2
* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
3
* Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
5
* This program is free software: you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License as published by
7
* the Free Software Foundation, either version 2 or (at your option)
8
* version 3 of the License.
10
* This program is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
* GNU General Public License for more details.
15
* You should have received a copy of the GNU General Public License
16
* along with this program. If not, see <http://www.gnu.org/licenses/>.
19
#include "Kdbx3Writer.h"
23
#include "crypto/CryptoHash.h"
24
#include "crypto/Random.h"
25
#include "format/KdbxXmlWriter.h"
26
#include "format/KeePass2RandomStream.h"
27
#include "streams/HashedBlockStream.h"
28
#include "streams/SymmetricCipherStream.h"
29
#include "streams/qtiocompressor.h"
31
bool Kdbx3Writer::writeDatabase(QIODevice* device, Database* db)
36
auto mode = SymmetricCipher::cipherUuidToMode(db->cipher());
37
int ivSize = SymmetricCipher::defaultIvSize(mode);
39
raiseError(tr("Invalid symmetric cipher IV size.", "IV = Initialization Vector for symmetric cipher"));
43
QByteArray masterSeed = randomGen()->randomArray(32);
44
QByteArray encryptionIV = randomGen()->randomArray(ivSize);
45
QByteArray protectedStreamKey = randomGen()->randomArray(32);
46
QByteArray startBytes = randomGen()->randomArray(32);
47
QByteArray endOfHeader = "\r\n\r\n";
49
if (!db->challengeMasterSeed(masterSeed)) {
50
raiseError(tr("Unable to issue challenge-response: %1").arg(db->keyError()));
54
if (!db->setKey(db->key(), false, true)) {
55
raiseError(tr("Unable to calculate database key"));
59
// generate transformed database key
60
CryptoHash hash(CryptoHash::Sha256);
61
hash.addData(masterSeed);
62
hash.addData(db->challengeResponseKey());
63
Q_ASSERT(!db->transformedDatabaseKey().isEmpty());
64
hash.addData(db->transformedDatabaseKey());
65
QByteArray finalKey = hash.result();
69
header.open(QIODevice::WriteOnly);
71
writeMagicNumbers(&header, KeePass2::SIGNATURE_1, KeePass2::SIGNATURE_2, db->formatVersion());
73
CHECK_RETURN_FALSE(writeHeaderField<quint16>(&header, KeePass2::HeaderFieldID::CipherID, db->cipher().toRfc4122()));
75
writeHeaderField<quint16>(&header,
76
KeePass2::HeaderFieldID::CompressionFlags,
77
Endian::sizedIntToBytes<qint32>(db->compressionAlgorithm(), KeePass2::BYTEORDER)));
79
CHECK_RETURN_FALSE(writeHeaderField<quint16>(&header, KeePass2::HeaderFieldID::MasterSeed, masterSeed));
80
CHECK_RETURN_FALSE(writeHeaderField<quint16>(&header, KeePass2::HeaderFieldID::TransformSeed, kdf->seed()));
81
CHECK_RETURN_FALSE(writeHeaderField<quint16>(&header,
82
KeePass2::HeaderFieldID::TransformRounds,
83
Endian::sizedIntToBytes<qint64>(kdf->rounds(), KeePass2::BYTEORDER)));
84
CHECK_RETURN_FALSE(writeHeaderField<quint16>(&header, KeePass2::HeaderFieldID::EncryptionIV, encryptionIV));
86
writeHeaderField<quint16>(&header, KeePass2::HeaderFieldID::ProtectedStreamKey, protectedStreamKey));
87
CHECK_RETURN_FALSE(writeHeaderField<quint16>(&header, KeePass2::HeaderFieldID::StreamStartBytes, startBytes));
88
CHECK_RETURN_FALSE(writeHeaderField<quint16>(
90
KeePass2::HeaderFieldID::InnerRandomStreamID,
91
Endian::sizedIntToBytes<qint32>(static_cast<qint32>(KeePass2::ProtectedStreamAlgo::Salsa20),
92
KeePass2::BYTEORDER)));
93
CHECK_RETURN_FALSE(writeHeaderField<quint16>(&header, KeePass2::HeaderFieldID::EndOfHeader, endOfHeader));
97
CHECK_RETURN_FALSE(writeData(device, header.data()));
100
const QByteArray headerHash = CryptoHash::hash(header.data(), CryptoHash::Sha256);
102
// write cipher stream
103
SymmetricCipherStream cipherStream(device);
104
cipherStream.init(mode, SymmetricCipher::Encrypt, finalKey, encryptionIV);
105
if (!cipherStream.open(QIODevice::WriteOnly)) {
106
raiseError(cipherStream.errorString());
109
CHECK_RETURN_FALSE(writeData(&cipherStream, startBytes));
111
HashedBlockStream hashedStream(&cipherStream);
112
if (!hashedStream.open(QIODevice::WriteOnly)) {
113
raiseError(hashedStream.errorString());
117
QIODevice* outputDevice = nullptr;
118
QScopedPointer<QtIOCompressor> ioCompressor;
120
if (db->compressionAlgorithm() == Database::CompressionNone) {
121
outputDevice = &hashedStream;
123
ioCompressor.reset(new QtIOCompressor(&hashedStream));
124
ioCompressor->setStreamFormat(QtIOCompressor::GzipFormat);
125
if (!ioCompressor->open(QIODevice::WriteOnly)) {
126
raiseError(ioCompressor->errorString());
129
outputDevice = ioCompressor.data();
132
Q_ASSERT(outputDevice);
134
KeePass2RandomStream randomStream;
135
if (!randomStream.init(SymmetricCipher::Salsa20, protectedStreamKey)) {
136
raiseError(randomStream.errorString());
140
KdbxXmlWriter xmlWriter(db->formatVersion());
141
xmlWriter.writeDatabase(outputDevice, db, &randomStream, headerHash);
143
// Explicitly close/reset streams so they are flushed and we can detect
144
// errors. QIODevice::close() resets errorString() etc.
146
ioCompressor->close();
148
if (!hashedStream.reset()) {
149
raiseError(hashedStream.errorString());
152
if (!cipherStream.reset()) {
153
raiseError(cipherStream.errorString());
157
if (xmlWriter.hasError()) {
158
raiseError(xmlWriter.errorString());