2018-01-05 10:41:29 -05:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 2 or (at your option)
|
|
|
|
* version 3 of the License.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "Kdbx4Writer.h"
|
|
|
|
|
|
|
|
#include <QBuffer>
|
|
|
|
#include <QFile>
|
|
|
|
|
|
|
|
#include "streams/HmacBlockStream.h"
|
|
|
|
#include "core/Database.h"
|
|
|
|
#include "crypto/CryptoHash.h"
|
|
|
|
#include "crypto/Random.h"
|
|
|
|
#include "format/KeePass2RandomStream.h"
|
2018-01-06 22:08:32 -05:00
|
|
|
#include "format/KdbxXmlWriter.h"
|
2018-01-05 10:41:29 -05:00
|
|
|
#include "streams/QtIOCompressor"
|
|
|
|
#include "streams/SymmetricCipherStream.h"
|
|
|
|
|
|
|
|
bool Kdbx4Writer::writeDatabase(QIODevice* device, Database* db)
|
|
|
|
{
|
|
|
|
m_error = false;
|
|
|
|
m_errorStr.clear();
|
|
|
|
|
|
|
|
SymmetricCipher::Algorithm algo = SymmetricCipher::cipherToAlgorithm(db->cipher());
|
|
|
|
if (algo == SymmetricCipher::InvalidAlgorithm) {
|
2018-01-06 22:08:32 -05:00
|
|
|
raiseError(tr("Invalid symmetric cipher algorithm."));
|
2018-01-05 10:41:29 -05:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
int ivSize = SymmetricCipher::algorithmIvSize(algo);
|
|
|
|
if (ivSize < 0) {
|
2018-01-06 22:08:32 -05:00
|
|
|
raiseError(tr("Invalid symmetric cipher IV size."));
|
2018-01-05 10:41:29 -05:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
QByteArray masterSeed = randomGen()->randomArray(32);
|
|
|
|
QByteArray encryptionIV = randomGen()->randomArray(ivSize);
|
|
|
|
QByteArray protectedStreamKey = randomGen()->randomArray(64);
|
|
|
|
QByteArray startBytes;
|
|
|
|
QByteArray endOfHeader = "\r\n\r\n";
|
|
|
|
|
|
|
|
if (!db->setKey(db->key(), false, true)) {
|
|
|
|
raiseError(tr("Unable to calculate master key"));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
// generate transformed master key
|
2018-01-05 10:41:29 -05:00
|
|
|
CryptoHash hash(CryptoHash::Sha256);
|
|
|
|
hash.addData(masterSeed);
|
|
|
|
Q_ASSERT(!db->transformedMasterKey().isEmpty());
|
|
|
|
hash.addData(db->transformedMasterKey());
|
|
|
|
QByteArray finalKey = hash.result();
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
// write header
|
2018-01-05 10:41:29 -05:00
|
|
|
QByteArray headerData;
|
|
|
|
{
|
|
|
|
QBuffer header;
|
|
|
|
header.open(QIODevice::WriteOnly);
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
writeMagicNumbers(&header, KeePass2::SIGNATURE_1, KeePass2::SIGNATURE_2, KeePass2::FILE_VERSION_4);
|
|
|
|
|
|
|
|
CHECK_RETURN_FALSE(writeHeaderField<quint32>(&header, KeePass2::HeaderFieldID::CipherID, db->cipher().toByteArray()));
|
|
|
|
CHECK_RETURN_FALSE(writeHeaderField<quint32>(&header, KeePass2::HeaderFieldID::CompressionFlags,
|
|
|
|
Endian::sizedIntToBytes(static_cast<int>(db->compressionAlgo()),
|
|
|
|
KeePass2::BYTEORDER)));
|
|
|
|
CHECK_RETURN_FALSE(writeHeaderField<quint32>(&header, KeePass2::HeaderFieldID::MasterSeed, masterSeed));
|
|
|
|
CHECK_RETURN_FALSE(writeHeaderField<quint32>(&header, KeePass2::HeaderFieldID::EncryptionIV, encryptionIV));
|
|
|
|
|
|
|
|
// convert current Kdf to basic parameters
|
|
|
|
QVariantMap kdfParams = KeePass2::kdfToParameters(db->kdf());
|
2018-01-05 10:41:29 -05:00
|
|
|
QByteArray kdfParamBytes;
|
|
|
|
if (!serializeVariantMap(kdfParams, kdfParamBytes)) {
|
2018-01-06 22:08:32 -05:00
|
|
|
raiseError(tr("Failed to serialize KDF parameters variant map"));
|
2018-01-05 10:41:29 -05:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
QByteArray publicCustomData = db->publicCustomData();
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeHeaderField<quint32>(&header, KeePass2::HeaderFieldID::KdfParameters, kdfParamBytes));
|
2018-01-05 10:41:29 -05:00
|
|
|
if (!publicCustomData.isEmpty()) {
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeHeaderField<quint32>(&header, KeePass2::HeaderFieldID::PublicCustomData, publicCustomData));
|
2018-01-05 10:41:29 -05:00
|
|
|
}
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeHeaderField<quint32>(&header, KeePass2::HeaderFieldID::EndOfHeader, endOfHeader));
|
2018-01-05 10:41:29 -05:00
|
|
|
header.close();
|
|
|
