keepassxc/src/format/KeePass2.cpp

/*
 *  Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 2 or (at your option)
 *  version 3 of the License.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include "KeePass2.h"
#include "crypto/CryptoHash.h"
#include "crypto/kdf/AesKdf.h"
#include "crypto/kdf/Argon2Kdf.h"
#include <QSharedPointer>

const Uuid KeePass2::CIPHER_AES = Uuid(QByteArray::fromHex("31c1f2e6bf714350be5805216afc5aff"));
const Uuid KeePass2::CIPHER_TWOFISH = Uuid(QByteArray::fromHex("ad68f29f576f4bb9a36ad47af965346c"));
const Uuid KeePass2::CIPHER_CHACHA20 = Uuid(QByteArray::fromHex("D6038A2B8B6F4CB5A524339A31DBB59A"));

const Uuid KeePass2::KDF_AES_KDBX3 = Uuid(QByteArray::fromHex("C9D9F39A628A4460BF740D08C18A4FEA"));
const Uuid KeePass2::KDF_AES_KDBX4 = Uuid(QByteArray::fromHex("7C02BB8279A74AC0927D114A00648238"));
const Uuid KeePass2::KDF_ARGON2 = Uuid(QByteArray::fromHex("EF636DDF8C29444B91F7A9A403E30A0C"));

const QByteArray KeePass2::INNER_STREAM_SALSA20_IV("\xE8\x30\x09\x4B\x97\x20\x5D\x2A");

const QString KeePass2::KDFPARAM_UUID("$UUID");
// AES parameters
const QString KeePass2::KDFPARAM_AES_ROUNDS("R");
const QString KeePass2::KDFPARAM_AES_SEED("S");
// Argon2 parameters
const QString KeePass2::KDFPARAM_ARGON2_SALT("S");
const QString KeePass2::KDFPARAM_ARGON2_PARALLELISM("P");
const QString KeePass2::KDFPARAM_ARGON2_MEMORY("M");
const QString KeePass2::KDFPARAM_ARGON2_ITERATIONS("I");
const QString KeePass2::KDFPARAM_ARGON2_VERSION("V");
const QString KeePass2::KDFPARAM_ARGON2_SECRET("K");
const QString KeePass2::KDFPARAM_ARGON2_ASSOCDATA("A");

const QList<QPair<Uuid, QString>> KeePass2::CIPHERS{
    qMakePair(KeePass2::CIPHER_AES, QString(QT_TRANSLATE_NOOP("KeePass2", "AES: 256-bit"))),
    qMakePair(KeePass2::CIPHER_TWOFISH, QString(QT_TRANSLATE_NOOP("KeePass2", "Twofish: 256-bit"))),
    qMakePair(KeePass2::CIPHER_CHACHA20, QString(QT_TRANSLATE_NOOP("KeePass2", "ChaCha20: 256-bit")))};

const QList<QPair<Uuid, QString>> KeePass2::KDFS{
    qMakePair(KeePass2::KDF_ARGON2, QString(QT_TRANSLATE_NOOP("KeePass2", "Argon2 (KDBX 4 – recommended)"))),
    qMakePair(KeePass2::KDF_AES_KDBX4, QString(QT_TRANSLATE_NOOP("KeePass2", "AES-KDF (KDBX 4)"))),
    qMakePair(KeePass2::KDF_AES_KDBX3, QString(QT_TRANSLATE_NOOP("KeePass2", "AES-KDF (KDBX 3.1)")))};

QByteArray KeePass2::hmacKey(QByteArray masterSeed, QByteArray transformedMasterKey)
{
    CryptoHash hmacKeyHash(CryptoHash::Sha512);
    hmacKeyHash.addData(masterSeed);
    hmacKeyHash.addData(transformedMasterKey);
    hmacKeyHash.addData(QByteArray(1, '\x01'));
    return hmacKeyHash.result();
}

/**
 * Create KDF object from KDBX4+ KDF parameters.
 *
 * @param p variant map containing parameters
 * @return initialized KDF
 */
QSharedPointer<Kdf> KeePass2::kdfFromParameters(const QVariantMap& p)
{
    QByteArray uuidBytes = p.value(KDFPARAM_UUID).toByteArray();
    if (uuidBytes.size() != Uuid::Length) {
        return {};
    }

    Uuid kdfUuid(uuidBytes);
    if (kdfUuid == KDF_AES_KDBX3) {
        // upgrade to non-legacy AES-KDF, since KDBX3 doesn't have any KDF parameters
        kdfUuid = KDF_AES_KDBX4;
    }
    QSharedPointer<Kdf> kdf = uuidToKdf(kdfUuid);
    if (kdf.isNull()) {
        return {};
    }

    if (!kdf->processParameters(p)) {
        return {};
    }

    return kdf;
}

QVariantMap KeePass2::kdfToParameters(QSharedPointer<Kdf> kdf)
{
    return kdf->writeParameters();
}

