soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

First merge with Chrome et Firefox web extension (not tested in chrome)

Browse Source
This commit is contained in:
Grégory Soutadé
2017-04-17 20:39:53 +02:00
parent 1d71ca6861
commit e759c13d64
4 changed files with 62 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
chrome_addon/lib/main.js
View File

@@ -1,5 +1,5 @@
/*
Copyright (C) 2013-2014 Grégory Soutadé
Copyright (C) 2013-2016 Grégory Soutadé
This file is part of gPass.
@@ -17,12 +17,8 @@
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
var DEBUG = false;
var default_preferences = {"pkdbf2_level": 1000,
"account_url": "https://gpass-demo.soutade.fr/demo"};
var preferences = {};
var DEBUG = true;
var protocol_version = 3;
var pkdbf2_level;
SERVER = {OK : 0, FAILED : 1, RESTART_REQUEST : 2};
@@ -34,11 +30,11 @@ function hex2a(hex) {
return str;
}
function a2hex(str) {
function a2hex(_str_) {
var hex = '';
for (var i = 0; i < str.length; i++)
for (var i = 0; i < _str_.length; i++)
{
var c = str.charCodeAt(i).toString(16);
var c = _str_.charCodeAt(i).toString(16);
if (c.length == 1) c = "0" + c;
hex += c;
}
@@ -51,56 +47,41 @@ function debug(s)
console.log(s);
}
function notify(text, data)
{
chrome.extension.sendMessage({type: "notification", options:{"message":text}}, function(response){alert(response);});
}
function getPref(key)
{
if (key in preferences)
return preferences[key];
else
return default_preferences[key];
}
function setPref(key, value)
{
chrome.storage.local.set({key:value}, null);
}
function generate_request(domain, login, mkey)
{
var v = "@@" + domain + ";" + login;
debug("will encrypt " + v);
debug("with " + a2hex(mkey));
var enc = aes.encryptLongString(v, aes.init(mkey));
aes.finish();
debug("res " + a2hex(enc));
//debug("with " + a2hex(mkey));
enc = encrypt(mkey, v);
//debug("res " + a2hex(enc));
return enc;
}
function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
{
var a, b;
account_url = await getPref("account_url");
var salt = parseURI.parseUri(account_url);
salt = salt["host"] + salt["path"];
mkey = pkdbf2(mkey, salt, pkdbf2_level, 256/8);
debug("salt " + salt);
pbkdf2_level = await getPref("pbkdf2_level");
mkey = pbkdf2(mkey, salt, pbkdf2_level);
keys = "";
for(a=0, b=logins.length; a<logins.length; a++)
{
enc = generate_request(domain, logins[a], mkey);
enc = await generate_request(domain, logins[a], mkey);
keys += (keys.length != 0) ? "&" : "";
keys += "k" + a + "=" + a2hex(enc);
if (wdomain != "")
{
enc = generate_request(wdomain, logins[a], mkey);
enc = await generate_request(wdomain, logins[a], mkey);
keys += (keys.length != 0) ? "&" : "";
keys += "k" + (b++) + "=" + a2hex(enc);
keys += "k" + (b++) + "=" + a2hex(enc);
}
}
@@ -111,9 +92,9 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
var ret = SERVER.OK;
// gPassRequest.addEventListener("progress", function(evt) { ; }, false);
gPassRequest.addEventListener("load", function(evt) {
gPassRequest.addEventListener("load", async function(evt) {
var ciphered_password = "";
var server_pkdbf2_level = 0;
var server_pbkdf2_level = 0;
var server_version = 0;
var r = this.responseText.split("\n");
@@ -158,7 +139,7 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
switch (server_protocol_version)
{
case 2:
server_pkdbf2_level = 1000;
server_pbkdf2_level = 1000;
break;
case 3:
// Version 3 : nothing special to do
@@ -169,15 +150,15 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
case "pass":
ciphered_password = params[1];
break;
case "pkdbf2_level":
server_pkdbf2_level = parseInt(params[1].match(/\d+/)[0], 10);
if (server_pkdbf2_level != NaN &&
server_pkdbf2_level != pkdbf2_level &&
server_pkdbf2_level >= 1000) // Minimum level for PKDBF2 !
case "pbkdf2_level":
server_pbkdf2_level = parseInt(params[1].match(/\d+/)[0], 10);
if (server_pbkdf2_level != NaN &&
server_pbkdf2_level != pbkdf2_level &&
server_pbkdf2_level >= 1000) // Minimum level for PBKDF2 !
{
debug("New pkdbf2 level " + server_pkdbf2_level);
pkdbf2_level = server_pkdbf2_level;
setPref("pkdbf2_level", pkdbf2_level);
debug("New pbkdf2 level " + server_pbkdf2_level);
pbkdf2_level = server_pbkdf2_level;
setPref("pbkdf2_level", pbkdf2_level);
ret = SERVER.RESTART_REQUEST;
}
break;
@@ -199,8 +180,7 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
if (ciphered_password != "")
{
debug("Ciphered password : " + ciphered_password);
clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
aes.finish();
clear_password = await decrypt(mkey, hex2a(ciphered_password));
// Remove trailing \0 and salt
clear_password = clear_password.replace(/\0*$/, "");
clear_password = clear_password.substr(0, clear_password.length-3);
@@ -234,8 +214,8 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
notify("Error",
"Error");
}, false);
debug("connect to " + getPref("account_url"));
gPassRequest.open("POST", getPref("account_url"), true);
debug("connect to " + await getPref("account_url"));
gPassRequest.open("POST", await getPref("account_url"), true);
gPassRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
gPassRequest.send(keys);
@@ -316,11 +296,6 @@ function on_sumbit(e)
domain = domain["host"];
var wdomain = wildcard_domain(domain);
var salt = parseURI.parseUri(getPref("account_url"));
salt = salt["host"] + salt["path"];
debug("salt " + salt);
type_filters = new Array();
// Get all <input type="text"> && <input type="email">
type_filters.push("text");
@@ -350,8 +325,9 @@ function on_sumbit(e)
e.preventDefault();
var ret = ask_server(form, field, logins, domain, wdomain, mkey, salt, (password.indexOf("@@") == 0));
var ret = ask_server(form, field, logins, domain, wdomain, mkey, (password.indexOf("@@") == 0));
ret.then(function(ret){
switch(ret)
{
case SERVER.OK:
@@ -359,15 +335,15 @@ function on_sumbit(e)
case SERVER.FAILED:
if (logins !== all_logins)
{
ret = ask_server(form, field, all_logins, domain, wdomain, mkey, salt, (password.indexOf("@@") == 0));
if (ret == SERVER.OK)
break;
/*ret = */ask_server(form, field, all_logins, domain, wdomain, mkey, (password.indexOf("@@") == 0));
/*if (ret == SERVER.OK)
break;};*/
}
break;
case SERVER.RESTART_REQUEST:
i = -1; // Restart loop
break;
}
}});
}
}
@@ -393,24 +369,21 @@ function document_loaded(doc)
}
}
function init(prefs)
{
for (k in prefs)
preferences[k] = prefs[k];
pkdbf2_level = getPref("pkdbf2_level");
document_loaded(document);
}
document_loaded(document);
// First, load preferences
chrome.storage.local.get(null, init);
function self_test()
async function self_test()
{
if((res = a2hex(pkdbf2("password", "salt", 4096, 256/8))) !=
"c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a")
console.log("PKDBF2 failed " + res);
mkey = pbkdf2("password", "salt", 4096);
res = await encrypt(mkey, "DDDDDDDDDDDDDDDD");
reference = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
if (res != ab2str(reference))
{
console.log("Self test ERROR ! ");
}
else
console.log("All is OK ! ");
console.log("All is OK ! ");
}
// self_test();
getPref("account_url");