|
headerData = header.data();
|
|
|
|
}
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeData(device, headerData));
|
|
|
|
|
|
|
|
// hash header
|
2018-01-05 10:41:29 -05:00
|
|
|
QByteArray headerHash = CryptoHash::hash(headerData, CryptoHash::Sha256);
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
// write HMAC-authenticated cipher stream
|
2018-01-05 10:41:29 -05:00
|
|
|
QByteArray hmacKey = KeePass2::hmacKey(masterSeed, db->transformedMasterKey());
|
|
|
|
QByteArray headerHmac = CryptoHash::hmac(headerData, HmacBlockStream::getHmacKey(UINT64_MAX, hmacKey),
|
|
|
|
CryptoHash::Sha256);
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeData(device, headerHash));
|
|
|
|
CHECK_RETURN_FALSE(writeData(device, headerHmac));
|
2018-01-05 10:41:29 -05:00
|
|
|
|
2018-01-06 18:30:18 -05:00
|
|
|
QScopedPointer<HmacBlockStream> hmacBlockStream;
|
|
|
|
QScopedPointer<SymmetricCipherStream> cipherStream;
|
|
|
|
|
|
|
|
hmacBlockStream.reset(new HmacBlockStream(device, hmacKey));
|
|
|
|
if (!hmacBlockStream->open(QIODevice::WriteOnly)) {
|
|
|
|
raiseError(hmacBlockStream->errorString());
|
2018-01-05 10:41:29 -05:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2018-01-06 18:30:18 -05:00
|
|
|
cipherStream.reset(new SymmetricCipherStream(hmacBlockStream.data(), algo,
|
2018-01-06 22:08:32 -05:00
|
|
|
SymmetricCipher::algorithmMode(algo),
|
|
|
|
SymmetricCipher::Encrypt));
|
2018-01-06 18:30:18 -05:00
|
|
|
|
2018-01-05 10:41:29 -05:00
|
|
|
if (!cipherStream->init(finalKey, encryptionIV)) {
|
|
|
|
raiseError(cipherStream->errorString());
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (!cipherStream->open(QIODevice::WriteOnly)) {
|
|
|
|
raiseError(cipherStream->errorString());
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
QIODevice* outputDevice = nullptr;
|
2018-01-05 10:41:29 -05:00
|
|
|
QScopedPointer<QtIOCompressor> ioCompressor;
|
2018-01-06 22:08:32 -05:00
|
|
|
|
2018-01-05 10:41:29 -05:00
|
|
|
if (db->compressionAlgo() == Database::CompressionNone) {
|
2018-01-06 22:08:32 -05:00
|
|
|
outputDevice = cipherStream.data();
|
2018-01-05 10:41:29 -05:00
|
|
|
} else {
|
2018-01-06 18:30:18 -05:00
|
|
|
ioCompressor.reset(new QtIOCompressor(cipherStream.data()));
|
2018-01-05 10:41:29 -05:00
|
|
|
ioCompressor->setStreamFormat(QtIOCompressor::GzipFormat);
|
|
|
|
if (!ioCompressor->open(QIODevice::WriteOnly)) {
|
|
|
|
raiseError(ioCompressor->errorString());
|
|
|
|
return false;
|
|
|
|
}
|
2018-01-06 22:08:32 -05:00
|
|
|
outputDevice = ioCompressor.data();
|
2018-01-05 10:41:29 -05:00
|
|
|
}
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
Q_ASSERT(outputDevice);
|
2018-01-05 10:41:29 -05:00
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeInnerHeaderField(outputDevice, KeePass2::InnerHeaderFieldID::InnerRandomStreamID,
|
2018-01-06 11:06:51 -05:00
|
|
|
Endian::sizedIntToBytes(static_cast<int>(KeePass2::ProtectedStreamAlgo::ChaCha20),
|
2018-01-05 10:41:29 -05:00
|
|
|
KeePass2::BYTEORDER)));
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeInnerHeaderField(outputDevice, KeePass2::InnerHeaderFieldID::InnerRandomStreamKey,
|
2018-01-05 10:41:29 -05:00
|
|
|
protectedStreamKey));
|
2018-01-06 22:08:32 -05:00
|
|
|
|
2018-01-16 23:44:50 -05:00
|
|
|
// Write attachments to the inner header
|
|
|
|
writeAttachments(outputDevice, db);
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeInnerHeaderField(outputDevice, KeePass2::InnerHeaderFieldID::End, QByteArray()));
|
2018-01-05 10:41:29 -05:00
|
|
|
|
2018-01-06 11:06:51 -05:00
|
|
|
KeePass2RandomStream randomStream(KeePass2::ProtectedStreamAlgo::ChaCha20);
|
2018-01-05 10:41:29 -05:00
|
|
|
if (!randomStream.init(protectedStreamKey)) {
|
|
|
|
raiseError(randomStream.errorString());
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
KdbxXmlWriter xmlWriter(KeePass2::FILE_VERSION_4);
|
|
|
|
xmlWriter.writeDatabase(outputDevice, db, &randomStream, headerHash);
|
2018-01-05 10:41:29 -05:00
|
|
|
|
|
|
|
// Explicitly close/reset streams so they are flushed and we can detect
|
|
|
|
// errors. QIODevice::close() resets errorString() etc.
