From 453403b25bd5fb41b8fb1c3ae0db1d7ab1fa2a59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Tue, 15 Oct 2013 19:29:34 +0200
Subject: [PATCH] Use pkdbf2(hmac-256, 1000) for mkey derivation instead of
 simple sha256

---
 firefox_addon/lib/hmac.js   | 42 +++++++++++++++++++++++++
 firefox_addon/lib/main.js   | 11 +++----
 firefox_addon/lib/pkdbf2.js | 63 +++++++++++++++++++++++++++++++++++++
 3 files changed, 110 insertions(+), 6 deletions(-)
 create mode 100644 firefox_addon/lib/hmac.js
 create mode 100644 firefox_addon/lib/pkdbf2.js

diff --git a/firefox_addon/lib/hmac.js b/firefox_addon/lib/hmac.js
new file mode 100644
index 0000000..ac467ee
--- /dev/null
+++ b/firefox_addon/lib/hmac.js
@@ -0,0 +1,42 @@
+/*
+  Copyright (C) 2013 Grégory Soutadé
+  
+  This file is part of gPass.
+  
+  gPass is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  gPass is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+var sha256 = require("jssha256").sha256;
+
+exports.hmac = {
+    hmac : function(key, message) {
+	var ipad = "";
+	var opad = "";
+
+	for(i=0; i<key.length; i++)
+	{
+	    ipad += String.fromCharCode(key.charCodeAt(i) ^ 0x36);
+	    opad += String.fromCharCode(key.charCodeAt(i) ^ 0x5c);
+	}
+	while (ipad.length < 512/8)
+	{
+	    ipad += String.fromCharCode(0x36);
+	    opad += String.fromCharCode(0x5c);
+	}
+
+	result = sha256.digest(opad + sha256.digest(ipad + message));
+
+	return result;
+    }
+};
\ No newline at end of file
diff --git a/firefox_addon/lib/main.js b/firefox_addon/lib/main.js
index 2f9b8fd..ed90e0e 100644
--- a/firefox_addon/lib/main.js
+++ b/firefox_addon/lib/main.js
@@ -22,8 +22,7 @@ var notifications = require("sdk/notifications");
 
 // http://www.timdown.co.uk/jshashtable/
 var Hashtable = require("jshashtable-3.0").Hashtable;
-// http://code.google.com/p/crypto-js/
-var sha256 = require("jssha256").sha256;
+var pkdbf2 = require("pkdbf2").pkdbf2;
 var aes = require("jsaes").aes;
 var parseURI = require("parseuri").parseURI;
 var prefSet = require("simple-prefs");
@@ -90,7 +89,7 @@ function on_sumbit()
 		continue;
 
 	    mkey = password.substring(2);
-	    mkey = sha256.digest(mkey);
+	    mkey = pkdbf2.pkdbf2(mkey, prefSet.prefs["account_url"], 1000, 256/8);
 
 	    user = null;
 	    // Subset of common user field
@@ -107,8 +106,8 @@ function on_sumbit()
 	    {
 		v = "@@" + domain + ";" + logins[a];
 		debug("will encrypt " + v);
-		debug("with " + mkey);
-		enc = aes.encryptLongString(v, aes.init(hex2a(mkey)));
+		debug("with " + a2hex(mkey));
+		enc = aes.encryptLongString(v, aes.init(mkey));
 		aes.finish();
 		debug("res " + enc);
 
@@ -132,7 +131,7 @@ function on_sumbit()
 		    ciphered_password = r[0].split("=");
 		    ciphered_password = ciphered_password[1];
 		    debug("Ciphered password : " + ciphered_password);
-		    clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(hex2a(mkey)));
+		    clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
 		    aes.finish();
 		    // Remove salt
 		    clear_password = clear_password.replace(/\0*$/, "");
diff --git a/firefox_addon/lib/pkdbf2.js b/firefox_addon/lib/pkdbf2.js
new file mode 100644
index 0000000..af34fef
--- /dev/null
+++ b/firefox_addon/lib/pkdbf2.js
@@ -0,0 +1,63 @@
+/*
+  Copyright (C) 2013 Grégory Soutadé
+  
+  This file is part of gPass.
+  
+  gPass is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  gPass is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+var hmac256 = require("hmac").hmac;
+
+// http://stackoverflow.com/questions/3745666/how-to-convert-from-hex-to-ascii-in-javascript
+function hex2a(hex) {
+    var str = '';
+    for (var i = 0; i < hex.length; i += 2)
+        str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
+    return str;
+}
+
+exports.pkdbf2 = {
+    pkdbf2 : function(password, salt, iterations, outlen) {
+	var result = "";
+	var temp = "";
+	var temp2 = "";
+	var temp_res = "";
+	var temp_res2 = "";
+
+	for (i=1; result.length < outlen; i++)
+	{
+	    temp = hex2a(hmac256.hmac(salt + 
+				String.fromCharCode((i & 0xff000000) >> 24) +
+				String.fromCharCode((i & 0x00ff0000) >> 16) +
+				String.fromCharCode((i & 0x0000ff00) >>  8) +
+				String.fromCharCode((i & 0x000000ff) >>  0),
+				      password));
+	    temp_res = temp;
+
+	    for(a=1; a<iterations; a++)
+	    {
+		temp2 = hex2a(hmac256.hmac(temp, password));
+		temp_res2 = "";
+		for(b = 0; b<temp_res.length; b++)
+		    temp_res2 += String.fromCharCode(temp_res.charCodeAt(b) ^ temp2.charCodeAt(b));
+		temp_res = temp_res2;
+		temp = temp2;
+	    }
+
+	    result += temp_res;
+	}
+
+	return result.substr(0, outlen);
+    }
+};
\ No newline at end of file