encrypt.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright 2002 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*/
/*
* Copyright (c) 1991, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* based on @(#)encrypt.c 8.1 (Berkeley) 6/4/93 */
/*
* Copyright (C) 1990 by the Massachusetts Institute of Technology
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
#ifdef lint
static char *encrypt_names[] = {0};
static char *enctype_names[] = {0};
#else /* lint */
#define ENCRYPT_NAMES
#endif /* lint */
#include "externs.h"
#ifdef __STDC__
#include <stdlib.h>
#endif
/*
* These functions pointers point to the current routines
* for encrypting and decrypting data.
*/
void (*encrypt_output)(uchar_t *, int);
int (*decrypt_input)(int);
static void encrypt_start_output(int);
static void encrypt_send_end(void);
static void encrypt_send_request_start(void);
static void encrypt_send_request_end(void);
static int decrypt_mode = 0;
static int encrypt_mode = 0;
static char *Name = "Noname";
#define SUCCESS 0x00
static int i_wont_support_encrypt = 0;
static int i_wont_support_decrypt = 0;
static int remote_supports_encrypt = 0;
static int remote_supports_decrypt = 0;
static Encryptions encryptions[] = {
{ "DES_CFB64", TELOPT_ENCTYPE_DES_CFB64,
{ 0, },
};
static uchar_t str_suplen = 0;
static Encryptions *
findencryption(int type)
{
return (NULL);
}
static Encryptions *
finddecryption(int type)
{
return (NULL);
++ep;
}
#define MAXKEYLEN 64
static struct key_info {
int keylen;
int dir;
int *modep;
Encryptions *(*getcrypt)();
} ki[2] = {
};
#define KI_ENCRYPT 0
#define KI_DECRYPT 1
void
encrypt_init(char *name)
{
encrypt_mode = 0;
decrypt_mode = 0;
encrypt_output = 0;
decrypt_input = 0;
#ifdef notdef
#endif
str_suplen = 4;
if (encrypt_debug_mode)
">>>%s: I will support %s\r\n"),
++ep;
}
}
static void
encrypt_list_types(void)
{
(void) printf("\t%s (%d)\r\n",
++ep;
}
}
int
{
"Usage: encrypt enable <type> [input|output]\n"));
return (0);
}
return (EncryptStart(mode));
return (0);
}
int
{
register Encryptions *ep;
int ret = 0;
"Usage: encrypt disable <type> [input|output]\n"));
sizeof (Encryptions))) == 0) {
} else {
(void) EncryptStopInput();
ret = 1;
}
(void) EncryptStopOutput();
ret = 1;
}
if (ret == 0)
"%s: invalid encryption mode\n"), mode);
}
return (ret);
}
int
{
register Encryptions *ep;
int ret = 0;
"Usage: encrypt type <type> [input|output]\n"));
sizeof (Encryptions))) == 0) {
} else {
ret = 1;
}
ret = 1;
}
if (ret == 0)
"%s: invalid encryption mode\n"), mode);
}
return (ret);
}
int
EncryptStart(char *mode)
{
register int ret = 0;
if (mode) {
return (EncryptStartInput());
return (EncryptStartOutput());
"Usage: encrypt start [input|output]\n"));
return (0);
}
"%s: invalid encryption mode 'encrypt start ?' "
"for help\n"), mode);
return (0);
}
ret += EncryptStartInput();
ret += EncryptStartOutput();
return (ret);
}
int
EncryptStartInput(void)
{
if (decrypt_mode) {
return (1);
}
"decryption not enabled\r\n"));
return (0);
}
int
EncryptStartOutput(void)
{
if (encrypt_mode) {
return (1);
}
"encryption not enabled\r\n"));
return (0);
}
int
EncryptStop(char *mode)
{
int ret = 0;
if (mode) {
return (EncryptStopInput());
return (EncryptStopOutput());
"Usage: encrypt stop [input|output]\n"));
return (0);
}
"%s: invalid encryption mode 'encrypt stop ?' "
"for help\n"), mode);
return (0);
}
ret += EncryptStopInput();
ret += EncryptStopOutput();
return (ret);
}
int
EncryptStopInput(void)
{
return (1);
}
int
EncryptStopOutput(void)
{
return (1);
}
void
encrypt_display(void)
{
if (encrypt_output)
"Currently encrypting output with %s\r\n"),
if (decrypt_input)
"Currently decrypting input with %s\r\n"),
}
int
EncryptStatus(void)
{
if (encrypt_output)
"Currently encrypting output with %s\r\n"),
else if (encrypt_mode) {
}
if (decrypt_input) {
"Currently decrypting input with %s\r\n"),
} else if (decrypt_mode) {
}
return (1);
}
void
encrypt_send_support(void)
{
if (str_suplen) {
/*
* If the user has requested that decryption start
* immediatly, then send a "REQUEST START" before
* we negotiate the type.
*/
if (autodecrypt)
str_suplen = 0;
}
}
int
EncryptDebug(int on)
{
(void) printf(encrypt_debug_mode ?
gettext("Encryption debugging enabled\r\n") :
gettext("Encryption debugging disabled\r\n"));
return (1);
}
int
EncryptVerbose(int on)
{
(void) printf(encrypt_verbose ?
gettext("Encryption is verbose\r\n") :
gettext("Encryption is not verbose\r\n"));
return (1);
}
int
EncryptAutoEnc(int on)
{
(void) printf(autoencrypt ?
gettext("Automatic encryption of output is enabled\r\n") :
gettext("Automatic encryption of output is disabled\r\n"));
return (1);
}
int
EncryptAutoDec(int on)
{
(void) printf(autodecrypt ?
gettext("Automatic decryption of input is enabled\r\n") :
gettext("Automatic decryption of input is disabled\r\n"));
return (1);
}
/*
* Called when ENCRYPT SUPPORT is received.
