1 /*-
2 * Copyright (c) 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * %sccs.include.redist.c%
6 */
7
8 #ifndef lint
9 static char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 05/30/95";
10 #endif /* not lint */
11
12 /*
13 * Copyright (C) 1990 by the Massachusetts Institute of Technology
14 *
15 * Export of this software from the United States of America is assumed
16 * to require a specific license from the United States Government.
17 * It is the responsibility of any person or organization contemplating
18 * export to obtain such a license before exporting.
19 *
20 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
21 * distribute this software and its documentation for any purpose and
22 * without fee is hereby granted, provided that the above copyright
23 * notice appear in all copies and that both that copyright notice and
24 * this permission notice appear in supporting documentation, and that
25 * the name of M.I.T. not be used in advertising or publicity pertaining
26 * to distribution of the software without specific, written prior
27 * permission. M.I.T. makes no representations about the suitability of
28 * this software for any purpose. It is provided "as is" without express
29 * or implied warranty.
30 */
31
32 #ifdef ENCRYPTION
33
34 #define ENCRYPT_NAMES
35 #include <arpa/telnet.h>
36
37 #include "encrypt.h"
38 #include "misc.h"
39
40 #ifdef __STDC__
41 #include <stdlib.h>
42 #endif
43 #ifdef NO_STRING_H
44 #include <strings.h>
45 #else
46 #include <string.h>
47 #endif
48
49 /*
50 * These functions pointers point to the current routines
51 * for encrypting and decrypting data.
52 */
53 void (*encrypt_output) P((unsigned char *, int));
54 int (*decrypt_input) P((int));
55
56 int encrypt_debug_mode = 0;
57 static int decrypt_mode = 0;
58 static int encrypt_mode = 0;
59 static int encrypt_verbose = 0;
60 static int autoencrypt = 0;
61 static int autodecrypt = 0;
62 static int havesessionkey = 0;
63 static int Server = 0;
64 static char *Name = "Noname";
65
66 #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
67
68 static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
69 | typemask(ENCTYPE_DES_OFB64);
70 static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
71 | typemask(ENCTYPE_DES_OFB64);
72 static long i_wont_support_encrypt = 0;
73 static long i_wont_support_decrypt = 0;
74 #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
75 #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt)
76
77 static long remote_supports_encrypt = 0;
78 static long remote_supports_decrypt = 0;
79
80 static Encryptions encryptions[] = {
81 #ifdef DES_ENCRYPTION
82 { "DES_CFB64", ENCTYPE_DES_CFB64,
83 cfb64_encrypt,
84 cfb64_decrypt,
85 cfb64_init,
86 cfb64_start,
87 cfb64_is,
88 cfb64_reply,
89 cfb64_session,
90 cfb64_keyid,
91 cfb64_printsub },
92 { "DES_OFB64", ENCTYPE_DES_OFB64,
93 ofb64_encrypt,
94 ofb64_decrypt,
95 ofb64_init,
96 ofb64_start,
97 ofb64_is,
98 ofb64_reply,
99 ofb64_session,
100 ofb64_keyid,
101 ofb64_printsub },
102 #endif /* DES_ENCRYPTION */
103 { 0, },
104 };
105
106 static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
107 ENCRYPT_SUPPORT };
108 static unsigned char str_suplen = 0;
109 static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
110 static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
111
112 Encryptions *
findencryption(type)113 findencryption(type)
114 int type;
115 {
116 Encryptions *ep = encryptions;
117
118 if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
119 return(0);
