search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / crypto / dist / heimdal / appl / telnet / libtelnet / encrypt.c
blob9e55b755fb9aea71eb200ee717a3d5217510806d
1 /*-
2 * Copyright (c) 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /*
35 * Copyright (C) 1990 by the Massachusetts Institute of Technology
36 *
37 * Export of this software from the United States of America is assumed
38 * to require a specific license from the United States Government.
39 * It is the responsibility of any person or organization contemplating
40 * export to obtain such a license before exporting.
41 *
42 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
43 * distribute this software and its documentation for any purpose and
44 * without fee is hereby granted, provided that the above copyright
45 * notice appear in all copies and that both that copyright notice and
46 * this permission notice appear in supporting documentation, and that
47 * the name of M.I.T. not be used in advertising or publicity pertaining
48 * to distribution of the software without specific, written prior
49 * permission. M.I.T. makes no representations about the suitability of
50 * this software for any purpose. It is provided "as is" without express
51 * or implied warranty.
52 */
53
54
55 #include <config.h>
56
57 __RCSID("$Heimdal: encrypt.c 16802 2006-03-23 19:36:31Z lha $"
58 "$NetBSD$");
59
60 #if defined(ENCRYPTION)
61
62 #define ENCRYPT_NAMES
63 #include <arpa/telnet.h>
64
65 #include "encrypt.h"
66 #include "misc.h"
67
68 #include <stdio.h>
69 #include <stdlib.h>
70 #include <string.h>
71 #include <roken.h>
72 #ifdef SOCKS
73 #include <socks.h>
74 #endif
75
76
77 /*
78 * These functions pointers point to the current routines
79 * for encrypting and decrypting data.
80 */
81 void (*encrypt_output) (unsigned char *, int);
82 int (*decrypt_input) (int);
83 char *nclearto;
84
85 int encrypt_debug_mode = 0;
86 static int decrypt_mode = 0;
87 static int encrypt_mode = 0;
88 static int encrypt_verbose = 0;
89 static int autoencrypt = 0;
90 static int autodecrypt = 0;
91 static int havesessionkey = 0;
92 static int Server = 0;
93 static const char *Name = "Noname";
94
95 #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
96
97 static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
98 | typemask(ENCTYPE_DES_OFB64);
99 static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
100 | typemask(ENCTYPE_DES_OFB64);
101 static long i_wont_support_encrypt = 0;
102 static long i_wont_support_decrypt = 0;
103 #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
104 #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt)
105
106 static long remote_supports_encrypt = 0;
107 static long remote_supports_decrypt = 0;
108
109 static Encryptions encryptions[] = {
110 #if defined(DES_ENCRYPTION)
111 { "DES_CFB64", ENCTYPE_DES_CFB64,
112 cfb64_encrypt,
113 cfb64_decrypt,
114 cfb64_init,
115 cfb64_start,
116 cfb64_is,
117 cfb64_reply,
118 cfb64_session,
119 cfb64_keyid,
120 cfb64_printsub },
121 { "DES_OFB64", ENCTYPE_DES_OFB64,
122 ofb64_encrypt,
123 ofb64_decrypt,
124 ofb64_init,
125 ofb64_start,
126 ofb64_is,
127 ofb64_reply,
128 ofb64_session,
129 ofb64_keyid,
130 ofb64_printsub },
131 #endif
132 { 0, },
133 };
134
135 static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
136 ENCRYPT_SUPPORT };
137 static unsigned char str_suplen = 0;
138 static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
139 static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
140
141 Encryptions *
142 findencryption(int type)
143 {
144 Encryptions *ep = encryptions;
145
146 if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
