mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2025-01-01 02:36:12 -05:00
Raise error if challenge-response failed during KDBX4 key transformation, resolves #1656
This commit is contained in:
parent
63a17f697c
commit
2f821af0a0
@ -81,13 +81,13 @@ CompositeKey& CompositeKey::operator=(const CompositeKey& key)
|
|||||||
* The key hash does not contain contributions by challenge-response components for
|
* The key hash does not contain contributions by challenge-response components for
|
||||||
* backwards compatibility with KeePassXC's pre-KDBX4 challenge-response
|
* backwards compatibility with KeePassXC's pre-KDBX4 challenge-response
|
||||||
* implementation. To include challenge-response in the raw key,
|
* implementation. To include challenge-response in the raw key,
|
||||||
* use \link CompositeKey::rawKey(const QByteArray*) instead.
|
* use \link CompositeKey::rawKey(const QByteArray*, bool*) instead.
|
||||||
*
|
*
|
||||||
* @return key hash
|
* @return key hash
|
||||||
*/
|
*/
|
||||||
QByteArray CompositeKey::rawKey() const
|
QByteArray CompositeKey::rawKey() const
|
||||||
{
|
{
|
||||||
return rawKey(nullptr);
|
return rawKey(nullptr, nullptr);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -97,9 +97,10 @@ QByteArray CompositeKey::rawKey() const
|
|||||||
* as a challenge to acquire their key contribution.
|
* as a challenge to acquire their key contribution.
|
||||||
*
|
*
|
||||||
* @param transformSeed transform seed to challenge or nullptr to exclude challenge-response components
|
* @param transformSeed transform seed to challenge or nullptr to exclude challenge-response components
|
||||||
|
* @param ok true if challenges were successful and all key components could be added to the composite key
|
||||||
* @return key hash
|
* @return key hash
|
||||||
*/
|
*/
|
||||||
QByteArray CompositeKey::rawKey(const QByteArray* transformSeed) const
|
QByteArray CompositeKey::rawKey(const QByteArray* transformSeed, bool* ok) const
|
||||||
{
|
{
|
||||||
CryptoHash cryptoHash(CryptoHash::Sha256);
|
CryptoHash cryptoHash(CryptoHash::Sha256);
|
||||||
|
|
||||||
@ -107,9 +108,16 @@ QByteArray CompositeKey::rawKey(const QByteArray* transformSeed) const
|
|||||||
cryptoHash.addData(key->rawKey());
|
cryptoHash.addData(key->rawKey());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ok) {
|
||||||
|
*ok = true;
|
||||||
|
}
|
||||||
|
|
||||||
if (transformSeed) {
|
if (transformSeed) {
|
||||||
QByteArray challengeResult;
|
QByteArray challengeResult;
|
||||||
challenge(*transformSeed, challengeResult);
|
bool challengeOk = challenge(*transformSeed, challengeResult);
|
||||||
|
if (ok) {
|
||||||
|
*ok = challengeOk;
|
||||||
|
}
|
||||||
cryptoHash.addData(challengeResult);
|
cryptoHash.addData(challengeResult);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -138,7 +146,8 @@ bool CompositeKey::transform(const Kdf& kdf, QByteArray& result) const
|
|||||||
|
|
||||||
QByteArray seed = kdf.seed();
|
QByteArray seed = kdf.seed();
|
||||||
Q_ASSERT(!seed.isEmpty());
|
Q_ASSERT(!seed.isEmpty());
|
||||||
return kdf.transform(rawKey(&seed), result);
|
bool ok = false;
|
||||||
|
return kdf.transform(rawKey(&seed, &ok), result) && ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool CompositeKey::challenge(const QByteArray& seed, QByteArray& result) const
|
bool CompositeKey::challenge(const QByteArray& seed, QByteArray& result) const
|
||||||
@ -152,7 +161,7 @@ bool CompositeKey::challenge(const QByteArray& seed, QByteArray& result) const
|
|||||||
|
|
||||||
CryptoHash cryptoHash(CryptoHash::Sha256);
|
CryptoHash cryptoHash(CryptoHash::Sha256);
|
||||||
|
|
||||||
for (const auto key : m_challengeResponseKeys) {
|
for (const auto& key : m_challengeResponseKeys) {
|
||||||
// if the device isn't present or fails, return an error
|
// if the device isn't present or fails, return an error
|
||||||
if (!key->challenge(seed)) {
|
if (!key->challenge(seed)) {
|
||||||
qWarning("Failed to issue challenge");
|
qWarning("Failed to issue challenge");
|
||||||
|
@ -39,7 +39,7 @@ public:
|
|||||||
CompositeKey& operator=(const CompositeKey& key);
|
CompositeKey& operator=(const CompositeKey& key);
|
||||||
|
|
||||||
QByteArray rawKey() const override;
|
QByteArray rawKey() const override;
|
||||||
QByteArray rawKey(const QByteArray* transformSeed) const;
|
QByteArray rawKey(const QByteArray* transformSeed, bool* ok = nullptr) const;
|
||||||
bool transform(const Kdf& kdf, QByteArray& result) const Q_REQUIRED_RESULT;
|
bool transform(const Kdf& kdf, QByteArray& result) const Q_REQUIRED_RESULT;
|
||||||
bool challenge(const QByteArray& seed, QByteArray &result) const;
|
bool challenge(const QByteArray& seed, QByteArray &result) const;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user