1 /*- 2 * Copyright (c) 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 */ 7 8 #ifndef lint 9 static char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 05/30/95"; 10 #endif /* not lint */ 11 12 /* 13 * Copyright (C) 1990 by the Massachusetts Institute of Technology 14 * 15 * Export of this software from the United States of America is assumed 16 * to require a specific license from the United States Government. 17 * It is the responsibility of any person or organization contemplating 18 * export to obtain such a license before exporting. 19 * 20 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 21 * distribute this software and its documentation for any purpose and 22 * without fee is hereby granted, provided that the above copyright 23 * notice appear in all copies and that both that copyright notice and 24 * this permission notice appear in supporting documentation, and that 25 * the name of M.I.T. not be used in advertising or publicity pertaining 26 * to distribution of the software without specific, written prior 27 * permission. M.I.T. makes no representations about the suitability of 28 * this software for any purpose. It is provided "as is" without express 29 * or implied warranty. 30 */ 31 32 #ifdef ENCRYPTION 33 34 #define ENCRYPT_NAMES 35 #include <arpa/telnet.h> 36 37 #include "encrypt.h" 38 #include "misc.h" 39 40 #ifdef __STDC__ 41 #include <stdlib.h> 42 #endif 43 #ifdef NO_STRING_H 44 #include <strings.h> 45 #else 46 #include <string.h> 47 #endif 48 49 /* 50 * These functions pointers point to the current routines 51 * for encrypting and decrypting data. 52 */ 53 void (*encrypt_output) P((unsigned char *, int)); 54 int (*decrypt_input) P((int)); 55 56 int encrypt_debug_mode = 0; 57 static int decrypt_mode = 0; 58 static int encrypt_mode = 0; 59 static int encrypt_verbose = 0; 60 static int autoencrypt = 0; 61 static int autodecrypt = 0; 62 static int havesessionkey = 0; 63 static int Server = 0; 64 static char *Name = "Noname"; 65 66 #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) 67 68 static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) 69 | typemask(ENCTYPE_DES_OFB64); 70 static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64) 71 | typemask(ENCTYPE_DES_OFB64); 72 static long i_wont_support_encrypt = 0; 73 static long i_wont_support_decrypt = 0; 74 #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) 75 #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) 76 77 static long remote_supports_encrypt = 0; 78 static long remote_supports_decrypt = 0; 79 80 static Encryptions encryptions[] = { 81 #ifdef DES_ENCRYPTION 82 { "DES_CFB64", ENCTYPE_DES_CFB64, 83 cfb64_encrypt, 84 cfb64_decrypt, 85 cfb64_init, 86 cfb64_start, 87 cfb64_is, 88 cfb64_reply, 89 cfb64_session, 90 cfb64_keyid, 91 cfb64_printsub }, 92 { "DES_OFB64", ENCTYPE_DES_OFB64, 93 ofb64_encrypt, 94 ofb64_decrypt, 95 ofb64_init, 96 ofb64_start, 97 ofb64_is, 98 ofb64_reply, 99 ofb64_session, 100 ofb64_keyid, 101 ofb64_printsub }, 102 #endif /* DES_ENCRYPTION */ 103 { 0, }, 104 }; 105 106 static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, 107 ENCRYPT_SUPPORT }; 108 static unsigned char str_suplen = 0; 109 static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; 110 static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; 111 112 Encryptions * 113 