soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Index for new crypto scheme was badly computed in webextension

Browse Source
This commit is contained in:
Grégory Soutadé 2017-07-08 08:39:22 +02:00
parent 0caa8a66e1
commit 65821a4e47
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
chrome_addon/lib/main.js
View File

@ -1,5 +1,5 @@
/* /*
Copyright (C) 2013-2016 Grégory Soutadé Copyright (C) 2013-2017 Grégory Soutadé
This file is part of gPass. This file is part of gPass.
@ -19,6 +19,8 @@
var DEBUG = true; var DEBUG = true;
var protocol_version = 4; var protocol_version = 4;
var account_url = null;
var crypto_v2_logins_size=0;
SERVER = {OK : 0, FAILED : 1, RESTART_REQUEST : 2}; SERVER = {OK : 0, FAILED : 1, RESTART_REQUEST : 2};
@ -71,6 +73,7 @@ async function generate_request(domain, login, mkey, iv, old)
async function ask_server(form, field, logins, domain, wdomain, mkey, submit) async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
{ {
account_url = await getPref("account_url"); account_url = await getPref("account_url");
var salt = parseURI.parseUri(account_url); var salt = parseURI.parseUri(account_url);
salt = salt["host"] + salt["path"]; salt = salt["host"] + salt["path"];
@ -101,6 +104,7 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
if (await getPref("crypto_v1_compatible")) if (await getPref("crypto_v1_compatible"))
{ {
crypto_v2_logins_size = key_index;
for(a=0; a<logins.length; a++, key_index++) for(a=0; a<logins.length; a++, key_index++)
{ {
enc = await generate_request(domain, logins[a], mkey, global_iv, 1); enc = await generate_request(domain, logins[a], mkey, global_iv, 1);
@ -211,12 +215,14 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
} }
if (ret != SERVER.OK) if (ret != SERVER.OK)
{
return; return;
}
if (ciphered_password != "") if (ciphered_password != "")
{ {
debug("Ciphered password : " + ciphered_password); debug("Ciphered password : " + ciphered_password);
if (matched_key >= logins.logins || server_protocol_version < 4) if (matched_key >= crypto_v2_logins_size || server_protocol_version < 4)
// Crypto v1 // Crypto v1
{ {
clear_password = await decrypt_ecb(mkey, hex2a(ciphered_password)); clear_password = await decrypt_ecb(mkey, hex2a(ciphered_password));
@ -260,8 +266,8 @@ async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
notify("Error", notify("Error",
"Error"); "Error");
}, false); }, false);
debug("connect to " + await getPref("account_url")); debug("connect to " + account_url);
gPassRequest.open("POST", await getPref("account_url"), true); gPassRequest.open("POST", account_url, true);
gPassRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8'); gPassRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
gPassRequest.send(keys); gPassRequest.send(keys);
@ -434,4 +440,4 @@ async function self_test()
console.log("Self test OK !"); console.log("Self test OK !");
} }
self_test(); //self_test();