120 while (ep->type && ep->type != type)
121 ++ep;
122 return(ep->type ? ep : 0);
123 }
124
125 Encryptions *
finddecryption(type)126 finddecryption(type)
127 int type;
128 {
129 Encryptions *ep = encryptions;
130
131 if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
132 return(0);
133 while (ep->type && ep->type != type)
134 ++ep;
135 return(ep->type ? ep : 0);
136 }
137
138 #define MAXKEYLEN 64
139
140 static struct key_info {
141 unsigned char keyid[MAXKEYLEN];
142 int keylen;
143 int dir;
144 int *modep;
145 Encryptions *(*getcrypt)();
146 } ki[2] = {
147 { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
148 { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
149 };
150
151 void
encrypt_init(name,server)152 encrypt_init(name, server)
153 char *name;
154 int server;
155 {
156 Encryptions *ep = encryptions;
157
158 Name = name;
159 Server = server;
160 i_support_encrypt = i_support_decrypt = 0;
161 remote_supports_encrypt = remote_supports_decrypt = 0;
162 encrypt_mode = 0;
163 decrypt_mode = 0;
164 encrypt_output = 0;
165 decrypt_input = 0;
166 #ifdef notdef
167 encrypt_verbose = !server;
168 #endif
169
170 str_suplen = 4;
171
172 while (ep->type) {
173 if (encrypt_debug_mode)
174 printf(">>>%s: I will support %s\r\n",
175 Name, ENCTYPE_NAME(ep->type));
176 i_support_encrypt |= typemask(ep->type);
177 i_support_decrypt |= typemask(ep->type);
178 if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
179 if ((str_send[str_suplen++] = ep->type) == IAC)
180 str_send[str_suplen++] = IAC;
181 if (ep->init)
182 (*ep->init)(Server);
183 ++ep;
184 }
185 str_send[str_suplen++] = IAC;
186 str_send[str_suplen++] = SE;
187 }
188
189 void
encrypt_list_types()190 encrypt_list_types()
191 {
192 Encryptions *ep = encryptions;
193
194 printf("Valid encryption types:\n");
195 while (ep->type) {
196 printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
197 ++ep;
198 }
199 }
200
201 int
EncryptEnable(type,mode)202 EncryptEnable(type, mode)
203 char *type, *mode;
204 {
205 if (isprefix(type, "help") || isprefix(type, "?")) {
206 printf("Usage: encrypt enable <type> [input|output]\n");
207 encrypt_list_types();
208 return(0);
209 }
210 if (EncryptType(type, mode))
211 return(EncryptStart(mode));
212 return(0);
213 }
214
215 int
EncryptDisable(type,mode)216 EncryptDisable(type, mode)
217 char *type, *mode;
218 {
219 register Encryptions *ep;
220 int ret = 0;
221
222 if (isprefix(type, "help") || isprefix(type, "?")) {
223 printf("Usage: encrypt disable <type> [input|output]\n");
224 encrypt_list_types();
225 } else if ((ep = (Encryptions *)genget(type, encryptions,
226 sizeof(Encryptions))) == 0) {
227 printf("%s: invalid encryption type\n", type);
228 } else if (Ambiguous(ep)) {
229 printf("Ambiguous type '%s'\n", type);
230 } else {
231 if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
232 if (decrypt_mode == ep->type)
233 EncryptStopInput();
234 i_wont_support_decrypt |= typemask(ep->type);
235 ret = 1;
236 }
237 if ((mode == 0) || (isprefix(mode, "output"))) {
238 if (encrypt_mode == ep->type)
239 EncryptStopOutput();
240 i_wont_support_encrypt |= typemask(ep->type);
241 ret = 1;
242 }
243 if (ret == 0)
244 printf("%s: invalid encryption mode\n", mode);
245 }
246 return(ret);
247 }
248
249 int
EncryptType(type,mode)250 EncryptType(type, mode)
251 char *type;
252 char *mode;
253 {
254 register Encryptions *ep;
255 int ret = 0;
256
257 if (isprefix(type, "help") || isprefix(type, "?")) {
258 printf("Usage: encrypt type <type> [input|output]\n");
259 encrypt_list_types();