findencryption(type) 114 int type; 115 { 116 Encryptions *ep = encryptions; 117 118 if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) 119 return(0); 120 while (ep->type && ep->type != type) 121 ++ep; 122 return(ep->type ? ep : 0); 123 } 124 125 Encryptions * 126 finddecryption(type) 127 int type; 128 { 129 Encryptions *ep = encryptions; 130 131 if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) 132 return(0); 133 while (ep->type && ep->type != type) 134 ++ep; 135 return(ep->type ? ep : 0); 136 } 137 138 #define MAXKEYLEN 64 139 140 static struct key_info { 141 unsigned char keyid[MAXKEYLEN]; 142 int keylen; 143 int dir; 144 int *modep; 145 Encryptions *(*getcrypt)(); 146 } ki[2] = { 147 { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, 148 { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, 149 }; 150 151 void 152 encrypt_init(name, server) 153 char *name; 154 int server; 155 { 156 Encryptions *ep = encryptions; 157 158 Name = name; 159 Server = server; 160 i_support_encrypt = i_support_decrypt = 0; 161 remote_supports_encrypt = remote_supports_decrypt = 0; 162 encrypt_mode = 0; 163 decrypt_mode = 0; 164 encrypt_output = 0; 165 decrypt_input = 0; 166 #ifdef notdef 167 encrypt_verbose = !server; 168 #endif 169 170 str_suplen = 4; 171 172 while (ep->type) { 173 if (encrypt_debug_mode) 174 printf(">>>%s: I will support %s\r\n", 175 Name, ENCTYPE_NAME(ep->type)); 176 i_support_encrypt |= typemask(ep->type); 177 i_support_decrypt |= typemask(ep->type); 178 if ((i_wont_support_decrypt & typemask(ep->type)) == 0) 179 if ((str_send[str_suplen++] = ep->type) == IAC) 180 str_send[str_suplen++] = IAC; 181 if (ep->init) 182 (*ep->init)(Server); 183 ++ep; 184 } 185 str_send[str_suplen++] = IAC; 186 str_send[str_suplen++] = SE; 187 } 188 189 void 190 encrypt_list_types() 191 { 192 Encryptions *ep = encryptions; 193 194 printf("Valid encryption types:\n"); 195 while (ep->type) { 196 printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); 197 ++ep; 198 } 199 } 200 201 int 202 EncryptEnable(type, mode) 203 char *type, *mode; 204 { 205 if (isprefix(type, "help") || isprefix(type, "?")) { 206 printf("Usage: encrypt enable <type> [input|output]\n"); 207 encrypt_list_types(); 208 return(0); 209 } 210 if (EncryptType(type, mode)) 211 return(EncryptStart(mode)); 212 return(0); 213 } 214 215 int 216 EncryptDisable(type, mode) 217 char *type, *mode; 218 { 219 register Encryptions *ep; 220 int ret = 0; 221 222 if (isprefix(type, "help") || isprefix(type, "?")) { 223 printf("Usage: encrypt disable <type> [input|output]\n"); 224 encrypt_list_types(); 225 } else if ((ep = (Encryptions *)genget(type, encryptions, 226 sizeof(Encryptions))) == 0) { 227 printf("%s: invalid encryption type\n", type); 228 } else if (Ambiguous(ep)) { 229 printf("Ambiguous type '%s'\n", type); 230 } else { 231 if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { 232 if (decrypt_mode == ep->type) 233 EncryptStopInput(); 234 i_wont_support_decrypt |= typemask(ep->type); 235 ret = 1; 236 } 237 if ((mode == 0) || (isprefix(mode, "output"))) { 238 if (encrypt_mode == ep->type) 239 EncryptStopOutput(); 240 i_wont_support_encrypt |= typemask(ep->type); 241 ret = 1; 242 } 243 if (ret == 0) 244 printf("%s: invalid encryption mode\n", mode); 245 } 246 return(ret); 247 } 248 249 int 250 EncryptType(type, mode) 