2
* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
4
* This program is free software: you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License as published by
6
* the Free Software Foundation, either version 2 or (at your option)
7
* version 3 of the License.
9
* This program is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
* GNU General Public License for more details.
14
* You should have received a copy of the GNU General Public License
15
* along with this program. If not, see <http://www.gnu.org/licenses/>.
18
#include "Kdbx4Reader.h"
23
#include "core/AsyncTask.h"
24
#include "core/Endian.h"
25
#include "core/Group.h"
26
#include "crypto/CryptoHash.h"
27
#include "format/KdbxXmlReader.h"
28
#include "format/KeePass2RandomStream.h"
29
#include "streams/HmacBlockStream.h"
30
#include "streams/StoreDataStream.h"
31
#include "streams/SymmetricCipherStream.h"
32
#include "streams/qtiocompressor.h"
34
bool Kdbx4Reader::readDatabaseImpl(QIODevice* device,
35
const QByteArray& headerData,
36
QSharedPointer<const CompositeKey> key,
39
Q_ASSERT((db->formatVersion() & KeePass2::FILE_VERSION_CRITICAL_MASK) == KeePass2::FILE_VERSION_4);
47
// check if all required headers were present
48
if (m_masterSeed.isEmpty() || m_encryptionIV.isEmpty() || db->cipher().isNull()) {49
raiseError(tr("missing database headers"));53
bool ok = AsyncTask::runAndWaitForFuture([&] { return db->setKey(key, false, false); });55
raiseError(tr("Unable to calculate database key: %1").arg(db->keyError()));59
CryptoHash hash(CryptoHash::Sha256);
60
hash.addData(m_masterSeed);
61
hash.addData(db->transformedDatabaseKey());
62
QByteArray finalKey = hash.result();
64
QByteArray headerSha256 = device->read(32);
65
QByteArray headerHmac = device->read(32);
66
if (headerSha256.size() != 32 || headerHmac.size() != 32) {67
raiseError(tr("Invalid header checksum size"));70
if (headerSha256 != CryptoHash::hash(headerData, CryptoHash::Sha256)) {71
raiseError(tr("Header SHA256 mismatch"));76
QByteArray hmacKey = KeePass2::hmacKey(m_masterSeed, db->transformedDatabaseKey());
77
if (headerHmac != CryptoHash::hmac(headerData, HmacBlockStream::getHmacKey(UINT64_MAX, hmacKey), CryptoHash::Sha256)) {78
raiseError(tr("Invalid credentials were provided, please try again.\n"79
"If this reoccurs, then your database file may be corrupt.") + " " + tr("(HMAC mismatch)"));82
HmacBlockStream hmacStream(device, hmacKey);
83
if (!hmacStream.open(QIODevice::ReadOnly)) {84
raiseError(hmacStream.errorString());
88
auto mode = SymmetricCipher::cipherUuidToMode(db->cipher());
89
if (mode == SymmetricCipher::InvalidMode) {90
raiseError(tr("Unknown cipher"));93
SymmetricCipherStream cipherStream(&hmacStream);
94
if (!cipherStream.init(mode, SymmetricCipher::Decrypt, finalKey, m_encryptionIV)) {95
raiseError(cipherStream.errorString());
98
if (!cipherStream.open(QIODevice::ReadOnly)) {99
raiseError(cipherStream.errorString());
104
QIODevice* xmlDevice = nullptr;
105
QScopedPointer<QtIOCompressor> ioCompressor;
107
if (db->compressionAlgorithm() == Database::CompressionNone) {108
xmlDevice = &cipherStream;
110
ioCompressor.reset(new QtIOCompressor(&cipherStream));
111
ioCompressor->setStreamFormat(QtIOCompressor::GzipFormat);
112
if (!ioCompressor->open(QIODevice::ReadOnly)) {113
raiseError(ioCompressor->errorString());
116
xmlDevice = ioCompressor.data();
119
while (readInnerHeaderField(xmlDevice) && !hasError()) {126
// TODO: Convert m_irsAlgo to Mode
128
case KeePass2::ProtectedStreamAlgo::Salsa20:
129
mode = SymmetricCipher::Salsa20;
131
case KeePass2::ProtectedStreamAlgo::ChaCha20:
132
mode = SymmetricCipher::ChaCha20;
135
mode = SymmetricCipher::InvalidMode;
138
KeePass2RandomStream randomStream;
139
if (!randomStream.init(mode, m_protectedStreamKey)) {140
