search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / cmd-inet / usr.bin / telnet / encrypt.c
blob29f438585ebfdc3b6242b429a5586875934a3610
1 /*
2 * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
4 */
5
6 /*
7 * usr/src/cmd/cmd-inet/usr.bin/telnet/encrypt.c
8 */
9
10 /*
11 * Copyright (c) 1991, 1993
12 * The Regents of the University of California. All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 * 3. All advertising materials mentioning features or use of this software
23 * must display the following acknowledgement:
24 * This product includes software developed by the University of
25 * California, Berkeley and its contributors.
26 * 4. Neither the name of the University nor the names of its contributors
27 * may be used to endorse or promote products derived from this software
28 * without specific prior written permission.
29 *
30 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
31 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
32 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
34 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
35 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
36 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
37 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
38 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
39 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 * SUCH DAMAGE.
41 */
42
43 /* based on @(#)encrypt.c 8.1 (Berkeley) 6/4/93 */
44
45 /*
46 * Copyright (C) 1990 by the Massachusetts Institute of Technology
47 *
48 * Export of this software from the United States of America may
49 * require a specific license from the United States Government.
50 * It is the responsibility of any person or organization contemplating
51 * export to obtain such a license before exporting.
52 *
53 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
54 * distribute this software and its documentation for any purpose and
55 * without fee is hereby granted, provided that the above copyright
56 * notice appear in all copies and that both that copyright notice and
57 * this permission notice appear in supporting documentation, and that
58 * the name of M.I.T. not be used in advertising or publicity pertaining
59 * to distribution of the software without specific, written prior
60 * permission. Furthermore if you modify this software you must label
61 * your software as modified software and not distribute it in such a
62 * fashion that it might be confused with the original M.I.T. software.
63 * M.I.T. makes no representations about the suitability of
64 * this software for any purpose. It is provided "as is" without express
65 * or implied warranty.
66 */
67
68 #define ENCRYPT_NAMES
69 #include <arpa/telnet.h>
70
71 #include "externs.h"
72
73 #ifdef __STDC__
74 #include <stdlib.h>
75 #endif
76
77 /*
78 * These functions pointers point to the current routines
79 * for encrypting and decrypting data.
80 */
81 void (*encrypt_output)(uchar_t *, int);
82 int (*decrypt_input)(int);
83 static void encrypt_start_output(int);
84 static void encrypt_send_end(void);
85 static void encrypt_send_request_start(void);
86 static void encrypt_send_request_end(void);
87
88 boolean_t encrypt_debug_mode = B_FALSE;
89
90 static int decrypt_mode = 0;
91 static int encrypt_mode = 0;
92 static boolean_t encrypt_verbose = B_FALSE;
93 static boolean_t autoencrypt = B_FALSE;
94 static boolean_t autodecrypt = B_FALSE;