260 } else if ((ep = (Encryptions *)genget(type, encryptions,
261 sizeof(Encryptions))) == 0) {
262 printf("%s: invalid encryption type\n", type);
263 } else if (Ambiguous(ep)) {
264 printf("Ambiguous type '%s'\n", type);
265 } else {
266 if ((mode == 0) || isprefix(mode, "input")) {
267 decrypt_mode = ep->type;
268 i_wont_support_decrypt &= ~typemask(ep->type);
269 ret = 1;
270 }
271 if ((mode == 0) || isprefix(mode, "output")) {
272 encrypt_mode = ep->type;
273 i_wont_support_encrypt &= ~typemask(ep->type);
274 ret = 1;
275 }
276 if (ret == 0)
277 printf("%s: invalid encryption mode\n", mode);
278 }
279 return(ret);
280 }
281
282 int
EncryptStart(mode)283 EncryptStart(mode)
284 char *mode;
285 {
286 register int ret = 0;
287 if (mode) {
288 if (isprefix(mode, "input"))
289 return(EncryptStartInput());
290 if (isprefix(mode, "output"))
291 return(EncryptStartOutput());
292 if (isprefix(mode, "help") || isprefix(mode, "?")) {
293 printf("Usage: encrypt start [input|output]\n");
294 return(0);
295 }
296 printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
297 return(0);
298 }
299 ret += EncryptStartInput();
300 ret += EncryptStartOutput();
301 return(ret);
302 }
303
304 int
EncryptStartInput()305 EncryptStartInput()
306 {
307 if (decrypt_mode) {
308 encrypt_send_request_start();
309 return(1);
310 }
311 printf("No previous decryption mode, decryption not enabled\r\n");
312 return(0);
313 }
314
315 int
EncryptStartOutput()316 EncryptStartOutput()
317 {
318 if (encrypt_mode) {
319 encrypt_start_output(encrypt_mode);
320 return(1);
321 }
322 printf("No previous encryption mode, encryption not enabled\r\n");
323 return(0);
324 }
325
326 int
EncryptStop(mode)327 EncryptStop(mode)
328 char *mode;
329 {
330 int ret = 0;
331 if (mode) {
332 if (isprefix(mode, "input"))
333 return(EncryptStopInput());
334 if (isprefix(mode, "output"))
335 return(EncryptStopOutput());
336 if (isprefix(mode, "help") || isprefix(mode, "?")) {
337 printf("Usage: encrypt stop [input|output]\n");
338 return(0);
339 }
340 printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
341 return(0);
342 }
343 ret += EncryptStopInput();
344 ret += EncryptStopOutput();
345 return(ret);
346 }
347
348 int
EncryptStopInput()349 EncryptStopInput()
350 {
351 encrypt_send_request_end();
352 return(1);
353 }
354
355 int
EncryptStopOutput()356 EncryptStopOutput()
357 {
358 encrypt_send_end();
359 return(1);
360 }
361
362 void
encrypt_display()363 encrypt_display()
364 {
365 if (encrypt_output)
366 printf("Currently encrypting output with %s\r\n",
367 ENCTYPE_NAME(encrypt_mode));
368 if (decrypt_input)
369 printf("Currently decrypting input with %s\r\n",
370 ENCTYPE_NAME(decrypt_mode));
371 }
372
373 int
EncryptStatus()374 EncryptStatus()
375 {
376 if (encrypt_output)
377 printf("Currently encrypting output with %s\r\n",
378 ENCTYPE_NAME(encrypt_mode));
379 else if (encrypt_mode) {
380 printf("Currently output is clear text.\r\n");
381 printf("Last encryption mode was %s\r\n",
382 ENCTYPE_NAME(encrypt_mode));
383 }
384 if (decrypt_input) {
385 printf("Currently decrypting input with %s\r\n",
386 ENCTYPE_NAME(decrypt_mode));
387 } else if (decrypt_mode) {
388 printf("Currently input is clear text.\r\n");
389 printf("Last decryption mode was %s\r\n",
390 ENCTYPE_NAME(decrypt_mode));
391 }
392 return 1;
393 }
394
395 void
encrypt_send_support()396 encrypt_send_support()
397 {
398 if (str_suplen) {
399 /*
400 * If the user has requested that decryption start
401 * immediatly, then send a "REQUEST START" before
402 * we negotiate the type.
