YubiKey: Clean-up master seed challenge

* Tweak the logic so it more closely resembles other code (i.e. trasnformKey()). Matches existing style better. * Save the challengeResponseKey in the database structure so that it can be referred to later (i.e. database unlocking). Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2024-10-01 01:26:01 -04:00 · 2014-09-07 16:37:46 -07:00 · 2014-09-07 16:37:46 -07:00 · 77cc99acd3
commit 77cc99acd3
parent 62190d79be
4 changed files with 14 additions and 9 deletions
--- a/src/core/Database.cpp
+++ b/src/core/Database.cpp
@ -176,9 +176,14 @@ QByteArray Database::transformedMasterKey() const
    return m_data.transformedMasterKey;
 }

-bool Database::challengeMasterSeed(const QByteArray& masterSeed, QByteArray& result) const
+QByteArray Database::challengeResponseKey() const
 {
-    return m_data.key.challenge(masterSeed, result);
+    return m_data.challengeResponseKey;
+}
+
+bool Database::challengeMasterSeed(const QByteArray& masterSeed)
+{
+    return m_data.key.challenge(masterSeed, m_data.challengeResponseKey);
 }

 void Database::setCipher(const Uuid& cipher)
--- a/src/core/Database.h
+++ b/src/core/Database.h
@ -59,6 +59,7 @@ public:
        QByteArray transformedMasterKey;
        CompositeKey key;
        bool hasKey;
+        QByteArray challengeResponseKey;
    };

    Database();
@ -89,7 +90,8 @@ public:
    quint64 transformRounds() const;
    QByteArray transformedMasterKey() const;
    const CompositeKey & key() const;
-    bool challengeMasterSeed(const QByteArray& masterSeed, QByteArray& result) const;
+    QByteArray challengeResponseKey() const;
+    bool challengeMasterSeed(const QByteArray& masterSeed);

    void setCipher(const Uuid& cipher);
    void setCompressionAlgo(Database::CompressionAlgorithm algo);
--- a/src/format/KeePass2Reader.cpp
+++ b/src/format/KeePass2Reader.cpp
@ -113,15 +113,14 @@ Database* KeePass2Reader::readDatabase(QIODevice* device, const CompositeKey& ke
        return nullptr;
    }

-    QByteArray challengeResult;
-    if (m_db->challengeMasterSeed(m_masterSeed, challengeResult) == false) {
+    if (m_db->challengeMasterSeed(m_masterSeed) == false) {
        raiseError(tr("Unable to issue challenge-response."));
        return Q_NULLPTR;
    }

    CryptoHash hash(CryptoHash::Sha256);
    hash.addData(m_masterSeed);
-    hash.addData(challengeResult);
+    hash.addData(m_db->challengeResponseKey());
    hash.addData(m_db->transformedMasterKey());
    QByteArray finalKey = hash.result();

--- a/src/format/KeePass2Writer.cpp
+++ b/src/format/KeePass2Writer.cpp
@ -51,15 +51,14 @@ void KeePass2Writer::writeDatabase(QIODevice* device, Database* db)
    QByteArray startBytes = randomGen()->randomArray(32);
    QByteArray endOfHeader = "\r\n\r\n";

-    QByteArray challengeResult;
-    if (db->challengeMasterSeed(masterSeed, challengeResult) == false) {
+    if (db->challengeMasterSeed(masterSeed) == false) {
        raiseError("Unable to issue challenge-response.");
        return;
    }

    CryptoHash hash(CryptoHash::Sha256);
    hash.addData(masterSeed);
-    hash.addData(challengeResult);
+    hash.addData(db->challengeResponseKey());
    Q_ASSERT(!db->transformedMasterKey().isEmpty());
    hash.addData(db->transformedMasterKey());
    QByteArray finalKey = hash.result();