95 static char *Name = "Noname";
96
97 #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0)
98 #define SUCCESS 0x00
99 #define UNKNOWN gettext("(unknown)")
100
101 static int i_support_encrypt = typemask(TELOPT_ENCTYPE_DES_CFB64);
102 static int i_support_decrypt = typemask(TELOPT_ENCTYPE_DES_CFB64);
103 static int i_wont_support_encrypt = 0;
104 static int i_wont_support_decrypt = 0;
105 #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt)
106 #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt)
107
108 static int remote_supports_encrypt = 0;
109 static int remote_supports_decrypt = 0;
110
111 static Encryptions encryptions[] = {
112 { "DES_CFB64", TELOPT_ENCTYPE_DES_CFB64,
113 cfb64_encrypt,
114 cfb64_decrypt,
115 cfb64_init,
116 cfb64_start,
117 cfb64_is,
118 cfb64_reply,
119 cfb64_session,
120 cfb64_keyid,
121 cfb64_printsub },
122 { 0, },
123 };
124
125 static uchar_t str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
126 ENCRYPT_SUPPORT };
127 static uchar_t str_suplen = 0;
128 static uchar_t str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
129 static uchar_t str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
130
131 static Encryptions *
132 findencryption(int type)
133 {
134 Encryptions *ep = encryptions;
135
136 if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
137 return (NULL);
138 for (; (ep->type != 0) && (ep->type != type); ep++);
139 return (ep->type ? ep : NULL);
140 }
141
142 static Encryptions *
143 finddecryption(int type)
144 {
145 Encryptions *ep = encryptions;
146
147 if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
148 return (NULL);
149 while (ep->type && ep->type != type)
150 ++ep;
151 return (ep->type ? ep : NULL);
152 }
153
154 #define MAXKEYLEN 64
155
156 static struct key_info {
157 uchar_t keyid[MAXKEYLEN];
158 int keylen;
159 int dir;
160 int *modep;
161 Encryptions *(*getcrypt)();
162 } ki[2] = {
163 { { 0 }, 0, TELNET_DIR_ENCRYPT, &encrypt_mode, findencryption },
164 { { 0 }, 0, TELNET_DIR_DECRYPT, &decrypt_mode, finddecryption },
165 };
166 #define KI_ENCRYPT 0
167 #define KI_DECRYPT 1
168
169 void
170 encrypt_init(char *name)
171 {
172 Encryptions *ep = encryptions;
173
174 Name = name;
175 i_support_encrypt = i_support_decrypt = 0;
176 remote_supports_encrypt = remote_supports_decrypt = 0;
177 encrypt_mode = 0;
178 decrypt_mode = 0;
179 encrypt_output = 0;
180 decrypt_input = 0;
181 #ifdef notdef
182 encrypt_verbose = !server;
183 #endif
184
185 str_suplen = 4;
186
187 while (ep->type) {
188 if (encrypt_debug_mode)
189 (void) printf(gettext(
190 ">>>%s: I will support %s\r\n"),
191 Name, ENCTYPE_NAME(ep->type));
192 i_support_encrypt |= typemask(ep->type);
193 i_support_decrypt |= typemask(ep->type);
194 if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
195 if ((str_send[str_suplen++] = ep->type) == IAC)
196 str_send[str_suplen++] = IAC;
197 if (ep->init)
198 (*ep->init)();
199 ++ep;
200 }
201 str_send[str_suplen++] = IAC;
202 str_send[str_suplen++] = SE;
203 }
204
205 static void
206 encrypt_list_types(void)
207 {
208 Encryptions *ep = encryptions;
209
210 (void) printf(gettext("Valid encryption types:\n"));
211 while (ep->type) {
212 (void) printf("\t%s (%d)\r\n",
213 ENCTYPE_NAME(ep->type), ep->type);
214 ++ep;
215 }
216 }
217
218 int
219 EncryptEnable(char *type, char *mode)
220 {
221 if (isprefix(type, "help") || isprefix(type, "?")) {
222 (void) printf(gettext(
223 "Usage: encrypt enable <type> [input|output]\n"));
224 encrypt_list_types();
225 return (0);
226 }
227
228 if (EncryptType(type, mode))
229 return (EncryptStart(mode));
230
231 return (0);
232 }
233
234 int
235 EncryptDisable(char *type, char *mode)
236 {
237 register Encryptions *ep;
238 int ret = 0;
239
240 if (isprefix(type, "help") || isprefix(type, "?")) {
241 (void) printf(gettext(
242 "Usage: encrypt disable <type> [input|output]\n"));
243 encrypt_list_types();
244 } else if ((ep = (Encryptions *)genget(type, (char **)encryptions,
245 sizeof (Encryptions))) == 0) {
246 (void) printf(gettext("%s: invalid encryption type\n"), type);
247 } else if (Ambiguous(ep)) {
248 (void) printf(gettext("Ambiguous type '%s'\n"), type);
249 } else {
250 if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
251 if (decrypt_mode == ep->type)
252 (void) EncryptStopInput();
253 i_wont_support_decrypt |= typemask(ep->type);
254 ret = 1;
255 }
256 if ((mode == 0) || (isprefix(mode, "output"))) {
257 if (encrypt_mode == ep->type)
258 (void) EncryptStopOutput();
259 i_wont_support_encrypt |= typemask(ep->type);
260 ret = 1;
261 }
262 if (ret == 0)
263 (void) printf(gettext(
264 "%s: invalid encryption mode\n"), mode);
265 }
266 return (ret);
267 }
268
269 int
270 EncryptType(char *type, char *mode)
271 {
272 register Encryptions *ep;
273 int ret = 0;
274
275 if (isprefix(type, "help") || isprefix(type, "?")) {
276 (void) printf(gettext(
277 "Usage: encrypt type <type> [input|output]\n"));
278 encrypt_list_types();
279 } else if ((ep = (Encryptions *)genget(type, (char **)encryptions,
280 sizeof (Encryptions))) == 0) {
281 (void) printf(gettext("%s: invalid encryption type\n"), type);
282 } else if (Ambiguous(ep)) {
283 (void) printf(gettext("Ambiguous type '%s'\n"), type);
284 } else {
285 if ((mode == 0) || isprefix(mode, "input")) {
286 decrypt_mode = ep->type;
287 i_wont_support_decrypt &= ~typemask(ep->type);
288 ret = 1;
289 }
290 if ((mode == 0) || isprefix(mode, "output")) {
291 encrypt_mode = ep->type;
292 i_wont_support_encrypt &= ~typemask(ep->type);
293 ret = 1;
294 }
295 if (ret == 0)
296 (void) printf(gettext(
297 "%s: invalid encryption mode\n"), mode);
298 }
299 return (ret);
300 }
301
302 int
303 EncryptStart(char *mode)
304 {
305 register int ret = 0;
306 if (mode) {
307 if (isprefix(mode, "input"))
308 return (EncryptStartInput());
309 if (isprefix(mode, "output"))
310 return (EncryptStartOutput());
311 if (isprefix(mode, "help") || isprefix(mode, "?")) {
312 (void) printf(gettext(
313 "Usage: encrypt start [input|output]\n"));
314 return (0);
315 }
316 (void) printf(gettext(
317 "%s: invalid encryption mode 'encrypt start ?' "
318 "for help\n"), mode);
319 return (0);
320 }
321 ret += EncryptStartInput();
322 ret += EncryptStartOutput();
323 return (ret);
324 }
325
326 int
327 EncryptStartInput(void)
328 {
329 if (decrypt_mode) {
330 encrypt_send_request_start();
331 return (1);
332 }
333 (void) printf(gettext("No previous decryption mode, "
334 "decryption not enabled\r\n"));
335 return (0);
336 }
337
338 int
339 EncryptStartOutput(void)
340 {
341 if (encrypt_mode) {
342 encrypt_start_output(encrypt_mode);
343 return (1);
344 }
345 (void) printf(gettext("No previous encryption mode, "
346 "encryption not enabled\r\n"));
347 return (0);
348 }
349
350 int
351 EncryptStop(char *mode)
352 {
353 int ret = 0;
354 if (mode) {
355 if (isprefix(mode, "input"))