|
|
|
|
if (ioCompressor) {
|
|
|
|
ioCompressor->close();
|
|
|
|
}
|
2018-01-06 18:30:18 -05:00
|
|
|
if (!cipherStream->reset()) {
|
|
|
|
raiseError(cipherStream->errorString());
|
2018-01-05 10:41:29 -05:00
|
|
|
return false;
|
|
|
|
}
|
2018-01-06 18:30:18 -05:00
|
|
|
if (!hmacBlockStream->reset()) {
|
|
|
|
raiseError(hmacBlockStream->errorString());
|
2018-01-05 10:41:29 -05:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (xmlWriter.hasError()) {
|
|
|
|
raiseError(xmlWriter.errorString());
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
/**
|
|
|
|
* Write KDBX4 inner header field.
|
|
|
|
*
|
|
|
|
* @param device output device
|
|
|
|
* @param fieldId field identifier
|
|
|
|
* @param data header payload
|
|
|
|
* @return true on success
|
|
|
|
*/
|
|
|
|
bool Kdbx4Writer::writeInnerHeaderField(QIODevice* device, KeePass2::InnerHeaderFieldID fieldId, const QByteArray& data)
|
2018-01-05 10:41:29 -05:00
|
|
|
{
|
|
|
|
QByteArray fieldIdArr;
|
|
|
|
fieldIdArr[0] = static_cast<char>(fieldId);
|
2018-01-06 22:08:32 -05:00
|
|
|
CHECK_RETURN_FALSE(writeData(device, fieldIdArr));
|
|
|
|
CHECK_RETURN_FALSE(writeData(device, Endian::sizedIntToBytes(static_cast<quint32>(data.size()), KeePass2::BYTEORDER)));
|
|
|
|
CHECK_RETURN_FALSE(writeData(device, data));
|
2018-01-05 10:41:29 -05:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2018-01-16 23:44:50 -05:00
|
|
|
void Kdbx4Writer::writeAttachments(QIODevice* device, Database* db)
|
2018-01-05 10:41:29 -05:00
|
|
|
{
|
2018-01-16 23:44:50 -05:00
|
|
|
const QList<Entry*> allEntries = db->rootGroup()->entriesRecursive(true);
|
|
|
|
for (Entry* entry : allEntries) {
|
|
|
|
const QList<QString> attachmentKeys = entry->attachments()->keys();
|
|
|
|
for (const QString& key : attachmentKeys) {
|
|
|
|
QByteArray data = entry->attachments()->value(key);
|
|
|
|
data.prepend("\x01");
|
|
|
|
writeInnerHeaderField(device, KeePass2::InnerHeaderFieldID::Binary, data);
|
|
|
|
}
|
|
|
|
}
|
2018-01-05 10:41:29 -05:00
|
|
|
}
|
|
|
|
|
2018-01-06 22:08:32 -05:00
|
|
|
/**
|
|
|
|
* Serialize KDF parameter variant map to byte array.
