From b330af258f77d31538bb95f9938516dad79bb609 Mon Sep 17 00:00:00 2001
From: Gregory Soutade <gregory@soutade.fr>
Date: Thu, 23 Apr 2015 21:36:50 +0200
Subject: [PATCH] Move code to encrypt into PasswordEntry function Add Update
 Masterkey feature

---
 server/index.php           | 14 ++++++
 server/resources/gpass.css |  8 +++
 server/resources/gpass.js  | 99 ++++++++++++++++++++++++++++++++------
 3 files changed, 106 insertions(+), 15 deletions(-)

diff --git a/server/index.php b/server/index.php
index 31155ca..b2f0902 100644
--- a/server/index.php
+++ b/server/index.php
@@ -157,6 +157,20 @@ if ($user != "")
 }
 ?>
 </div>
+<div id="update_masterkey">
+<?php
+    global $user;
+
+if ($user != "")
+{
+    echo "<b>Update Masterkey</b><br/>\n";
+
+    echo 'Old master key <input type="text" id="oldmkey"/>';
+    echo 'New master key <input type="text" id="newmkey" onkeyup="chkPass(this.value);"/>';
+    echo '<input type="button" value="Update masterkey" onClick="update_masterkey();"/>';
+}
+?>
+</div>
 </div>
 </body>
 </html>
diff --git a/server/resources/gpass.css b/server/resources/gpass.css
index a48dc6f..a9527e5 100755
--- a/server/resources/gpass.css
+++ b/server/resources/gpass.css
@@ -71,6 +71,14 @@ body {
     margin : 15px;
 }
 
+#update_masterkey {
+    border-style:solid;
+    border-width:5px;
+    border-color:yellow;
+    padding : 15px;
+    margin : 15px;
+}
+
 .error {
     text-align:center;
     color:red;
diff --git a/server/resources/gpass.js b/server/resources/gpass.js
index c585fb1..4721dd8 100755
--- a/server/resources/gpass.js
+++ b/server/resources/gpass.js
@@ -129,6 +129,32 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
     this.shadow_login = shadow_login;
     this.access_token = "";
 
+    this.encrypt = function(masterkey)
+    {
+	if (masterkey == this.masterkey)
+	    return true;
+
+	if (masterkey == "" || this.clear_url == "" || this.clear_login == "")
+	    return false;
+
+	ciphered_login = "@@" + this.clear_url + ";" + this.clear_login;
+
+	// Add salt
+	ciphered_password = this.clear_password + generate_random(3, false);
+
+	aes = new AES();
+	a_masterkey = aes.init(hex2a(masterkey));
+	this.ciphered_login = a2hex(aes.encryptLongString(ciphered_login, a_masterkey));
+	this.ciphered_password = a2hex(aes.encryptLongString(ciphered_password, a_masterkey));
+	aes.finish();
+
+	this.unciphered = true;
+	this.masterkey = masterkey;
+
+	if (use_shadow_logins)
+	    this.generate_access_token(masterkey);
+    }
+
     this.decrypt = function(masterkey)
     {
 	if (masterkey == this.masterkey && this.unciphered == true)
@@ -540,24 +566,11 @@ function construct_pentry(user, url, password, login, mkey, derive_masterkey)
 	}
     }
 
-    ciphered_login = "@@" + url + ";" + login;
-
-    // Add salt
-    ciphered_password = password + generate_random(3, false);
-
-    aes = new AES();
-    a_masterkey = aes.init(hex2a(mkey));
-    ciphered_login = a2hex(aes.encryptLongString(ciphered_login, a_masterkey));
-    ciphered_password = a2hex(aes.encryptLongString(ciphered_password, a_masterkey));
-
-    pentry = new PasswordEntry(ciphered_login, ciphered_password, "", "");
-    pentry.unciphered = true;
+    pentry = new PasswordEntry("", "", "", "");
     pentry.clear_url = url;
     pentry.clear_login = login;
     pentry.clear_password = password;
-    pentry.masterkey = mkey;
-    if (use_shadow_logins)
-	pentry.generate_access_token(mkey);
+    pentry.encrypt(mkey);
 
     return pentry;
 }
@@ -750,3 +763,59 @@ function update_entry(entry_number)
 
     alert("Entry updated");
 }
+
+function update_masterkey()
+{
+    var url = "";
+    var login = "";
+    var password = "";
+    var mkey = "";
+    var ciphered_login;
+
+    oldmkey = document.getElementById("oldmkey").value;
+    newmkey = document.getElementById("newmkey").value;
+
+    if (newmkey == "" || oldmkey == "")
+    {
+	alert("Cannot set an empty masterkey");
+	return;
+    }
+
+    if(!confirm("Are you sure want to update the masterkey ?"))
+	return;
+
+    oldmkey = derive_mkey(current_user, oldmkey);
+    current_mkey = derive_mkey(current_user, newmkey);
+
+    var found = 0;
+    for(i=0; i<passwords.length; i++)
+    {
+	if (passwords[i].decrypt(oldmkey))
+	{
+	    ok = remove_password_server(current_user, passwords[i].ciphered_login, passwords[i].access_token);
+	    if (!ok)
+	    {
+		alert("Error updating password");
+		break;
+	    }
+
+	    passwords[i].encrypt(current_mkey);
+	    ok = add_password_server(current_user, passwords[i]);
+
+	    if (!ok)
+	    {
+		alert("Error updating password");
+		break;
+	    }
+	    found++;
+	}
+    }
+
+    if (found == 0)
+	alert("No password found with this masterkey");
+    else
+    {
+	alert(found + " passwords updated");
+	change_master_key(false);
+    }
+}