251 char *type; 252 char *mode; 253 { 254 register Encryptions *ep; 255 int ret = 0; 256 257 if (isprefix(type, "help") || isprefix(type, "?")) { 258 printf("Usage: encrypt type <type> [input|output]\n"); 259 encrypt_list_types(); 260 } else if ((ep = (Encryptions *)genget(type, encryptions, 261 sizeof(Encryptions))) == 0) { 262 printf("%s: invalid encryption type\n", type); 263 } else if (Ambiguous(ep)) { 264 printf("Ambiguous type '%s'\n", type); 265 } else { 266 if ((mode == 0) || isprefix(mode, "input")) { 267 decrypt_mode = ep->type; 268 i_wont_support_decrypt &= ~typemask(ep->type); 269 ret = 1; 270 } 271 if ((mode == 0) || isprefix(mode, "output")) { 272 encrypt_mode = ep->type; 273 i_wont_support_encrypt &= ~typemask(ep->type); 274 ret = 1; 275 } 276 if (ret == 0) 277 printf("%s: invalid encryption mode\n", mode); 278 } 279 return(ret); 280 } 281 282 int 283 EncryptStart(mode) 284 char *mode; 285 { 286 register int ret = 0; 287 if (mode) { 288 if (isprefix(mode, "input")) 289 return(EncryptStartInput()); 290 if (isprefix(mode, "output")) 291 return(EncryptStartOutput()); 292 if (isprefix(mode, "help") || isprefix(mode, "?")) { 293 printf("Usage: encrypt start [input|output]\n"); 294 return(0); 295 } 296 printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); 297 return(0); 298 } 299 ret += EncryptStartInput(); 300 ret += EncryptStartOutput(); 301 return(ret); 302 } 303 304 int 305 EncryptStartInput() 306 { 307 if (decrypt_mode) { 308 encrypt_send_request_start(); 309 return(1); 310 } 311 printf("No previous decryption mode, decryption not enabled\r\n"); 312 return(0); 313 } 314 315 int 316 EncryptStartOutput() 317 { 318 if (encrypt_mode) { 319 encrypt_start_output(encrypt_mode); 320 return(1); 321 } 322 printf("No previous encryption mode, encryption not enabled\r\n"); 323 return(0); 324 } 325 326 int 327 EncryptStop(mode) 328 char *mode; 329 { 330 int ret = 0; 331 if (mode) { 332 if (isprefix(mode, "input")) 333 return(EncryptStopInput()); 334 if (isprefix(mode, "output")) 335 return(EncryptStopOutput()); 336 if (isprefix(mode, "help") || isprefix(mode, "?")) { 337 printf("Usage: encrypt stop [input|output]\n"); 338 return(0); 339 } 340 printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); 341 return(0); 342 } 343 ret += EncryptStopInput(); 344 ret += EncryptStopOutput(); 345 return(ret); 346 } 347 348 int 349 EncryptStopInput() 350 { 351 encrypt_send_request_end(); 352 return(1); 353 } 354 355 int 356 EncryptStopOutput() 357 { 358 encrypt_send_end(); 359 return(1); 360 } 361 362 void 363 encrypt_display() 364 { 365 if (encrypt_output) 366 printf("Currently encrypting output with %s\r\n", 367 ENCTYPE_NAME(encrypt_mode)); 368 if (decrypt_input) 369 printf("Currently decrypting input with %s\r\n", 370 ENCTYPE_NAME(decrypt_mode)); 371 } 372 373 int 374 EncryptStatus() 375 { 376 if (encrypt_output) 377 printf("Currently encrypting output with %s\r\n", 378 ENCTYPE_NAME(encrypt_mode)); 379 else if (encrypt_mode) { 380 printf("Currently output is clear text.\r\n"); 381 printf("Last encryption mode was %s\r\n", 382 ENCTYPE_NAME(encrypt_mode)); 383 } 384 if (decrypt_input) { 385 printf("Currently decrypting input with %s\r\n", 386 ENCTYPE_NAME(decrypt_mode)); 387 } else if (decrypt_mode) { 388 printf("Currently input is clear text.