gPass/firefox_addon/lib/main.js

397 lines
9.7 KiB
JavaScript
Raw Normal View History

2013-10-09 20:47:43 +02:00
/*
Copyright (C) 2013-2014 Grégory Soutadé
2013-10-09 20:47:43 +02:00
This file is part of gPass.
gPass is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gPass is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
var {Cc, Ci} = require("chrome");
var notifications = require("sdk/notifications");
var pkdbf2 = require("pkdbf2").pkdbf2;
2013-10-09 20:47:43 +02:00
var aes = require("jsaes").aes;
var parseURI = require("parseuri").parseURI;
var prefSet = require("sdk/simple-prefs");
var DEBUG = false;
var pkdbf2_level = getPref("pkdbf2_level");
var protocol_version = 3;
SERVER = {OK : 0, FAILED : 1, RESTART_REQUEST : 2};
2013-10-09 20:47:43 +02:00
// http://stackoverflow.com/questions/3745666/how-to-convert-from-hex-to-ascii-in-javascript
function hex2a(hex) {
var str = '';
for (var i = 0; i < hex.length; i += 2)
str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
return str;
}
function a2hex(str) {
var hex = '';
for (var i = 0; i < str.length; i++)
{
2015-01-21 18:56:50 +01:00
var c = str.charCodeAt(i).toString(16);
2013-10-09 20:47:43 +02:00
if (c.length == 1) c = "0" + c;
hex += c;
}
return hex;
}
function debug(s)
{
if (DEBUG)
console.log(s);
}
function notify(text, data)
{
notifications.notify({
title: "gPass",
text: "Error : It seems that it's not a gPass server",
data: this.responseText,
});
}
function getPref(key)
{
return prefSet.prefs[key];
}
function setPref(key, value)
{
prefSet.prefs[key] = value;
}
function generate_request(domain, login, mkey)
{
2015-01-21 18:56:50 +01:00
var v = "@@" + domain + ";" + login;
debug("will encrypt " + v);
debug("with " + a2hex(mkey));
2015-01-21 18:56:50 +01:00
var enc = aes.encryptLongString(v, aes.init(mkey));
aes.finish();
2015-01-21 18:56:50 +01:00
debug("res " + a2hex(enc));
return enc;
}
function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
{
2015-01-21 18:56:50 +01:00
var a, b;
mkey = pkdbf2.pkdbf2(mkey, salt, pkdbf2_level, 256/8);
keys = "";
for(a=0, b=logins.length; a<logins.length; a++)
{
enc = generate_request(domain, logins[a], mkey);
keys += (keys.length != 0) ? "&" : "";
keys += "k" + a + "=" + a2hex(enc);
if (wdomain != "")
{
enc = generate_request(wdomain, logins[a], mkey);
keys += (keys.length != 0) ? "&" : "";
keys += "k" + (b++) + "=" + a2hex(enc);
}
}
debug("Keys " + keys);
var gPassRequest = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].
createInstance(Ci.nsIXMLHttpRequest);
var ret = SERVER.OK;
// gPassRequest.addEventListener("progress", function(evt) { ; }, false);
gPassRequest.addEventListener("load", function(evt) {
2015-01-21 18:56:50 +01:00
var ciphered_password = "";
var server_pkdbf2_level = 0;
var server_version = 0;
2015-01-21 18:56:50 +01:00
var r = this.responseText.split("\n");
debug("resp " + r);
2015-01-21 18:56:50 +01:00
for(var a=0; a<r.length; a++)
{
debug("Analyse " + r[a]);
params = r[a].split("=");
if (params.length != 2 && params[0] != "<end>")
{
notify("Error : It seems that it's not a gPass server",
this.responseText);
ret = SERVER.FAILED;
break;
}
switch(params[0])
{
case "protocol":
debug("protocol : " + params[1]);
if (params[1].indexOf("gpass-") != 0)
{
notify("Error : It seems that it's not a gPass server",
this.responseText);
ret = SERVER.FAILED;
break;
}
server_protocol_version = params[1].match(/\d+/)[0];
if (server_protocol_version > protocol_version)
{
notify("Protocol version not supported, please upgrade your addon",
"Protocol version not supported, please upgrade your addon");
ret = SERVER.FAILED;
}
else
{
switch (server_protocol_version)
{
case 2:
server_pkdbf2_level = 1000;
break;
case 3:
// Version 3 : nothing special to do
break;
}
}
break;
case "pass":
ciphered_password = params[1];
break;
case "pkdbf2_level":
server_pkdbf2_level = parseInt(params[1].match(/\d+/)[0], 10);
if (server_pkdbf2_level != NaN &&
server_pkdbf2_level != pkdbf2_level &&
2014-01-22 17:42:30 +01:00
server_pkdbf2_level >= 1000) // Minimum level for PKDBF2 !
