keepassxc/src/keys/CompositeKey.cpp

/*
*  Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
*  Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
*
*  This program is free software: you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation, either version 2 or (at your option)
*  version 3 of the License.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "CompositeKey.h"
#include <QFile>
#include <QtConcurrent>

#include "core/Global.h"
#include "crypto/CryptoHash.h"

CompositeKey::CompositeKey()
{
}

CompositeKey::CompositeKey(const CompositeKey& key)
{
    *this = key;
}

CompositeKey::~CompositeKey()
{
    clear();
}

void CompositeKey::clear()
{
    qDeleteAll(m_keys);
    m_keys.clear();
    m_challengeResponseKeys.clear();
}

bool CompositeKey::isEmpty() const
{
    return m_keys.isEmpty() && m_challengeResponseKeys.isEmpty();
}

CompositeKey* CompositeKey::clone() const
{
    return new CompositeKey(*this);
}

CompositeKey& CompositeKey::operator=(const CompositeKey& key)
{
    // handle self assignment as that would break when calling clear()
    if (this == &key) {
        return *this;
    }

    clear();

    for (const Key* subKey : asConst(key.m_keys)) {
        addKey(*subKey);
    }
    for (const auto subKey : asConst(key.m_challengeResponseKeys)) {
        addChallengeResponseKey(subKey);
    }

    return *this;
}

QByteArray CompositeKey::rawKey() const
{
    CryptoHash cryptoHash(CryptoHash::Sha256);

    for (const Key* key : m_keys) {
        cryptoHash.addData(key->rawKey());
    }

    return cryptoHash.result();
}

bool CompositeKey::transform(const Kdf& kdf, QByteArray& result) const
{
    return kdf.transform(rawKey(), result);
}

bool CompositeKey::challenge(const QByteArray& seed, QByteArray& result) const
{
    // if no challenge response was requested, return nothing to
    // maintain backwards compatibility with regular databases.
    if (m_challengeResponseKeys.length() == 0) {
        result.clear();
        return true;
    }

    CryptoHash cryptoHash(CryptoHash::Sha256);

    for (const auto key : m_challengeResponseKeys) {
        // if the device isn't present or fails, return an error
        if (!key->challenge(seed)) {
            return false;
        }
        cryptoHash.addData(key->rawKey());
    }

    result = cryptoHash.result();
    return true;
}

void CompositeKey::addKey(const Key& key)
{
    m_keys.append(key.clone());
}

void CompositeKey::addChallengeResponseKey(QSharedPointer<ChallengeResponseKey> key)
{
    m_challengeResponseKeys.append(key);
}
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`/*`
			`* Copyright (C) 2010 Felix Geyer <debfx@fobos.de>`
Update and fix copyright headers 2017-06-09 23:40:36 +02:00			`* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 2 or (at your option)`
			`* version 3 of the License.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`#include "CompositeKey.h"`
Extract readKeyFromLine. 2017-01-14 13:25:30 -05:00			`#include <QFile>`
			`#include <QtConcurrent>`
Improve code style. 2012-04-18 22:08:22 +02:00
Convert Q_FOREACH loops to C++11 for loops. Q_FOREACH will de deprecated soon. 2016-09-02 19:51:51 +02:00			`#include "core/Global.h"`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`#include "crypto/CryptoHash.h"`

Deep copy subkeys when cloning CompositeKey. 2011-11-13 14:52:43 +01:00			`CompositeKey::CompositeKey()`
			`{`
			`}`

			`CompositeKey::CompositeKey(const CompositeKey& key)`
			`{`
			`*this = key;`
			`}`

Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`CompositeKey::~CompositeKey()`
			`{`
Minor improvements in CompositeKey and TestKeys. 2012-04-25 18:35:30 +02:00			`clear();`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`}`

Add CompositeKey::clear(). 2012-01-11 23:59:50 +01:00			`void CompositeKey::clear()`
			`{`
			`qDeleteAll(m_keys);`
			`m_keys.clear();`
Allow a previously yubikey protected database to be saved without the yubikey challenge-response code. 2015-01-27 17:38:26 +00:00			`m_challengeResponseKeys.clear();`
Add CompositeKey::clear(). 2012-01-11 23:59:50 +01:00			`}`

Add CompositeKey::isEmpty(). 2012-10-12 12:10:13 +02:00			`bool CompositeKey::isEmpty() const`
			`{`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`return m_keys.isEmpty() && m_challengeResponseKeys.isEmpty();`
Add CompositeKey::isEmpty(). 2012-10-12 12:10:13 +02:00			`}`

Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`CompositeKey* CompositeKey::clone() const`
			`{`
			`return new CompositeKey(*this);`
			`}`

Deep copy subkeys when cloning CompositeKey. 2011-11-13 14:52:43 +01:00			`CompositeKey& CompositeKey::operator=(const CompositeKey& key)`
			`{`
Fix CompositKey self assignment. 2012-07-17 10:47:56 +02:00			`// handle self assignment as that would break when calling clear()`
			`if (this == &key) {`
			`return *this;`
			`}`

Clear keys in assignment operator of composite key. Fixes corruption of key if master key and then transform rounds is changed. 2012-04-21 18:09:14 +02:00			`clear();`