356 return (EncryptStopInput());
357 if (isprefix(mode, "output"))
358 return (EncryptStopOutput());
359 if (isprefix(mode, "help") || isprefix(mode, "?")) {
360 (void) printf(gettext(
361 "Usage: encrypt stop [input|output]\n"));
362 return (0);
363 }
364 (void) printf(gettext(
365 "%s: invalid encryption mode 'encrypt stop ?' "
366 "for help\n"), mode);
367 return (0);
368 }
369 ret += EncryptStopInput();
370 ret += EncryptStopOutput();
371 return (ret);
372 }
373
374 int
375 EncryptStopInput(void)
376 {
377 encrypt_send_request_end();
378 return (1);
379 }
380
381 int
382 EncryptStopOutput(void)
383 {
384 encrypt_send_end();
385 return (1);
386 }
387
388 void
389 encrypt_display(void)
390 {
391 if (encrypt_output)
392 (void) printf(gettext(
393 "Currently encrypting output with %s\r\n"),
394 ENCTYPE_NAME(encrypt_mode));
395 if (decrypt_input)
396 (void) printf(gettext(
397 "Currently decrypting input with %s\r\n"),
398 ENCTYPE_NAME(decrypt_mode));
399 }
400
401 int
402 EncryptStatus(void)
403 {
404 if (encrypt_output)
405 (void) printf(gettext(
406 "Currently encrypting output with %s\r\n"),
407 ENCTYPE_NAME(encrypt_mode));
408 else if (encrypt_mode) {
409 (void) printf(gettext("Currently output is clear text.\r\n"));
410 (void) printf(gettext("Last encryption mode was %s\r\n"),
411 ENCTYPE_NAME(encrypt_mode));
412 }
413 if (decrypt_input) {
414 (void) printf(gettext(
415 "Currently decrypting input with %s\r\n"),
416 ENCTYPE_NAME(decrypt_mode));
417 } else if (decrypt_mode) {
418 (void) printf(gettext("Currently input is clear text.\r\n"));
419 (void) printf(gettext("Last decryption mode was %s\r\n"),
420 ENCTYPE_NAME(decrypt_mode));
421 }
422 return (1);
423 }
424
425 void
426 encrypt_send_support(void)
427 {
428 if (str_suplen) {
429 /*
430 * If the user has requested that decryption start
431 * immediatly, then send a "REQUEST START" before
432 * we negotiate the type.
433 */
434 if (autodecrypt)
435 encrypt_send_request_start();
436 (void) net_write(str_send, str_suplen);
437 printsub('>', &str_send[2], str_suplen - 2);
438 str_suplen = 0;
439 }
440 }
441
442 int
443 EncryptDebug(int on)
444 {
445 encrypt_debug_mode = (on < 0) ? !encrypt_debug_mode :
446 (on > 0) ? B_TRUE : B_FALSE;
447 (void) printf(encrypt_debug_mode ?
448 gettext("Encryption debugging enabled\r\n") :
449 gettext("Encryption debugging disabled\r\n"));
450 return (1);
451 }
452
453 int
454 EncryptVerbose(int on)
455 {
456 encrypt_verbose = (on < 0) ? !encrypt_verbose :
457 (on > 0) ? B_TRUE : B_FALSE;
458 (void) printf(encrypt_verbose ?
459 gettext("Encryption is verbose\r\n") :
460 gettext("Encryption is not verbose\r\n"));
461 return (1);
462 }
463
464 int
465 EncryptAutoEnc(int on)
466 {
467 encrypt_auto(on);
468 (void) printf(autoencrypt ?
469 gettext("Automatic encryption of output is enabled\r\n") :
470 gettext("Automatic encryption of output is disabled\r\n"));
471 return (1);
472 }
473
474 int
475 EncryptAutoDec(int on)
476 {
477 decrypt_auto(on);
478 (void) printf(autodecrypt ?
479 gettext("Automatic decryption of input is enabled\r\n") :
480 gettext("Automatic decryption of input is disabled\r\n"));
481 return (1);
482 }
483
484 /*
485 * Called when ENCRYPT SUPPORT is received.
486 */
487 void
488 encrypt_support(uchar_t *typelist, int cnt)
489 {
490 register int type, use_type = 0;
491 Encryptions *ep;
492
493 /*
494 * Forget anything the other side has previously told us.