\r\n"); 389 printf("Last decryption mode was %s\r\n", 390 ENCTYPE_NAME(decrypt_mode)); 391 } 392 return 1; 393 } 394 395 void 396 encrypt_send_support() 397 { 398 if (str_suplen) { 399 /* 400 * If the user has requested that decryption start 401 * immediatly, then send a "REQUEST START" before 402 * we negotiate the type. 403 */ 404 if (!Server && autodecrypt) 405 encrypt_send_request_start(); 406 net_write(str_send, str_suplen); 407 printsub('>', &str_send[2], str_suplen - 2); 408 str_suplen = 0; 409 } 410 } 411 412 int 413 EncryptDebug(on) 414 int on; 415 { 416 if (on < 0) 417 encrypt_debug_mode ^= 1; 418 else 419 encrypt_debug_mode = on; 420 printf("Encryption debugging %s\r\n", 421 encrypt_debug_mode ? "enabled" : "disabled"); 422 return(1); 423 } 424 425 int 426 EncryptVerbose(on) 427 int on; 428 { 429 if (on < 0) 430 encrypt_verbose ^= 1; 431 else 432 encrypt_verbose = on; 433 printf("Encryption %s verbose\r\n", 434 encrypt_verbose ? "is" : "is not"); 435 return(1); 436 } 437 438 int 439 EncryptAutoEnc(on) 440 int on; 441 { 442 encrypt_auto(on); 443 printf("Automatic encryption of output is %s\r\n", 444 autoencrypt ? "enabled" : "disabled"); 445 return(1); 446 } 447 448 int 449 EncryptAutoDec(on) 450 int on; 451 { 452 decrypt_auto(on); 453 printf("Automatic decryption of input is %s\r\n", 454 autodecrypt ? "enabled" : "disabled"); 455 return(1); 456 } 457 458 /* 459 * Called when ENCRYPT SUPPORT is received. 460 */ 461 void 462 encrypt_support(typelist, cnt) 463 unsigned char *typelist; 464 int cnt; 465 { 466 register int type, use_type = 0; 467 Encryptions *ep; 468 469 /* 470 * Forget anything the other side has previously told us. 471 */ 472 remote_supports_decrypt = 0; 473 474 while (cnt-- > 0) { 475 type = *typelist++; 476 if (encrypt_debug_mode) 477 printf(">>>%s: He is supporting %s (%d)\r\n", 478 Name, 479 ENCTYPE_NAME(type), type); 480 if ((type < ENCTYPE_CNT) && 481 (I_SUPPORT_ENCRYPT & typemask(type))) { 482 remote_supports_decrypt |= typemask(type); 483 if (use_type == 0) 484 use_type = type; 485 } 486 } 487 if (use_type) { 488 ep = findencryption(use_type); 489 if (!ep) 490 return; 491 type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; 492 if (encrypt_debug_mode) 493 printf(">>>%s: (*ep->start)() returned %d\r\n", 494 Name, type); 495 if (type < 0) 496 return; 497 encrypt_mode = use_type; 498 if (type == 0) 499 encrypt_start_output(use_type); 500 } 501 } 502 503 void 504 encrypt_is(data, cnt) 505 unsigned char *data; 506 int cnt; 507 { 508 Encryptions *ep; 509 register int type, ret; 510 511 if (--cnt < 0) 512 return; 513 type = *data++; 514 if (type < ENCTYPE_CNT) 515 remote_supports_encrypt |= typemask(type); 516 if (!(ep = finddecryption(type))) { 517 if (encrypt_debug_mode) 518 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", 519 Name, 520 ENCTYPE_NAME_OK(type) 521 ? ENCTYPE_NAME(type) : "(unknown)", 522 type); 523 return; 524 } 525 if (!ep->is) { 526 if (encrypt_debug_mode) 527 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", 528 Name, 529 ENCTYPE_NAME_OK(type) 530 ? ENCTYPE_NAME(type) : "(unknown)", 531 type); 532 ret = 0; 533 } else { 534 ret = (*ep->is)(data, cnt); 535 if (encrypt_debug_mode) 536 printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt, 537 (ret < 0) ? "FAIL " : 538 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); 539 } 540 if (ret < 0) { 541 autodecrypt = 0; 542 } else { 543 decrypt_mode = type; 544 if (ret == 0 && autodecrypt) 545 encrypt_send_request_start(); 546 } 547 } 548 549 void 550 encrypt_reply(data, cnt) 551 unsigned char *data; 552 int cnt; 553 { 554 Encryptions *ep; 555 register int ret, type; 556 557 if (--cnt < 0) 558 return; 559 type = *data++; 560 if (!