Add SRA authentication to src/crypto/telnet.

SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.

SRA was originally developed at Texas A&M University.

This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).

SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.

1 files changed, 2 insertions, 0 deletions

diff --git a/crypto/telnet/libtelnet/enc-proto.h b/crypto/telnet/libtelnet/enc-proto.h
index 8e15ffd..8cec406 100644
--- a/crypto/telnet/libtelnet/enc-proto.h
+++ b/crypto/telnet/libtelnet/enc-proto.h
@@ -94,6 +94,7 @@ int encrypt_cmd P((int, char **));
 void encrypt_display P((void));
 #endif
 
+#ifdef DES_ENCRYPTION
 void krbdes_encrypt P((unsigned char *, int));
 int krbdes_decrypt P((int));
 int krbdes_is P((unsigned char *, int));
@@ -122,5 +123,6 @@ int ofb64_reply P((unsigned char *, int));
 void ofb64_session P((Session_Key *, int));
 int ofb64_keyid P((int, unsigned char *, int *));
 void ofb64_printsub P((unsigned char *, int, unsigned char *, int));
+#endif /* DES_ENCRYPTION */
 
 #endif	/* ENCRYPTION */