495 */
496 remote_supports_decrypt = 0;
497
498 while (cnt-- > 0) {
499 type = *typelist++;
500 if (encrypt_debug_mode)
501 (void) printf(gettext(
502 ">>>%s: Remote host supports %s (%d)\r\n"),
503 Name, ENCTYPE_NAME(type), type);
504 if ((type < TELOPT_ENCTYPE_CNT) &&
505 (I_SUPPORT_ENCRYPT & typemask(type))) {
506 remote_supports_decrypt |= typemask(type);
507 if (use_type == 0)
508 use_type = type;
509 }
510 }
511 if (use_type) {
512 ep = findencryption(use_type);
513 if (!ep)
514 return;
515 type = ep->start ? (*ep->start)(TELNET_DIR_ENCRYPT) : 0;
516 if (encrypt_debug_mode)
517 (void) printf(gettext(
518 ">>>%s: (*ep->start)() returned %d\r\n"),
519 Name, type);
520 if (type < 0)
521 return;
522 encrypt_mode = use_type;
523 if (type == 0)
524 encrypt_start_output(use_type);
525 }
526 }
527
528 void
529 encrypt_is(uchar_t *data, int cnt)
530 {
531 Encryptions *ep;
532 register int type, ret;
533
534 if (--cnt < 0)
535 return;
536 type = *data++;
537 if (type < TELOPT_ENCTYPE_CNT)
538 remote_supports_encrypt |= typemask(type);
539 if (!(ep = finddecryption(type))) {
540 if (encrypt_debug_mode)
541 (void) printf(gettext(
542 ">>>%s: Can't find type %s (%d) for "
543 "initial negotiation\r\n"), Name,
544 ENCTYPE_NAME_OK(type) ?
545 ENCTYPE_NAME(type) : UNKNOWN, type);
546 return;
547 }
548 if (!ep->is) {
549 if (encrypt_debug_mode)
550 (void) printf(gettext(
551 ">>>%s: No initial negotiation needed "
552 "for type %s (%d)\r\n"), Name,
553 ENCTYPE_NAME_OK(type) ?
554 ENCTYPE_NAME(type) : UNKNOWN, type);
555 ret = 0;
556 } else {
557 ret = (*ep->is)(data, cnt);
558 if (encrypt_debug_mode)
559 (void) printf(gettext(
560 "(*ep->is)(%x, %d) returned %s(%d)\n"),
561 data, cnt, (ret < 0) ? "FAIL " :
562 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
563 }
564 if (ret < 0) {
565 autodecrypt = B_FALSE;
566 } else {
567 decrypt_mode = type;
568 if (ret == 0 && autodecrypt)
569 encrypt_send_request_start();
570 }
571 }
572
573 void
574 encrypt_reply(uchar_t *data, int cnt)
575 {
576 Encryptions *ep;
577 register int ret, type;
578
579 if (--cnt < 0)
580 return;
581 type = *data++;
582 if (!(ep = findencryption(type))) {
583 if (encrypt_debug_mode)
584 (void) printf(gettext(
585 ">>>%s: Can't find type %s (%d) "
586 "for initial negotiation\r\n"), Name,
587 ENCTYPE_NAME_OK(type) ?
588 ENCTYPE_NAME(type) : UNKNOWN, type);
589 return;
590 }
591 if (!ep->reply) {
592 if (encrypt_debug_mode)
593 (void) printf(gettext(
594 ">>>%s: No initial negotiation needed "
595 "for type %s (%d)\r\n"), Name,
596 ENCTYPE_NAME_OK(type) ?
597 ENCTYPE_NAME(type) : UNKNOWN, type);
598 ret = 0;
599 } else {
600 ret = (*ep->reply)(data, cnt);
601 if (encrypt_debug_mode)
602 (void) printf(gettext(
603 "(*ep->reply)(%x, %d) returned %s(%d)\n"),
604 data, cnt, (ret < 0) ? "FAIL " :
605 (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
606 }
607 if (encrypt_debug_mode)
608 (void) printf(gettext(
609 ">>>%s: encrypt_reply returned %d\n"), Name, ret);
610 if (ret < 0) {
611 autoencrypt = B_FALSE;
612 } else {
613 encrypt_mode = type;
614 if (ret == 0 && autoencrypt)
615 encrypt_start_output(type);
616 }
617 }
618
619 /*
620 * Called when a ENCRYPT START command is received.
