Add support for version 2 XML key files.

As discussed in #4317, the next KeePass2 release will ship with support for a new generation of XML key files which enable hash integrity checks. This patch adds support for reading and generating this new format. By default, KeePass2 now uses the .keyx extension for generated key files, which was added to KeePassXC's key generation file chooser filter. We continue to generate hashed binary key files by default, but the user can explicitly save the file with the new .keyx extension to generate an XML v2 key file (currently undocumented). When opening a database, the key file type is still determined by content negotation, so the file extension has no impact here. As an additional change, the legacy key file warnings have been improved slightly to be less confusing and more helpful.
2025-05-02 14:46:07 -04:00 · 2020-12-10 01:28:01 +01:00 · 2020-12-10 01:28:01 +01:00 · cd0084f21c
commit cd0084f21c
parent 404fd941e8
12 changed files with 233 additions and 118 deletions
--- a/tests/TestKeys.cpp
+++ b/tests/TestKeys.cpp
@ -69,22 +69,36 @@ void TestKeys::testComposite()
 void TestKeys::testFileKey()
 {
    QFETCH(FileKey::Type, type);
-    QFETCH(QString, typeString);
+    QFETCH(QString, keyExt);
+    QFETCH(bool, fileKeyOk);

-    QString name = QString("FileKey").append(typeString);
+    QString name = QString("FileKey").append(QTest::currentDataTag());

    KeePass2Reader reader;

    QString dbFilename = QString("%1/%2.kdbx").arg(QString(KEEPASSX_TEST_DATA_DIR), name);
-    QString keyFilename = QString("%1/%2.key").arg(QString(KEEPASSX_TEST_DATA_DIR), name);
+    QString keyFilename = QString("%1/%2.%3").arg(QString(KEEPASSX_TEST_DATA_DIR), name, keyExt);

    auto compositeKey = QSharedPointer<CompositeKey>::create();
    auto fileKey = QSharedPointer<FileKey>::create();
-    QVERIFY(fileKey->load(keyFilename));
-    QCOMPARE(fileKey->rawKey().size(), 32);
-
+    QString error;
+    QVERIFY(fileKey->load(keyFilename, &error) == fileKeyOk);
+    QVERIFY(error.isEmpty() == fileKeyOk);
    QCOMPARE(fileKey->type(), type);

+    // Test for same behaviour on code path without error parameter
+    auto fileKeyNoErrorParam = QSharedPointer<FileKey>::create();
+    QVERIFY(fileKeyNoErrorParam->load(keyFilename) == fileKeyOk);
+    QCOMPARE(fileKeyNoErrorParam->type(), type);
+
+    QCOMPARE(fileKey->rawKey(), fileKeyNoErrorParam->rawKey());
+
+    if (!fileKeyOk) {
+        return;
+    }
+
+    QCOMPARE(fileKey->rawKey().size(), 32);
+
    compositeKey->addKey(fileKey);

    auto db = QSharedPointer<Database>::create();
@ -97,12 +111,16 @@ void TestKeys::testFileKey()
 void TestKeys::testFileKey_data()
 {
    QTest::addColumn<FileKey::Type>("type");
-    QTest::addColumn<QString>("typeString");
-    QTest::newRow("Xml")             << FileKey::KeePass2XML    << QString("Xml");
-    QTest::newRow("XmlBrokenBase64") << FileKey::Hashed         << QString("XmlBrokenBase64");
-    QTest::newRow("Binary")          << FileKey::FixedBinary    << QString("Binary");
-    QTest::newRow("Hex")             << FileKey::FixedBinaryHex << QString("Hex");
-    QTest::newRow("Hashed")          << FileKey::Hashed         << QString("Hashed");
+    QTest::addColumn<QString>("keyExt");
+    QTest::addColumn<bool>("fileKeyOk");
+    QTest::newRow("Xml")             << FileKey::KeePass2XML    << QString("key")  << true;
+    QTest::newRow("XmlBrokenBase64") << FileKey::KeePass2XML    << QString("key")  << false;
+    QTest::newRow("XmlV2")           << FileKey::KeePass2XMLv2  << QString("keyx") << true;
+    QTest::newRow("XmlV2HashFail")   << FileKey::KeePass2XMLv2  << QString("keyx") << false;
+    QTest::newRow("XmlV2BrokenHex")  << FileKey::KeePass2XMLv2  << QString("keyx") << false;
+    QTest::newRow("Binary")          << FileKey::FixedBinary    << QString("key")  << true;
+    QTest::newRow("Hex")             << FileKey::FixedBinaryHex << QString("key")  << true;
+    QTest::newRow("Hashed")          << FileKey::Hashed         << QString("key")  << true;
 }
 // clang-format on

@ -111,12 +129,12 @@ void TestKeys::testCreateFileKey()
    QBuffer keyBuffer1;
    keyBuffer1.open(QBuffer::ReadWrite);

-    FileKey::create(&keyBuffer1, 128);
+    FileKey::createRandom(&keyBuffer1, 128);
    QCOMPARE(keyBuffer1.size(), 128);

    QBuffer keyBuffer2;
    keyBuffer2.open(QBuffer::ReadWrite);
-    FileKey::create(&keyBuffer2, 64);
+    FileKey::createRandom(&keyBuffer2, 64);
    QCOMPARE(keyBuffer2.size(), 64);
 }

@ -127,7 +145,7 @@ void TestKeys::testCreateAndOpenFileKey()
    QBuffer keyBuffer;
    keyBuffer.open(QBuffer::ReadWrite);

-    FileKey::create(&keyBuffer);
+    FileKey::createRandom(&keyBuffer);
    keyBuffer.reset();

    auto fileKey = QSharedPointer<FileKey>::create();
@ -166,7 +184,7 @@ void TestKeys::testFileKeyHash()
    QBuffer keyBuffer;
    keyBuffer.open(QBuffer::ReadWrite);

-    FileKey::create(&keyBuffer);
+    FileKey::createRandom(&keyBuffer);

    CryptoHash cryptoHash(CryptoHash::Sha256);
    cryptoHash.addData(keyBuffer.data());