diff --git a/exec/binkit.js b/exec/binkit.js
index 73237cbe146cbf62608c5c19899d1dbbbaefc3fc..8a7b8cf71685d4cf8218730fefd540f4c6c950b2 100644
--- a/exec/binkit.js
+++ b/exec/binkit.js
@@ -653,6 +653,7 @@ function inbound_auth_cb(pwd, bp)
* the same password that we can send mail for.
*/
var addrs = [];
+ var ret = '-';
bp.remote_addrs.forEach(function(addr) {
var cpw;
@@ -661,13 +662,17 @@ function inbound_auth_cb(pwd, bp)
if (cpw === undefined)
cpw = '-';
if (pwd[0].substr(0, 9) === 'CRAM-MD5-') {
- if (bp.getCRAM('MD5', cpw) === pwd[0])
+ if (bp.getCRAM('MD5', cpw) === pwd[0]) {
addrs.push(addr);
+ ret = cpw;
+ }
}
else {
// TODO: Deal with arrays of passwords?
- if (bp.cb_data.binkitcfg.node[addr].nomd5 === false && bp.cb_data.binkitcfg.node[addr].pass === pwd[0])
+ if (bp.cb_data.binkitcfg.node[addr].nomd5 === false && bp.cb_data.binkitcfg.node[addr].pass === pwd[0]) {
addrs.push(addr);
+ ret = cpw;
+ }
}
}
else
@@ -676,7 +681,7 @@ function inbound_auth_cb(pwd, bp)
bp.remote_addrs = addrs;
add_outbound_files(addrs, bp);
- return addrs.length > 0;
+ return ret;
}
function run_inbound(sock)
diff --git a/exec/load/binkp.js b/exec/load/binkp.js
index 9dc5464a6fc7a2b9d2a22156d1032831961e1640..ffb9a5d6ec146ccde9e631941abff89b5452377e 100644
--- a/exec/load/binkp.js
+++ b/exec/load/binkp.js
@@ -2,6 +2,8 @@ load("sockdefs.js");
load("fido.js");
/*
+ * TODO: Add a configuation to force encryption.
+ *
* A binkp implementation...
*
* Create a new instance with New passing a path to place received files
@@ -78,6 +80,9 @@ function BinkP(name_ver, inbound, rx_callback, tx_callback)
this.system_location = system.location;
system.fido_addr_list.forEach(function(faddr){this.addr_list.push(FIDO.parse_addr(faddr, this.default_zone));}, this);
this.want_callback = this.default_want;
+ this.will_crypt = false;
+ this.in_keys = undefined;
+ this.out_keys = undefined;
this.sent_files = [];
this.failed_sent_files = [];
@@ -85,6 +90,142 @@ function BinkP(name_ver, inbound, rx_callback, tx_callback)
this.received_files = [];
this.failed_received_files = [];
}
+BinkP.prototype.crypt = {
+ crc32tab:[ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
+ 0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
+ 0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
+ 0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+ 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
+ 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+ 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
+ 0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+ 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
+ 0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
+ 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
+ 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
+ 0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
+ 0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
+ 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+ 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
+ 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+ 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
+ 0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+ 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
+ 0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
+ 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
+ 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
+ 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
+ 0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
+ 0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+ 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
+ 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+ 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
+ 0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+ 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
+ 0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
+ 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
+ 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+ 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+ 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
+ 0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
+ 0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+ 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
+ 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+ 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
+ 0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+ 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
+ 0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
+ 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
+ 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
+ 0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
+ 0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
+ 0x2d02ef8d
+ ],
+ uint:function(val) {
+ val &= 0xffffffff;
+ if (val < 0)
+ return (val + 0x100000000);
+ return val;
+ },
+ crc32:function(c, b) {
+ var idx = (c & 0xff) ^ (b & 0xff);
+ var sft = (c >> 8) & 0xffffff;
+ var ret = this.uint(this.crc32tab[idx] ^ sft);
+ return ret;
+ },
+ mult32:function(x, y) {
+ var total;
+
+ total = (x * (y & 0xff)) & 0xffffffff;
+ total += (((x * ((y >> 8) & 0xff)) & 0xffffff) << 8);