2
chrome_addon/manifest.json
View File

@@ -12,7 +12,7 @@
"content_scripts": [
{
"matches": ["https://*/*", "http://*/*"],
"js": ["lib/parseuri.js", "lib/jsaes.js", "lib/jssha256.js", "lib/hmac.js", "lib/pkdbf2.js", "lib/main.js"],
"js": ["lib/parseuri.js", "lib/jsaes.js", "lib/jssha256.js", "lib/hmac.js", "lib/pkdbf2.js", "compat.js", "lib/main.js"],
"run_at" : "document_idle",
"all_frames" : true
}

4
chrome_addon/options.html
View File

@@ -6,9 +6,9 @@
<body>
<b>Account URL</b> URL of your gPass account <input id="account_url" type="text"/><br />
<b>WARNING</b> It should be a valid HTTPS URL because doesn't like mixed content (https/http) with a recognized certificate. Of not, requests will silentely failed. If you have an auto-signed certificate, add it to trusted ones.<br/>
<b>WARNING</b> It should be a valid HTTPS URL because navigator doesn't like mixed content (HTTPS/HTTP). If not, requests will silentely failed. If you have an auto-signed certificate, add it to trusted ones.<br/>
<br/>
<b>PKDBF2 level</b> Number of iterations used to derivate master key <input id="pkdbf2" type="number"/><br />
<b>PBKDF2 level</b> Number of iterations used to derivate master key <input id="pbkdf2" type="number"/><br />
<br/>
<input type="button" id="save" value="Save"/>

14
chrome_addon/options.js
View File

@@ -1,13 +1,13 @@
var default_preferences = {"pkdbf2_level": 1000,
var default_preferences = {"pbkdf2_level": 1000,
"account_url": "https://gpass-demo.soutade.fr/demo"};
function save() {
var account_url = document.getElementById('account_url').value;
var pkdbf2 = document.getElementById('pkdbf2').value;
var pbkdf2 = document.getElementById('pbkdf2').value;
chrome.storage.local.set({
'account_url': account_url,
'pkdbf2': pkdbf2,
'pbkdf2': pbkdf2,
}, function() {
alert('Saved');
});
@@ -19,13 +19,13 @@ chrome.storage.local.get(null, function(prefs) {
else
account_url = prefs['account_url'];
if (!prefs.hasOwnProperty("pkdbf2_level"))
pkdbf2 = default_preferences['pkdbf2_level'];
if (!prefs.hasOwnProperty("pbkdf2_level"))
pbkdf2 = default_preferences['pbkdf2_level'];
else
pkdbf2 = prefs['pkdbf2_level'];
pbkdf2 = prefs['pbkdf2_level'];
document.getElementById('account_url').value = account_url;
document.getElementById('pkdbf2').value = pkdbf2;
document.getElementById('pbkdf2').value = pbkdf2;
});
document.getElementById('save').addEventListener("click", save);