1 /*- 2 * Copyright (c) 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 */ 7 8 #ifndef lint 9 static char sccsid[] = "@(#)encrypt.c 8.1 (Berkeley) 06/04/93"; 10 #endif /* not lint */ 11 12 /* 13 * Copyright (C) 1990 by the Massachusetts Institute of Technology 14 * 15 * Export of this software from the United States of America is assumed 16 * to require a specific license from the United States Government. 17 * It is the responsibility of any person or organization contemplating 18 * export to obtain such a license before exporting. 19 * 20 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 21 * distribute this software and its documentation for any purpose and 22 * without fee is hereby granted, provided that the above copyright 23 * notice appear in all copies and that both that copyright notice and 24 * this permission notice appear in supporting documentation, and that 25 * the name of M.I.T. not be used in advertising or publicity pertaining 26 * to distribution of the software without specific, written prior 27 * permission. M.I.T. makes no representations about the suitability of 28 * this software for any purpose. It is provided "as is" without express 29 * or implied warranty. 30 */ 31 32 #ifdef ENCRYPTION 33 34 #define ENCRYPT_NAMES 35 #include <arpa/telnet.h> 36 37 #include "encrypt.h" 38 #include "misc.h" 39 40 #ifdef __STDC__ 41 #include <stdlib.h> 42 #endif 43 #ifdef NO_STRING_H 44 #include <strings.h> 45 #else 46 #include <string.h> 47 #endif 48 49 /* 50 * These functions pointers point to the current routines 51 * for encrypting and decrypting data. 52 */ 53 void (*encrypt_output) P((unsigned char *, int)); 54 int (*decrypt_input) P((int)); 55 56 int encrypt_debug_mode = 0; 57 static int decrypt_mode = 0; 58 static int encrypt_mode = 0; 59 static int encrypt_verbose = 0; 60 static int autoencrypt = 0; 61 static int autodecrypt = 0; 62 static int havesessionkey = 0; 63 static int Server = 0; 64 static char *Name = "Noname"; 65 66 #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) 67 68 static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) 69 | typemask(ENCTYPE_DES_OFB64); 70 static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64) 71 | typemask(ENCTYPE_DES_OFB64); 72 static long i_wont_support_encrypt = 0; 73 static long i_wont_support_decrypt = 0; 74 #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) 75 #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) 76 77 static long remote_supports_encrypt = 0; 78 static long remote_supports_decrypt = 0; 79 80 static Encryptions encryptions[] = { 81 #ifdef DES_ENCRYPTION 82 { "DES_CFB64", ENCTYPE_DES_CFB64, 83 cfb64_encrypt, 84 cfb64_decrypt, 85 cfb64_init, 86 cfb64_start, 87 cfb64_is, 88 cfb64_reply, 89 cfb64_session, 90 cfb64_keyid, 91 cfb64_printsub }, 92 { "DES_OFB64", ENCTYPE_DES_OFB64, 93 ofb64_encrypt, 94 ofb64_decrypt, 95 ofb64_init, 96 ofb64_start, 97 ofb64_is, 98 ofb64_reply, 99 ofb64_session, 100 ofb64_keyid, 101 ofb64_printsub }, 102 #endif /* DES_ENCRYPTION */ 103 { 0, }, 104 }; 105 106 static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, 107 ENCRYPT_SUPPORT }; 108 static unsigned char str_suplen = 0; 109 static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; 110 static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; 111 112 Encryptions * 113 