Better getHmacKey64 method

2025-12-04 15:49:33 +01:00 · 2021-03-24 20:05:40 +01:00
parent 87858762d4
commit 153b8d1f37
7 changed files with 14 additions and 12 deletions
--- a/app/src/androidTest/java/com/kunzisoft/keepass/tests/utils/ValuesTest.kt
+++ b/app/src/androidTest/java/com/kunzisoft/keepass/tests/utils/ValuesTest.kt
@@ -182,7 +182,7 @@ class ValuesTest : TestCase() {
        }

        val byteArrayOutputStream = ByteArrayOutputStream()
-        byteArrayOutputStream.write8BytesLong(UnsignedLong.MAX)
+        byteArrayOutputStream.write(UnsignedLong.MAX_BYTES)
        byteArrayOutputStream.close()
        val uLongMax = byteArrayOutputStream.toByteArray()

--- a/app/src/main/java/com/kunzisoft/keepass/database/crypto/HmacBlock.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/database/crypto/HmacBlock.kt
@@ -19,8 +19,6 @@
 */
 package com.kunzisoft.keepass.database.crypto

-import com.kunzisoft.encrypt.UnsignedLong
-import com.kunzisoft.encrypt.stream.uLongTo8Bytes
 import java.io.IOException
 import java.security.InvalidKeyException
 import java.security.MessageDigest
@@ -44,14 +42,14 @@ object HmacBlock {
        return hmac
    }

-    fun getHmacKey64(key: ByteArray, blockIndex: UnsignedLong): ByteArray {
+    fun getHmacKey64(key: ByteArray, blockIndex: ByteArray): ByteArray {
        val hash: MessageDigest
        try {
            hash = MessageDigest.getInstance("SHA-512")
        } catch (e: NoSuchAlgorithmException) {
            throw RuntimeException(e)
        }
-        hash.update(uLongTo8Bytes(blockIndex))
+        hash.update(blockIndex)
        hash.update(key)
        return hash.digest()
    }
--- a/app/src/main/java/com/kunzisoft/keepass/database/file/input/DatabaseInputKDBX.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/database/file/input/DatabaseInputKDBX.kt
@@ -184,7 +184,7 @@ class DatabaseInputKDBX(cacheDirectory: File,

                val hmacKey = mDatabase.hmacKey ?: throw LoadDatabaseException()

-                val blockKey = HmacBlock.getHmacKey64(hmacKey, UnsignedLong.MAX)
+                val blockKey = HmacBlock.getHmacKey64(hmacKey, UnsignedLong.MAX_BYTES)
                val hmac: Mac = HmacBlock.getHmacSha256(blockKey)
                val headerHmac = hmac.doFinal(pbHeader)

--- a/app/src/main/java/com/kunzisoft/keepass/database/file/output/DatabaseHeaderOutputKDBX.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/database/file/output/DatabaseHeaderOutputKDBX.kt
@@ -66,7 +66,8 @@ constructor(private val databaseKDBX: DatabaseKDBX,
        }

        val hmacKey = databaseKDBX.hmacKey ?: throw DatabaseOutputException("HmacKey is not defined")
-        val hmac: Mac = HmacBlock.getHmacSha256(HmacBlock.getHmacKey64(hmacKey, UnsignedLong.MAX))
+        val blockKey = HmacBlock.getHmacKey64(hmacKey, UnsignedLong.MAX_BYTES)
+        val hmac: Mac = HmacBlock.getHmacSha256(blockKey)

        dos = DigestOutputStream(outputStream, md)
        mos = MacOutputStream(dos, hmac)
--- a/app/src/main/java/com/kunzisoft/keepass/stream/HmacBlockInputStream.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/stream/HmacBlockInputStream.kt
@@ -91,7 +91,6 @@ class HmacBlockInputStream(private val baseStream: InputStream, private val veri
            throw IOException("File corrupted")
        }

-        val pbBlockIndex = uLongTo8Bytes(blockIndex)
        val pbBlockSize = baseStream.readBytesLength(4)
        if (pbBlockSize.size != 4) {
            throw IOException("File corrupted")
@@ -102,7 +101,9 @@ class HmacBlockInputStream(private val baseStream: InputStream, private val veri
        buffer = baseStream.readBytesLength(blockSize.toKotlinInt())

        if (verify) {
-            val blockKey = HmacBlock.getHmacKey64(key, blockIndex)
+            val pbBlockIndex = uLongTo8Bytes(blockIndex)
+
+            val blockKey = HmacBlock.getHmacKey64(key, pbBlockIndex)
            val hmac: Mac = HmacBlock.getHmacSha256(blockKey)
            hmac.update(pbBlockIndex)
            hmac.update(pbBlockSize)
--- a/app/src/main/java/com/kunzisoft/keepass/stream/HmacBlockOutputStream.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/stream/HmacBlockOutputStream.kt
@@ -88,7 +88,7 @@ class HmacBlockOutputStream(private val baseStream: OutputStream,
        val bufBlockIndex = uLongTo8Bytes(blockIndex)
        val blockSizeBuf = uIntTo4Bytes(UnsignedInt(bufferPos))

-        val blockKey = HmacBlock.getHmacKey64(key, blockIndex)
+        val blockKey = HmacBlock.getHmacKey64(key, bufBlockIndex)
        val hmac: Mac = HmacBlock.getHmacSha256(blockKey)
        hmac.update(bufBlockIndex)
        hmac.update(blockSizeBuf)
--- a/encrypt/src/main/java/com/kunzisoft/encrypt/UnsignedLong.kt
+++ b/encrypt/src/main/java/com/kunzisoft/encrypt/UnsignedLong.kt
@@ -19,6 +19,8 @@
 */
 package com.kunzisoft.encrypt

+import com.kunzisoft.encrypt.stream.longTo8Bytes
+
 class UnsignedLong(value: Long) {

    private var unsignedValue: Long = value
@@ -53,7 +55,7 @@ class UnsignedLong(value: Long) {
    }

    companion object {
-        const val MAX_VALUE: Long = -1
-        val MAX = UnsignedLong(MAX_VALUE)
+        private const val MAX_VALUE: Long = -1
+        val MAX_BYTES = longTo8Bytes(MAX_VALUE)
    }
 }