+ total += (((x * ((y >> 16) & 0xff)) & 0xffff) << 16);
+ total += (((x * ((y >> 24) & 0xff)) & 0xff) << 24);
+
+ return (this.uint(total));
+ },
+ update_keys:function(keys, c) {
+ var keyshift;
+
+ keys[0] = this.crc32(keys[0], ascii(c));
+ keys[1] += (keys[0] & 0xff);
+ keys[1] = this.mult32(keys[1], 134775813) + 1;
+ keyshift = this.uint(keys[1] >> 24);
+ keys[2] = this.crc32(keys[2], keyshift);
+ return ascii(c);
+ },
+ init_keys:function(keys, passwd) {
+ var i;
+
+ keys[0] = 305419896;
+ keys[1] = 591751049;
+ keys[2] = 878082192;
+ for (i=0; i<passwd.length; i++)
+ this.update_keys(keys, passwd[i]);
+ },
+ decrypt_byte:function(keys) {
+ var temp;
+
+ temp = (keys[2] & 0xffff) | 2;
+ return ((temp * (temp ^ 1)) >> 8) & 0xff;
+ },
+ decrypt_buf:function(buf, keys) {
+ var i;
+ var ret = '';
+ var ch;
+
+ for (i=0; i<buf.length; i++) {
+ ch = ascii(ascii(buf[i]) ^ this.decrypt_byte(keys));
+ ret += ch;
+ this.update_keys(keys, ch);
+ }
+ return ret;
+ },
+ encrypt_buf:function(buf, keys) {
+ var t;
+ var i;
+ var ret = '';
+
+ for (i=0; i<buf.length; i++) {
+ t = this.decrypt_byte(keys);
+ this.update_keys(keys, buf[i]);
+ ret += ascii(ascii(buf[i]) ^ t);
+ }
+ return ret;
+ },
+};
+BinkP.prototype.send_buf = function(str) {
+ if (this.out_keys === undefined)
+ return str;
+ return this.crypt.encrypt_buf(str, this.out_keys);
+};
+BinkP.prototype.recv_buf = function(str) {
+ if (this.in_keys === undefined)
+ return str;
+ return this.crypt.decrypt_buf(str, this.in_keys);
+};
BinkP.prototype.Frame = function() {};
BinkP.prototype.default_want = function(fobj, fsize, fdate, offset)
{
@@ -223,7 +364,12 @@ BinkP.prototype.parseArgs = function(data)
BinkP.prototype.connect = function(addr, password, auth_cb, port)
{
var pkt;
+ var i;
+ this.outgoing = true;
+ this.will_crypt = false;
+ this.in_keys = undefined;
+ this.out_keys = undefined;
if (addr === undefined)
throw("No address specified!");
addr = FIDO.parse_addr(addr, this.default_zone, this.default_domain);
@@ -243,6 +389,7 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port)
}
this.authenticated = undefined;
+ this.sendCmd(this.command.M_NUL, "OPT CRYPT");
this.sendCmd(this.command.M_NUL, "SYS "+this.system_name);
this.sendCmd(this.command.M_NUL, "ZYZ "+this.system_operator);
this.sendCmd(this.command.M_NUL, "LOC "+this.system_location);
@@ -278,6 +425,16 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port)
if (auth_cb !== undefined)
auth_cb(this.authenticated, this);
+ if (this.will_crypt) {
+ log(LOG_INFO, "Initializing crypt keys.");
+ this.out_keys = [0, 0, 0];
+ this.in_keys = [0, 0, 0];
+ this.crypt.init_keys(this.out_keys, password);
+ this.crypt.init_keys(this.in_keys, "-");
+ for (i=0; i<password.length; i++)
+ this.crypt.update_keys(this.in_keys, password[i]);
+ }
+
if (js.terminated) {
this.close();
return false;
@@ -288,7 +445,7 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port)
* sock can be either a lisening socket or a connected socket.
*
* auth_cb(passwds, this) is called to accept and add
- * files if it returns true, the session is considered secure. auth_cb()
+ * files if it returns a password, the session is considered secure. auth_cb()
* is explicitly allowed to change the inbound property and call
* this.sendCmd(this.command.M_ERR, "Error String");
*
@@ -299,7 +456,12 @@ BinkP.prototype.accept = function(sock, auth_cb)
var challenge='';
var i;
var pkt;
+ var pwd;
+ this.outgoing = false;
+ this.will_crypt = false;
+ this.in_keys = undefined;
+ this.out_keys = undefined;
if (sock === undefined || auth_cb === undefined)
return false;
@@ -325,7 +487,7 @@ BinkP.prototype.accept = function(sock, auth_cb)
this.cram = {algo:'MD5', challenge:challenge.replace(/[0-9a-fA-F]{2}/g, hex2ascii)};
this.authenticated = undefined;
- this.sendCmd(this.command.M_NUL, "OPT CRAM-MD5-"+challenge);
+ this.sendCmd(this.command.M_NUL, "OPT CRAM-MD5-"+challenge+" CRYPT");
this.sendCmd(this.command.M_NUL, "SYS "+this.system_name);
this.sendCmd(this.command.M_NUL, "ZYZ "+this.system_operator);
this.sendCmd(this.command.M_NUL, "LOC "+this.system_location);
@@ -341,10 +503,13 @@ BinkP.prototype.accept = function(sock, auth_cb)
if (pkt !== null && pkt !== this.partialFrame) {
if (pkt.is_cmd) {
if (pkt.command === this.command.M_PWD) {
- if (auth_cb(this.parseArgs(pkt.data), this))
- this.authenticated = 'secure';
- else
+ pwd = auth_cb(this.parseArgs(pkt.data), this);
+ if (pwd === undefined)
+ pwd = '-';
+ if (pwd === '-')
this.authenticated = 'non-secure';
+ else
+ this.authenticated = 'secure';
this.sendCmd(this.command.M_OK, this.authenticated);
break;
}
@@ -352,6 +517,16 @@ BinkP.prototype.accept = function(sock, auth_cb)
}
}
+ if (this.will_crypt) {
+ log(LOG_INFO, "Initializing crypt keys.");
+ this.out_keys = [0, 0, 0];
+ this.in_keys = [0, 0, 0];
+ this.crypt.init_keys(this.in_keys, password);
+ this.crypt.init_keys(this.out_keys, "-");
+ for (i=0; i<password.length; i++)
+ this.crypt.update_keys(this.out_keys, password[i]);
+ }
+
if (js.terminated) {
this.close();
return false;
@@ -600,7 +775,7 @@ BinkP.prototype.sendCmd = function(cmd, data)
var len = data.length+1;
len |= 0x8000;
// We'll send it all in one go to avoid sending small packets...
