Add support for Twofish in KeePass2 code

2024-12-26 07:49:50 -05:00 · 2015-08-04 15:18:41 +02:00 · 2015-08-04 15:18:41 +02:00 · a01607e869
commit a01607e869
parent a3fd3205a9
5 changed files with 29 additions and 4 deletions
--- a/src/crypto/SymmetricCipher.cpp
+++ b/src/crypto/SymmetricCipher.cpp
@ -83,3 +83,23 @@ QString SymmetricCipher::errorString() const
 {
    return m_backend->errorString();
 }
+
+SymmetricCipher::Algorithm SymmetricCipher::cipherToAlgorithm(Uuid cipher)
+{
+    if (cipher == KeePass2::CIPHER_AES) {
+        return SymmetricCipher::Aes256;
+    }
+    else {
+        return SymmetricCipher::Twofish;
+    }
+}
+
+Uuid SymmetricCipher::algorithmToCipher(SymmetricCipher::Algorithm algo)
+{
+    switch (algo) {
+    case SymmetricCipher::Aes256:
+        return KeePass2::CIPHER_AES;
+    default:
+        return KeePass2::CIPHER_TWOFISH;
+    }
+}
--- a/src/crypto/SymmetricCipher.h
+++ b/src/crypto/SymmetricCipher.h
@ -23,6 +23,7 @@
 #include <QString>

 #include "crypto/SymmetricCipherBackend.h"
+#include "format/KeePass2.h"

 class SymmetricCipher
 {
@ -71,6 +72,9 @@ public:
    int blockSize() const;
    QString errorString() const;

+    static SymmetricCipher::Algorithm cipherToAlgorithm(Uuid cipher);
+    static Uuid algorithmToCipher(SymmetricCipher::Algorithm algo);
+
 private:
    static SymmetricCipherBackend* createBackend(SymmetricCipher::Algorithm algo, SymmetricCipher::Mode mode,
                                                 SymmetricCipher::Direction direction);
--- a/src/format/KeePass2.h
+++ b/src/format/KeePass2.h
@ -33,6 +33,7 @@ namespace KeePass2
    const QSysInfo::Endian BYTEORDER = QSysInfo::LittleEndian;

    const Uuid CIPHER_AES = Uuid(QByteArray::fromHex("31c1f2e6bf714350be5805216afc5aff"));
+    const Uuid CIPHER_TWOFISH = Uuid(QByteArray::fromHex("ad68f29f576f4bb9a36ad47af965346c"));

    const QByteArray INNER_STREAM_SALSA20_IV("\xE8\x30\x09\x4B\x97\x20\x5D\x2A");

--- a/src/format/KeePass2Reader.cpp
+++ b/src/format/KeePass2Reader.cpp
@ -118,7 +118,7 @@ Database* KeePass2Reader::readDatabase(QIODevice* device, const CompositeKey& ke
    hash.addData(m_db->transformedMasterKey());
    QByteArray finalKey = hash.result();

-    SymmetricCipherStream cipherStream(m_device, SymmetricCipher::Aes256,
+    SymmetricCipherStream cipherStream(m_device, SymmetricCipher::cipherToAlgorithm(m_db->cipher()),
                                       SymmetricCipher::Cbc, SymmetricCipher::Decrypt);
    if (!cipherStream.init(finalKey, m_encryptionIV)) {
        raiseError(cipherStream.errorString());
@ -330,7 +330,7 @@ void KeePass2Reader::setCipher(const QByteArray& data)
    else {
        Uuid uuid(data);

-        if (uuid != KeePass2::CIPHER_AES) {
+        if (uuid != KeePass2::CIPHER_AES && uuid != KeePass2::CIPHER_TWOFISH) {
            raiseError("Unsupported cipher");
        }
        else {
--- a/src/format/KeePass2Writer.cpp
+++ b/src/format/KeePass2Writer.cpp
@ -87,8 +87,8 @@ void KeePass2Writer::writeDatabase(QIODevice* device, Database* db)
    QByteArray headerHash = CryptoHash::hash(header.data(), CryptoHash::Sha256);
    CHECK_RETURN(writeData(header.data()));

-    SymmetricCipherStream cipherStream(device, SymmetricCipher::Aes256, SymmetricCipher::Cbc,
-                                       SymmetricCipher::Encrypt);
+    SymmetricCipherStream cipherStream(device, SymmetricCipher::cipherToAlgorithm(db->cipher()),
+                                       SymmetricCipher::Cbc, SymmetricCipher::Encrypt);
    cipherStream.init(finalKey, encryptionIV);
    if (!cipherStream.open(QIODevice::WriteOnly)) {
        raiseError(cipherStream.errorString());