findencryption(type) 114 int type; 115 { 116 Encryptions *ep = encryptions; 117 118 if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) 119 return(0); 120 while (ep->type && ep->type != type) 121 ++ep; 122 return(ep->type ? ep : 0); 123 } 124 125 Encryptions * 126 finddecryption(type) 127 int type; 128 { 129 Encryptions *ep = encryptions; 130 131 if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) 132 return(0); 133 while (ep->type && ep->type != type) 134 ++ep; 135 return(ep->type ? ep : 0); 136 } 137 138 #define MAXKEYLEN 64 139 140 static struct key_info { 141 unsigned char keyid[MAXKEYLEN]; 142 int keylen; 143 int dir; 144 int *modep; 145 Encryptions *(*getcrypt)(); 146 } ki[2] = { 147 { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, 148 { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, 149 }; 150 151 void 152 encrypt_init(name, server) 153 char *name; 154 int server; 155 { 156 Encryptions *ep = encryptions; 157 158 Name = name; 159 Server = server; 160 i_support_encrypt = i_support_decrypt = 0; 161 remote_supports_encrypt = remote_supports_decrypt = 0; 162 encrypt_mode = 0; 163 decrypt_mode = 0; 164 encrypt_output = 0; 165 decrypt_input = 0; 166 #ifdef notdef 167 encrypt_verbose = !server; 168 #endif 169 170 str_suplen = 4; 171 172 while (ep->type) { 173 if (encrypt_debug_mode) 174 printf(">>>%s: I will support %s\r\n", 175 Name, ENCTYPE_NAME(ep->type)); 176 i_support_encrypt |= typemask(ep->type); 177 i_support_decrypt |= typemask(ep->type); 178 if ((i_wont_support_decrypt & typemask(ep->type)) == 0) 179 if ((str_send[str_suplen++] = ep->type) == IAC) 180 str_send[str_suplen++] = IAC; 181 if (ep->init) 182 (*ep->init)(Server); 183 ++ep; 184 } 185 str_send[str_suplen++] = IAC; 186 str_send[str_suplen++] = SE; 187 } 188 189 void 190 encrypt_list_types() 191 { 192 Encryptions *ep = encryptions; 193 194 printf("Valid encryption types:\n"); 195 while (ep->type) { 196 printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); 197 ++ep; 198 } 199 } 200 201 int 202 EncryptEnable(type, mode) 203 char *type, *mode; 204 { 205 if (isprefix(type, "help") || isprefix(type, "?")) { 206 printf("Usage: encrypt enable <type> [input|output]\n"); 207 encrypt_list_types(); 208 return(0); 209 } 210 if (EncryptType(type, mode)) 211 return(EncryptStart(mode)); 212 return(0); 213 } 214 215 int 216 EncryptDisable(type, mode) 217 char *type, *mode; 218 { 219 register Encryptions *ep; 220 int ret = 0; 221 222 if (isprefix(type, "help") || isprefix(type, "?")) { 223 printf("Usage: encrypt disable <type> [input|output]\n"); 224 encrypt_list_types(); 225 } else if ((ep = (Encryptions *)genget(type, encryptions, 226 sizeof(Encryptions))) == 0) { 227 printf("%s: invalid encryption type\n", type); 228 } else if (Ambiguous(ep)) { 229 printf("Ambiguous type '%s'\n", type); 230 } else { 231 if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { 232 if (decrypt_mode == ep->type) 233 EncryptStopInput(); 234 i_wont_support_decrypt |= typemask(ep->type); 235 ret = 1; 236 } 237 if ((mode == 0) || (isprefix(mode, "output"))) { 238 if (encrypt_mode == ep->type) 239 EncryptStopOutput(); 240 i_wont_support_encrypt |= typemask(ep->type); 241 ret = 1; 242 } 243 if (ret == 0) 244 printf("%s: invalid encryption mode\n", mode); 245 } 246 return(ret); 247 } 248 249 int 250 EncryptType(type, mode) 251 