QSharedPointer<Kdf> KeePass2::uuidToKdf(const Uuid& uuid)
{
    if (uuid == KDF_AES_KDBX3) {
        return QSharedPointer<AesKdf>::create(true);
    }
    if (uuid == KDF_AES_KDBX4) {
        return QSharedPointer<AesKdf>::create();
    }
    if (uuid == KDF_ARGON2) {
        return QSharedPointer<Argon2Kdf>::create();
    }

    return {};
}

KeePass2::ProtectedStreamAlgo KeePass2::idToProtectedStreamAlgo(quint32 id)
{
    switch (id) {
    case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::ArcFourVariant):
        return KeePass2::ProtectedStreamAlgo::ArcFourVariant;
    case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::Salsa20):
        return KeePass2::ProtectedStreamAlgo::Salsa20;
    case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::ChaCha20):
        return KeePass2::ProtectedStreamAlgo::ChaCha20;
    default:
        return KeePass2::ProtectedStreamAlgo::InvalidProtectedStreamAlgo;
    }
}
-												Move constants in KeePass2.h to KeePass2.cpp and add a list of KDFs and ciphers

											
										
										
											2017-11-13 02:02:32 +08:00
+								/*
 								 *  Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
 								 *
 								 *  This program is free software: you can redistribute it and/or modify
 								 *  it under the terms of the GNU General Public License as published by
 								 *  the Free Software Foundation, either version 2 or (at your option)
 								 *  version 3 of the License.
 								 *
 								 *  This program is distributed in the hope that it will be useful,
 								 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 								 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 								 *  GNU General Public License for more details.
 								 *
 								 *  You should have received a copy of the GNU General Public License
 								 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 								 */
 								#include "KeePass2.h"
-												Formatting the code.

											
										
										
											2018-03-31 16:01:30 -04:00
+								#include "crypto/CryptoHash.h"
-												Add Argon2Kdf and enable parameters in db settings

Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.

* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken

											
										
										
											2018-01-01 13:21:02 -05:00
+								#include "crypto/kdf/AesKdf.h"
 								#include "crypto/kdf/Argon2Kdf.h"
-												Formatting the code.

											
										
										
											2018-03-31 16:01:30 -04:00
+								#include <QSharedPointer>
-												Move constants in KeePass2.h to KeePass2.cpp and add a list of KDFs and ciphers

											
										
										
											2017-11-13 02:02:32 +08:00
 								const Uuid KeePass2::CIPHER_AES = Uuid(QByteArray::fromHex("31c1f2e6bf714350be5805216afc5aff"));
 								const Uuid KeePass2::CIPHER_TWOFISH = Uuid(QByteArray::fromHex("ad68f29f576f4bb9a36ad47af965346c"));
-												Add support for various algorithms for kdbx4

* Add SHA512 support to CryptoHash
* Add ChaCha20 support
* Add HMAC support
* Add new HmacBlockStream, used in KDBX 4
* Add support for ChaCha20 protected stream

											
										
										
											2017-11-13 02:23:01 +08:00
+								const Uuid KeePass2::CIPHER_CHACHA20 = Uuid(QByteArray::fromHex("D6038A2B8B6F4CB5A524339A31DBB59A"));
-												Move constants in KeePass2.h to KeePass2.cpp and add a list of KDFs and ciphers

											
										
										
											2017-11-13 02:02:32 +08:00
-												Explicitly support AES-KDF in KDBX4 and don't convert KDBX4 files with AES-KDF back to KDBX3 when saving

											
										
										
											2018-01-10 21:24:53 +01:00
+								const Uuid KeePass2::KDF_AES_KDBX3 = Uuid(QByteArray::fromHex("C9D9F39A628A4460BF740D08C18A4FEA"));
 								const Uuid KeePass2::KDF_AES_KDBX4 = Uuid(QByteArray::fromHex("7C02BB8279A74AC0927D114A00648238"));
-												Add Argon2Kdf and enable parameters in db settings

Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.

* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken

											
										
										
											2018-01-01 13:21:02 -05:00
+								const Uuid KeePass2::KDF_ARGON2 = Uuid(QByteArray::fromHex("EF636DDF8C29444B91F7A9A403E30A0C"));
-												Move constants in KeePass2.h to KeePass2.cpp and add a list of KDFs and ciphers

											
										
										
											2017-11-13 02:02:32 +08:00
 								const QByteArray KeePass2::INNER_STREAM_SALSA20_IV("\xE8\x30\x09\x4B\x97\x20\x5D\x2A");
-												Implements KDBX4 format with Argon2 KDF

* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF

											
										
										
											2018-01-05 10:41:29 -05:00
+								const QString KeePass2::KDFPARAM_UUID("$UUID");
 								// AES parameters
 								const QString KeePass2::KDFPARAM_AES_ROUNDS("R");
 								const QString KeePass2::KDFPARAM_AES_SEED("S");
 								// Argon2 parameters
 								const QString KeePass2::KDFPARAM_ARGON2_SALT("S");
 								const QString KeePass2::KDFPARAM_ARGON2_PARALLELISM("P");
 								const QString KeePass2::KDFPARAM_ARGON2_MEMORY("M");
 								const QString KeePass2::KDFPARAM_ARGON2_ITERATIONS("I");
 								const QString KeePass2::KDFPARAM_ARGON2_VERSION("V");
 								const QString KeePass2::KDFPARAM_ARGON2_SECRET("K");
 								const QString KeePass2::KDFPARAM_ARGON2_ASSOCDATA("A");
-												Explicitly support AES-KDF in KDBX4 and don't convert KDBX4 files with AES-KDF back to KDBX3 when saving

											
										
										
											2018-01-10 21:24:53 +01:00
+								const QList<QPair<Uuid, QString>> KeePass2::CIPHERS{
-												Make cipher and KDF settings properly translatable

											
										
										
											2018-03-04 19:09:37 +01:00
+								    qMakePair(KeePass2::CIPHER_AES, QString(QT_TRANSLATE_NOOP("KeePass2", "AES: 256-bit"))),
 								    qMakePair(KeePass2::CIPHER_TWOFISH, QString(QT_TRANSLATE_NOOP("KeePass2", "Twofish: 256-bit"))),
-												Formatting the code.

											
										
										
											2018-03-31 16:01:30 -04:00
+								    qMakePair(KeePass2::CIPHER_CHACHA20, QString(QT_TRANSLATE_NOOP("KeePass2", "ChaCha20: 256-bit")))};
-												Explicitly support AES-KDF in KDBX4 and don't convert KDBX4 files with AES-KDF back to KDBX3 when saving

											
										
										
											2018-01-10 21:24:53 +01:00
 								const QList<QPair<Uuid, QString>> KeePass2::KDFS{
-												Make cipher and KDF settings properly translatable

											
										
										
											2018-03-04 19:09:37 +01:00
+								    qMakePair(KeePass2::KDF_ARGON2, QString(QT_TRANSLATE_NOOP("KeePass2", "Argon2 (KDBX 4 – recommended)"))),
 								    qMakePair(KeePass2::KDF_AES_KDBX4, QString(QT_TRANSLATE_NOOP("KeePass2", "AES-KDF (KDBX 4)"))),
-												Formatting the code.

											
										
										
											2018-03-31 16:01:30 -04:00
+								    qMakePair(KeePass2::KDF_AES_KDBX3, QString(QT_TRANSLATE_NOOP("KeePass2", "AES-KDF (KDBX 3.1)")))};
-												Move constants in KeePass2.h to KeePass2.cpp and add a list of KDFs and ciphers

											
										
										
											2017-11-13 02:02:32 +08:00
-												Formatting the code.

											
										
										
											2018-03-31 16:01:30 -04:00
+								QByteArray KeePass2::hmacKey(QByteArray masterSeed, QByteArray transformedMasterKey)
 								{
-												Implements KDBX4 format with Argon2 KDF

* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF

											
										
										
											2018-01-05 10:41:29 -05:00
+								    CryptoHash hmacKeyHash(CryptoHash::Sha512);
 								    hmacKeyHash.addData(masterSeed);
 								    hmacKeyHash.addData(transformedMasterKey);
 								    hmacKeyHash.addData(QByteArray(1, '\x01'));
 								    return hmacKeyHash.result();
 								}
-												Explicitly support AES-KDF in KDBX4 and don't convert KDBX4 files with AES-KDF back to KDBX3 when saving

											
										
										
											2018-01-10 21:24:53 +01:00
+								/**
 								 * Create KDF object from KDBX4+ KDF parameters.
 								 *
 								 * @param p variant map containing parameters
 								 * @return initialized KDF
 								 */
-												Do not assert KDF UUID and improve error message

											
										
										
											2018-01-11 00:20:37 +01:00
+								QSharedPointer<Kdf> KeePass2::kdfFromParameters(const QVariantMap& p)
-												Implements KDBX4 format with Argon2 KDF

* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF

											
										
										
											2018-01-05 10:41:29 -05:00
+								{
 								    QByteArray uuidBytes = p.value(KDFPARAM_UUID).toByteArray();
 								    if (uuidBytes.size() != Uuid::Length) {
-												Fix type conversion error in older Qt versions

											
										
										
											2018-01-07 22:59:59 +01:00
+								        return {};
-												Implements KDBX4 format with Argon2 KDF

* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF

											
										
										
											2018-01-05 10:41:29 -05:00
+								    }
-												Explicitly support AES-KDF in KDBX4 and don't convert KDBX4 files with AES-KDF back to KDBX3 when saving

											
										
										
											2018-01-10 21:24:53 +01:00
+								    Uuid kdfUuid(uuidBytes);
 								    if (kdfUuid == KDF_AES_KDBX3) {
 								        // upgrade to non-legacy AES-KDF, since KDBX3 doesn't have any KDF parameters
 								        kdfUuid = KDF_AES_KDBX4;
 								    }
 								    QSharedPointer<Kdf> kdf = uuidToKdf(kdfUuid);
-												Implements KDBX4 format with Argon2 KDF

* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF

											
										
										
											2018-01-05 10:41:29 -05:00
+								    if (kdf.isNull()) {
-												Fix type conversion error in older Qt versions

											
										
										
											2018-01-07 22:59:59 +01:00
+								        return {};
-												Implements KDBX4 format with Argon2 KDF

* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF

											
										
										
											2018-01-05 10:41:29 -05:00
+								    }
 								    if (!kdf->processParameters(p)) {
-												Fix type conversion error in older Qt versions

											
										
										
											2018-01-07 22:59:59 +01:00
+								        return {};
-												Implements KDBX4 format with Argon2 KDF

* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF

											
										
										
											2018-01-05 10:41:29 -05:00
+								    }
 								    return kdf;
 								}
 								QVariantMap KeePass2::kdfToParameters(QSharedPointer<Kdf> kdf)
 								{
 								    return kdf->writeParameters();
 								}
-												Refactor Kdf class, remove fields concept

											
										
										
											2017-12-16 18:36:42 +01:00
+								QSharedPointer<Kdf> KeePass2::uuidToKdf(const Uuid& uuid)
 								{
-												Explicitly support AES-KDF in KDBX4 and don't convert KDBX4 files with AES-KDF back to KDBX3 when saving

											
										
										
											2018-01-10 21:24:53 +01:00
+								    if (uuid == KDF_AES_KDBX3) {
 								        return QSharedPointer<AesKdf>::create(true);
 								    }
 								    if (uuid == KDF_AES_KDBX4) {
-												Refactor Kdf class, remove fields concept

											
										
										
											2017-12-16 18:36:42 +01:00
+								        return QSharedPointer<AesKdf>::create();
-												Fix coding style and GUI test

											
										
										
											2018-01-06 17:06:51 +01:00
+								    }
 								    if (uuid == KDF_ARGON2) {
-												Add Argon2Kdf and enable parameters in db settings

Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.

* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken

											
										
										
											2018-01-01 13:21:02 -05:00
+								        return QSharedPointer<Argon2Kdf>::create();
-												Move constants in KeePass2.h to KeePass2.cpp and add a list of KDFs and ciphers

											
										
										
											2017-11-13 02:02:32 +08:00
+								    }
-												Fix type conversion error in older Qt versions

											
										
										
											2018-01-07 22:59:59 +01:00
+								    return {};
-												Move constants in KeePass2.h to KeePass2.cpp and add a list of KDFs and ciphers

											
										
										
											2017-11-13 02:02:32 +08:00
+								}
-												Add support for various algorithms for kdbx4

* Add SHA512 support to CryptoHash
* Add ChaCha20 support
* Add HMAC support
* Add new HmacBlockStream, used in KDBX 4
* Add support for ChaCha20 protected stream

											
										
										
											2017-11-13 02:23:01 +08:00
+								KeePass2::ProtectedStreamAlgo KeePass2::idToProtectedStreamAlgo(quint32 id)
 								{
 								    switch (id) {
-												Fix coding style and GUI test

											
										
										
											2018-01-06 17:06:51 +01:00
+								    case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::ArcFourVariant):
 								        return KeePass2::ProtectedStreamAlgo::ArcFourVariant;
 								    case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::Salsa20):
 								        return KeePass2::ProtectedStreamAlgo::Salsa20;
 								    case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::ChaCha20):
 								        return KeePass2::ProtectedStreamAlgo::ChaCha20;
-												Reformat code, fix minor style issues, make kdf() getter const

											
										
										
											2017-12-16 17:36:33 +01:00
+								    default:
-												Fix coding style and GUI test

											
										
										
											2018-01-06 17:06:51 +01:00
+								        return KeePass2::ProtectedStreamAlgo::InvalidProtectedStreamAlgo;
-												Add support for various algorithms for kdbx4

* Add SHA512 support to CryptoHash
* Add ChaCha20 support
* Add HMAC support
* Add new HmacBlockStream, used in KDBX 4
* Add support for ChaCha20 protected stream

											
										
										
											2017-11-13 02:23:01 +08:00
+								    }
 								}