|
|
|
|
*
|
|
|
|
* @param map input variant map
|
|
|
|
* @param outputBytes output byte array
|
|
|
|
* @return true on success
|
|
|
|
*/
|
|
|
|
bool Kdbx4Writer::serializeVariantMap(const QVariantMap& map, QByteArray& outputBytes)
|
2018-01-05 10:41:29 -05:00
|
|
|
{
|
2018-01-06 22:08:32 -05:00
|
|
|
QBuffer buf(&outputBytes);
|
2018-01-05 10:41:29 -05:00
|
|
|
buf.open(QIODevice::WriteOnly);
|
|
|
|
CHECK_RETURN_FALSE(buf.write(Endian::sizedIntToBytes(KeePass2::VARIANTMAP_VERSION, KeePass2::BYTEORDER)) == 2);
|
|
|
|
|
|
|
|
bool ok;
|
2018-01-06 22:08:32 -05:00
|
|
|
QList<QString> keys = map.keys();
|
2018-01-06 11:06:51 -05:00
|
|
|
for (const auto& k : keys) {
|
2018-01-05 10:41:29 -05:00
|
|
|
KeePass2::VariantMapFieldType fieldType;
|
|
|
|
QByteArray data;
|
2018-01-06 22:08:32 -05:00
|
|
|
QVariant v = map.value(k);
|
2018-01-05 10:41:29 -05:00
|
|
|
switch (static_cast<QMetaType::Type>(v.type())) {
|
2018-01-06 11:06:51 -05:00
|
|
|
case QMetaType::Type::Int:
|
|
|
|
fieldType = KeePass2::VariantMapFieldType::Int32;
|
|
|
|
data = Endian::sizedIntToBytes(v.toInt(&ok), KeePass2::BYTEORDER);
|
|
|
|
CHECK_RETURN_FALSE(ok);
|
|
|
|
break;
|
|
|
|
case QMetaType::Type::UInt:
|
|
|
|
fieldType = KeePass2::VariantMapFieldType::UInt32;
|
|
|
|
data = Endian::sizedIntToBytes(v.toUInt(&ok), KeePass2::BYTEORDER);
|
|
|
|
CHECK_RETURN_FALSE(ok);
|
|
|
|
break;
|
|
|
|
case QMetaType::Type::LongLong:
|
|
|
|
fieldType = KeePass2::VariantMapFieldType::Int64;
|
|
|
|
data = Endian::sizedIntToBytes(v.toLongLong(&ok), KeePass2::BYTEORDER);
|
|
|
|
CHECK_RETURN_FALSE(ok);
|
|
|
|
break;
|
|
|
|
case QMetaType::Type::ULongLong:
|
|
|
|
fieldType = KeePass2::VariantMapFieldType::UInt64;
|
|
|
|
data = Endian::sizedIntToBytes(v.toULongLong(&ok), KeePass2::BYTEORDER);
|
|
|
|
CHECK_RETURN_FALSE(ok);
|
|
|
|
break;
|
|
|
|
case QMetaType::Type::QString:
|
|
|
|
fieldType = KeePass2::VariantMapFieldType::String;
|
|
|
|
data = v.toString().toUtf8();
|
|
|
|
break;
|
|
|
|
case QMetaType::Type::Bool:
|
|
|
|
fieldType = KeePass2::VariantMapFieldType::Bool;
|
|
|
|
data = QByteArray(1, static_cast<char>(v.toBool() ? '\1' : '\0'));
|
|
|
|
break;
|
|
|
|
case QMetaType::Type::QByteArray:
|
|
|
|
fieldType = KeePass2::VariantMapFieldType::ByteArray;
|
|
|
|
data = v.toByteArray();
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
qWarning("Unknown object type %d in QVariantMap", v.type());
|
|
|
|
return false;
|
2018-01-05 10:41:29 -05:00
|
|
|
}
|
|
|
|
QByteArray typeBytes;
|
|
|
|
typeBytes[0] = static_cast<char>(fieldType);
|
|
|
|
QByteArray nameBytes = k.toUtf8();
|
|
|
|
QByteArray nameLenBytes = Endian::sizedIntToBytes(nameBytes.size(), KeePass2::BYTEORDER);
|
|
|
|
QByteArray dataLenBytes = Endian::sizedIntToBytes(data.size(), KeePass2::BYTEORDER);
|
|
|
|
|
|
|
|
CHECK_RETURN_FALSE(buf.write(typeBytes) == 1);
|
|
|
|
CHECK_RETURN_FALSE(buf.write(nameLenBytes) == 4);
|
|
|
|
CHECK_RETURN_FALSE(buf.write(nameBytes) == nameBytes.size());
|
|
|
|
CHECK_RETURN_FALSE(buf.write(dataLenBytes) == 4);
|
|
|
|
CHECK_RETURN_FALSE(buf.write(data) == data.size());
|
|
|
|
}
|
|
|
|
|
|
|
|
QByteArray endBytes;
|
|
|
|
endBytes[0] = static_cast<char>(KeePass2::VariantMapFieldType::End);
|
|
|
|
CHECK_RETURN_FALSE(buf.write(endBytes) == 1);
|
|
|
|
return true;
|
|
|
|
}
|