403 */
404 if (!Server && autodecrypt)
405 encrypt_send_request_start();
406 net_write(str_send, str_suplen);
407 printsub('>', &str_send[2], str_suplen - 2);
408 str_suplen = 0;
409 }
410 }
411
412 int
EncryptDebug(on)413 EncryptDebug(on)
414 int on;
415 {
416 if (on < 0)
417 encrypt_debug_mode ^= 1;
418 else
419 encrypt_debug_mode = on;
420 printf("Encryption debugging %s\r\n",
421 encrypt_debug_mode ? "enabled" : "disabled");
422 return(1);
423 }
424
425 int
EncryptVerbose(on)426 EncryptVerbose(on)
427 int on;
428 {
429 if (on < 0)
430 encrypt_verbose ^= 1;
431 else
432 encrypt_verbose = on;
433 printf("Encryption %s verbose\r\n",
434 encrypt_verbose ? "is" : "is not");
435 return(1);
436 }
437
438 int
EncryptAutoEnc(on)439 EncryptAutoEnc(on)
440 int on;
441 {
442 encrypt_auto(on);
443 printf("Automatic encryption of output is %s\r\n",
444 autoencrypt ? "enabled" : "disabled");
445 return(1);
446 }
447
448 int
EncryptAutoDec(on)449 EncryptAutoDec(on)
450 int on;
451 {
452 decrypt_auto(on);
453 printf("Automatic decryption of input is %s\r\n",
454 autodecrypt ? "enabled" : "disabled");
455 return(1);
456 }
457
458 /*
459 * Called when ENCRYPT SUPPORT is received.
460 */
461 void
encrypt_support(typelist,cnt)462 encrypt_support(typelist, cnt)
463 unsigned char *typelist;
464 int cnt;
465 {
466 register int type, use_type = 0;
467 Encryptions *ep;
468
469 /*
470 * Forget anything the other side has previously told us.
471 */
472 remote_supports_decrypt = 0;
473
474 while (cnt-- > 0) {
475 type = *typelist++;
476 if (encrypt_debug_mode)
477 printf(">>>%s: He is supporting %s (%d)\r\n",
478 Name,
479 ENCTYPE_NAME(type), type);
480 if ((type < ENCTYPE_CNT) &&
481 (I_SUPPORT_ENCRYPT & typemask(type))) {
482 remote_supports_decrypt |= typemask(type);
483 if (use_type == 0)
484 use_type = type;
485 }
486 }
487 if (use_type) {
488 ep = findencryption(use_type);
489 if (!ep)
490 return;
491 type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
492 if (encrypt_debug_mode)
493 printf(">>>%s: (*ep->start)() returned %d\r\n",
494 Name, type);
495 if (type < 0)
496 return;
497 encrypt_mode = use_type;
498 if (type == 0)
499 encrypt_start_output(use_type);
500 }
501 }
502
503 void
encrypt_is(data,cnt)504 encrypt_is(data, cnt)
505 unsigned char *data;
506 int cnt;
507 {
508 Encryptions *ep;
509 register int type, ret;
510
511 if (--cnt < 0)
512 return;
513 type = *data++;
514 if (type < ENCTYPE_CNT)
515 remote_supports_encrypt |= typemask(type);
516 if (!(ep = finddecryption(type))) {
517 if (encrypt_debug_mode)
518 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
519 Name,
520 ENCTYPE_NAME_OK(type)
521 ? ENCTYPE_NAME(type) : "(unknown)",
522 type);
523 return;
524 }
525 if (!ep->is) {
526 if (encrypt_debug_mode)
527 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
528 Name,
529 ENCTYPE_NAME_OK(type)
530 ? ENCTYPE_NAME(type) : "(unknown)",
531 type);
532 ret = 0;
533 } else {
534 ret = (*ep->is)(data, cnt);
535 if (encrypt_debug_mode)
536 printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt,
537 (ret < 0) ? "FAIL " :
538 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
539 }
540 if (ret < 0) {
541 autodecrypt = 0;
542 } else {
543 decrypt_mode = type;
544 if (ret == 0 && autodecrypt)
545 encrypt_send_request_start();
546 }
547 }
548
549 void
encrypt_reply(data,cnt)550 encrypt_reply(data, cnt)
551 unsigned char *data;
552 int cnt;
553 {
554 Encryptions *ep;
555 register int ret, type;
556
557 if (--cnt < 0)
558 return;
559 type = *data++;
560 if (!(ep = findencryption(type))) {
561 if (encrypt_debug_mode)
562 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
563 Name,
564 ENCTYPE_NAME_OK(type)
565 ? ENCTYPE_NAME(type) : "(unknown)",
566 type);
567 return;
568 }
569 if (!ep->reply) {
570 if (encrypt_debug_mode)
571 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
572 Name,
573 ENCTYPE_NAME_OK(type)
574 ? ENCTYPE_NAME(type) : "(unknown)",
575 type);
576 ret = 0;
577 } else {
578 ret = (*ep->reply)(data, cnt);
579 if (encrypt_debug_mode)
580 printf("(*ep->reply)(%x, %d) returned %s(%d)\n",
581 data, cnt,
582 (ret < 0) ? "FAIL " :
583 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
584 }
585 if (encrypt_debug_mode)
586 printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
587 if (ret < 0) {
588 autoencrypt = 0;
589 } else {
590 encrypt_mode = type;
591 if (ret == 0 && autoencrypt)
592 encrypt_start_output(type);
593 }
594 }
595
596 /*
597 * Called when a ENCRYPT START command is received.
