From e759c13d64c912ae02ef53f01f3df7806ad572d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Mon, 17 Apr 2017 20:39:53 +0200
Subject: [PATCH] First merge with Chrome et Firefox web extension (not tested
 in chrome)

---
 chrome_addon/lib/main.js   | 131 +++++++++++++++----------------------
 chrome_addon/manifest.json |   2 +-
 chrome_addon/options.html  |   4 +-
 chrome_addon/options.js    |  14 ++--
 4 files changed, 62 insertions(+), 89 deletions(-)

diff --git a/chrome_addon/lib/main.js b/chrome_addon/lib/main.js
index 26af3ee..9f2e567 100644
--- a/chrome_addon/lib/main.js
+++ b/chrome_addon/lib/main.js
@@ -1,5 +1,5 @@
 /*
-  Copyright (C) 2013-2014 Grégory Soutadé
+  Copyright (C) 2013-2016 Grégory Soutadé
   
   This file is part of gPass.
   
@@ -17,12 +17,8 @@
   along with gPass.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-var DEBUG = false;
-var default_preferences = {"pkdbf2_level": 1000,
-			   "account_url": "https://gpass-demo.soutade.fr/demo"};
-var preferences = {};
+var DEBUG = true;
 var protocol_version = 3;
-var pkdbf2_level;
 
 SERVER = {OK : 0, FAILED : 1, RESTART_REQUEST : 2};
 
@@ -34,11 +30,11 @@ function hex2a(hex) {
     return str;
 }
 
-function a2hex(str) {
+function a2hex(_str_) {
     var hex = '';
-    for (var i = 0; i < str.length; i++)
+    for (var i = 0; i < _str_.length; i++)
     {
-	var c = str.charCodeAt(i).toString(16);
+	var c = _str_.charCodeAt(i).toString(16);
 	if (c.length == 1) c = "0" + c;
         hex += c;
     }
@@ -51,56 +47,41 @@ function debug(s)
 	console.log(s);
 }
 
-function notify(text, data)
-{
-    chrome.extension.sendMessage({type: "notification", options:{"message":text}}, function(response){alert(response);});
-}
-
-function getPref(key)
-{
-    if (key in preferences)
-	return preferences[key];
-    else
-	return default_preferences[key];
-}
-
-function setPref(key, value)
-{
-    chrome.storage.local.set({key:value}, null);
-}
-
 function generate_request(domain, login, mkey)
 {
     var v = "@@" + domain + ";" + login;
     debug("will encrypt " + v);
-    debug("with " + a2hex(mkey));
-    var enc = aes.encryptLongString(v, aes.init(mkey));
-    aes.finish();
-    debug("res " + a2hex(enc));
+    //debug("with " + a2hex(mkey));
+    enc = encrypt(mkey, v);
+    //debug("res " + a2hex(enc));
 
     return enc;
 }
 
-function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
+async function ask_server(form, field, logins, domain, wdomain, mkey, submit)
 {
-    var a, b;
+    account_url = await getPref("account_url");
+    var salt = parseURI.parseUri(account_url);
+    salt = salt["host"] + salt["path"];
 
-    mkey = pkdbf2(mkey, salt, pkdbf2_level, 256/8);
+    debug("salt " + salt);
+
+    pbkdf2_level = await getPref("pbkdf2_level");
+
+    mkey = pbkdf2(mkey, salt, pbkdf2_level);
 
     keys = "";
     for(a=0, b=logins.length; a<logins.length; a++)
     {
-	enc = generate_request(domain, logins[a], mkey);
-
+	enc = await generate_request(domain, logins[a], mkey);
 	keys += (keys.length != 0) ? "&" : "";
 	keys += "k" + a + "=" + a2hex(enc);
 
 	if (wdomain != "")
 	{
-	    enc = generate_request(wdomain, logins[a], mkey);
-
+	    enc = await generate_request(wdomain, logins[a], mkey);
 	    keys += (keys.length != 0) ? "&" : "";
-	    keys += "k" + (b++) + "=" + a2hex(enc);
+		keys += "k" + (b++) + "=" + a2hex(enc);
 	}
     }
 
@@ -111,9 +92,9 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
     var ret = SERVER.OK;
 
