rixxc/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-12-04 15:39:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e121f4bc2883fda73a495546ea8b8833e51ca8ae
keepassxc/src/fdosecrets/objects/SessionCipher.cpp
Aetf e121f4bc28 Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403) 
This plugin implements the Secret Storage specification version 0.2.
While running KeePassXC, it acts as a Secret Service server, registered
on DBus, so clients like seahorse, python-secretstorage, or other
implementations can connect and access the exposed database in KeePassXC.

Squashed commits:

- Initial code
- Add SessionAdaptor and fix build
- The skeletons for all dbus objects are in place
- Implement collection creation and deletion
- Emit collectionChanged signal
- Implement app-wise settings page
- Implement error message on GUI
- Implement settings
- Fix uuid to dbus path
- Implement app level settings
- Add freedesktop logo
- Implement database settings page
- Change database settings to a treeview
- Move all settings read/write to one place
- Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets
- Fix selected group can not be saved if the user hasn't click on the item
- Show selected group per database in app settings
- Disable editing of various readonly widgets
- Remove unused warning about non exposed database
- Fix method signature on dbus adaptors
- Fix type derived from DBusObject not recognized as QDBusContext
- Resolve a few TODOs around error handling
- Remove const when passing DBus exposed objects
- Move dismiss to PromptBase
- Implement per collection locking/unlocking
- Fix const correctness on Item::setSecret
- Implement SecretService::getSecrets
- Rework the signal connections around collections.
- Remove generateId from DBusObject
- Per spec, use encoded label as DBus object path for collections
- Fix some corner cases around collection name changes
- Implement alias
- Fix wrong alias dbus path
- Implement encryption per spec
- Cleanup SessionCipher
- Implement searchItems for SecretService
- Use Tools::uuidToHex
- Implement Item attributes and delete
- Implement createItem
- Always check if the database is unlocked before perform any operation
- Add missing ReadAlias/SetAlias on service
- Reorganize and fix OpenSession always returning empty output
- Overhaul error handling
- Make sure default alias is always present
- Remove collection aliases early in doDelete
- Handles all content types, fix setProperties not working
- Fix sometimes there is an extraneous leading zero when converting from MPI
- Fix session encryption negotiation
- Do not expose recycle bin
- Protect against the methods not called from DBus
- Also emit collectionChanged signal when lock state changes
- Show notification when entry secret is requested
- Add a README file
- Actually close session when client disconnects
- Gracefully return alternative label when collection is locked
- Reorganize, rename secretservice to fdosecrets
- Fix issues reported by clazy
- Unify UI strings and fix icon
- Implement a setting to skip confirmation when deleting entries from DBus
- Remove some unused debugging log
- Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter.
- Simplify GcryptMPI using std::unique_ptr and add unit test
- Format code in fdosecrets
- Move DBusReturnImpl to details namespace
- Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted
- Make sure Collection::searchItems works, whether it's locked or not
- Fix FdoSecrets::Collection becomes empty after a database reload
- Fix crash when looping while modifying the list
2019-05-12 12:35:42 -04:00