(ep = findencryption(type))) { 561 if (encrypt_debug_mode) 562 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", 563 Name, 564 ENCTYPE_NAME_OK(type) 565 ? ENCTYPE_NAME(type) : "(unknown)", 566 type); 567 return; 568 } 569 if (!ep->reply) { 570 if (encrypt_debug_mode) 571 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", 572 Name, 573 ENCTYPE_NAME_OK(type) 574 ? ENCTYPE_NAME(type) : "(unknown)", 575 type); 576 ret = 0; 577 } else { 578 ret = (*ep->reply)(data, cnt); 579 if (encrypt_debug_mode) 580 printf("(*ep->reply)(%x, %d) returned %s(%d)\n", 581 data, cnt, 582 (ret < 0) ? "FAIL " : 583 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); 584 } 585 if (encrypt_debug_mode) 586 printf(">>>%s: encrypt_reply returned %d\n", Name, ret); 587 if (ret < 0) { 588 autoencrypt = 0; 589 } else { 590 encrypt_mode = type; 591 if (ret == 0 && autoencrypt) 592 encrypt_start_output(type); 593 } 594 } 595 596 /* 597 * Called when a ENCRYPT START command is received. 598 */ 599 void 600 encrypt_start(data, cnt) 601 unsigned char *data; 602 int cnt; 603 { 604 Encryptions *ep; 605 606 if (!decrypt_mode) { 607 /* 608 * Something is wrong. We should not get a START 609 * command without having already picked our 610 * decryption scheme. Send a REQUEST-END to 611 * attempt to clear the channel... 612 */ 613 printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); 614 encrypt_send_request_end(); 615 return; 616 } 617 618 if (ep = finddecryption(decrypt_mode)) { 619 decrypt_input = ep->input; 620 if (encrypt_verbose) 621 printf("[ Input is now decrypted with type %s ]\r\n", 622 ENCTYPE_NAME(decrypt_mode)); 623 if (encrypt_debug_mode) 624 printf(">>>%s: Start to decrypt input with type %s\r\n", 625 Name, ENCTYPE_NAME(decrypt_mode)); 626 } else { 627 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", 628 Name, 629 ENCTYPE_NAME_OK(decrypt_mode) 630 ? ENCTYPE_NAME(decrypt_mode) 631 : "(unknown)", 632 decrypt_mode); 633 encrypt_send_request_end(); 634 } 635 } 636 637 void 638 encrypt_session_key(key, server) 639 Session_Key *key; 640 int server; 641 { 642 Encryptions *ep = encryptions; 643 644 havesessionkey = 1; 645 646 while (ep->type) { 647 if (ep->session) 648 (*ep->session)(key, server); 649 #ifdef notdef 650 if (!encrypt_output && autoencrypt && !server) 651 encrypt_start_output(ep->type); 652 if (!decrypt_input && autodecrypt && !server) 653 encrypt_send_request_start(); 654 #endif 655 ++ep; 656 } 657 } 658 659 /* 660 * Called when ENCRYPT END is received. 661 */ 662 void 663 encrypt_end() 664 { 665 decrypt_input = 0; 666 if (encrypt_debug_mode) 667 printf(">>>%s: Input is back to clear text\r\n", Name); 668 if (encrypt_verbose) 669 printf("[ Input is now clear text ]\r\n"); 670 } 671 672 /* 673 * Called when ENCRYPT REQUEST-END is received. 