598 */
599 void
encrypt_start(data,cnt)600 encrypt_start(data, cnt)
601 unsigned char *data;
602 int cnt;
603 {
604 Encryptions *ep;
605
606 if (!decrypt_mode) {
607 /*
608 * Something is wrong. We should not get a START
609 * command without having already picked our
610 * decryption scheme. Send a REQUEST-END to
611 * attempt to clear the channel...
612 */
613 printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
614 encrypt_send_request_end();
615 return;
616 }
617
618 if (ep = finddecryption(decrypt_mode)) {
619 decrypt_input = ep->input;
620 if (encrypt_verbose)
621 printf("[ Input is now decrypted with type %s ]\r\n",
622 ENCTYPE_NAME(decrypt_mode));
623 if (encrypt_debug_mode)
624 printf(">>>%s: Start to decrypt input with type %s\r\n",
625 Name, ENCTYPE_NAME(decrypt_mode));
626 } else {
627 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
628 Name,
629 ENCTYPE_NAME_OK(decrypt_mode)
630 ? ENCTYPE_NAME(decrypt_mode)
631 : "(unknown)",
632 decrypt_mode);
633 encrypt_send_request_end();
634 }
635 }
636
637 void
encrypt_session_key(key,server)638 encrypt_session_key(key, server)
639 Session_Key *key;
640 int server;
641 {
642 Encryptions *ep = encryptions;
643
644 havesessionkey = 1;
645
646 while (ep->type) {
647 if (ep->session)
648 (*ep->session)(key, server);
649 #ifdef notdef
650 if (!encrypt_output && autoencrypt && !server)
651 encrypt_start_output(ep->type);
652 if (!decrypt_input && autodecrypt && !server)
653 encrypt_send_request_start();
654 #endif
655 ++ep;
656 }
657 }
658
659 /*
660 * Called when ENCRYPT END is received.
661 */
662 void
encrypt_end()663 encrypt_end()
664 {
665 decrypt_input = 0;
666 if (encrypt_debug_mode)
667 printf(">>>%s: Input is back to clear text\r\n", Name);
668 if (encrypt_verbose)
669 printf("[ Input is now clear text ]\r\n");
670 }
671
672 /*
673 * Called when ENCRYPT REQUEST-END is received.
674 */
675 void
encrypt_request_end()676 encrypt_request_end()
677 {
678 encrypt_send_end();
679 }
680
681 /*
682 * Called when ENCRYPT REQUEST-START is received. If we receive
683 * this before a type is picked, then that indicates that the
684 * other side wants us to start encrypting data as soon as we
685 * can.