char *type; 252 char *mode; 253 { 254 register Encryptions *ep; 255 int ret = 0; 256 257 if (isprefix(type, "help") || isprefix(type, "?")) { 258 printf("Usage: encrypt type <type> [input|output]\n"); 259 encrypt_list_types(); 260 } else if ((ep = (Encryptions *)genget(type, encryptions, 261 sizeof(Encryptions))) == 0) { 262 printf("%s: invalid encryption type\n", type); 263 } else if (Ambiguous(ep)) { 264 printf("Ambiguous type '%s'\n", type); 265 } else { 266 if ((mode == 0) || isprefix(mode, "input")) { 267 decrypt_mode = ep->type; 268 i_wont_support_decrypt &= ~typemask(ep->type); 269 ret = 1; 270 } 271 if ((mode == 0) || isprefix(mode, "output")) { 272 encrypt_mode = ep->type; 273 i_wont_support_encrypt &= ~typemask(ep->type); 274 ret = 1; 275 } 276 if (ret == 0) 277 printf("%s: invalid encryption mode\n", mode); 278 } 279 return(ret); 280 } 281 282 int 283 EncryptStart(mode) 284 char *mode; 285 { 286 register int ret = 0; 287 if (mode) { 288 if (isprefix(mode, "input")) 289 return(EncryptStartInput()); 290 if (isprefix(mode, "output")) 291 return(EncryptStartOutput()); 292 if (isprefix(mode, "help") || isprefix(mode, "?")) { 293 printf("Usage: encrypt start [input|output]\n"); 294 return(0); 295 } 296 printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); 297 return(0); 298 } 299 ret += EncryptStartInput(); 300 ret += EncryptStartOutput(); 301 return(ret); 302 } 303 304 int 305 EncryptStartInput() 306 { 307 if (decrypt_mode) { 308 encrypt_send_request_start(); 309 return(1); 310 } 311 printf("No previous decryption mode, decryption not enabled\r\n"); 312 return(0); 313 } 314 315 int 316 EncryptStartOutput() 317 { 318 if (encrypt_mode) { 319 encrypt_start_output(encrypt_mode); 320 return(1); 321 } 322 printf("No previous encryption mode, encryption not enabled\r\n"); 323 return(0); 324 } 325 326 int 327 EncryptStop(mode) 328 char *mode; 329 { 330 int ret = 0; 331 if (mode) { 332 if (isprefix(mode, "input")) 333 return(EncryptStopInput()); 334 if (isprefix(mode, "output")) 335 return(EncryptStopOutput()); 336 if (isprefix(mode, "help") || isprefix(mode, "?")) { 337 printf("Usage: encrypt stop [input|output]\n"); 338 return(0); 339 } 340 printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); 341 return(0); 342 } 343 ret += EncryptStopInput(); 344 ret += EncryptStopOutput(); 345 return(ret); 346 } 347 348 int 349 EncryptStopInput() 350 { 351 encrypt_send_request_end(); 352 return(1); 353 } 354 355 int 356 EncryptStopOutput() 357 { 358 encrypt_send_end(); 359 return(1); 360 } 361 362 void 363 encrypt_display() 364 { 365 if (encrypt_output) 366 printf("Currently encrypting output with %s\r\n", 367 ENCTYPE_NAME(encrypt_mode)); 368 if (decrypt_input) 369 printf("Currently decrypting input with %s\r\n", 370 ENCTYPE_NAME(decrypt_mode)); 371 } 372 373 int 374 EncryptStatus() 375 { 376 if (encrypt_output) 377 printf("Currently encrypting output with %s\r\n", 378 ENCTYPE_NAME(encrypt_mode)); 379 else if (encrypt_mode) { 380 printf("Currently output is clear text.\r\n"); 381 printf("Last encryption mode was %s\r\n", 382 ENCTYPE_NAME(encrypt_mode)); 383 } 384 if (decrypt_input) { 385 printf("Currently decrypting input with %s\r\n", 386 ENCTYPE_NAME(decrypt_mode)); 387 } else if (decrypt_mode) { 388 printf("Currently input is clear text.