147 return(0);
148 while (ep->type && ep->type != type)
149 ++ep;
150 return(ep->type ? ep : 0);
151 }
152
153 Encryptions *
154 finddecryption(int type)
155 {
156 Encryptions *ep = encryptions;
157
158 if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
159 return(0);
160 while (ep->type && ep->type != type)
161 ++ep;
162 return(ep->type ? ep : 0);
163 }
164
165 #define MAXKEYLEN 64
166
167 static struct key_info {
168 unsigned char keyid[MAXKEYLEN];
169 int keylen;
170 int dir;
171 int *modep;
172 Encryptions *(*getcrypt)();
173 } ki[2] = {
174 { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
175 { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
176 };
177
178 void
179 encrypt_init(const char *name, int server)
180 {
181 Encryptions *ep = encryptions;
182
183 Name = name;
184 Server = server;
185 i_support_encrypt = i_support_decrypt = 0;
186 remote_supports_encrypt = remote_supports_decrypt = 0;
187 encrypt_mode = 0;
188 decrypt_mode = 0;
189 encrypt_output = 0;
190 decrypt_input = 0;
191 #ifdef notdef
192 encrypt_verbose = !server;
193 #endif
194
195 str_suplen = 4;
196
197 while (ep->type) {
198 if (encrypt_debug_mode)
199 printf(">>>%s: I will support %s\r\n",
200 Name, ENCTYPE_NAME(ep->type));
201 i_support_encrypt |= typemask(ep->type);
202 i_support_decrypt |= typemask(ep->type);
203 if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
204 if ((str_send[str_suplen++] = ep->type) == IAC)
205 str_send[str_suplen++] = IAC;
206 if (ep->init)
207 (*ep->init)(Server);
208 ++ep;
209 }
210 str_send[str_suplen++] = IAC;
211 str_send[str_suplen++] = SE;
212 }
213
214 void
215 encrypt_list_types(void)
216 {
217 Encryptions *ep = encryptions;
218
219 printf("Valid encryption types:\n");
220 while (ep->type) {
221 printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
222 ++ep;
223 }
224 }
225
226 int
227 EncryptEnable(char *type, char *mode)
228 {
229 if (isprefix(type, "help") || isprefix(type, "?")) {
230 printf("Usage: encrypt enable <type> [input|output]\n");
231 encrypt_list_types();
232 return(0);
233 }
234 if (EncryptType(type, mode))
235 return(EncryptStart(mode));
236 return(0);
237 }
238
239 int
240 EncryptDisable(char *type, char *mode)
241 {
242 Encryptions *ep;
243 int ret = 0;
244
245 if (isprefix(type, "help") || isprefix(type, "?")) {
246 printf("Usage: encrypt disable <type> [input|output]\n");
247 encrypt_list_types();
248 } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
249 sizeof(Encryptions))) == 0) {
250 printf("%s: invalid encryption type\n", type);
251 } else if (Ambiguous(ep)) {
252 printf("Ambiguous type '%s'\n", type);
253 } else {
254 if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
255 if (decrypt_mode == ep->type)
256 EncryptStopInput();
257 i_wont_support_decrypt |= typemask(ep->type);
258 ret = 1;
259 }
260 if ((mode == 0) || (isprefix(mode, "output"))) {
261 if (encrypt_mode == ep->type)
262 EncryptStopOutput();
263 i_wont_support_encrypt |= typemask(ep->type);
264 ret = 1;
265 }
266 if (ret == 0)
267 printf("%s: invalid encryption mode\n", mode);
268 }
269 return(ret);
270 }
271
272 int
273 EncryptType(char *type, char *mode)
274 {
275 Encryptions *ep;
276 int ret = 0;
277
278 if (isprefix(type, "help") || isprefix(type, "?")) {
279 printf("Usage: encrypt type <type> [input|output]\n");
280 encrypt_list_types();
281 } else if ((ep = (Encryptions *)genget(type, (char**)encryptions,
282 sizeof(Encryptions))) == 0) {
283 printf("%s: invalid encryption type\n", type);
284 } else if (Ambiguous(ep)) {
285 printf("Ambiguous type '%s'\n", type);
286 } else {