686 */
687 void
encrypt_request_start(data,cnt)688 encrypt_request_start(data, cnt)
689 unsigned char *data;
690 int cnt;
691 {
692 if (encrypt_mode == 0) {
693 if (Server)
694 autoencrypt = 1;
695 return;
696 }
697 encrypt_start_output(encrypt_mode);
698 }
699
700 static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
701
encrypt_enc_keyid(keyid,len)702 encrypt_enc_keyid(keyid, len)
703 unsigned char *keyid;
704 int len;
705 {
706 encrypt_keyid(&ki[1], keyid, len);
707 }
708
encrypt_dec_keyid(keyid,len)709 encrypt_dec_keyid(keyid, len)
710 unsigned char *keyid;
711 int len;
712 {
713 encrypt_keyid(&ki[0], keyid, len);
714 }
715
716 encrypt_keyid(kp, keyid, len)
717 struct key_info *kp;
718 unsigned char *keyid;
719 int len;
720 {
721 Encryptions *ep;
722 unsigned char *strp, *cp;
723 int dir = kp->dir;
724 register int ret = 0;
725
726 if (!(ep = (*kp->getcrypt)(*kp->modep))) {
727 if (len == 0)
728 return;
729 kp->keylen = 0;
730 } else if (len == 0) {
731 /*
732 * Empty option, indicates a failure.
733 */
734 if (kp->keylen == 0)
735 return;
736 kp->keylen = 0;
737 if (ep->keyid)
738 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
739
740 } else if ((len != kp->keylen) ||
741 (memcmp(keyid, kp->keyid, len) != 0)) {
742 /*
743 * Length or contents are different
744 */
745 kp->keylen = len;
746 memmove(kp->keyid, keyid, len);
747 if (ep->keyid)
748 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
749 } else {
750 if (ep->keyid)
751 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
752 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
753 encrypt_start_output(*kp->modep);
754 return;
755 }
756
757 encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
758 }
759
760 void
encrypt_send_keyid(dir,keyid,keylen,saveit)761 encrypt_send_keyid(dir, keyid, keylen, saveit)
762 int dir;
763 unsigned char *keyid;
764 int keylen;
765 int saveit;
766 {
767 unsigned char *strp;
768
769 str_keyid[3] = (dir == DIR_ENCRYPT)
770 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
771 if (saveit) {
772 struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
773 memmove(kp->keyid, keyid, keylen);
774 kp->keylen = keylen;
775 }
776
777 for (strp = &str_keyid[4]; keylen > 0; --keylen) {
778 if ((*strp++ = *keyid++) == IAC)
779 *strp++ = IAC;
780 }
781 *strp++ = IAC;
782 *strp++ = SE;
783 net_write(str_keyid, strp - str_keyid);
784 printsub('>', &str_keyid[2], strp - str_keyid - 2);
785 }
786
787 void
encrypt_auto(on)788 encrypt_auto(on)
789 int on;
790 {
791 if (on < 0)
792 autoencrypt ^= 1;
793 else
794 autoencrypt = on ? 1 : 0;
795 }
796
797 void
decrypt_auto(on)798 decrypt_auto(on)
799 int on;
800 {
801 if (on < 0)
802 autodecrypt ^= 1;
803 else
804 autodecrypt = on ? 1 : 0;
805 }
806
807 void
encrypt_start_output(type)808 encrypt_start_output(type)
809 int type;
810 {
811 Encryptions *ep;
812 register unsigned char *p;
813 register int i;
814
815 if (!(ep = findencryption(type))) {
816 if (encrypt_debug_mode) {
817 printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
818 Name,
819 ENCTYPE_NAME_OK(type)
820 ? ENCTYPE_NAME(type) : "(unknown)",
821 type);
822 }
823 return;
824 }
825 if (ep->start) {
826 i = (*ep->start)(DIR_ENCRYPT, Server);
827 if (encrypt_debug_mode) {
828 printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
829 Name,
830 (i < 0) ? "failed" :
831 "initial negotiation in progress",
832 i, ENCTYPE_NAME(type));
833 }
834 if (i)
835 return;
836 }
837 p = str_start + 3;
838 *p++ = ENCRYPT_START;
839 for (i = 0; i < ki[0].keylen; ++i) {
840 if ((*p++ = ki[0].keyid[i]) == IAC)
841 *p++ = IAC;
842 }
843 *p++ = IAC;
844 *p++ = SE;
845 net_write(str_start, p - str_start);
846 net_encrypt();
847 printsub('>', &str_start[2], p - &str_start[2]);
848 /*
849 * If we are already encrypting in some mode, then
850 * encrypt the ring (which includes our request) in
851 * the old mode, mark it all as "clear text" and then
852 * switch to the new mode.