\r\n"); 389 printf("Last decryption mode was %s\r\n", 390 ENCTYPE_NAME(decrypt_mode)); 391 } 392 return 1; 393 } 394 395 void 396 encrypt_send_support() 397 { 398 if (str_suplen) { 399 /* 400 * If the user has requested that decryption start 401 * immediatly, then send a "REQUEST START" before 402 * we negotiate the type. 403 */ 404 if (!Server && autodecrypt) 405 encrypt_send_request_start(); 406 net_write(str_send, str_suplen); 407 printsub('>', &str_send[2], str_suplen - 2); 408 str_suplen = 0; 409 } 410 } 411 412 int 413 EncryptDebug(on) 414 int on; 415 { 416 if (on < 0) 417 encrypt_debug_mode ^= 1; 418 else 419 encrypt_debug_mode = on; 420 printf("Encryption debugging %s\r\n", 421 encrypt_debug_mode ? "enabled" : "disabled"); 422 return(1); 423 } 424 425 int 426 EncryptVerbose(on) 427 int on; 428 { 429 if (on < 0) 430 encrypt_verbose ^= 1; 431 else 432 encrypt_verbose = on; 433 printf("Encryption %s verbose\r\n", 434 encrypt_verbose ? "is" : "is not"); 435 return(1); 436 } 437 438 int 439 EncryptAutoEnc(on) 440 int on; 441 { 442 encrypt_auto(on); 443 printf("Automatic encryption of output is %s\r\n", 444 autoencrypt ? "enabled" : "disabled"); 445 return(1); 446 } 447 448 int 449 EncryptAutoDec(on) 450 int on; 451 { 452 decrypt_auto(on); 453 printf("Automatic decryption of input is %s\r\n", 454 autodecrypt ? "enabled" : "disabled"); 455 return(1); 456 } 457 458 /* 459 * Called when ENCRYPT SUPPORT is received. 460 */ 461 void 462 encrypt_support(typelist, cnt) 463 unsigned char *typelist; 464 int cnt; 465 { 466 register int type, use_type = 0; 467 Encryptions *ep; 468 469 /* 470 * Forget anything the other side has previously told us. 471 */ 472 remote_supports_decrypt = 0; 473 474 while (cnt-- > 0) { 475 type = *typelist++; 476 if (encrypt_debug_mode) 477 printf(">>>%s: He is supporting %s (%d)\r\n", 478 Name, 479 ENCTYPE_NAME(type), type); 480 if ((type < ENCTYPE_CNT) && 481 (I_SUPPORT_ENCRYPT & typemask(type))) { 482 remote_supports_decrypt |= typemask(type); 483 if (use_type == 0) 484 use_type = type; 485 } 486 } 487 if (use_type) { 488 ep = findencryption(use_type); 489 if (!ep) 490 return; 491 type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; 492 if (encrypt_debug_mode) 493 printf(">>>%s: (*ep->start)() returned %d\r\n", 494 Name, type); 495 if (type < 0) 496 return; 497 encrypt_mode = use_type; 498 if (type == 0) 499 encrypt_start_output(use_type); 500 } 501 } 502 503 void 504 encrypt_is(data, cnt) 505 unsigned char *data; 506 int cnt; 507 { 508 Encryptions *ep; 509 register int type, ret; 510 511 if (--cnt < 0) 512 return; 513 type = *data++; 514 if (type < ENCTYPE_CNT) 515 remote_supports_encrypt |= typemask(type); 516 if (!(ep = finddecryption(type))) { 517 if (encrypt_debug_mode) 518 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", 519 Name, 520 ENCTYPE_NAME_OK(type) 521 ? ENCTYPE_NAME(type) : "(unknown)", 522 type); 523 return; 524 } 525 if (!ep->is) { 526 if (encrypt_debug_mode) 527 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", 528 Name, 529 ENCTYPE_NAME_OK(type) 530 ? ENCTYPE_NAME(type) : "(unknown)", 531 type); 532 ret = 0; 533 } else { 534 ret = (*ep->is)(data, cnt); 535 if (encrypt_debug_mode) 536 printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt, 537 (ret < 0) ? "FAIL " : 538 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); 539 } 540 if (ret < 0) { 541 autodecrypt = 0; 542 } else { 543 decrypt_mode = type; 544 if (ret == 0 && autodecrypt) 545 encrypt_send_request_start(); 546 } 547 } 548 549 void 550 encrypt_reply(data, cnt) 551 unsigned char *data; 552 int cnt; 553 { 554 Encryptions *ep; 555 register int ret, type; 556 557 if (--cnt < 0) 558 return; 559 type = *data++; 560 if (!