674 */ 675 void 676 encrypt_request_end() 677 { 678 encrypt_send_end(); 679 } 680 681 /* 682 * Called when ENCRYPT REQUEST-START is received. If we receive 683 * this before a type is picked, then that indicates that the 684 * other side wants us to start encrypting data as soon as we 685 * can. 686 */ 687 void 688 encrypt_request_start(data, cnt) 689 unsigned char *data; 690 int cnt; 691 { 692 if (encrypt_mode == 0) { 693 if (Server) 694 autoencrypt = 1; 695 return; 696 } 697 encrypt_start_output(encrypt_mode); 698 } 699 700 static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; 701 702 encrypt_enc_keyid(keyid, len) 703 unsigned char *keyid; 704 int len; 705 { 706 encrypt_keyid(&ki[1], keyid, len); 707 } 708 709 encrypt_dec_keyid(keyid, len) 710 unsigned char *keyid; 711 int len; 712 { 713 encrypt_keyid(&ki[0], keyid, len); 714 } 715 716 encrypt_keyid(kp, keyid, len) 717 struct key_info *kp; 718 unsigned char *keyid; 719 int len; 720 { 721 Encryptions *ep; 722 unsigned char *strp, *cp; 723 int dir = kp->dir; 724 register int ret = 0; 725 726 if (!(ep = (*kp->getcrypt)(*kp->modep))) { 727 if (len == 0) 728 return; 729 kp->keylen = 0; 730 } else if (len == 0) { 731 /* 732 * Empty option, indicates a failure. 733 */ 734 if (kp->keylen == 0) 735 return; 736 kp->keylen = 0; 737 if (ep->keyid) 738 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 739 740 } else if ((len != kp->keylen) || 741 (memcmp(keyid, kp->keyid, len) != 0)) { 742 /* 743 * Length or contents are different 744 */ 745 kp->keylen = len; 746 memmove(kp->keyid, keyid, len); 747 if (ep->keyid) 748 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 749 } else { 750 if (ep->keyid) 751 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); 752 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) 753 encrypt_start_output(*kp->modep); 754 return; 755 } 756 757 encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); 758 } 759 760 void 761 encrypt_send_keyid(dir, keyid, keylen, saveit) 762 int dir; 763 unsigned char *keyid; 764 int keylen; 765 int saveit; 766 { 767 unsigned char *strp; 768 769 str_keyid[3] = (dir == DIR_ENCRYPT) 770 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; 771 if (saveit) { 772 struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; 773 memmove(kp->keyid, keyid, keylen); 774 kp->keylen = keylen; 775 } 776 777 for (strp = &str_keyid[4]; keylen > 0; --keylen) { 778 if ((*strp++ = *keyid++) == IAC) 779 *strp++ = IAC; 780 } 781 *strp++ = IAC; 782 *strp++ = SE; 783 net_write(str_keyid, strp - str_keyid); 784 printsub('>', &str_keyid[2], strp - str_keyid - 2); 785 } 786 787 void 788 encrypt_auto(on) 789 int on; 790 { 791 if (on < 0) 792 autoencrypt ^= 1; 793 else 794 autoencrypt = on ? 1 : 0; 795 } 796 797 void 798 decrypt_auto(on) 799 int on; 800 { 801 if (on < 0) 802 autodecrypt ^= 1; 803 else 804 autodecrypt = on ? 1 : 0; 805 } 806 807 void 808 encrypt_start_output(type) 809 int type; 810 { 811 Encryptions *ep; 812 register unsigned char *p; 813 register int i; 814 815 if (!(ep = findencryption(type))) { 816 if (encrypt_debug_mode) { 817 printf(">>>%s: Can't encrypt with type %s (%d)\r\n", 818 Name, 819 ENCTYPE_NAME_OK(type) 820 ? ENCTYPE_NAME(type) : "(unknown)", 821 type); 822 } 823 return; 824 } 825 if (ep->start) { 826 i = (*ep->start)(DIR_ENCRYPT, Server); 827 if (encrypt_debug_mode) { 828 printf(">>>%s: Encrypt start: %s (%d) %s\r\n", 829 Name, 830 (i < 0) ? "failed" : 831 "initial negotiation in progress", 832 i, ENCTYPE_NAME(type)); 833 } 834 if (i) 835 return; 836 } 