From 736d7176768717c0ce215d3892aa8282574e59a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Fri, 5 Mar 2021 10:25:41 +0100
Subject: [PATCH] Server: Remove old v1 crypto functions & compatibility

---
 server/conf.php           |  6 ------
 server/index.php          |  1 -
 server/resources/gpass.js | 31 ++++---------------------------
 3 files changed, 4 insertions(+), 34 deletions(-)

diff --git a/server/conf.php b/server/conf.php
index 527b07b..db37164 100644
--- a/server/conf.php
+++ b/server/conf.php
@@ -79,10 +79,4 @@ $REQUESTS_MIN_DELAY=1000;
  */
 $CLEAR_TIME=15*60*1000;
 
-/*
-  The first crypto schema use an AES-ECB process to encrypt logins.
-  It's used until version 0.7.
-  Since version 0.8, we use AES-CBC + SHA256.
- */
-$CRYPTO_V1_COMPATIBLE=1;
 ?>
\ No newline at end of file
diff --git a/server/index.php b/server/index.php
index 2cd359f..56cb48e 100644
--- a/server/index.php
+++ b/server/index.php
@@ -79,7 +79,6 @@ else
     <?php
     echo "pbkdf2_level=$PBKDF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
     echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n";
-    echo "CRYPTO_V1_COMPATIBLE=$CRYPTO_V1_COMPATIBLE;\n";
     ?>
     document.addEventListener('DOMContentLoaded', function() {
     window.onscroll = function(ev) {
diff --git a/server/resources/gpass.js b/server/resources/gpass.js
index e7dd439..0bcfaa3 100755
--- a/server/resources/gpass.js
+++ b/server/resources/gpass.js
@@ -226,7 +226,6 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
 	if (masterkey == this.masterkey)
 	    return (this.unciphered == true);
 
-	var old = false;
 	var iv = await global_iv;
 	iv = iv.slice(0, 16);
 	var login = await decrypt_cbc(masterkey, iv, hex2a(this.ciphered_login));
@@ -238,38 +237,16 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
 	{
 	    login = login.slice(0, login.length-16).replace(/\0*$/, "");
 	}
-	else if (CRYPTO_V1_COMPATIBLE)
-	{
-	    login = await decrypt_ecb(masterkey, hex2a(this.ciphered_login));
-	    if (login.indexOf("@@") != 0)
-	    {
-		return false;
-	    }
-	    login = login.replace(/\0*$/, "");
-	    // Remove @@
-	    login = login.substring(2);
-	    old = true;
-	}
 	else
 	    return false;
 
 	infos = login.split(";");
 	this.clear_url = infos[0];
 	this.clear_login = infos[1];
-	if (old)
-	{
-	    this.clear_password = await decrypt_ecb(masterkey, hex2a(this.ciphered_password));
-	    // Remove salt
-	    this.clear_password = this.clear_password.replace(/\0*$/, "");
-	    this.clear_password = this.clear_password.substr(0, this.clear_password.length-3);
-	}
-	else
-	{
-	    this.clear_password = await decrypt_cbc(masterkey, iv, hex2a(this.ciphered_password));
-	    // Remove salt
-	    this.clear_password = this.clear_password.replace(/\0*$/, "");
-	    this.clear_password = this.clear_password.substr(3, this.clear_password.length);
-	}
+	this.clear_password = await decrypt_cbc(masterkey, iv, hex2a(this.ciphered_password));
+	// Remove salt
+	this.clear_password = this.clear_password.replace(/\0*$/, "");
+	this.clear_password = this.clear_password.substr(3, this.clear_password.length);
 	this.unciphered = true;
 	this.masterkey = masterkey;