621 */
622 /* ARGSUSED */
623 void
624 encrypt_start(uchar_t *data, int cnt)
625 {
626 Encryptions *ep;
627
628 if (!decrypt_mode) {
629 /*
630 * Something is wrong. We should not get a START
631 * command without having already picked our
632 * decryption scheme. Send a REQUEST-END to
633 * attempt to clear the channel...
634 */
635 (void) printf(gettext("%s: Warning, cannot decrypt "
636 "input stream!!!\r\n"), Name);
637 encrypt_send_request_end();
638 return;
639 }
640
641 if (ep = finddecryption(decrypt_mode)) {
642 decrypt_input = ep->input;
643 if (encrypt_verbose)
644 (void) printf(gettext(
645 "[ Input is now decrypted with type %s ]\r\n"),
646 ENCTYPE_NAME(decrypt_mode));
647 if (encrypt_debug_mode)
648 (void) printf(gettext(
649 ">>>%s: Start to decrypt input with type %s\r\n"),
650 Name, ENCTYPE_NAME(decrypt_mode));
651 } else {
652 (void) printf(gettext(
653 "%s: Warning, cannot decrypt type %s (%d)!!!\r\n"),
654 Name, ENCTYPE_NAME_OK(decrypt_mode) ?
655 ENCTYPE_NAME(decrypt_mode) : UNKNOWN,
656 decrypt_mode);
657 encrypt_send_request_end();
658 }
659 }
660
661 void
662 encrypt_session_key(Session_Key *key)
663 {
664 Encryptions *ep = encryptions;
665
666 while (ep->type) {
667 if (ep->session)
668 (*ep->session)(key);
669 #ifdef notdef
670 if (!encrypt_output && autoencrypt)
671 encrypt_start_output(ep->type);
672 if (!decrypt_input && autodecrypt)
673 encrypt_send_request_start();
674 #endif
675 ++ep;
676 }
677 }
678
679 /*
680 * Called when ENCRYPT END is received.
681 */
682 void
683 encrypt_end(void)
684 {
685 decrypt_input = 0;
686 if (encrypt_debug_mode)
687 (void) printf(gettext(
688 ">>>%s: Input is back to clear text\r\n"), Name);
689 if (encrypt_verbose)
690 (void) printf(gettext("[ Input is now clear text ]\r\n"));
691 }
692
693 /*
694 * Called when ENCRYPT REQUEST-END is received.
695 */
696 void
697 encrypt_request_end(void)
698 {
699 encrypt_send_end();
700 }
701
702 /*
703 * Called when ENCRYPT REQUEST-START is received. If we receive
704 * this before a type is picked, then that indicates that the
705 * other side wants us to start encrypting data as soon as we
706 * can.
707 */
708 /* ARGSUSED */
709 void
710 encrypt_request_start(uchar_t *data, int cnt)
711 {
712 if (encrypt_mode == 0)
713 return;
714 encrypt_start_output(encrypt_mode);
715 }
716
717 static uchar_t str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
718 static void encrypt_keyid(struct key_info *, uchar_t *, int);
719
720 void
721 encrypt_enc_keyid(uchar_t *keyid, int len)
722 {
723 encrypt_keyid(&ki[KI_DECRYPT], keyid, len);
724 }
725
726 void
727 encrypt_dec_keyid(uchar_t *keyid, int len)
728 {
729 encrypt_keyid(&ki[KI_ENCRYPT], keyid, len);
730 }
731
732 static void
733 encrypt_keyid(struct key_info *kp, uchar_t *keyid, int len)
734 {
735 Encryptions *ep;
736 int dir = kp->dir;
737 register int ret = 0;
738
739 if (!(ep = (*kp->getcrypt)(*kp->modep))) {
740 if (len == 0)
741 return;
742 kp->keylen = 0;
743 } else if (len == 0) {
744 /*
745 * Empty option, indicates a failure.