*/
void
{
/*
* Forget anything the other side has previously told us.
*/
while (cnt-- > 0) {
if (encrypt_debug_mode)
">>>%s: Remote host supports %s (%d)\r\n"),
if ((type < TELOPT_ENCTYPE_CNT) &&
if (use_type == 0)
}
}
if (use_type) {
if (!ep)
return;
if (encrypt_debug_mode)
">>>%s: (*ep->start)() returned %d\r\n"),
if (type < 0)
return;
if (type == 0)
}
}
void
{
if (--cnt < 0)
return;
if (type < TELOPT_ENCTYPE_CNT)
if (encrypt_debug_mode)
">>>%s: Can't find type %s (%d) for "
"initial negotiation\r\n"), Name,
return;
}
if (encrypt_debug_mode)
">>>%s: No initial negotiation needed "
"for type %s (%d)\r\n"), Name,
ret = 0;
} else {
if (encrypt_debug_mode)
"(*ep->is)(%x, %d) returned %s(%d)\n"),
}
if (ret < 0) {
} else {
decrypt_mode = type;
if (ret == 0 && autodecrypt)
}
}
void
{
if (--cnt < 0)
return;
if (encrypt_debug_mode)
">>>%s: Can't find type %s (%d) "
"for initial negotiation\r\n"), Name,
return;
}
if (encrypt_debug_mode)
">>>%s: No initial negotiation needed "
"for type %s (%d)\r\n"), Name,
ret = 0;
} else {
if (encrypt_debug_mode)
"(*ep->reply)(%x, %d) returned %s(%d)\n"),
}
if (encrypt_debug_mode)
if (ret < 0) {
} else {
encrypt_mode = type;
if (ret == 0 && autoencrypt)
}
}
/*
* Called when a ENCRYPT START command is received.
*/
/* ARGSUSED */
void
{
if (!decrypt_mode) {
/*
* Something is wrong. We should not get a START
* command without having already picked our
* decryption scheme. Send a REQUEST-END to
* attempt to clear the channel...
*/
"input stream!!!\r\n"), Name);
return;
}
if (encrypt_verbose)
"[ Input is now decrypted with type %s ]\r\n"),
if (encrypt_debug_mode)
">>>%s: Start to decrypt input with type %s\r\n"),
} else {
"%s: Warning, cannot decrypt type %s (%d)!!!\r\n"),
}
}
void
{
#ifdef notdef
if (!encrypt_output && autoencrypt)
if (!decrypt_input && autodecrypt)
#endif
++ep;
}
}
/*
* Called when ENCRYPT END is received.
*/
void
encrypt_end(void)
{
decrypt_input = 0;
if (encrypt_debug_mode)
">>>%s: Input is back to clear text\r\n"), Name);
if (encrypt_verbose)
}
/*
* Called when ENCRYPT REQUEST-END is received.
*/
void
encrypt_request_end(void)
{
}
/*
* Called when ENCRYPT REQUEST-START is received. If we receive
* this before a type is picked, then that indicates that the
* other side wants us to start encrypting data as soon as we
* can.
*/
/* ARGSUSED */
void
{
if (encrypt_mode == 0)
return;
}
void
{
}
void
{
}
static void
{
register int ret = 0;
if (len == 0)
return;
} else if (len == 0) {
/*
* Empty option, indicates a failure.
*/
return;
/*
* Length or contents are different
*/
} else {
return;
}
}
void
{
if (saveit) {
}
}
}
void
encrypt_auto(int on)
{
}
void
decrypt_auto(int on)
{
}
static void
encrypt_start_output(int type)
{
register uchar_t *p;
register int i;
if (encrypt_debug_mode) {
">>>%s: Can't encrypt with type %s (%d)\r\n"),
}
return;
}
if (encrypt_debug_mode) {
">>>%s: Encrypt start: %s (%d) %s\r\n"),
Name, (i < 0) ?
gettext("failed") :
gettext("initial negotiation in progress"),
i, ENCTYPE_NAME(type));
}
if (i)
return;
}
p = str_start + 3;
*p++ = ENCRYPT_START;
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
net_encrypt();
/*
* If we are already encrypting in some mode, then
* encrypt the ring (which includes our request) in
* the old mode, mark it all as "clear text" and then
* switch to the new mode.
*/
encrypt_mode = type;
if (encrypt_debug_mode)
">>>%s: Started to encrypt output with type %s\r\n"),
if (encrypt_verbose)
"[ Output is now encrypted with type %s ]\r\n"),
ENCTYPE_NAME(type));
}
static void
encrypt_send_end(void)
{
if (!encrypt_output)
return;
net_encrypt();
/*
* Encrypt the output buffer now because it will not be done by
* netflush...
*/
encrypt_output = 0;
if (encrypt_debug_mode)
">>>%s: Output is back to clear text\r\n"), Name);
if (encrypt_verbose)
}
static void
{
register uchar_t *p;
register int i;
p = &str_start[3];
*p++ = ENCRYPT_REQSTART;
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
if (encrypt_debug_mode)
">>>%s: Request input to be encrypted\r\n"), Name);
}
static void
encrypt_send_request_end(void)
{
if (encrypt_debug_mode)
">>>%s: Request input to be clear text\r\n"), Name);
}
encrypt_is_encrypting(void)
{
}
static void
{
return;
cnt -= 2;
data += 2;
buflen -= 2;
if (buflen <= 0)
return;
}
*buf = '\0';
}
void
{
;
else
}