From 65ca3a3d3d072280d32171d9997fc9eab416384e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Mon, 17 Apr 2017 20:39:53 +0200
Subject: [PATCH] Change protocol version (3 -> 4) : PKDBF2 is renamed in
 PBKDF2. This also avoid mismatch with new encryption system

---
 server/_user                              | 8 +++++---
 server/conf.php                           | 6 +++---
 server/functions.php                      | 2 +-
 server/index.php                          | 4 ++--
 server/resources/gpass.js                 | 4 ++--
 server/resources/{pkdbf2.js => pbkdf2.js} | 2 +-
 6 files changed, 14 insertions(+), 12 deletions(-)
 rename server/resources/{pkdbf2.js => pbkdf2.js} (96%)

diff --git a/server/_user b/server/_user
index 3a3e6a1..ac5d4c7 100644
--- a/server/_user
+++ b/server/_user
@@ -59,7 +59,7 @@ function load_database()
     return $db;
 }
 
-$PROTOCOL_VERSION = 3;
+$PROTOCOL_VERSION = 4;
 
 $db = load_database();
 
@@ -68,8 +68,10 @@ $res = "";
 $statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
 
 echo "protocol=gpass-$PROTOCOL_VERSION\n";
-if ($PKDBF2_LEVEL != 1000)
-    echo "pkdbf2_level=$PKDBF2_LEVEL\n";
+if ($PBKDF2_LEVEL != 1000)
+{
+    echo "pbkdf2_level=$PBKDF2_LEVEL\n";
+}
 
 for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
 {
diff --git a/server/conf.php b/server/conf.php
index 7810292..a19cf38 100644
--- a/server/conf.php
+++ b/server/conf.php
@@ -29,7 +29,7 @@ $VIEW_CIPHERED_PASSWORDS=true;
 $ADMIN_MODE=true;
 
 /*
-  Number of iterations for PKDBF2 algorithm.
+  Number of iterations for PBKDF2 algorithm.
   Minimum recommended level is 1000, but you can increase
   this value to have a better security (need more computation
   power).
@@ -37,7 +37,7 @@ $ADMIN_MODE=true;
   !! Warning !! This impact master keys. So if you change
   this value with existings masterkeys, they will unusable !
  */
-$PKDBF2_LEVEL=1000;
+$BKDF2_LEVEL=1000;
 
 /*
   This is a security feature : It protects from database dump
@@ -45,7 +45,7 @@ $PKDBF2_LEVEL=1000;
   When get all entries, instead of returning logins/passwords,
   it returns "shadow logins". These are random values.
   Shadow logins must be encrypted using masterkey and salt
-  (to generate a unique PKDBF2 derivation) that result in an access tokens.
+  (to generate a unique PBKDF2 derivation) that result in an access tokens.
   With this access token, user has the right to get
   encrypted login/password values and remove them.
   It's a kind of challenge.
diff --git a/server/functions.php b/server/functions.php
index 4202fa8..116ca66 100755
--- a/server/functions.php
+++ b/server/functions.php
@@ -24,7 +24,7 @@
   
   Password is salted (3 random characters) and encrypted
 
-  All is encrypted with AES256 and key : PKDBF2(hmac_sha256, master key, url, 1000)
+  All is encrypted with AES256 and key : PBKDF2(hmac_sha256, master key, url, 1000)
  */
 $MAX_ENTRY_LEN = 512;
 $USERS_PATH = "./users/";
diff --git a/server/index.php b/server/index.php
index fbd82e3..845b781 100644
--- a/server/index.php
+++ b/server/index.php
@@ -78,14 +78,14 @@ else
     <link rel="stylesheet" type="text/css"  href="resources/gpass.css" />
     <script language="javascript">
     <?php
-    echo "pkdbf2_level=$PKDBF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
+    echo "pbkdf2_level=$PBKDF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
     echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n";
     ?>
     </script>
     <script src="resources/jsaes.js"></script>
     <script src="resources/jssha256.js"></script>
     <script src="resources/hmac.js"></script>
-    <script src="resources/pkdbf2.js"></script>
+    <script src="resources/pbkdf2.js"></script>
     <script src="resources/gpass.js"></script>
     <script src="resources/pwdmeter.js"></script>
     <title>gPass : global Password</title>
diff --git a/server/resources/gpass.js b/server/resources/gpass.js
index 39e23ae..f8e3ed8 100755
--- a/server/resources/gpass.js
+++ b/server/resources/gpass.js
@@ -122,7 +122,7 @@ function a2hex(str) {
 function derive_mkey(user, mkey)
 {
     url = url_domain(document.URL) + "/" + user;
-    mkey = a2hex(pkdbf2(mkey, url, pkdbf2_level, 256/8));
+    mkey = a2hex(pbkdf2(mkey, url, pbkdf2_level, 256/8));
     return mkey;
 }
 
@@ -226,7 +226,7 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
     this.shadow_login_to_access_token = function(masterkey)
     {
 	var aes = new AES();
-	var key = pkdbf2(hex2a(masterkey), hex2a(this.salt), pkdbf2_level, 256/8);
+	var key = pbkdf2(hex2a(masterkey), hex2a(this.salt), pbkdf2_level, 256/8);
 	var a_key = aes.init(hex2a(key));
 	this.access_token = aes.encryptLongString(hex2a(this.shadow_login), a_key);
 	this.access_token = a2hex(this.access_token);
diff --git a/server/resources/pkdbf2.js b/server/resources/pbkdf2.js
similarity index 96%
rename from server/resources/pkdbf2.js
rename to server/resources/pbkdf2.js
index 278c4d2..cbfc596 100644
--- a/server/resources/pkdbf2.js
+++ b/server/resources/pbkdf2.js
@@ -17,7 +17,7 @@
   along with gPass.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-function pkdbf2 (password, salt, iterations, outlen) {
+function pbkdf2 (password, salt, iterations, outlen) {
     var result = "";
     var temp = "";
     var temp2 = "";