Force twofish padding compatibility #955

2025-12-04 15:49:33 +01:00 · 2021-04-08 12:55:23 +02:00
parent 949905f6e2
commit 346b517c9d
4 changed files with 12 additions and 3 deletions
--- a/app/src/main/java/com/kunzisoft/keepass/database/crypto/CipherEngine.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/database/crypto/CipherEngine.kt
@@ -36,6 +36,9 @@ abstract class CipherEngine {
        return 16
    }

+    // Used only with padding workaround
+    var forcePaddingCompatibility = false
+
    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
    abstract fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher

--- a/app/src/main/java/com/kunzisoft/keepass/database/crypto/TwofishEngine.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/database/crypto/TwofishEngine.kt
@@ -30,7 +30,7 @@ class TwofishEngine : CipherEngine() {

    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
    override fun getCipher(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
-        return CipherFactory.getTwofish(opmode, key, IV)
+        return CipherFactory.getTwofish(opmode, key, IV, forcePaddingCompatibility)
    }

    override fun getEncryptionAlgorithm(): EncryptionAlgorithm {
--- a/app/src/main/java/com/kunzisoft/keepass/database/file/input/DatabaseInputKDBX.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/database/file/input/DatabaseInputKDBX.kt
@@ -151,9 +151,11 @@ class DatabaseInputKDBX(cacheDirectory: File,
            val cipher: Cipher
            try {
                engine = EncryptionAlgorithm.getFrom(mDatabase.cipherUuid).cipherEngine
+                engine.forcePaddingCompatibility = true
                mDatabase.setDataEngine(engine)
                mDatabase.encryptionAlgorithm = engine.getEncryptionAlgorithm()
                cipher = engine.getCipher(Cipher.DECRYPT_MODE, mDatabase.finalKey!!, header.encryptionIV)
+                engine.forcePaddingCompatibility = false
            } catch (e: Exception) {
                throw InvalidAlgorithmDatabaseException(e)
            }
--- a/crypto/src/main/java/com/kunzisoft/encrypt/CipherFactory.kt
+++ b/crypto/src/main/java/com/kunzisoft/encrypt/CipherFactory.kt
@@ -38,8 +38,12 @@ object CipherFactory {
    }

    @Throws(NoSuchAlgorithmException::class, NoSuchPaddingException::class, InvalidKeyException::class, InvalidAlgorithmParameterException::class)
-    fun getTwofish(opmode: Int, key: ByteArray, IV: ByteArray): Cipher {
-        val cipher: Cipher = Cipher.getInstance("Twofish/CBC/PKCS7PADDING")
+    fun getTwofish(opmode: Int, key: ByteArray, IV: ByteArray, forceCompatibility: Boolean = false): Cipher {
+        val cipher: Cipher = if (forceCompatibility) {
+            Cipher.getInstance("Twofish/CBC/NoPadding")
+        } else {
+            Cipher.getInstance("Twofish/CBC/PKCS7PADDING")
+        }
        cipher.init(opmode, SecretKeySpec(key, "AES"), IvParameterSpec(IV))
        return cipher
    }