287 if ((mode == 0) || isprefix(mode, "input")) {
288 decrypt_mode = ep->type;
289 i_wont_support_decrypt &= ~typemask(ep->type);
290 ret = 1;
291 }
292 if ((mode == 0) || isprefix(mode, "output")) {
293 encrypt_mode = ep->type;
294 i_wont_support_encrypt &= ~typemask(ep->type);
295 ret = 1;
296 }
297 if (ret == 0)
298 printf("%s: invalid encryption mode\n", mode);
299 }
300 return(ret);
301 }
302
303 int
304 EncryptStart(char *mode)
305 {
306 int ret = 0;
307 if (mode) {
308 if (isprefix(mode, "input"))
309 return(EncryptStartInput());
310 if (isprefix(mode, "output"))
311 return(EncryptStartOutput());
312 if (isprefix(mode, "help") || isprefix(mode, "?")) {
313 printf("Usage: encrypt start [input|output]\n");
314 return(0);
315 }
316 printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
317 return(0);
318 }
319 ret += EncryptStartInput();
320 ret += EncryptStartOutput();
321 return(ret);
322 }
323
324 int
325 EncryptStartInput(void)
326 {
327 if (decrypt_mode) {
328 encrypt_send_request_start();
329 return(1);
330 }
331 printf("No previous decryption mode, decryption not enabled\r\n");
332 return(0);
333 }
334
335 int
336 EncryptStartOutput(void)
337 {
338 if (encrypt_mode) {
339 encrypt_start_output(encrypt_mode);
340 return(1);
341 }
342 printf("No previous encryption mode, encryption not enabled\r\n");
343 return(0);
344 }
345
346 int
347 EncryptStop(char *mode)
348 {
349 int ret = 0;
350 if (mode) {
351 if (isprefix(mode, "input"))
352 return(EncryptStopInput());
353 if (isprefix(mode, "output"))
354 return(EncryptStopOutput());
355 if (isprefix(mode, "help") || isprefix(mode, "?")) {
356 printf("Usage: encrypt stop [input|output]\n");
357 return(0);
358 }
359 printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
360 return(0);
361 }
362 ret += EncryptStopInput();
363 ret += EncryptStopOutput();
364 return(ret);
365 }
366
367 int
368 EncryptStopInput(void)
369 {
370 encrypt_send_request_end();
371 return(1);
372 }
373
374 int
375 EncryptStopOutput(void)
376 {
377 encrypt_send_end();
378 return(1);
379 }
380
381 void
382 encrypt_display(void)
383 {
384 printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
385 autoencrypt?"on":"off", autodecrypt?"on":"off");
386
387 if (encrypt_output)
388 printf("Currently encrypting output with %s\r\n",
389 ENCTYPE_NAME(encrypt_mode));
390 else
391 printf("Currently not encrypting output\r\n");
392
393 if (decrypt_input)
394 printf("Currently decrypting input with %s\r\n",
395 ENCTYPE_NAME(decrypt_mode));
396 else
397 printf("Currently not decrypting input\r\n");
398 }
399
400 int
401 EncryptStatus(void)
402 {
403 printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n",
404 autoencrypt?"on":"off", autodecrypt?"on":"off");
405
406 if (encrypt_output)
407 printf("Currently encrypting output with %s\r\n",
408 ENCTYPE_NAME(encrypt_mode));
409 else if (encrypt_mode) {
410 printf("Currently output is clear text.\r\n");
411 printf("Last encryption mode was %s\r\n",
412 ENCTYPE_NAME(encrypt_mode));
413 } else
414 printf("Currently not encrypting output\r\n");
415
416 if (decrypt_input) {
417 printf("Currently decrypting input with %s\r\n",
418 ENCTYPE_NAME(decrypt_mode));
419 } else if (decrypt_mode) {
420 printf("Currently input is clear text.\r\n");
421 printf("Last decryption mode was %s\r\n",
422 ENCTYPE_NAME(decrypt_mode));
423 } else
424 printf("Currently not decrypting input\r\n");
425
426 return 1;
427 }
428
429 void
430 encrypt_send_support(void)
431 {
432 if (str_suplen) {
433 /*
434 * If the user has requested that decryption start
435 * immediatly, then send a "REQUEST START" before
436 * we negotiate the type.