746 */
747 if (kp->keylen == 0)
748 return;
749 kp->keylen = 0;
750 if (ep->keyid)
751 (void) (*ep->keyid)(dir, kp->keyid, &kp->keylen);
752
753 } else if ((len != kp->keylen) ||
754 (memcmp(keyid, kp->keyid, len) != 0)) {
755 /*
756 * Length or contents are different
757 */
758 kp->keylen = len;
759 (void) memcpy(kp->keyid, keyid, len);
760 if (ep->keyid)
761 (void) (*ep->keyid)(dir, kp->keyid, &kp->keylen);
762 } else {
763 if (ep->keyid)
764 ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
765 if ((ret == 0) && (dir == TELNET_DIR_ENCRYPT) && autoencrypt)
766 encrypt_start_output(*kp->modep);
767 return;
768 }
769
770 encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
771 }
772
773 void
774 encrypt_send_keyid(int dir, uchar_t *keyid, int keylen, int saveit)
775 {
776 uchar_t *strp;
777
778 str_keyid[3] = (dir == TELNET_DIR_ENCRYPT)
779 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
780 if (saveit) {
781 struct key_info *kp = &ki[(dir == TELNET_DIR_ENCRYPT) ? 0 : 1];
782 (void) memcpy(kp->keyid, keyid, keylen);
783 kp->keylen = keylen;
784 }
785
786 for (strp = &str_keyid[4]; keylen > 0; --keylen) {
787 if ((*strp++ = *keyid++) == IAC)
788 *strp++ = IAC;
789 }
790 *strp++ = IAC;
791 *strp++ = SE;
792 (void) net_write(str_keyid, strp - str_keyid);
793 printsub('>', &str_keyid[2], strp - str_keyid - 2);
794 }
795
796 void
797 encrypt_auto(int on)
798 {
799 autoencrypt = (on < 0) ? !autoencrypt :
800 (on > 0) ? B_TRUE : B_FALSE;
801 }
802
803 void
804 decrypt_auto(int on)
805 {
806 autodecrypt = (on < 0) ? !autodecrypt :
807 (on > 0) ? B_TRUE : B_FALSE;
808 }
809
810 static void
811 encrypt_start_output(int type)
812 {
813 Encryptions *ep;
814 register uchar_t *p;
815 register int i;
816
817 if (!(ep = findencryption(type))) {
818 if (encrypt_debug_mode) {
819 (void) printf(gettext(
820 ">>>%s: Can't encrypt with type %s (%d)\r\n"),
821 Name, ENCTYPE_NAME_OK(type) ?
822 ENCTYPE_NAME(type) : UNKNOWN, type);
823 }
824 return;
825 }
826 if (ep->start) {
827 i = (*ep->start)(TELNET_DIR_ENCRYPT);
828 if (encrypt_debug_mode) {
829 (void) printf(gettext(
830 ">>>%s: Encrypt start: %s (%d) %s\r\n"),
831 Name, (i < 0) ?
832 gettext("failed") :
833 gettext("initial negotiation in progress"),
834 i, ENCTYPE_NAME(type));
835 }
836 if (i)
837 return;
838 }
839 p = str_start + 3;
840 *p++ = ENCRYPT_START;
841 for (i = 0; i < ki[KI_ENCRYPT].keylen; ++i) {
842 if ((*p++ = ki[KI_ENCRYPT].keyid[i]) == IAC)
843 *p++ = IAC;
844 }
845 *p++ = IAC;
846 *p++ = SE;
847 (void) net_write(str_start, p - str_start);
848 net_encrypt();
849 printsub('>', &str_start[2], p - &str_start[2]);
850 /*
851 * If we are already encrypting in some mode, then
852 * encrypt the ring (which includes our request) in
853 * the old mode, mark it all as "clear text" and then
854 * switch to the new mode.