raiseError(randomStream.errorString());
146
KdbxXmlReader xmlReader(KeePass2::FILE_VERSION_4, binaryPool());
147
xmlReader.readDatabase(xmlDevice, db, &randomStream);
149
if (xmlReader.hasError()) {150
raiseError(xmlReader.errorString());
157
bool Kdbx4Reader::readHeaderField(StoreDataStream& device, Database* db)
159
QByteArray fieldIDArray = device.read(1);
160
if (fieldIDArray.size() != 1) {161
raiseError(tr("Invalid header id size"));164
char fieldID = fieldIDArray.at(0);
167
auto fieldLen = Endian::readSizedInt<quint32>(&device, KeePass2::BYTEORDER, &ok);
169
raiseError(tr("Invalid header field length: field %1").arg(fieldID));173
QByteArray fieldData;
175
fieldData = device.read(fieldLen);
176
if (static_cast<quint32>(fieldData.size()) != fieldLen) {177
raiseError(tr("Invalid header data length: field %1, %2 expected, %3 found")178
.arg(static_cast<int>(fieldID))
180
.arg(fieldData.size()));
185
switch (static_cast<KeePass2::HeaderFieldID>(fieldID)) {186
case KeePass2::HeaderFieldID::EndOfHeader:
189
case KeePass2::HeaderFieldID::CipherID:
190
setCipher(fieldData);
193
case KeePass2::HeaderFieldID::CompressionFlags:
194
setCompressionFlags(fieldData);
197
case KeePass2::HeaderFieldID::MasterSeed:
198
setMasterSeed(fieldData);
201
case KeePass2::HeaderFieldID::EncryptionIV:
202
setEncryptionIV(fieldData);
205
case KeePass2::HeaderFieldID::KdfParameters: {206
QBuffer bufIoDevice(&fieldData);
207
if (!bufIoDevice.open(QIODevice::ReadOnly)) {208
raiseError(tr("Failed to open buffer for KDF parameters in header"));211
QVariantMap kdfParams = readVariantMap(&bufIoDevice);
212
QSharedPointer<Kdf> kdf = KeePass2::kdfFromParameters(kdfParams);
214
raiseError(tr("Unsupported key derivation function (KDF) or invalid parameters"));221
case KeePass2::HeaderFieldID::PublicCustomData: {222
QBuffer variantBuffer;
223
variantBuffer.setBuffer(&fieldData);
224
variantBuffer.open(QBuffer::ReadOnly);
225
QVariantMap data = readVariantMap(&variantBuffer);
226
db->setPublicCustomData(data);
230
case KeePass2::HeaderFieldID::ProtectedStreamKey:
231
case KeePass2::HeaderFieldID::TransformRounds:
232
case KeePass2::HeaderFieldID::TransformSeed:
233
case KeePass2::HeaderFieldID::StreamStartBytes:
234
case KeePass2::HeaderFieldID::InnerRandomStreamID:
235
raiseError(tr("Legacy header fields found in KDBX4 file."));239
qWarning("Unknown header field read: id=%d", fieldID);247
* Helper method for reading KDBX4 inner header fields.
249
* @param device input device
250
* @return true if there are more inner header fields
252
bool Kdbx4Reader::readInnerHeaderField(QIODevice* device)
254
QByteArray fieldIDArray = device->read(1);
255
if (fieldIDArray.size() != 1) {256
raiseError(tr("Invalid inner header id size"));259
auto fieldID = static_cast<KeePass2::InnerHeaderFieldID>(fieldIDArray.at(0));
262
auto fieldLen = Endian::readSizedInt<quint32>(device, KeePass2::BYTEORDER, &ok);
264
raiseError(tr("Invalid inner header field length: field %1").arg(static_cast<int>(fieldID)));268
QByteArray fieldData;
270
fieldData = device->read(fieldLen);
271
if (static_cast<quint32>(fieldData.size()) != fieldLen) {272
raiseError(tr("Invalid inner header data length: field %1, %2 expected, %3 found")273
.arg(static_cast<int>(fieldID))
275
.arg(fieldData.size()));
281
case KeePass2::InnerHeaderFieldID::End:
284
case KeePass2::InnerHeaderFieldID::InnerRandomStreamID:
285
setInnerRandomStreamID(fieldData);
288
case KeePass2::InnerHeaderFieldID::InnerRandomStreamKey:
289
setProtectedStreamKey(fieldData);
292
case KeePass2::InnerHeaderFieldID::Binary: {294
raiseError(tr("Invalid inner header binary size"));297
auto data = fieldData.mid(1);
298
m_binaryPool.insert(QString::number(m_binaryPool.size()), data);
307
* Helper method for reading a serialized variant map.