     // gPassRequest.addEventListener("progress", function(evt) { ; }, false);
-    gPassRequest.addEventListener("load", function(evt) { 
+    gPassRequest.addEventListener("load", async function(evt) { 
 	var ciphered_password = "";
-	var server_pkdbf2_level = 0;
+	var server_pbkdf2_level = 0;
 	var server_version = 0;
 
 	var r = this.responseText.split("\n");
@@ -158,7 +139,7 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
 		    switch (server_protocol_version)
 		    {
 		    case 2:
-			server_pkdbf2_level = 1000;
+			server_pbkdf2_level = 1000;
 			break;
 		    case 3:
 			// Version 3 : nothing special to do
@@ -169,15 +150,15 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
 	    case "pass":
 		ciphered_password = params[1];
 		break;
-	    case "pkdbf2_level": 
-		server_pkdbf2_level = parseInt(params[1].match(/\d+/)[0], 10);
-		if (server_pkdbf2_level != NaN &&
-		    server_pkdbf2_level != pkdbf2_level &&
-		    server_pkdbf2_level >= 1000) // Minimum level for PKDBF2 !
+	    case "pbkdf2_level": 
+		server_pbkdf2_level = parseInt(params[1].match(/\d+/)[0], 10);
+		if (server_pbkdf2_level != NaN &&
+		    server_pbkdf2_level != pbkdf2_level &&
+		    server_pbkdf2_level >= 1000) // Minimum level for PBKDF2 !
 		{
-		    debug("New pkdbf2 level " + server_pkdbf2_level);
-		    pkdbf2_level = server_pkdbf2_level;
-		    setPref("pkdbf2_level", pkdbf2_level);
+		    debug("New pbkdf2 level " + server_pbkdf2_level);
+		    pbkdf2_level = server_pbkdf2_level;
+		    setPref("pbkdf2_level", pbkdf2_level);
 		    ret = SERVER.RESTART_REQUEST;
 		}
 		break;
@@ -199,8 +180,7 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
 	if (ciphered_password != "")
 	{
 	    debug("Ciphered password : " + ciphered_password);
-	    clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
-	    aes.finish();
+	    clear_password = await decrypt(mkey, hex2a(ciphered_password));
 	    // Remove trailing \0 and salt
 	    clear_password = clear_password.replace(/\0*$/, "");
 	    clear_password = clear_password.substr(0, clear_password.length-3);
@@ -234,8 +214,8 @@ function ask_server(form, field, logins, domain, wdomain, mkey, salt, submit)
 	notify("Error",
 	       "Error");
     }, false);
-    debug("connect to " + getPref("account_url"));
-    gPassRequest.open("POST", getPref("account_url"), true);
+    debug("connect to " + await getPref("account_url"));
+    gPassRequest.open("POST", await getPref("account_url"), true);
     gPassRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
     gPassRequest.send(keys);
 
@@ -316,11 +296,6 @@ function on_sumbit(e)
     domain = domain["host"];
     var wdomain = wildcard_domain(domain);
 
-    var salt = parseURI.parseUri(getPref("account_url"));
-    salt = salt["host"] + salt["path"];
-
-    debug("salt " + salt);
-
     type_filters = new Array();
     // Get all <input type="text"> && <input type="email">
     type_filters.push("text");
@@ -350,8 +325,9 @@ function on_sumbit(e)
 
 	    e.preventDefault();
 
-	    var ret = ask_server(form, field, logins, domain, wdomain, mkey, salt, (password.indexOf("@@") == 0));
+	    var ret = ask_server(form, field, logins, domain, wdomain, mkey, (password.indexOf("@@") == 0));
 
+	    ret.then(function(ret){
 	    switch(ret)
 	    {
 	    case SERVER.OK:
@@ -359,15 +335,15 @@ function on_sumbit(e)
 	    case SERVER.FAILED:
 		if (logins !== all_logins)
 		{
-		    ret = ask_server(form, field, all_logins, domain, wdomain, mkey, salt, (password.indexOf("@@") == 0));
-		    if (ret == SERVER.OK)
-			break;
+		    /*ret = */ask_server(form, field, all_logins, domain, wdomain, mkey, (password.indexOf("@@") == 0));
+		    /*if (ret == SERVER.OK)
+			break;};*/
 		}
 		break;
 	    case SERVER.RESTART_REQUEST:
 		i = -1; // Restart loop
 		break;
-	    }
+	    }});
 	}
     }
 
@@ -393,24 +369,21 @@ function document_loaded(doc)
     }
 }
 
-function init(prefs)
-{
-    for (k in prefs)
-	preferences[k] = prefs[k];
-    pkdbf2_level = getPref("pkdbf2_level");
-    document_loaded(document);
-}
+document_loaded(document);
 