(ep = findencryption(type))) { 561 if (encrypt_debug_mode) 562 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", 563 Name, 564 ENCTYPE_NAME_OK(type) 565 ? ENCTYPE_NAME(type) : "(unknown)", 566 type); 567 return; 568 } 569 if (!ep->reply) { 570 if (encrypt_debug_mode) 571 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", 572 Name, 573 ENCTYPE_NAME_OK(type) 574 ? ENCTYPE_NAME(type) : "(unknown)", 575 type); 576 ret = 0; 577 } else { 578 ret = (*ep->reply)(data, cnt); 579 if (encrypt_debug_mode) 580 printf("(*ep->reply)(%x, %d) returned %s(%d)\n", 581 data, cnt, 582 (ret < 0) ? "FAIL " : 583 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); 584 } 585 if (encrypt_debug_mode) 586 printf(">>>%s: encrypt_reply returned %d\n", Name, ret); 587 if (ret < 0) { 588 autoencrypt = 0; 589 } else { 590 encrypt_mode = type; 591 if (ret == 0 && autoencrypt) 592 encrypt_start_output(type); 593 } 594 } 595 596 /* 597 * Called when a ENCRYPT START command is received. 598 */ 599 void 600 encrypt_start(data, cnt) 601 unsigned char *data; 602 int cnt; 603 { 604 Encryptions *ep; 605 606 if (!decrypt_mode) { 607 /* 608 * Something is wrong. We should not get a START 609 * command without having already picked our 610 * decryption scheme. Send a REQUEST-END to 611 * attempt to clear the channel... 612 */ 613 printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); 614 encrypt_send_request_end(); 615 return; 616 } 617 618 if (ep = finddecryption(decrypt_mode)) { 619 decrypt_input = ep->input; 620 if (encrypt_verbose) 621 printf("[ Input is now decrypted with type %s ]\r\n", 622 ENCTYPE_NAME(decrypt_mode)); 623 if (encrypt_debug_mode) 624 printf(">>>%s: Start to decrypt input with type %s\r\n", 625 Name, ENCTYPE_NAME(decrypt_mode)); 626 } else { 627 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", 628 Name, 629 ENCTYPE_NAME_OK(decrypt_mode) 630 ? ENCTYPE_NAME(decrypt_mode) 631 : "(unknown)", 632 decrypt_mode); 633 encrypt_send_request_end(); 634 } 635 } 636 637 void 638 encrypt_session_key(key, server) 639 Session_Key *key; 640 int server; 641 { 642 Encryptions *ep = encryptions; 643 644 havesessionkey = 1; 645 646 while (ep->type) { 647 if (ep->session) 648 (*ep->session)(key, server); 649 #ifdef notdef 650 if (!encrypt_output && autoencrypt && !server) 651 encrypt_start_output(ep->type); 652 if (!decrypt_input && autodecrypt && !server) 653 encrypt_send_request_start(); 654 #endif 655 ++ep; 656 } 657 } 658 659 /* 660 * Called when ENCRYPT END is received. 661 */ 662 void 663 encrypt_end() 664 { 665 decrypt_input = 0; 666 if (encrypt_debug_mode) 667 printf(">>>%s: Input is back to clear text\r\n", Name); 668 if (encrypt_verbose) 669 printf("[ Input is now clear text ]\r\n"); 670 } 671 672 /* 673 * Called when ENCRYPT REQUEST-END is received. 674 */ 675 void 676 encrypt_request_end() 677 { 678 encrypt_send_end(); 679 } 680 681 /* 682 * Called when ENCRYPT REQUEST-START is received. If we receive 683 * this before a type is picked, then that indicates that the 684 * other side wants us to start encrypting data as soon as we 685 * can. 686 */ 687 void 688 encrypt_request_start(data, cnt) 689 unsigned char *data; 690 int cnt; 691 { 692 if (encrypt_mode == 0) { 693 if (Server) 694 autoencrypt = 1; 695 return; 696 } 697 encrypt_start_output(encrypt_mode); 698 } 699 700 static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; 701 702 encrypt_enc_keyid(keyid, len) 703 unsigned char *keyid; 704 int len; 705 { 706 encrypt_keyid(&ki[1], keyid, len); 707 } 708 709 encrypt_dec_keyid(keyid, len) 710 unsigned char *keyid; 711 int len; 712 { 713 encrypt_keyid(&ki[0], keyid, len); 714 } 715 716 encrypt_keyid(kp, keyid, len) 717 struct key_info *kp; 718 unsigned char *keyid; 719 int len; 720 { 721 Encryptions *ep; 722 unsigned char *strp, *cp; 723 int dir = kp->dir; 724 register int ret = 0; 725 726 if (!(ep = (*kp->getcrypt)(*kp->modep))) { 727 if (len == 0) 728 return; 729 kp->keylen = 0; 730 } else if (len == 0) { 731 /* 732 * Empty option, indicates a failure. 733 */ 734 if (kp->keylen == 0) 735 return; 736 kp->keylen = 0; 737 if (ep->keyid) 738 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 739 740 } else if ((len != kp->keylen) || (bcmp(keyid, kp->keyid, len) != 0)) { 741 /* 742 * Length or contents are different 743 */ 744 kp->keylen = len; 745 bcopy(keyid, kp->keyid, len); 746 if (ep->keyid) 747 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); 748 } else { 749 if (ep->keyid) 750 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); 751 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) 752 encrypt_start_output(*kp->modep); 753 return; 754 } 755 756 encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); 757 } 758 759 void 760 encrypt_send_keyid(dir, keyid, keylen, saveit) 761 int dir; 762 unsigned char *keyid; 763 int keylen; 764 int saveit; 765 { 766 unsigned char *strp; 767 768 str_keyid[3] = (dir == DIR_ENCRYPT) 769 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; 770 if (saveit) { 771 struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; 772 bcopy(keyid, kp->keyid, keylen); 773 kp->keylen = keylen; 774 } 775 776 for (strp = &str_keyid[4]; keylen > 0; --keylen) { 777 if ((*strp++ = *keyid++) == IAC) 778 *strp++ = IAC; 779 } 780 *strp++ = IAC; 781 *strp++ = SE; 782 net_write(str_keyid, strp - str_keyid); 783 printsub('>', &str_keyid[2], strp - str_keyid - 2); 784 } 785 786 void 787 encrypt_auto(on) 788 int on; 789 { 790 if (on < 0) 791 autoencrypt ^= 1; 792 else 793 autoencrypt = on ? 1 : 0; 794 } 795 796 void 797 decrypt_auto(on) 798 int on; 799 { 800 if (on < 0) 801 autodecrypt ^= 1; 802 else 803 autodecrypt = on ? 1 : 0; 804 } 805 806 void 807 encrypt_start_output(type) 808 int type; 809 { 810 Encryptions *ep; 811 register unsigned char *p; 812 register int i; 813 814 if (!(ep = findencryption(type))) { 815 if (encrypt_debug_mode) { 816 printf(">>>%s: Can't encrypt with type %s (%d)\r\n", 817 Name, 818 ENCTYPE_NAME_OK(type) 819 ? ENCTYPE_NAME(type) : "(unknown)", 820 type); 821 } 822 return; 823 } 824 if (ep->start) { 825 i = (*ep->start)(DIR_ENCRYPT, Server); 826 if (encrypt_debug_mode) { 827 printf(">>>%s: Encrypt start: %s (%d) %s\r\n", 828 Name, 829 (i < 0) ? "failed" : 830 "initial negotiation in progress", 831 i, ENCTYPE_NAME(type)); 832 } 833 if (i) 834 return; 835 } 836 