309
* @param device input device
310
* @return de-serialized variant map
312
QVariantMap Kdbx4Reader::readVariantMap(QIODevice* device)
316
Endian::readSizedInt<quint16>(device, KeePass2::BYTEORDER, &ok) & KeePass2::VARIANTMAP_CRITICAL_MASK;
317
quint16 maxVersion = KeePass2::VARIANTMAP_VERSION & KeePass2::VARIANTMAP_CRITICAL_MASK;
318
if (!ok || (version > maxVersion)) {319
//: Translation: variant map = data structure for storing meta data
320
raiseError(tr("Unsupported KeePass variant map version."));325
QByteArray fieldTypeArray;
326
KeePass2::VariantMapFieldType fieldType = KeePass2::VariantMapFieldType::End;
327
while (((fieldTypeArray = device->read(1)).size() == 1)
328
&& ((fieldType = static_cast<KeePass2::VariantMapFieldType>(fieldTypeArray.at(0)))
329
!= KeePass2::VariantMapFieldType::End)) {330
auto nameLen = Endian::readSizedInt<quint32>(device, KeePass2::BYTEORDER, &ok);
332
//: Translation: variant map = data structure for storing meta data
333
raiseError(tr("Invalid variant map entry name length"));336
QByteArray nameBytes;
338
nameBytes = device->read(nameLen);
339
if (static_cast<quint32>(nameBytes.size()) != nameLen) {340
//: Translation: variant map = data structure for storing meta data
341
raiseError(tr("Invalid variant map entry name data"));345
QString name = QString::fromUtf8(nameBytes);
347
auto valueLen = Endian::readSizedInt<quint32>(device, KeePass2::BYTEORDER, &ok);
349
//: Translation: variant map = data structure for storing meta data
350
raiseError(tr("Invalid variant map entry value length"));353
QByteArray valueBytes;
355
valueBytes = device->read(valueLen);
356
if (static_cast<quint32>(valueBytes.size()) != valueLen) {357
//: Translation comment: variant map = data structure for storing meta data
358
raiseError(tr("Invalid variant map entry value data"));364
case KeePass2::VariantMapFieldType::Bool:
366
vm.insert(name, QVariant(valueBytes.at(0) != 0));
368
//: Translation: variant map = data structure for storing meta data
369
raiseError(tr("Invalid variant map Bool entry value length"));374
case KeePass2::VariantMapFieldType::Int32:
376
vm.insert(name, QVariant(Endian::bytesToSizedInt<qint32>(valueBytes, KeePass2::BYTEORDER)));
378
//: Translation: variant map = data structure for storing meta data
379
raiseError(tr("Invalid variant map Int32 entry value length"));384
case KeePass2::VariantMapFieldType::UInt32:
386
vm.insert(name, QVariant(Endian::bytesToSizedInt<quint32>(valueBytes, KeePass2::BYTEORDER)));
388
//: Translation: variant map = data structure for storing meta data
389
raiseError(tr("Invalid variant map UInt32 entry value length"));394
case KeePass2::VariantMapFieldType::Int64:
396
vm.insert(name, QVariant(Endian::bytesToSizedInt<qint64>(valueBytes, KeePass2::BYTEORDER)));
398
//: Translation: variant map = data structure for storing meta data
399
raiseError(tr("Invalid variant map Int64 entry value length"));404
case KeePass2::VariantMapFieldType::UInt64:
406
vm.insert(name, QVariant(Endian::bytesToSizedInt<quint64>(valueBytes, KeePass2::BYTEORDER)));
408
//: Translation: variant map = data structure for storing meta data
409
raiseError(tr("Invalid variant map UInt64 entry value length"));414
case KeePass2::VariantMapFieldType::String:
415
vm.insert(name, QVariant(QString::fromUtf8(valueBytes)));
418
case KeePass2::VariantMapFieldType::ByteArray:
419
vm.insert(name, QVariant(valueBytes));
423
//: Translation: variant map = data structure for storing meta data
424
raiseError(tr("Invalid variant map entry type"));429
if (fieldTypeArray.size() != 1) {430
//: Translation: variant map = data structure for storing meta data
431
raiseError(tr("Invalid variant map field type size"));439
* @return mapping from attachment keys to binary data
441
QHash<QString, QByteArray> Kdbx4Reader::binaryPool() const