19
#include "crypto/CryptoHash.h"
20
#include "crypto/kdf/AesKdf.h"
21
#include "crypto/kdf/Argon2Kdf.h"
25
const QUuid KeePass2::CIPHER_AES128 = QUuid("61ab05a1-9464-41c3-8d74-3a563df8dd35");
26
const QUuid KeePass2::CIPHER_AES256 = QUuid("31c1f2e6-bf71-4350-be58-05216afc5aff");
27
const QUuid KeePass2::CIPHER_TWOFISH = QUuid("ad68f29f-576f-4bb9-a36a-d47af965346c");
28
const QUuid KeePass2::CIPHER_CHACHA20 = QUuid("d6038a2b-8b6f-4cb5-a524-339a31dbb59a");
30
const QUuid KeePass2::KDF_AES_KDBX3 = QUuid("c9d9f39a-628a-4460-bf74-0d08c18a4fea");
31
const QUuid KeePass2::KDF_AES_KDBX4 = QUuid("7c02bb82-79a7-4ac0-927d-114a00648238");
32
const QUuid KeePass2::KDF_ARGON2D = QUuid("ef636ddf-8c29-444b-91f7-a9a403e30a0c");
33
const QUuid KeePass2::KDF_ARGON2ID = QUuid("9e298b19-56db-4773-b23d-fc3ec6f0a1e6");
35
const QByteArray KeePass2::INNER_STREAM_SALSA20_IV("\xe8\x30\x09\x4b\x97\x20\x5d\x2a");
37
const QString KeePass2::KDFPARAM_UUID("$UUID");
39
const QString KeePass2::KDFPARAM_AES_ROUNDS("R");
40
const QString KeePass2::KDFPARAM_AES_SEED("S");
42
const QString KeePass2::KDFPARAM_ARGON2_SALT("S");
43
const QString KeePass2::KDFPARAM_ARGON2_PARALLELISM("P");
44
const QString KeePass2::KDFPARAM_ARGON2_MEMORY("M");
45
const QString KeePass2::KDFPARAM_ARGON2_ITERATIONS("I");
46
const QString KeePass2::KDFPARAM_ARGON2_VERSION("V");
47
const QString KeePass2::KDFPARAM_ARGON2_SECRET("K");
48
const QString KeePass2::KDFPARAM_ARGON2_ASSOCDATA("A");
50
const QList<QUuid> KeePass2::CIPHERS{KeePass2::CIPHER_AES256, KeePass2::CIPHER_TWOFISH, KeePass2::CIPHER_CHACHA20};
52
const QList<QUuid> KeePass2::KDFS{KeePass2::KDF_ARGON2D,
53
KeePass2::KDF_ARGON2ID,
54
KeePass2::KDF_AES_KDBX4,
55
KeePass2::KDF_AES_KDBX3};
57
QByteArray KeePass2::hmacKey(const QByteArray& masterSeed, const QByteArray& transformedMasterKey)
59
CryptoHash hmacKeyHash(CryptoHash::Sha512);
60
hmacKeyHash.addData(masterSeed);
61
hmacKeyHash.addData(transformedMasterKey);
62
hmacKeyHash.addData(QByteArray(1, '\x01'));
63
return hmacKeyHash.result();
72
QSharedPointer<Kdf> KeePass2::kdfFromParameters(const QVariantMap& p)
74
QByteArray uuidBytes = p.value(KDFPARAM_UUID).toByteArray();
75
if (uuidBytes.size() != UUID_LENGTH) {
79
QUuid kdfUuid = QUuid::fromRfc4122(uuidBytes);
80
if (kdfUuid == KDF_AES_KDBX3) {
82
kdfUuid = KDF_AES_KDBX4;
84
QSharedPointer<Kdf> kdf = uuidToKdf(kdfUuid);
89
if (!kdf->processParameters(p)) {
96
QVariantMap KeePass2::kdfToParameters(const QSharedPointer<Kdf>& kdf)
98
return kdf->writeParameters();
101
QSharedPointer<Kdf> KeePass2::uuidToKdf(const QUuid& uuid)
103
if (uuid == KDF_AES_KDBX3) {
104
return QSharedPointer<AesKdf>::create(true);
106
if (uuid == KDF_AES_KDBX4) {
107
return QSharedPointer<AesKdf>::create();
109
if (uuid == KDF_ARGON2D) {
110
return QSharedPointer<Argon2Kdf>::create(Argon2Kdf::Type::Argon2d);
112
if (uuid == KDF_ARGON2ID) {
113
return QSharedPointer<Argon2Kdf>::create(Argon2Kdf::Type::Argon2id);
119
KeePass2::ProtectedStreamAlgo KeePass2::idToProtectedStreamAlgo(quint32 id)
122
case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::ArcFourVariant):
123
return KeePass2::ProtectedStreamAlgo::ArcFourVariant;
124
case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::Salsa20):
125
return KeePass2::ProtectedStreamAlgo::Salsa20;
126
case static_cast<quint32>(KeePass2::ProtectedStreamAlgo::ChaCha20):
127
return KeePass2::ProtectedStreamAlgo::ChaCha20;
129
return KeePass2::ProtectedStreamAlgo::InvalidProtectedStreamAlgo;
133
QString KeePass2::cipherToString(QUuid cipherUuid)
135
if (cipherUuid == KeePass2::CIPHER_AES256) {
136
return QObject::tr("AES 256-bit");
137
} else if (cipherUuid == KeePass2::CIPHER_TWOFISH) {
138
return QObject::tr("Twofish 256-bit");
139
} else if (cipherUuid == KeePass2::CIPHER_CHACHA20) {
140
return QObject::tr("ChaCha20 256-bit");
142
return QObject::tr("Invalid Cipher");
145
QString KeePass2::kdfToString(QUuid kdfUuid)
147
if (kdfUuid == KeePass2::KDF_ARGON2D) {
148
return QObject::tr("Argon2d (KDBX 4 – recommended)");
149
} else if (kdfUuid == KeePass2::KDF_ARGON2ID) {
150
return QObject::tr("Argon2id (KDBX 4)");
151
} else if (kdfUuid == KeePass2::KDF_AES_KDBX4) {
152
return QObject::tr("AES-KDF (KDBX 4)");
153
} else if (kdfUuid == KDF_AES_KDBX3) {
154
return QObject::tr("AES-KDF (KDBX 3)");
156
return QObject::tr("Invalid KDF");