soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Server: Remove old v1 crypto functions & compatibility

Browse Source
This commit is contained in:
Grégory Soutadé 2021-03-05 10:25:41 +01:00
parent 7f95b19264
commit 736d717676
3 changed files with 4 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/conf.php
View File

@ -79,10 +79,4 @@ $REQUESTS_MIN_DELAY=1000;
*/
$CLEAR_TIME=15*60*1000;
/*
The first crypto schema use an AES-ECB process to encrypt logins.
It's used until version 0.7.
Since version 0.8, we use AES-CBC + SHA256.
*/
$CRYPTO_V1_COMPATIBLE=1;
?>

1
server/index.php
View File

@ -79,7 +79,6 @@ else
<?php
echo "pbkdf2_level=$PBKDF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n";
echo "CRYPTO_V1_COMPATIBLE=$CRYPTO_V1_COMPATIBLE;\n";
?>
document.addEventListener('DOMContentLoaded', function() {
window.onscroll = function(ev) {

31
server/resources/gpass.js
View File

@ -226,7 +226,6 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
if (masterkey == this.masterkey)
return (this.unciphered == true);
var old = false;
var iv = await global_iv;
iv = iv.slice(0, 16);
var login = await decrypt_cbc(masterkey, iv, hex2a(this.ciphered_login));
@ -238,38 +237,16 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
{
login = login.slice(0, login.length-16).replace(/\0*$/, "");
}
else if (CRYPTO_V1_COMPATIBLE)
{
login = await decrypt_ecb(masterkey, hex2a(this.ciphered_login));
if (login.indexOf("@@") != 0)
{
return false;
}
login = login.replace(/\0*$/, "");
// Remove @@
login = login.substring(2);
old = true;
}
else
return false;
infos = login.split(";");
this.clear_url = infos[0];
this.clear_login = infos[1];
if (old)
{
this.clear_password = await decrypt_ecb(masterkey, hex2a(this.ciphered_password));
// Remove salt
this.clear_password = this.clear_password.replace(/\0*$/, "");
this.clear_password = this.clear_password.substr(0, this.clear_password.length-3);
}
else
{
this.clear_password = await decrypt_cbc(masterkey, iv, hex2a(this.ciphered_password));
// Remove salt
this.clear_password = this.clear_password.replace(/\0*$/, "");
this.clear_password = this.clear_password.substr(3, this.clear_password.length);
}
this.clear_password = await decrypt_cbc(masterkey, iv, hex2a(this.ciphered_password));
// Remove salt
this.clear_password = this.clear_password.replace(/\0*$/, "");
this.clear_password = this.clear_password.substr(3, this.clear_password.length);
this.unciphered = true;
this.masterkey = masterkey;