lastpass 1.2.0 → 1.2.1

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+Version 1.2.1
+-------------
+
+- Fixed the decryption bug on long shared folder names.
+
 Version 1.2.0
 -------------
 

data/lastpass.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
     s.add_dependency "httparty", "~> 0.13.0"
     s.add_dependency "pbkdf2-ruby", "~> 0.2.0"
 
-    s.add_development_dependency "rake", "~> 10.1.0"
+    s.add_development_dependency "rake", "~> 10.3.0"
     s.add_development_dependency "rspec", "~> 2.14.0"
     s.add_development_dependency "coveralls", "~> 0.7.0"
 

data/lib/lastpass/parser.rb

@@ -6,6 +6,14 @@ module LastPass
         # OpenSSL constant
         RSA_PKCS1_OAEP_PADDING = 4
 
+        # Secure note types that contain account-like information
+        ALLOWED_SECURE_NOTE_TYPES = {
+            "Server" => true,
+            "Email Account" => true,
+            "Database" => true,
+            "Instant Messenger" => true,
+        }
+
         # Splits the blob into chucks grouped by kind.
         def self.extract_chunks blob
             chunks = []
@@ -28,13 +36,13 @@ module LastPass
         def self.parse_ACCT chunk, encryption_key
             StringIO.open chunk.payload do |io|
                 id = read_item io
-                name = decode_aes256_auto read_item(io), encryption_key
-                group = decode_aes256_auto read_item(io), encryption_key
+                name = decode_aes256_plain_auto read_item(io), encryption_key
+                group = decode_aes256_plain_auto read_item(io), encryption_key
                 url = decode_hex read_item io
-                notes = decode_aes256_auto read_item(io), encryption_key
+                notes = decode_aes256_plain_auto read_item(io), encryption_key
                 2.times { skip_item io }
-                username = decode_aes256_auto read_item(io), encryption_key
-                password = decode_aes256_auto read_item(io), encryption_key
+                username = decode_aes256_plain_auto read_item(io), encryption_key
+                password = decode_aes256_plain_auto read_item(io), encryption_key
                 2.times { skip_item io }
                 secure_note = read_item io
 
@@ -43,8 +51,7 @@ module LastPass
                     17.times { skip_item io }
                     secure_note_type = read_item io
 
-                    # Only "Server" secure note stores account information
-                    if secure_note_type != "Server"
+                    if !ALLOWED_SECURE_NOTE_TYPES.key? secure_note_type
                         return nil
                     end
 
@@ -95,10 +102,10 @@ module LastPass
                 key = if key.empty?
                     decode_hex rsa_key.private_decrypt(encrypted_key, RSA_PKCS1_OAEP_PADDING)
                 else
-                    decode_hex decode_aes256_auto(key, encryption_key)
+                    decode_hex decode_aes256_plain_auto(key, encryption_key)
                 end
 
-                name = decode_aes256_auto encrypted_name, key
+                name = decode_aes256_base64_auto encrypted_name, key
 
                 # TODO: Return an object, not a hash
                 {id: id, name: name, encryption_key: key}
@@ -189,27 +196,29 @@ module LastPass
             Base64.decode64 data
         end
 
-        # Guesses AES encoding/cipher from the length of the data.
-        # Possible combinations are:
-        #   - ciphers: AES-256 EBC, AES-256 CBC
-        #   - encodings: plain, base64
-        def self.decode_aes256_auto data, encryption_key
+        # Guesses AES cipher (EBC or CBD) from the length of the plain data.
+        def self.decode_aes256_plain_auto data, encryption_key
             length = data.length
-            length16 = length % 16
-            length64 = length % 64
 
             if length == 0
                 ""
-            elsif length16 == 0
-                decode_aes256_ecb_plain data, encryption_key
-            elsif length64 == 0 || length64 == 24 || length64 == 44
-                decode_aes256_ecb_base64 data, encryption_key
-            elsif length16 == 1
+            elsif data[0] == "!" && length % 16 == 1 && length > 32
                 decode_aes256_cbc_plain data, encryption_key
-            elsif length64 == 6 || length64 == 26 || length64 == 50
+            else
+                decode_aes256_ecb_plain data, encryption_key
+            end
+        end
+
+        # Guesses AES cipher (EBC or CBD) from the length of the base64 encoded data.
+        def self.decode_aes256_base64_auto data, encryption_key
+            length = data.length
+
+            if length == 0
+                ""
+            elsif data[0] == "!"
                 decode_aes256_cbc_base64 data, encryption_key
             else
-                raise RuntimeError, "'#{data.inspect}' doesn't seem to be AES-256 encrypted"
+                decode_aes256_ecb_base64 data, encryption_key
             end
         end
 

data/lib/lastpass/version.rb

@@ -2,5 +2,5 @@
 # Licensed under the terms of the MIT license. See LICENCE for details.
 
 module LastPass
-    VERSION = "1.2.0"
+    VERSION = "1.2.1"
 end

data/spec/parser_spec.rb

@@ -316,9 +316,9 @@ describe LastPass::Parser do
         end
     end
 
-    describe ".decode_aes256_auto" do
+    describe ".decode_aes256_plain_auto" do
         def check encoded, decoded
-            expect(LastPass::Parser.decode_aes256_auto encoded, encryption_key)
+            expect(LastPass::Parser.decode_aes256_plain_auto encoded, encryption_key)
                 .to eq decoded
         end
 
@@ -331,13 +331,24 @@ describe LastPass::Parser do
                    "All your base are belong to us"
         end
 
-        it "decodes ECB/base64 string" do
-            check "BNhd3Q3ZVODxk9c0C788NUPTIfYnZuxXfkghtMJ8jVM=",
+        it "decodes CBC/plain string" do
+            check "IcokDWmjOkKtLpZehWKL6666Uj6fNXPpX6lLWlou+1Lrwb+D3ymP6BAwd6C0TB3hSA==".decode64,
                    "All your base are belong to us"
         end
+    end
 
-        it "decodes CBC/plain string" do
-            check "IcokDWmjOkKtLpZehWKL6666Uj6fNXPpX6lLWlou+1Lrwb+D3ymP6BAwd6C0TB3hSA==".decode64,
+    describe ".decode_aes256_base64_auto" do
+        def check encoded, decoded
+            expect(LastPass::Parser.decode_aes256_base64_auto encoded, encryption_key)
+                .to eq decoded
+        end
+
+        it "decodes a blank string" do
+            check "", ""
+        end
+
+        it "decodes ECB/base64 string" do
+            check "BNhd3Q3ZVODxk9c0C788NUPTIfYnZuxXfkghtMJ8jVM=",
                    "All your base are belong to us"
         end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lastpass
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-13 00:00:00.000000000 Z
+date: 2014-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -50,7 +50,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 10.1.0
+        version: 10.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -58,7 +58,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 10.1.0
+        version: 10.3.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement