Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2024-12-29 09:16:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

Re-transform key on implicit KDBX 4 upgrade to avoid losing challenge-response, resolves #1584

Browse Source
This commit is contained in:
Janek Bevendorff 2018-03-01 16:58:21 +01:00
parent 0d4aff55bc
commit 6f6a63f5e9
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/format/KeePass2Writer.cpp
View File

@ -85,7 +85,15 @@ bool KeePass2Writer::writeDatabase(QIODevice* device, Database* db) {
m_error = false; m_error = false;
m_errorStr.clear(); m_errorStr.clear();
if (db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3 && !implicitUpgradeNeeded(db)) { bool upgradeNeeded = implicitUpgradeNeeded(db);
if (upgradeNeeded) {
// We MUST re-transform the key, because challenge-response hashing has changed in KDBX 4.
// If we forget to re-transform, the database will be saved WITHOUT a challenge-response key component!
db->changeKdf(KeePass2::uuidToKdf(KeePass2::KDF_AES_KDBX4));
}
if (db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3) {
Q_ASSERT(!upgradeNeeded);
m_version = KeePass2::FILE_VERSION_3_1; m_version = KeePass2::FILE_VERSION_3_1;
m_writer.reset(new Kdbx3Writer()); m_writer.reset(new Kdbx3Writer());
} else { } else {