853 */
854 encrypt_output = ep->output;
855 encrypt_mode = type;
856 if (encrypt_debug_mode)
857 printf(">>>%s: Started to encrypt output with type %s\r\n",
858 Name, ENCTYPE_NAME(type));
859 if (encrypt_verbose)
860 printf("[ Output is now encrypted with type %s ]\r\n",
861 ENCTYPE_NAME(type));
862 }
863
864 void
encrypt_send_end()865 encrypt_send_end()
866 {
867 if (!encrypt_output)
868 return;
869
870 str_end[3] = ENCRYPT_END;
871 net_write(str_end, sizeof(str_end));
872 net_encrypt();
873 printsub('>', &str_end[2], sizeof(str_end) - 2);
874 /*
875 * Encrypt the output buffer now because it will not be done by
876 * netflush...
877 */
878 encrypt_output = 0;
879 if (encrypt_debug_mode)
880 printf(">>>%s: Output is back to clear text\r\n", Name);
881 if (encrypt_verbose)
882 printf("[ Output is now clear text ]\r\n");
883 }
884
885 void
encrypt_send_request_start()886 encrypt_send_request_start()
887 {
888 register unsigned char *p;
889 register int i;
890
891 p = &str_start[3];
892 *p++ = ENCRYPT_REQSTART;
893 for (i = 0; i < ki[1].keylen; ++i) {
894 if ((*p++ = ki[1].keyid[i]) == IAC)
895 *p++ = IAC;
896 }
897 *p++ = IAC;
898 *p++ = SE;
899 net_write(str_start, p - str_start);
900 printsub('>', &str_start[2], p - &str_start[2]);
901 if (encrypt_debug_mode)
902 printf(">>>%s: Request input to be encrypted\r\n", Name);
903 }
904
905 void
encrypt_send_request_end()906 encrypt_send_request_end()
907 {
908 str_end[3] = ENCRYPT_REQEND;
909 net_write(str_end, sizeof(str_end));
910 printsub('>', &str_end[2], sizeof(str_end) - 2);
911
912 if (encrypt_debug_mode)
913 printf(">>>%s: Request input to be clear text\r\n", Name);
914 }
915
916 void
encrypt_wait()917 encrypt_wait()
918 {
919 register int encrypt, decrypt;
920 if (encrypt_debug_mode)
921 printf(">>>%s: in encrypt_wait\r\n", Name);
922 if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
923 return;
924 while (autoencrypt && !encrypt_output)
925 if (telnet_spin())
926 return;
927 }
928
929 void
encrypt_debug(mode)930 encrypt_debug(mode)
931 int mode;
932 {
933 encrypt_debug_mode = mode;
934 }
935
936 void
encrypt_gen_printsub(data,cnt,buf,buflen)937 encrypt_gen_printsub(data, cnt, buf, buflen)
938 unsigned char *data, *buf;
939 int cnt, buflen;
940 {
941 char tbuf[16], *cp;
942
943 cnt -= 2;
944 data += 2;
945 buf[buflen-1] = '\0';
946 buf[buflen-2] = '*';
947 buflen -= 2;;
948 for (; cnt > 0; cnt--, data++) {
949 sprintf(tbuf, " %d", *data);
950 for (cp = tbuf; *cp && buflen > 0; --buflen)
951 *buf++ = *cp++;
952 if (buflen <= 0)
953 return;
954 }
955 *buf = '\0';
956 }
957
958 void
encrypt_printsub(data,cnt,buf,buflen)959 encrypt_printsub(data, cnt, buf, buflen)
960 unsigned char *data, *buf;
961 int cnt, buflen;
962 {
963 Encryptions *ep;
964 register int type = data[1];
965
966 for (ep = encryptions; ep->type && ep->type != type; ep++)
967 ;
968
969 if (ep->printsub)
970 (*ep->printsub)(data, cnt, buf, buflen);
971 else
972 encrypt_gen_printsub(data, cnt, buf, buflen);
973 }
974 #endif /* ENCRYPTION */
975