855 */
856 encrypt_output = ep->output;
857 encrypt_mode = type;
858 if (encrypt_debug_mode)
859 (void) printf(gettext(
860 ">>>%s: Started to encrypt output with type %s\r\n"),
861 Name, ENCTYPE_NAME(type));
862 if (encrypt_verbose)
863 (void) printf(gettext(
864 "[ Output is now encrypted with type %s ]\r\n"),
865 ENCTYPE_NAME(type));
866 }
867
868 static void
869 encrypt_send_end(void)
870 {
871 if (!encrypt_output)
872 return;
873
874 str_end[3] = ENCRYPT_END;
875 (void) net_write(str_end, sizeof (str_end));
876 net_encrypt();
877 printsub('>', &str_end[2], sizeof (str_end) - 2);
878 /*
879 * Encrypt the output buffer now because it will not be done by
880 * netflush...
881 */
882 encrypt_output = 0;
883 if (encrypt_debug_mode)
884 (void) printf(gettext(
885 ">>>%s: Output is back to clear text\r\n"), Name);
886 if (encrypt_verbose)
887 (void) printf(gettext("[ Output is now clear text ]\r\n"));
888 }
889
890 static void
891 encrypt_send_request_start(void)
892 {
893 register uchar_t *p;
894 register int i;
895
896 p = &str_start[3];
897 *p++ = ENCRYPT_REQSTART;
898 for (i = 0; i < ki[KI_DECRYPT].keylen; ++i) {
899 if ((*p++ = ki[KI_DECRYPT].keyid[i]) == IAC)
900 *p++ = IAC;
901 }
902 *p++ = IAC;
903 *p++ = SE;
904 (void) net_write(str_start, p - str_start);
905 printsub('>', &str_start[2], p - &str_start[2]);
906 if (encrypt_debug_mode)
907 (void) printf(gettext(
908 ">>>%s: Request input to be encrypted\r\n"), Name);
909 }
910
911 static void
912 encrypt_send_request_end(void)
913 {
914 str_end[3] = ENCRYPT_REQEND;
915 (void) net_write(str_end, sizeof (str_end));
916 printsub('>', &str_end[2], sizeof (str_end) - 2);
917
918 if (encrypt_debug_mode)
919 (void) printf(gettext(
920 ">>>%s: Request input to be clear text\r\n"), Name);
921 }
922
923 boolean_t
924 encrypt_is_encrypting(void)
925 {
926 return (encrypt_output && decrypt_input ? B_TRUE : B_FALSE);
927 }
928
929 static void
930 encrypt_gen_printsub(uchar_t *data, int cnt, uchar_t *buf, int buflen)
931 {
932 char lbuf[ENCR_LBUF_BUFSIZ], *cp;
933
934 if (cnt < 2 || buflen < 2)
935 return;
936 cnt -= 2;
937 data += 2;
938 buf[buflen-1] = '\0';
939 buf[buflen-2] = '*';
940 buflen -= 2;
941 for (; cnt > 0; cnt--, data++) {
942 (void) snprintf(lbuf, ENCR_LBUF_BUFSIZ, " %d", *data);
943 for (cp = lbuf; *cp && buflen > 0; --buflen)
944 *buf++ = *cp++;
945 if (buflen <= 0)
946 return;
947 }
948 *buf = '\0';
949 }
950
951 void
952 encrypt_printsub(uchar_t *data, int cnt, uchar_t *buf, int buflen)
953 {
954 Encryptions *ep;
955 register int type = data[1];
956
957 for (ep = encryptions; ep->type && ep->type != type; ep++)
958 ;
959
960 if (ep->printsub)
961 (*ep->printsub)(data, cnt, buf, buflen);
962 else
963 encrypt_gen_printsub(data, cnt, buf, buflen);
964 }
unleashed repo fork