; 827 *p++ = SE; 828 net_write(str_start, p - str_start); 829 net_encrypt(); 830 printsub('>', &str_start[2], p - &str_start[2]); 831 /* 832 * If we are already encrypting in some mode, then 833 * encrypt the ring (which includes our request) in 834 * the old mode, mark it all as "clear text" and then 835 * switch to the new mode. 836 */ 837 encrypt_output = ep->output; 838 encrypt_mode = type; 839 if (encrypt_debug_mode) 840 printf(">>>%s: Started to encrypt output with type %s\r\n", 841 Name, ENCTYPE_NAME(type)); 842 if (encrypt_verbose) 843 printf("[ Output is now encrypted with type %s ]\r\n", 844 ENCTYPE_NAME(type)); 845 } 846 847 void 848 encrypt_send_end(void) 849 { 850 if (!encrypt_output) 851 return; 852 853 str_end[3] = ENCRYPT_END; 854 net_write(str_end, sizeof(str_end)); 855 net_encrypt(); 856 printsub('>', &str_end[2], sizeof(str_end) - 2); 857 /* 858 * Encrypt the output buffer now because it will not be done by 859 * netflush... 860 */ 861 encrypt_output = 0; 862 if (encrypt_debug_mode) 863 printf(">>>%s: Output is back to clear text\r\n", Name); 864 if (encrypt_verbose) 865 printf("[ Output is now clear text ]\r\n"); 866 } 867 868 void 869 encrypt_send_request_start(void) 870 { 871 unsigned char *p; 872 int i; 873 874 p = &str_start[3]; 875 *p++ = ENCRYPT_REQSTART; 876 for (i = 0; i < ki[1].keylen; ++i) { 877 if ((*p++ = ki[1].keyid[i]) == IAC) 878 *p++ = IAC; 879 } 880 *p++ = IAC; 881 *p++ = SE; 882 net_write(str_start, p - str_start); 883 printsub('>', &str_start[2], p - &str_start[2]); 884 if (encrypt_debug_mode) 885 printf(">>>%s: Request input to be encrypted\r\n", Name); 886 } 887 888 void 889 encrypt_send_request_end(void) 890 { 891 str_end[3] = ENCRYPT_REQEND; 892 net_write(str_end, sizeof(str_end)); 893 printsub('>', &str_end[2], sizeof(str_end) - 2); 894 895 if (encrypt_debug_mode) 896 printf(">>>%s: Request input to be clear text\r\n", Name); 897 } 898 899 void 900 encrypt_wait(void) 901 { 902 if (encrypt_debug_mode) 903 printf(">>>%s: in encrypt_wait\r\n", Name); 904 if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) 905 return; 906 while (autoencrypt && !encrypt_output) 907 if (telnet_spin()) 908 return; 909 } 910 911 void 912 encrypt_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) 913 { 914 char tbuf[16], *cp; 915 916 cnt -= 2; 917 data += 2; 918 buf[buflen-1] = '\0'; 919 buf[buflen-2] = '*'; 920 buflen -= 2;; 921 for (; cnt > 0; cnt--, data++) { 922 sprintf(tbuf, " %d", *data); 923 for (cp = tbuf; *cp && buflen > 0; --buflen) 924 *buf++ = *cp++; 925 if (buflen <= 0) 926 return; 927 } 928 *buf = '\0'; 929 } 930 931 void 932 encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) 933 { 934 Encryptions *ep; 935 int type = data[1]; 936 937 for (ep = encryptions; ep->type && ep->type != type; ep++) 938 ; 939 940 if (ep->printsub) 941 (*ep->printsub)(data, cnt, buf, buflen); 942 else 943 encrypt_gen_printsub(data, cnt, buf, buflen); 944 } 945 #endif /* ENCRYPTION */ 946