437 */
438 if (!Server && autodecrypt)
439 encrypt_send_request_start();
440 telnet_net_write(str_send, str_suplen);
441 printsub('>', &str_send[2], str_suplen - 2);
442 str_suplen = 0;
443 }
444 }
445
446 int
447 EncryptDebug(int on)
448 {
449 if (on < 0)
450 encrypt_debug_mode ^= 1;
451 else
452 encrypt_debug_mode = on;
453 printf("Encryption debugging %s\r\n",
454 encrypt_debug_mode ? "enabled" : "disabled");
455 return(1);
456 }
457
458 /* turn on verbose encryption, but dont keep telling the whole world
459 */
460 void encrypt_verbose_quiet(int on)
461 {
462 if(on < 0)
463 encrypt_verbose ^= 1;
464 else
465 encrypt_verbose = on ? 1 : 0;
466 }
467
468 int
469 EncryptVerbose(int on)
470 {
471 encrypt_verbose_quiet(on);
472 printf("Encryption %s verbose\r\n",
473 encrypt_verbose ? "is" : "is not");
474 return(1);
475 }
476
477 int
478 EncryptAutoEnc(int on)
479 {
480 encrypt_auto(on);
481 printf("Automatic encryption of output is %s\r\n",
482 autoencrypt ? "enabled" : "disabled");
483 return(1);
484 }
485
486 int
487 EncryptAutoDec(int on)
488 {
489 decrypt_auto(on);
490 printf("Automatic decryption of input is %s\r\n",
491 autodecrypt ? "enabled" : "disabled");
492 return(1);
493 }
494
495 /* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO
496 encrypt */
497 void
498 encrypt_not(void)
499 {
500 if (encrypt_verbose)
501 printf("[ Connection is NOT encrypted ]\r\n");
502 else
503 printf("\r\n*** Connection not encrypted! "
504 "Communication may be eavesdropped. ***\r\n");
505 }
506
507 /*
508 * Called when ENCRYPT SUPPORT is received.
509 */
510 void
511 encrypt_support(unsigned char *typelist, int cnt)
512 {
513 int type, use_type = 0;
514 Encryptions *ep;
515
516 /*
517 * Forget anything the other side has previously told us.
518 */
519 remote_supports_decrypt = 0;
520
521 while (cnt-- > 0) {
522 type = *typelist++;
523 if (encrypt_debug_mode)
524 printf(">>>%s: He is supporting %s (%d)\r\n",
525 Name,
526 ENCTYPE_NAME(type), type);
527 if ((type < ENCTYPE_CNT) &&
528 (I_SUPPORT_ENCRYPT & typemask(type))) {
529 remote_supports_decrypt |= typemask(type);
530 if (use_type == 0)
531 use_type = type;
532 }
533 }
534 if (use_type) {
535 ep = findencryption(use_type);
536 if (!ep)
537 return;
538 type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
539 if (encrypt_debug_mode)
540 printf(">>>%s: (*ep->start)() returned %d\r\n",
541 Name, type);
542 if (type < 0)
543 return;
544 encrypt_mode = use_type;
545 if (type == 0)
546 encrypt_start_output(use_type);
547 }
548 }
549
550 void
551 encrypt_is(unsigned char *data, int cnt)
552 {
553 Encryptions *ep;
554 int type, ret;
555
556 if (--cnt < 0)
557 return;
558 type = *data++;
559 if (type < ENCTYPE_CNT)
560 remote_supports_encrypt |= typemask(type);
561 if (!(ep = finddecryption(type))) {
562 if (encrypt_debug_mode)
563 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
564 Name,
565 ENCTYPE_NAME_OK(type)
566 ? ENCTYPE_NAME(type) : "(unknown)",
567 type);
568 return;
569 }
570 if (!ep->is) {
571 if (encrypt_debug_mode)
572 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
573 Name,
574 ENCTYPE_NAME_OK(type)
575 ? ENCTYPE_NAME(type) : "(unknown)",
576 type);
577 ret = 0;
578 } else {
579 ret = (*ep->is)(data, cnt);
580 if (encrypt_debug_mode)
581 printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