-// First, load preferences
-chrome.storage.local.get(null, init);
-
-function self_test()
+async function self_test()
 {
-    if((res = a2hex(pkdbf2("password", "salt", 4096, 256/8))) !=
-       "c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a")
-	console.log("PKDBF2 failed " + res);
+    mkey = pbkdf2("password", "salt", 4096);
+    res = await encrypt(mkey, "DDDDDDDDDDDDDDDD");
+    reference = new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]);
+    if (res != ab2str(reference))
+    {
+    	console.log("Self test ERROR ! ");
+    }
     else
-	console.log("All is OK ! ");
+    	console.log("All is OK ! ");
 }
 
 // self_test();
+
+getPref("account_url");
diff --git a/chrome_addon/manifest.json b/chrome_addon/manifest.json
index 442db8d..6541c77 100644
--- a/chrome_addon/manifest.json
+++ b/chrome_addon/manifest.json
@@ -12,7 +12,7 @@
     "content_scripts": [
 	{
 	    "matches": ["https://*/*", "http://*/*"],
-	    "js": ["lib/parseuri.js", "lib/jsaes.js", "lib/jssha256.js", "lib/hmac.js", "lib/pkdbf2.js", "lib/main.js"],
+	    "js": ["lib/parseuri.js", "lib/jsaes.js", "lib/jssha256.js", "lib/hmac.js", "lib/pkdbf2.js", "compat.js", "lib/main.js"],
 	    "run_at" : "document_idle",
 	    "all_frames" : true
 	}
diff --git a/chrome_addon/options.html b/chrome_addon/options.html
index a30fa6f..e369a5f 100644
--- a/chrome_addon/options.html
+++ b/chrome_addon/options.html
@@ -6,9 +6,9 @@
   <body>
 
     <b>Account URL</b> URL of your gPass account <input id="account_url" type="text"/><br />
-    <b>WARNING</b> It should be a valid HTTPS URL because doesn't like mixed content (https/http) with a recognized certificate. Of not, requests will silentely failed. If you have an auto-signed certificate, add it to trusted ones.<br/>
+    <b>WARNING</b> It should be a valid HTTPS URL because navigator doesn't like mixed content (HTTPS/HTTP). If not, requests will silentely failed. If you have an auto-signed certificate, add it to trusted ones.<br/>
     <br/>
-    <b>PKDBF2 level</b> Number of iterations used to derivate master key <input id="pkdbf2" type="number"/><br />
+    <b>PBKDF2 level</b> Number of iterations used to derivate master key <input id="pbkdf2" type="number"/><br />
     <br/>
     <input type="button" id="save" value="Save"/>
 
diff --git a/chrome_addon/options.js b/chrome_addon/options.js
index 4ad7f39..a9ebceb 100644
--- a/chrome_addon/options.js
+++ b/chrome_addon/options.js
@@ -1,13 +1,13 @@
-var default_preferences = {"pkdbf2_level": 1000,
+var default_preferences = {"pbkdf2_level": 1000,
 			   "account_url": "https://gpass-demo.soutade.fr/demo"};
 
 function save() {
     var account_url = document.getElementById('account_url').value;
-    var pkdbf2 = document.getElementById('pkdbf2').value;
+    var pbkdf2 = document.getElementById('pbkdf2').value;
 
     chrome.storage.local.set({
 	'account_url': account_url,
-	'pkdbf2': pkdbf2,
+	'pbkdf2': pbkdf2,
     }, function() {
 	alert('Saved');
     });
@@ -19,13 +19,13 @@ chrome.storage.local.get(null, function(prefs) {
     else
 	account_url = prefs['account_url'];
 
-    if (!prefs.hasOwnProperty("pkdbf2_level"))
-	pkdbf2 = default_preferences['pkdbf2_level'];
+    if (!prefs.hasOwnProperty("pbkdf2_level"))
+	pbkdf2 = default_preferences['pbkdf2_level'];
     else
-	pkdbf2 = prefs['pkdbf2_level'];
+	pbkdf2 = prefs['pbkdf2_level'];
     
     document.getElementById('account_url').value = account_url;
-    document.getElementById('pkdbf2').value = pkdbf2;
+    document.getElementById('pbkdf2').value = pbkdf2;
 });
 
 document.getElementById('save').addEventListener("click", save);