{
debug("New pkdbf2 level " + server_pkdbf2_level);
pkdbf2_level = server_pkdbf2_level;
setPref("pkdbf2_level", pkdbf2_level);
ret = SERVER.RESTART_REQUEST;
}
break;
case "<end>":
break;
default:
debug("Unknown command " + params[0]);
notify("Error : It seems that it's not a gPass server",
this.responseText);
ret = SERVER.FAILED;
break;
}
}
if (ret != SERVER.OK)
return;
if (ciphered_password != "")
{
debug("Ciphered password : " + ciphered_password);
clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
aes.finish();
// Remove trailing \0 and salt
clear_password = clear_password.replace(/\0*$/, "");
clear_password = clear_password.substr(0, clear_password.length-3);
debug("Clear password " + clear_password);
field.value = clear_password;
// Remove gPass event listener and submit again with clear password
if (submit)
{
form.removeEventListener("submit", on_sumbit, true);
form.submit();
}
else
{
notify("Password successfully replaced",
"Password successfully replaced");
}
}
else
{
debug("No password found");
ret = SERVER.FAILED;
notify("No password found in database",
"No password found in database");
}
}, false);
gPassRequest.addEventListener("error", function(evt) {
debug("error");
ret = false;
notify("Error",
"Error");
}, false);
debug("connect to " + getPref("account_url"));
gPassRequest.open("POST", getPref("account_url"), true);
gPassRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
gPassRequest.send(keys);
return ret;
}
function wildcard_domain(domain)
{
2015-01-21 18:56:50 +01:00
var parts = domain.split(".");
if (parts.length >= 3)
{
// Seems to be a two level root domain (ie zzz.xxx.co.uk ...)
if (parts[parts.length-2].lenght <= 3)
{
if (parts.length > 3)
return "*" + "." + parts[parts.length-3] + "." + parts[parts.length-2] + "." + parts[parts.length-1];
}
// Standard root domain (zzz.xxx.com)
else
return "*" + "." + parts[parts.length-2] + "." + parts[parts.length-1];
}
// Simple xxx.com
else if (parts.length == 2)
return "*" + "." + parts[0] + "." + parts[1];
return "";
}
function on_sumbit(e)
2013-10-09 20:47:43 +02:00
{
var form = this;
var fields = form.getElementsByTagName("input");
2015-01-21 18:56:50 +01:00
var domain = parseURI.parseUri(form.ownerDocument.baseURI);
domain = domain["host"];
2015-01-21 18:56:50 +01:00
var wdomain = wildcard_domain(domain);
2013-10-09 20:47:43 +02:00
var salt = parseURI.parseUri(getPref("account_url"));
2013-10-16 08:57:06 +02:00
salt = salt["host"] + salt["path"];
debug("salt " + salt);
2013-10-16 08:57:06 +02:00
2015-01-21 18:56:50 +01:00
var user = null;
var all_logins = new Array();
// Get all <input type="text"> && <input type="email">
2015-01-21 18:56:50 +01:00
for (var i=0; i<fields.length; i++)
2013-10-09 20:47:43 +02:00
{
var field = fields[i];
if (field.getAttribute("type") == "text" || field.getAttribute("type") == "email")
2013-10-09 20:47:43 +02:00
{
if (field.hasAttribute("name") && field.value != "")
{
name = field.getAttribute("name");
// Subset of common user field
if (name == "user") user = field.value;
else if (name == "usr") user = field.value;
else if (name == "username") user = field.value;
else if (name == "login") user = field.value;
all_logins.push(field.value);
}
2013-10-09 20:47:43 +02:00
}
}
if (user != null)
logins = new Array(user);
else
logins = all_logins;
2013-10-09 20:47:43 +02:00
// Look for <input type="password" value="@@...">
2015-01-21 18:56:50 +01:00
for (var i=0; i<fields.length; i++)
2013-10-09 20:47:43 +02:00
{
var field = fields[i];
if (field.getAttribute("type") == "password")
{
debug(field.value);
password = field.value;
if (password.indexOf("@@") != 0 && password.indexOf("@_") != 0)
2013-10-09 20:47:43 +02:00
continue;
mkey = password.substring(2);
e.preventDefault();
var ret = ask_server(form, field, logins, domain, wdomain, mkey, salt, (password.indexOf("@@") == 0));
2013-10-09 20:47:43 +02:00
switch(ret)
2013-10-09 20:47:43 +02:00
{
case SERVER.OK:
break;
case SERVER.FAILED:
if (logins !== all_logins)
2013-10-09 20:47:43 +02:00
{
ret = ask_server(form, field, all_logins, domain, wdomain, mkey, salt, (password.indexOf("@@") == 0));
if (ret == SERVER.OK)
break;
2013-10-09 20:47:43 +02:00
}
break;
case SERVER.RESTART_REQUEST:
i = -1; // Restart loop
break;
}
2013-10-09 20:47:43 +02:00
}
}
return false;
2013-10-09 20:47:43 +02:00
}
function document_loaded(event)
{
2015-01-21 18:56:50 +01:00
var doc = event.target;
2013-10-09 20:47:43 +02:00
// If there is a password in the form, add a "submit" listener
2015-01-21 18:56:50 +01:00
for(var i=0; i<doc.forms.length; i++)
2013-10-09 20:47:43 +02:00
{
var form = doc.forms[i];
2013-10-09 20:47:43 +02:00
var fields = form.getElementsByTagName("input");
for (a=0; a<fields.length; a++)
{
var field = fields[a];
if (field.getAttribute("type") == "password")
{
form.addEventListener("submit", on_sumbit);
break;
}
}
}
}
var httpRequestObserver =
{
observe: function(subject, topic, data)
{
if (topic == "content-document-global-created")
{
subject.addEventListener("DOMContentLoaded", document_loaded, false);
2013-10-09 20:47:43 +02:00
}
}
};
var observerService = Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService);
observerService.addObserver(httpRequestObserver, "content-document-global-created", false);
function self_test()
{
if((res = a2hex(pkdbf2.pkdbf2("password", "salt", 4096, 256/8))) !=
"c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a")
console.log("PKDBF2 failed " + res);
else
console.log("All is OK ! ");
}
// self_test();