582 (ret < 0) ? "FAIL " :
583 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
584 }
585 if (ret < 0) {
586 autodecrypt = 0;
587 } else {
588 decrypt_mode = type;
589 if (ret == 0 && autodecrypt)
590 encrypt_send_request_start();
591 }
592 }
593
594 void
595 encrypt_reply(unsigned char *data, int cnt)
596 {
597 Encryptions *ep;
598 int ret, type;
599
600 if (--cnt < 0)
601 return;
602 type = *data++;
603 if (!(ep = findencryption(type))) {
604 if (encrypt_debug_mode)
605 printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
606 Name,
607 ENCTYPE_NAME_OK(type)
608 ? ENCTYPE_NAME(type) : "(unknown)",
609 type);
610 return;
611 }
612 if (!ep->reply) {
613 if (encrypt_debug_mode)
614 printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
615 Name,
616 ENCTYPE_NAME_OK(type)
617 ? ENCTYPE_NAME(type) : "(unknown)",
618 type);
619 ret = 0;
620 } else {
621 ret = (*ep->reply)(data, cnt);
622 if (encrypt_debug_mode)
623 printf("(*ep->reply)(%p, %d) returned %s(%d)\n",
624 data, cnt,
625 (ret < 0) ? "FAIL " :
626 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
627 }
628 if (encrypt_debug_mode)
629 printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
630 if (ret < 0) {
631 autoencrypt = 0;
632 } else {
633 encrypt_mode = type;
634 if (ret == 0 && autoencrypt)
635 encrypt_start_output(type);
636 }
637 }
638
639 /*
640 * Called when ENCRYPT START is received.
641 */
642 void
643 encrypt_start(unsigned char *data, int cnt)
644 {
645 Encryptions *ep;
646
647 if (!decrypt_mode) {
648 /*
649 * Something is wrong. We should not get a START
650 * command without having already picked our
651 * decryption scheme. Send a REQUEST-END to
652 * attempt to clear the channel...
653 */
654 printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
655 encrypt_send_request_end();
656 return;
657 }
658
659 if ((ep = finddecryption(decrypt_mode))) {
660 decrypt_input = ep->input;
661 if (encrypt_verbose)
662 printf("[ Input is now decrypted with type %s ]\r\n",
663 ENCTYPE_NAME(decrypt_mode));
664 if (encrypt_debug_mode)
665 printf(">>>%s: Start to decrypt input with type %s\r\n",
666 Name, ENCTYPE_NAME(decrypt_mode));
667 } else {
668 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
669 Name,
670 ENCTYPE_NAME_OK(decrypt_mode)
671 ? ENCTYPE_NAME(decrypt_mode)
672 : "(unknown)",
673 decrypt_mode);
674 encrypt_send_request_end();
675 }
676 }
677
678 void
679 encrypt_session_key(Session_Key *key, int server)
680 {
681 Encryptions *ep = encryptions;
682
683 havesessionkey = 1;
684
685 while (ep->type) {
686 if (ep->session)
687 (*ep->session)(key, server);
688 ++ep;
689 }
690 }
691
692 /*
693 * Called when ENCRYPT END is received.
694 */
695 void
696 encrypt_end(void)
697 {
698 decrypt_input = 0;
699 if (encrypt_debug_mode)
700 printf(">>>%s: Input is back to clear text\r\n", Name);
701 if (encrypt_verbose)
702 printf("[ Input is now clear text ]\r\n");
703 }
704
705 /*
706 * Called when ENCRYPT REQUEST-END is received.
707 */
708 void
709 encrypt_request_end(void)
710 {
711 encrypt_send_end();
712 }
713
714 /*
715 * Called when ENCRYPT REQUEST-START is received. If we receive
716 * this before a type is picked, then that indicates that the
717 * other side wants us to start encrypting data as soon as we
718 * can.