837 p = str_start + 3; 838 *p++ = ENCRYPT_START; 839 for (i = 0; i < ki[0].keylen; ++i) { 840 if ((*p++ = ki[0].keyid[i]) == IAC) 841 *p++ = IAC; 842 } 843 *p++ = IAC; 844 *p++ = SE; 845 net_write(str_start, p - str_start); 846 net_encrypt(); 847 printsub('>', &str_start[2], p - &str_start[2]); 848 /* 849 * If we are already encrypting in some mode, then 850 * encrypt the ring (which includes our request) in 851 * the old mode, mark it all as "clear text" and then 852 * switch to the new mode. 853 */ 854 encrypt_output = ep->output; 855 encrypt_mode = type; 856 if (encrypt_debug_mode) 857 printf(">>>%s: Started to encrypt output with type %s\r\n", 858 Name, ENCTYPE_NAME(type)); 859 if (encrypt_verbose) 860 printf("[ Output is now encrypted with type %s ]\r\n", 861 ENCTYPE_NAME(type)); 862 } 863 864 void 865 encrypt_send_end() 866 { 867 if (!encrypt_output) 868 return; 869 870 str_end[3] = ENCRYPT_END; 871 net_write(str_end, sizeof(str_end)); 872 net_encrypt(); 873 printsub('>', &str_end[2], sizeof(str_end) - 2); 874 /* 875 * Encrypt the output buffer now because it will not be done by 876 * netflush... 877 */ 878 encrypt_output = 0; 879 if (encrypt_debug_mode) 880 printf(">>>%s: Output is back to clear text\r\n", Name); 881 if (encrypt_verbose) 882 printf("[ Output is now clear text ]\r\n"); 883 } 884 885 void 886 encrypt_send_request_start() 887 { 888 register unsigned char *p; 889 register int i; 890 891 p = &str_start[3]; 892 *p++ = ENCRYPT_REQSTART; 893 for (i = 0; i < ki[1].keylen; ++i) { 894 if ((*p++ = ki[1].keyid[i]) == IAC) 895 *p++ = IAC; 896 } 897 *p++ = IAC; 898 *p++ = SE; 899 net_write(str_start, p - str_start); 900 printsub('>', &str_start[2], p - &str_start[2]); 901 if (encrypt_debug_mode) 902 printf(">>>%s: Request input to be encrypted\r\n", Name); 903 } 904 905 void 906 encrypt_send_request_end() 907 { 908 str_end[3] = ENCRYPT_REQEND; 909 net_write(str_end, sizeof(str_end)); 910 printsub('>', &str_end[2], sizeof(str_end) - 2); 911 912 if (encrypt_debug_mode) 913 printf(">>>%s: Request input to be clear text\r\n", Name); 914 } 915 916 void 917 encrypt_wait() 918 { 919 register int encrypt, decrypt; 920 if (encrypt_debug_mode) 921 printf(">>>%s: in encrypt_wait\r\n", Name); 922 if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) 923 return; 924 while (autoencrypt && !encrypt_output) 925 if (telnet_spin()) 926 return; 927 } 928 929 void 930 encrypt_debug(mode) 931 int mode; 932 { 933 encrypt_debug_mode = mode; 934 } 935 936 void 937 encrypt_gen_printsub(data, cnt, buf, buflen) 938 unsigned char *data, *buf; 939 int cnt, buflen; 940 { 941 char tbuf[16], *cp; 942 943 cnt -= 2; 944 data += 2; 945 buf[buflen-1] = '\0'; 946 buf[buflen-2] = '*'; 947 buflen -= 2;; 948 for (; cnt > 0; cnt--, data++) { 949 sprintf(tbuf, " %d", *data); 950 for (cp = tbuf; *cp && buflen > 0; --buflen) 951 *buf++ = *cp++; 952 if (buflen <= 0) 953 return; 954 } 955 *buf = '\0'; 956 } 957 958 void 959 encrypt_printsub(data, cnt, buf, buflen) 960 unsigned char *data, *buf; 961 int cnt, buflen; 962 { 963 Encryptions *ep; 964 register int type = data[1]; 965 966 for (ep = encryptions; ep->type && ep->type != type; ep++) 967 ; 968 969 if (ep->printsub) 970 (*ep->printsub)(data, cnt, buf, buflen); 971 else 972 encrypt_gen_printsub(data, cnt, buf, buflen); 973 } 974 #endif /* ENCRYPTION */ 975