author | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-06-02 11:39:16 (UTC) |
---|---|---|
committer | Giulio Cesare Solaroli <giulio.cesare@clipperz.com> | 2014-06-02 16:35:38 (UTC) |
commit | 0422224521f62da210d1ae6ee15ecdf09f47f1f8 (patch) (unidiff) | |
tree | df7c0394fbcd1f8bc588ca8aab3ee83f5dc9f0cf /frontend/delta | |
parent | 7fdb41fa2b1f621636882ad9059c1f3ecfb74083 (diff) | |
download | clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.zip clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.gz clipperz-0422224521f62da210d1ae6ee15ecdf09f47f1f8.tar.bz2 |
Fixed authentication procedure for offline copy
-rw-r--r-- | frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js b/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js index 3f16f70..d03f873 100644 --- a/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js +++ b/frontend/delta/js/Clipperz/PM/Proxy/Proxy.Offline.LocalStorageDataStore.js | |||
@@ -1,209 +1,224 @@ | |||
1 | /* | 1 | /* |
2 | 2 | ||
3 | Copyright 2008-2013 Clipperz Srl | 3 | Copyright 2008-2013 Clipperz Srl |
4 | 4 | ||
5 | This file is part of Clipperz, the online password manager. | 5 | This file is part of Clipperz, the online password manager. |
6 | For further information about its features and functionalities please | 6 | For further information about its features and functionalities please |
7 | refer to http://www.clipperz.com. | 7 | refer to http://www.clipperz.com. |
8 | 8 | ||
9 | * Clipperz is free software: you can redistribute it and/or modify it | 9 | * Clipperz is free software: you can redistribute it and/or modify it |
10 | under the terms of the GNU Affero General Public License as published | 10 | under the terms of the GNU Affero General Public License as published |
11 | by the Free Software Foundation, either version 3 of the License, or | 11 | by the Free Software Foundation, either version 3 of the License, or |
12 | (at your option) any later version. | 12 | (at your option) any later version. |
13 | 13 | ||
14 | * Clipperz is distributed in the hope that it will be useful, but | 14 | * Clipperz is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of | 15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | 16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. | 17 | See the GNU Affero General Public License for more details. |
18 | 18 | ||
19 | * You should have received a copy of the GNU Affero General Public | 19 | * You should have received a copy of the GNU Affero General Public |
20 | License along with Clipperz. If not, see http://www.gnu.org/licenses/. | 20 | License along with Clipperz. If not, see http://www.gnu.org/licenses/. |
21 | 21 | ||
22 | */ | 22 | */ |
23 | 23 | ||
24 | try { if (typeof(Clipperz.PM.Proxy.Offline.DataStore) == 'undefined') { throw ""; }} catch (e) { | 24 | try { if (typeof(Clipperz.PM.Proxy.Offline.DataStore) == 'undefined') { throw ""; }} catch (e) { |
25 | throw "Clipperz.PM.Proxy.Offline.LocalStorageDataStore depends on Clipperz.PM.Proxy.Offline.DataStore!"; | 25 | throw "Clipperz.PM.Proxy.Offline.LocalStorageDataStore depends on Clipperz.PM.Proxy.Offline.DataStore!"; |
26 | } | 26 | } |
27 | 27 | ||
28 | //============================================================================= | 28 | //============================================================================= |
29 | 29 | ||
30 | Clipperz.PM.Proxy.Offline.LocalStorageDataStore = function(args) { | 30 | Clipperz.PM.Proxy.Offline.LocalStorageDataStore = function(args) { |
31 | args = args || {}; | 31 | args = args || {}; |
32 | 32 | ||
33 | //this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null); | 33 | //this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null); |
34 | this._data = JSON.parse(localStorage.getItem('clipperz_dump_data')); | 34 | this._data = JSON.parse(localStorage.getItem('clipperz_dump_data')); |
35 | 35 | ||
36 | this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly); | 36 | this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly); |
37 | this._shouldPayTolls = args.shouldPayTolls || false; | 37 | this._shouldPayTolls = args.shouldPayTolls || false; |
38 | 38 | ||
39 | this._tolls = {}; | 39 | this._tolls = {}; |
