Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-05-24 01:01:18 -04:00
Code Issues Projects Releases Packages Wiki Activity

OpenSSHKey: correctly parse aes-256-cbc/ctr keys (#1682)

Browse source 
AES-256 uses a 32-byte (256-bit) key size. This un-breaks the loader and
tests added for AES-256-CBC and AES-256-CTR PEM keys.

* OpenSSHKey: correctly parse encrypted PEM AES-256-CBC/AES-256-CTR keys
* OpenSSHKey: use correct key derivation for AES-256
This commit is contained in:
Steven Noonan 2018-04-04 18:58:34 -07:00 committed by Jonathan White
parent d1c5a1a5f8
commit c21f4b5ec2
3 changed files with 152 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/sshagent/OpenSSHKey.cpp
View file

@ -319,9 +319,9 @@ bool OpenSSHKey::openPrivateKey(const QString& passphrase)
if (m_cipherName.compare("aes-128-cbc", Qt::CaseInsensitive) == 0) {
cipher.reset(new SymmetricCipher(SymmetricCipher::Aes128, SymmetricCipher::Cbc, SymmetricCipher::Decrypt));
} else if (m_cipherName == "aes256-cbc") {
} else if (m_cipherName == "aes256-cbc" || m_cipherName.compare("aes-256-cbc", Qt::CaseInsensitive) == 0) {
cipher.reset(new SymmetricCipher(SymmetricCipher::Aes256, SymmetricCipher::Cbc, SymmetricCipher::Decrypt));
} else if (m_cipherName == "aes256-ctr") {
} else if (m_cipherName == "aes256-ctr" || m_cipherName.compare("aes-256-ctr", Qt::CaseInsensitive) == 0) {
cipher.reset(new SymmetricCipher(SymmetricCipher::Aes256, SymmetricCipher::Ctr, SymmetricCipher::Decrypt));
} else if (m_cipherName != "none") {
m_error = tr("Unknown cipher: %1").arg(m_cipherName);
@ -372,10 +372,22 @@ bool OpenSSHKey::openPrivateKey(const QString& passphrase)
return false;
}
QCryptographicHash hash(QCryptographicHash::Md5);
hash.addData(passphrase.toUtf8());
hash.addData(m_cipherIV.data(), 8);
QByteArray keyData = hash.result();
QByteArray keyData;
QByteArray mdBuf;
do {
QCryptographicHash hash(QCryptographicHash::Md5);
hash.addData(mdBuf);
hash.addData(passphrase.toUtf8());
hash.addData(m_cipherIV.data(), 8);
mdBuf = hash.result();
keyData.append(mdBuf);
} while(keyData.size() < cipher->keySize());
if (keyData.size() > cipher->keySize()) {
// If our key size isn't a multiple of 16 (e.g. AES-192 or something),
// then we will need to truncate it.
keyData.resize(cipher->keySize());
}
if (!cipher->init(keyData, m_cipherIV)) {
m_error = cipher->errorString();