Convert Q_FOREACH loops to C++11 for loops. Q_FOREACH will de deprecated soon. 2016-09-02 19:51:51 +02:00			`for (const Key* subKey : asConst(key.m_keys)) {`
Minor improvements in CompositeKey and TestKeys. 2012-04-25 18:35:30 +02:00			`addKey(*subKey);`
Deep copy subkeys when cloning CompositeKey. 2011-11-13 14:52:43 +01:00			`}`
Use QSharedPointer instead of cloning YkChallengeResponseKey and make it a QObject to allow emitting signals 2017-02-23 23:52:36 +01:00			`for (const auto subKey : asConst(key.m_challengeResponseKeys)) {`
			`addChallengeResponseKey(subKey);`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`}`
Deep copy subkeys when cloning CompositeKey. 2011-11-13 14:52:43 +01:00
			`return *this;`
			`}`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00
			`QByteArray CompositeKey::rawKey() const`
			`{`
			`CryptoHash cryptoHash(CryptoHash::Sha256);`

Convert Q_FOREACH loops to C++11 for loops. Q_FOREACH will de deprecated soon. 2016-09-02 19:51:51 +02:00			`for (const Key* key : m_keys) {`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`cryptoHash.addData(key->rawKey());`
			`}`

			`return cryptoHash.result();`
			`}`

Pull out KDFs into their own class hierarchy In preparation for multiple KDFs in KDBX 4 2017-11-12 20:20:57 +08:00			`bool CompositeKey::transform(const Kdf& kdf, QByteArray& result) const`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`{`
Pull out KDFs into their own class hierarchy In preparation for multiple KDFs in KDBX 4 2017-11-12 20:20:57 +08:00			`return kdf.transform(rawKey(), result);`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`}`

challenge: Propagate failed challenge to caller * If a removed Yubikey is to blame, re-inserting the Yubikey won't resolve the issue. Hot plug isn't supported at this point. * The caller should detect the error and cancel the database write. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-09-06 17:49:39 -07:00			`bool CompositeKey::challenge(const QByteArray& seed, QByteArray& result) const`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`{`
Use QSharedPointer instead of cloning YkChallengeResponseKey and make it a QObject to allow emitting signals 2017-02-23 23:52:36 +01:00			`// if no challenge response was requested, return nothing to`
			`// maintain backwards compatibility with regular databases.`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`if (m_challengeResponseKeys.length() == 0) {`
Allow a previously yubikey protected database to be saved without the yubikey challenge-response code. 2015-01-27 17:38:26 +00:00			`result.clear();`
challenge: Propagate failed challenge to caller * If a removed Yubikey is to blame, re-inserting the Yubikey won't resolve the issue. Hot plug isn't supported at this point. * The caller should detect the error and cancel the database write. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-09-06 17:49:39 -07:00			`return true;`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`}`

			`CryptoHash cryptoHash(CryptoHash::Sha256);`

Use QSharedPointer instead of cloning YkChallengeResponseKey and make it a QObject to allow emitting signals 2017-02-23 23:52:36 +01:00			`for (const auto key : m_challengeResponseKeys) {`
			`// if the device isn't present or fails, return an error`
			`if (!key->challenge(seed)) {`
challenge: Propagate failed challenge to caller * If a removed Yubikey is to blame, re-inserting the Yubikey won't resolve the issue. Hot plug isn't supported at this point. * The caller should detect the error and cancel the database write. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-09-06 17:49:39 -07:00			`return false;`
			`}`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`cryptoHash.addData(key->rawKey());`
			`}`

challenge: Propagate failed challenge to caller * If a removed Yubikey is to blame, re-inserting the Yubikey won't resolve the issue. Hot plug isn't supported at this point. * The caller should detect the error and cancel the database write. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-09-06 17:49:39 -07:00			`result = cryptoHash.result();`
			`return true;`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`}`

Use QtConcurrentRun instead of subclassing QThread. 2011-11-12 01:49:19 +01:00			`void CompositeKey::addKey(const Key& key)`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`{`
Use QtConcurrentRun instead of subclassing QThread. 2011-11-12 01:49:19 +01:00			`m_keys.append(key.clone());`
Implement reading encrypted kdbx files. 2010-09-13 23:24:36 +02:00			`}`
Add CompositeKey::transformKeyBenchmark(). This method tests how many key transformation rounds can be calculated within a specific time. 2012-05-07 14:38:10 +02:00
Use QSharedPointer instead of cloning YkChallengeResponseKey and make it a QObject to allow emitting signals 2017-02-23 23:52:36 +01:00			`void CompositeKey::addChallengeResponseKey(QSharedPointer<ChallengeResponseKey> key)`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`{`
Use QSharedPointer instead of cloning YkChallengeResponseKey and make it a QObject to allow emitting signals 2017-02-23 23:52:36 +01:00			`m_challengeResponseKeys.append(key);`
keys: CompositeKey: Add ChallengeResponseKey support * Each Challenge Response Key consists of a list of regular keys and now challenge response keys. * Copy ChallengeResponseKeys when copying the object. * Challenge consists of challenging each driver in the list and hashing the concatenated data result using SHA256. Signed-off-by: Kyle Manna <kyle@kylemanna.com> 2014-05-26 01:38:07 -07:00			`}`