40 | this._currentStaticConnection = null; | 40 | this._currentStaticConnection = null; |
41 | 41 | ||
42 | //Clipperz.PM.Proxy.Offline.LocalStorageDataStore.superclass.constructor.apply(this, arguments); | 42 | //Clipperz.PM.Proxy.Offline.LocalStorageDataStore.superclass.constructor.apply(this, arguments); |
43 | 43 | ||
44 | return this; | 44 | return this; |
45 | } | 45 | } |
46 | 46 | ||
47 | Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.LocalStorageDataStore, Clipperz.PM.Proxy.Offline.DataStore, { | 47 | Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.LocalStorageDataStore, Clipperz.PM.Proxy.Offline.DataStore, { |
48 | 48 | ||
49 | //========================================================================= | 49 | //========================================================================= |
50 | 50 | ||
51 | '_knock': function(aConnection, someParameters) { | 51 | '_knock': function(aConnection, someParameters) { |
52 | var result; | 52 | var result; |
53 | 53 | ||
54 | result = { | 54 | result = { |
55 | toll: this.getTollForRequestType(someParameters['requestType']) | 55 | toll: this.getTollForRequestType(someParameters['requestType']) |
56 | } | 56 | } |
57 | 57 | ||
58 | return result; | 58 | return result; |
59 | }, | 59 | }, |
60 | 60 | ||
61 | //------------------------------------------------------------------------- | 61 | //------------------------------------------------------------------------- |
62 | 62 | ||
63 | '_registration': function(aConnection, someParameters) { | 63 | '_registration': function(aConnection, someParameters) { |
64 | throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; | 64 | throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; |
65 | }, | 65 | }, |
66 | 66 | ||
67 | //------------------------------------------------------------------------- | 67 | //------------------------------------------------------------------------- |
68 | 68 | ||
69 | '_handshake': function(aConnection, someParameters) { | 69 | '_handshake': function(aConnection, someParameters) { |
70 | var result; | 70 | var result; |
71 | varnextTollRequestType; | 71 | varnextTollRequestType; |
72 | 72 | ||
73 | result = {}; | 73 | result = {}; |
74 | if (someParameters.message == "connect") { | 74 | if (someParameters.message == "connect") { |
75 | var userData; | 75 | var userData; |
76 | var randomBytes; | 76 | var randomBytes; |
77 | var v; | 77 | var v; |
78 | 78 | ||
79 | userData = this.data()['users'][someParameters.parameters.C]; | 79 | userData = this.data()['users'][someParameters.parameters.C]; |
80 | 80 | ||
81 | if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { | 81 | if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { |
82 | aConnection['userData'] = userData; | 82 | aConnection['userData'] = userData; |
83 | aConnection['C'] = someParameters.parameters.C; | 83 | aConnection['C'] = someParameters.parameters.C; |
84 | } else { | 84 | } else { |
85 | aConnection['userData'] = this.data()['users']['catchAllUser']; | 85 | aConnection['userData'] = this.data()['users']['catchAllUser']; |
86 | } | 86 | } |
87 | 87 | ||
88 | randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); | 88 | randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); |
89 | aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); | 89 | aConnection['b'] = new Clipperz.Crypto.BigInt(randomBytes, 16); |
90 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); | 90 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); |
91 | aConnection['B'] = v.add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); | 91 | aConnection['B'] = (Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(aConnection['b'], Clipperz.Crypto.SRP.n())); |
92 | 92 | ||
93 | aConnection['A'] = someParameters.parameters.A; | 93 | aConnection['A'] = someParameters.parameters.A; |
94 | 94 | ||
95 | result['s'] = aConnection['userData']['s']; | 95 | result['s'] = aConnection['userData']['s']; |
96 | result['B'] = aConnection['B'].asString(16); | 96 | result['B'] = aConnection['B'].asString(16); |
97 | 97 | ||
98 | nextTollRequestType = 'CONNECT'; | 98 | nextTollRequestType = 'CONNECT'; |
99 | } else if (someParameters.message == "credentialCheck") { | 99 | } else if (someParameters.message == "credentialCheck") { |