719 */
720 void
721 encrypt_request_start(unsigned char *data, int cnt)
722 {
723 if (encrypt_mode == 0) {
724 if (Server)
725 autoencrypt = 1;
726 return;
727 }
728 encrypt_start_output(encrypt_mode);
729 }
730
731 static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
732
733 static void
734 encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len)
735 {
736 Encryptions *ep;
737 int dir = kp->dir;
738 int ret = 0;
739
740 if (!(ep = (*kp->getcrypt)(*kp->modep))) {
741 if (len == 0)
742 return;
743 kp->keylen = 0;
744 } else if (len == 0) {
745 /*
746 * Empty option, indicates a failure.
747 */
748 if (kp->keylen == 0)
749 return;
750 kp->keylen = 0;
751 if (ep->keyid)
752 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
753
754 } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) {
755 /*
756 * Length or contents are different
757 */
758 kp->keylen = len;
759 memcpy(kp->keyid,keyid, len);
760 if (ep->keyid)
761 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
762 } else {
763 if (ep->keyid)
764 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
765 if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
766 encrypt_start_output(*kp->modep);
767 return;
768 }
769
770 encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
771 }
772
773 void encrypt_enc_keyid(unsigned char *keyid, int len)
774 {
775 encrypt_keyid(&ki[1], keyid, len);
776 }
777
778 void encrypt_dec_keyid(unsigned char *keyid, int len)
779 {
780 encrypt_keyid(&ki[0], keyid, len);
781 }
782
783
784 void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit)
785 {
786 unsigned char *strp;
787
788 str_keyid[3] = (dir == DIR_ENCRYPT)
789 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
790 if (saveit) {
791 struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
792 memcpy(kp->keyid,keyid, keylen);
793 kp->keylen = keylen;
794 }
795
796 for (strp = &str_keyid[4]; keylen > 0; --keylen) {
797 if ((*strp++ = *keyid++) == IAC)
798 *strp++ = IAC;
799 }
800 *strp++ = IAC;
801 *strp++ = SE;
802 telnet_net_write(str_keyid, strp - str_keyid);
803 printsub('>', &str_keyid[2], strp - str_keyid - 2);
804 }
805
806 void
807 encrypt_auto(int on)
808 {
809 if (on < 0)
810 autoencrypt ^= 1;
811 else
812 autoencrypt = on ? 1 : 0;
813 }
814
815 void
816 decrypt_auto(int on)
817 {
818 if (on < 0)
819 autodecrypt ^= 1;
820 else
821 autodecrypt = on ? 1 : 0;
822 }
823
824 void
825 encrypt_start_output(int type)
826 {
827 Encryptions *ep;
828 unsigned char *p;
829 int i;
830
831 if (!(ep = findencryption(type))) {
832 if (encrypt_debug_mode) {
833 printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
834 Name,
835 ENCTYPE_NAME_OK(type)
836 ? ENCTYPE_NAME(type) : "(unknown)",
837 type);
838 }
839 return;
840 }
841 if (ep->start) {
842 i = (*ep->start)(DIR_ENCRYPT, Server);
843 if (encrypt_debug_mode) {
844 printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
845 Name,
846 (i < 0) ? "failed" :
847 "initial negotiation in progress",
848 i, ENCTYPE_NAME(type));
849 }
850 if (i)
851 return;
852 }
853 p = str_start + 3;
854 *p++ = ENCRYPT_START;
855 for (i = 0; i < ki[0].keylen; ++i) {
856 if ((*p++ = ki[0].keyid[i]) == IAC)
857 *p++ = IAC;
858 }
859 *p++ = IAC;
860 *p++ = SE;
861 telnet_net_write(str_start, p - str_start);
862 net_encrypt();
863 printsub('>', &str_start[2], p - &str_start[2]);
864 /*
865 * If we are already encrypting in some mode, then
866 * encrypt the ring (which includes our request) in
867 * the old mode, mark it all as "clear text" and then
868 * switch to the new mode.