- if (!this.sock.send(ascii((len & 0xff00)>>8) + ascii(len & 0xff) + ascii(cmd) + data))
+ if (!this.sock.send(this.send_buf(ascii((len & 0xff00)>>8) + ascii(len & 0xff) + ascii(cmd) + data)))
return false;
switch(cmd) {
case this.command.M_EOB:
@@ -630,7 +805,7 @@ BinkP.prototype.sendData = function(data)
if (this.debug)
log(LOG_DEBUG, "Sending "+data.length+" bytes of data");
// We'll send it all in one go to avoid sending small packets...
- if (!this.sock.send(ascii((len & 0xff00)>>8) + ascii(len & 0xff) + data))
+ if (!this.sock.send(this.send_buf(ascii((len & 0xff00)>>8) + ascii(len & 0xff) + data)))
return false;
return true;
};
@@ -645,6 +820,7 @@ BinkP.prototype.recvFrame = function(timeout)
var ver;
var avail;
var nullpos;
+ var buf;
// Avoid warning from syncjslint by putting this in a closure.
function hex2ascii(hex)
@@ -679,7 +855,33 @@ BinkP.prototype.recvFrame = function(timeout)
case 1:
break;
}
- ret.length = this.sock.recvBin(2);
+ buf = this.sock.recv(1);
+ switch(this.sock.poll(timeout)) {
+ case 0: // Timeout
+ if (timeout) {
+ log(LOG_ERROR, "Timed out receiving second byte of packet header!");
+ this.sock.close();
+ this.sock = undefined;
+ return undefined;
+ }
+ return null;
+ default:
+ log(LOG_ERROR, "Error select()ing socket.");
+ this.sock.close();
+ this.sock = undefined;
+ return undefined;
+ case 1:
+ break;
+ }
+ buf += this.sock.recv(1);
+ buf = this.recv_buf(buf);
+ if (buf.length !== 2) {
+ log(LOG_ERROR, "Timed out receiving second byte of packet header!");
+ this.sock.close();
+ this.sock = undefined;
+ return undefined;
+ }
+ ret.length = (ascii(buf[0]) << 8) | ascii(buf[1]);
ret.is_cmd = (ret.length & 0x8000) ? true : false;
ret.length &= 0x7fff;
ret.data = '';
@@ -699,7 +901,7 @@ BinkP.prototype.recvFrame = function(timeout)
}
if (avail > (ret.length - ret.data.length))
avail = ret.length - ret.data.length;
- ret.data += this.sock.recv(avail);
+ ret.data += this.recv_buf(this.sock.recv(avail));
break;
case 0:
if (timeout) {
@@ -786,11 +988,16 @@ BinkP.prototype.recvFrame = function(timeout)
this.cram = {algo:'MD5', challenge:args[i].substr(9).replace(/[0-9a-fA-F]{2}/g, hex2ascii)};
}
else {
- if (args[i] === 'NR') {
- if (!this.sent_nr)
- this.sendCmd(this.command.M_NUL, "NR");
- this.non_reliable = true;
- break;
+ switch(args[i]) {
+ case 'NR':
+ if (!this.sent_nr)
+ this.sendCmd(this.command.M_NUL, "NR");
+ this.non_reliable = true;
+ break;
+ case 'CRYPT':
+ this.will_crypt = true;
+ log(LOG_INFO, "Will encrypt session.");
+ break;
}
}
}