100 | var v, u, S, A, K, M1; | 100 | var v, u, s, S, A, K, M1; |
101 | var stringHash = function (aValue) { | ||
102 | return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); | ||
103 | }; | ||
101 | 104 | ||
102 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); | 105 | v = new Clipperz.Crypto.BigInt(aConnection['userData']['v'], 16); |
103 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aConnection['B'].asString(10))).toHexString(), 16); | ||
104 | A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); | 106 | A = new Clipperz.Crypto.BigInt(aConnection['A'], 16); |
107 | u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10))).toHexString(), 16); | ||
108 | s = new Clipperz.Crypto.BigInt(aConnection['userData']['s'], 16); | ||
105 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); | 109 | S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(aConnection['b'], Clipperz.Crypto.SRP.n()); |
106 | 110 | ||
107 | K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); | 111 | K = stringHash(S.asString(10)); |
108 | 112 | ||
109 | M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + aConnection['B'].asString(10) + K)).toHexString().slice(2); | 113 | M1 = stringHash( |
114 | "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + | ||
115 | stringHash(aConnection['C']) + | ||
116 | s.asString(10) + | ||
117 | A.asString(10) + | ||
118 | aConnection['B'].asString(10) + | ||
119 | K | ||
120 | ); | ||
110 | if (someParameters.parameters.M1 == M1) { | 121 | if (someParameters.parameters.M1 == M1) { |
111 | var M2; | 122 | var M2; |
112 | 123 | ||
113 | M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); | 124 | M2 = stringHash( |
125 | A.asString(10) + | ||
126 | someParameters.parameters.M1 + | ||
127 | K | ||
128 | ); | ||
114 | result['M2'] = M2; | 129 | result['M2'] = M2; |
115 | } else { | 130 | } else { |
116 | throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); | 131 | throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); |
117 | } | 132 | } |
118 | 133 | ||
119 | nextTollRequestType = 'MESSAGE'; | 134 | nextTollRequestType = 'MESSAGE'; |
120 | } else if (someParameters.message == "oneTimePassword") { | 135 | } else if (someParameters.message == "oneTimePassword") { |
121 | var otpData; | 136 | var otpData; |
122 | 137 | ||
123 | otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; | 138 | otpData = this.data()['onetimePasswords'][someParameters.parameters.oneTimePasswordKey]; |
124 | 139 | ||
125 | try { | 140 | try { |
126 | if (typeof(otpData) != 'undefined') { | 141 | if (typeof(otpData) != 'undefined') { |
127 | if (otpData['status'] == 'ACTIVE') { | 142 | if (otpData['status'] == 'ACTIVE') { |
128 | if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { | 143 | if (otpData['key_checksum'] == someParameters.parameters.oneTimePasswordKeyChecksum) { |
129 | result = { | 144 | result = { |
130 | 'data': otpData['data'], | 145 | 'data': otpData['data'], |
131 | 'version':otpData['version'] | 146 | 'version':otpData['version'] |
132 | } | 147 | } |
133 | 148 | ||
134 | otpData['status'] = 'REQUESTED'; | 149 | otpData['status'] = 'REQUESTED'; |
135 | } else { | 150 | } else { |
136 | otpData['status'] = 'DISABLED'; | 151 | otpData['status'] = 'DISABLED'; |
137 | throw "The requested One Time Password has been disabled, due to a wrong keyChecksum"; | 152 | throw "The requested One Time Password has been disabled, due to a wrong keyChecksum"; |
138 | } | 153 | } |
139 | } else { | 154 | } else { |
140 | throw "The requested One Time Password was not active"; | 155 | throw "The requested One Time Password was not active"; |
141 | } | 156 | } |
142 | } else { | 157 | } else { |
143 | throw "The requested One Time Password has not been found" | 158 | throw "The requested One Time Password has not been found" |
144 | } | 159 | } |
145 | } catch (exception) { | 160 | } catch (exception) { |
146 | result = { | 161 | result = { |
147 | 'data': Clipperz.PM.Crypto.randomKey(), | 162 | 'data': Clipperz.PM.Crypto.randomKey(), |
148 | 'version':Clipperz.PM.Connection.communicationProtocol.currentVersion | 163 | 'version':Clipperz.PM.Connection.communicationProtocol.currentVersion |