p = str_start + 3; 837 *p++ = ENCRYPT_START; 838 for (i = 0; i < ki[0].keylen; ++i) { 839 if ((*p++ = ki[0].keyid[i]) == IAC) 840 *p++ = IAC; 841 } 842 *p++ = IAC; 843 *p++ = SE; 844 net_write(str_start, p - str_start); 845 net_encrypt(); 846 printsub('>', &str_start[2], p - &str_start[2]); 847 /* 848 * If we are already encrypting in some mode, then 849 * encrypt the ring (which includes our request) in 850 * the old mode, mark it all as "clear text" and then 851 * switch to the new mode. 852 */ 853 encrypt_output = ep->output; 854 encrypt_mode = type; 855 if (encrypt_debug_mode) 856 printf(">>>%s: Started to encrypt output with type %s\r\n", 857 Name, ENCTYPE_NAME(type)); 858 if (encrypt_verbose) 859 printf("[ Output is now encrypted with type %s ]\r\n", 860 ENCTYPE_NAME(type)); 861 } 862 863 void 864 encrypt_send_end() 865 { 866 if (!encrypt_output) 867 return; 868 869 str_end[3] = ENCRYPT_END; 870 net_write(str_end, sizeof(str_end)); 871 net_encrypt(); 872 printsub('>', &str_end[2], sizeof(str_end) - 2); 873 /* 874 * Encrypt the output buffer now because it will not be done by 875 * netflush... 876 */ 877 encrypt_output = 0; 878 if (encrypt_debug_mode) 879 printf(">>>%s: Output is back to clear text\r\n", Name); 880 if (encrypt_verbose) 881 printf("[ Output is now clear text ]\r\n"); 882 } 883 884 void 885 encrypt_send_request_start() 886 { 887 register unsigned char *p; 888 register int i; 889 890 p = &str_start[3]; 891 *p++ = ENCRYPT_REQSTART; 892 for (i = 0; i < ki[1].keylen; ++i) { 893 if ((*p++ = ki[1].keyid[i]) == IAC) 894 *p++ = IAC; 895 } 896 *p++ = IAC; 897 *p++ = SE; 898 net_write(str_start, p - str_start); 899 printsub('>', &str_start[2], p - &str_start[2]); 900 if (encrypt_debug_mode) 901 printf(">>>%s: Request input to be encrypted\r\n", Name); 902 } 903 904 void 905 encrypt_send_request_end() 906 { 907 str_end[3] = ENCRYPT_REQEND; 908 net_write(str_end, sizeof(str_end)); 909 printsub('>', &str_end[2], sizeof(str_end) - 2); 910 911 if (encrypt_debug_mode) 912 printf(">>>%s: Request input to be clear text\r\n", Name); 913 } 914 915 void 916 encrypt_wait() 917 { 918 register int encrypt, decrypt; 919 if (encrypt_debug_mode) 920 printf(">>>%s: in encrypt_wait\r\n", Name); 921 if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) 922 return; 923 while (autoencrypt && !encrypt_output) 924 if (telnet_spin()) 925 return; 926 } 927 928 void 929 encrypt_debug(mode) 930 int mode; 931 { 932 encrypt_debug_mode = mode; 933 } 934 935 void 936 encrypt_gen_printsub(data, cnt, buf, buflen) 937 unsigned char *data, *buf; 938 int cnt, buflen; 939 { 940 char tbuf[16], *cp; 941 942 cnt -= 2; 943 data += 2; 944 buf[buflen-1] = '\0'; 945 buf[buflen-2] = '*'; 946 buflen -= 2;; 947 for (; cnt > 0; cnt--, data++) { 948 sprintf(tbuf, " %d", *data); 949 for (cp = tbuf; *cp && buflen > 0; --buflen) 950 *buf++ = *cp++; 951 if (buflen <= 0) 952 return; 953 } 954 *buf = '\0'; 955 } 956 957 void 958 encrypt_printsub(data, cnt, buf, buflen) 959 unsigned char *data, *buf; 960 int cnt, buflen; 961 { 962 Encryptions *ep; 963 register int type = data[1]; 964 965 for (ep = encryptions; ep->type && ep->type != type; ep++) 966 ; 967 968 if (ep->printsub) 969 (*ep->printsub)(data, cnt, buf, buflen); 970 else 971 encrypt_gen_printsub(data, cnt, buf, buflen); 972 } 973 #endif /* ENCRYPTION */ 974