869 */
870 encrypt_output = ep->output;
871 encrypt_mode = type;
872 if (encrypt_debug_mode)
873 printf(">>>%s: Started to encrypt output with type %s\r\n",
874 Name, ENCTYPE_NAME(type));
875 if (encrypt_verbose)
876 printf("[ Output is now encrypted with type %s ]\r\n",
877 ENCTYPE_NAME(type));
878 }
879
880 void
881 encrypt_send_end(void)
882 {
883 if (!encrypt_output)
884 return;
885
886 str_end[3] = ENCRYPT_END;
887 telnet_net_write(str_end, sizeof(str_end));
888 net_encrypt();
889 printsub('>', &str_end[2], sizeof(str_end) - 2);
890 /*
891 * Encrypt the output buffer now because it will not be done by
892 * netflush...
893 */
894 encrypt_output = 0;
895 if (encrypt_debug_mode)
896 printf(">>>%s: Output is back to clear text\r\n", Name);
897 if (encrypt_verbose)
898 printf("[ Output is now clear text ]\r\n");
899 }
900
901 void
902 encrypt_send_request_start(void)
903 {
904 unsigned char *p;
905 int i;
906
907 p = &str_start[3];
908 *p++ = ENCRYPT_REQSTART;
909 for (i = 0; i < ki[1].keylen; ++i) {
910 if ((*p++ = ki[1].keyid[i]) == IAC)
911 *p++ = IAC;
912 }
913 *p++ = IAC;
914 *p++ = SE;
915 telnet_net_write(str_start, p - str_start);
916 printsub('>', &str_start[2], p - &str_start[2]);
917 if (encrypt_debug_mode)
918 printf(">>>%s: Request input to be encrypted\r\n", Name);
919 }
920
921 void
922 encrypt_send_request_end(void)
923 {
924 str_end[3] = ENCRYPT_REQEND;
925 telnet_net_write(str_end, sizeof(str_end));
926 printsub('>', &str_end[2], sizeof(str_end) - 2);
927
928 if (encrypt_debug_mode)
929 printf(">>>%s: Request input to be clear text\r\n", Name);
930 }
931
932
933 void encrypt_wait(void)
934 {
935 if (encrypt_debug_mode)
936 printf(">>>%s: in encrypt_wait\r\n", Name);
937 if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
938 return;
939 while (autoencrypt && !encrypt_output)
940 if (telnet_spin())
941 return;
942 }
943
944 int
945 encrypt_delay(void)
946 {
947 if(!havesessionkey ||
948 (I_SUPPORT_ENCRYPT & remote_supports_decrypt) == 0 ||
949 (I_SUPPORT_DECRYPT & remote_supports_encrypt) == 0)
950 return 0;
951 if(!(encrypt_output && decrypt_input))
952 return 1;
953 return 0;
954 }
955
956 int encrypt_is_encrypting()
957 {
958 if (encrypt_output && decrypt_input)
959 return 1;
960 return 0;
961 }
962
963 void
964 encrypt_debug(int mode)
965 {
966 encrypt_debug_mode = mode;
967 }
968
969 void encrypt_gen_printsub(unsigned char *data, int cnt,
970 unsigned char *buf, int buflen)
971 {
972 char tbuf[16], *cp;
973
974 cnt -= 2;
975 data += 2;
976 buf[buflen-1] = '\0';
977 buf[buflen-2] = '*';
978 buflen -= 2;;
979 for (; cnt > 0; cnt--, data++) {
980 snprintf(tbuf, sizeof(tbuf), " %d", *data);
981 for (cp = tbuf; *cp && buflen > 0; --buflen)
982 *buf++ = *cp++;
983 if (buflen <= 0)
984 return;
985 }
986 *buf = '\0';
987 }
988
989 void
990 encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
991 {
992 Encryptions *ep;
993 int type = data[1];
994
995 for (ep = encryptions; ep->type && ep->type != type; ep++)
996 ;
997
998 if (ep->printsub)
999 (*ep->printsub)(data, cnt, buf, buflen);
1000 else
1001 encrypt_gen_printsub(data, cnt, buf, buflen);
1002 }
1003 #endif
NetBSD on the FriendlyARM MINI2440