149 | } | 164 | } |
150 | } | 165 | } |
151 | nextTollRequestType = 'CONNECT'; | 166 | nextTollRequestType = 'CONNECT'; |
152 | } else { | 167 | } else { |
153 | Clipperz.logError("Clipperz.PM.Proxy.Test.handshake - unhandled message: " + someParameters.message); | 168 | Clipperz.logError("Clipperz.PM.Proxy.Test.handshake - unhandled message: " + someParameters.message); |
154 | } | 169 | } |
155 | 170 | ||
156 | result = { | 171 | result = { |
157 | result: result, | 172 | result: result, |
158 | toll: this.getTollForRequestType(nextTollRequestType) | 173 | toll: this.getTollForRequestType(nextTollRequestType) |
159 | } | 174 | } |
160 | 175 | ||
161 | return result; | 176 | return result; |
162 | }, | 177 | }, |
163 | 178 | ||
164 | //------------------------------------------------------------------------- | 179 | //------------------------------------------------------------------------- |
165 | 180 | ||
166 | '_message': function(aConnection, someParameters) { | 181 | '_message': function(aConnection, someParameters) { |
167 | var result; | 182 | var result; |
168 | 183 | ||
169 | result = {}; | 184 | result = {}; |
170 | 185 | ||
171 | //===================================================================== | 186 | //===================================================================== |
172 | // | 187 | // |
173 | // R E A D - O N L Y M e t h o d s | 188 | // R E A D - O N L Y M e t h o d s |
174 | // | 189 | // |
175 | //===================================================================== | 190 | //===================================================================== |
176 | if (someParameters.message == 'getUserDetails') { | 191 | if (someParameters.message == 'getUserDetails') { |
177 | var recordsStats; | 192 | var recordsStats; |
178 | var recordReference; | 193 | var recordReference; |
179 | 194 | ||
180 | recordsStats = {}; | 195 | recordsStats = {}; |
181 | for (recordReference in aConnection['userData']['records']) { | 196 | for (recordReference in aConnection['userData']['records']) { |
182 | recordsStats[recordReference] = { | 197 | recordsStats[recordReference] = { |
183 | 'updateDate': aConnection['userData']['records'][recordReference]['updateDate'] | 198 | 'updateDate': aConnection['userData']['records'][recordReference]['updateDate'] |
184 | } | 199 | } |
185 | } | 200 | } |
186 | 201 | ||
187 | result['header'] = this.userDetails(aConnection); | 202 | result['header'] = this.userDetails(aConnection); |
188 | result['statistics'] = this.statistics(aConnection); | 203 | result['statistics'] = this.statistics(aConnection); |
189 | result['maxNumberOfRecords'] = aConnection['userData']['maxNumberOfRecords']; | 204 | result['maxNumberOfRecords'] = aConnection['userData']['maxNumberOfRecords']; |
190 | result['version'] = aConnection['userData']['userDetailsVersion']; | 205 | result['version'] = aConnection['userData']['userDetailsVersion']; |
191 | result['recordsStats'] = recordsStats; | 206 | result['recordsStats'] = recordsStats; |
192 | 207 | ||
193 | if (this.isReadOnly() == false) { | 208 | if (this.isReadOnly() == false) { |
194 | varlock; | 209 | varlock; |
195 | 210 | ||
196 | if (typeof(aConnection['userData']['lock']) == 'undefined') { | 211 | if (typeof(aConnection['userData']['lock']) == 'undefined') { |
197 | aConnection['userData']['lock'] = "<<LOCK>>"; | 212 | aConnection['userData']['lock'] = "<<LOCK>>"; |
198 | } | 213 | } |
199 | 214 | ||
200 | result['lock'] = aConnection['userData']['lock']; | 215 | result['lock'] = aConnection['userData']['lock']; |
201 | } | 216 | } |
202 | 217 | ||
203 | //===================================================================== | 218 | //===================================================================== |
204 | } else if (someParameters.message == 'getRecordDetail') { | 219 | } else if (someParameters.message == 'getRecordDetail') { |
205 | /* | 220 | /* |
206 | varrecordData; | 221 | varrecordData; |
207 | var currentVersionData; | 222 | var currentVersionData; |
208 | 223 | ||
209 | recordData = this.userData()['records'][someParameters['parameters']['reference']]; | 224 | recordData = this.userData()['records'][someParameters['parameters']['reference']]; |