225 lines
7.8 KiB
C++
Raw Blame History

/*
* Copyright (C) 2019 Aetf <aetf@unlimitedcodeworks.xyz>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 2 or (at your option)
* version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "SessionCipher.h"
#include "crypto/CryptoHash.h"
#include "crypto/Random.h"
#include "crypto/SymmetricCipher.h"
#include <gcrypt.h>
#include <memory>
namespace
{
constexpr const auto IETF1024_SECOND_OAKLEY_GROUP_P_HEX = "FFFFFFFFFFFFFFFFC90FDAA22168C234"
"C4C6628B80DC1CD129024E088A67CC74"
"020BBEA63B139B22514A08798E3404DD"
"EF9519B3CD3A431B302B0A6DF25F1437"
"4FE1356D6D51C245E485B576625E7EC6"
"F44C42E9A637ED6B0BFF5CB6F406B7ED"
"EE386BFB5A899FA5AE9F24117C4B1FE6"
"49286651ECE65381FFFFFFFFFFFFFFFF";
constexpr const size_t KEY_SIZE_BYTES = 128;
constexpr const int AES_KEY_LEN = 16; // 128 bits
const auto IETF1024_SECOND_OAKLEY_GROUP_P = MpiFromHex(IETF1024_SECOND_OAKLEY_GROUP_P_HEX, false);
} // namespace
namespace FdoSecrets
{
QVariant CipherPair::negotiationOutput() const
{
return {};
}
DhIetf1024Sha256Aes128CbcPkcs7::DhIetf1024Sha256Aes128CbcPkcs7(const QByteArray& clientPublicKeyBytes)
: m_valid(false)
{
// read client public key
auto clientPub = MpiFromBytes(clientPublicKeyBytes, false);
// generate server side private, 128 bytes
GcryptMPI serverPrivate(gcry_mpi_snew(KEY_SIZE_BYTES * 8));
gcry_mpi_randomize(serverPrivate.get(), KEY_SIZE_BYTES * 8, GCRY_STRONG_RANDOM);
// generate server side public key
GcryptMPI serverPublic(gcry_mpi_snew(KEY_SIZE_BYTES * 8));
// the generator of Second Oakley Group is 2
gcry_mpi_powm(serverPublic.get(), GCRYMPI_CONST_TWO, serverPrivate.get(), IETF1024_SECOND_OAKLEY_GROUP_P.get());
initialize(std::move(clientPub), std::move(serverPublic), std::move(serverPrivate));
}
bool
DhIetf1024Sha256Aes128CbcPkcs7::initialize(GcryptMPI clientPublic, GcryptMPI serverPublic, GcryptMPI serverPrivate)
{
QByteArray commonSecretBytes;
if (!diffieHullman(clientPublic, serverPrivate, commonSecretBytes)) {
return false;
}
m_privateKey = MpiToBytes(serverPrivate);
m_publicKey = MpiToBytes(serverPublic);
m_aesKey = hkdf(commonSecretBytes);
m_valid = true;
return true;
}
bool DhIetf1024Sha256Aes128CbcPkcs7::diffieHullman(const GcryptMPI& clientPub,
const GcryptMPI& serverPrivate,
QByteArray& commonSecretBytes)
{
if (!clientPub || !serverPrivate) {
return false;
}
// calc common secret
GcryptMPI commonSecret(gcry_mpi_snew(KEY_SIZE_BYTES * 8));
gcry_mpi_powm(commonSecret.get(), clientPub.get(), serverPrivate.get(), IETF1024_SECOND_OAKLEY_GROUP_P.get());
commonSecretBytes = MpiToBytes(commonSecret);
return true;
}
QByteArray DhIetf1024Sha256Aes128CbcPkcs7::hkdf(const QByteArray& IKM)
{
// HKDF-Extract(salt, IKM) -> PRK
// PRK = HMAC-Hash(salt, IKM)
// we use NULL salt as per spec
auto PRK = CryptoHash::hmac(IKM,
QByteArrayLiteral("\0\0\0\0\0\0\0\0"
"\0\0\0\0\0\0\0\0"
"\0\0\0\0\0\0\0\0"
"\0\0\0\0\0\0\0\0"),
CryptoHash::Sha256);
// HKDF-Expand(PRK, info, L) -> OKM
// N = ceil(L/HashLen)
// T = T(1) | T(2) | T(3) | ... | T(N)
// OKM = first L octets of T
// where:
// T(0) = empty string (zero length)
// T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
// T(2) = HMAC-Hash(PRK, T(1) | info | 0x02)
// T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
// ...
//
// (where the constant concatenated to the end of each T(n) is a
// single octet.)
// we use empty info as per spec
// HashLen = 32 (sha256)
// L = 16 (16 * 8 = 128 bits)
// N = ceil(16/32) = 1
auto T1 = CryptoHash::hmac(QByteArrayLiteral("\x01"), PRK, CryptoHash::Sha256);
// resulting AES key is first 128 bits
Q_ASSERT(T1.size() >= AES_KEY_LEN);
auto OKM = T1.left(AES_KEY_LEN);
return OKM;
}
SecretStruct DhIetf1024Sha256Aes128CbcPkcs7::encrypt(const SecretStruct& input)
{
SecretStruct output = input;
output.value.clear();
output.parameters.clear();
SymmetricCipher encrypter(SymmetricCipher::Aes128, SymmetricCipher::Cbc, SymmetricCipher::Encrypt);
auto IV = randomGen()->randomArray(SymmetricCipher::algorithmIvSize(SymmetricCipher::Aes128));
if (!encrypter.init(m_aesKey, IV)) {
qWarning() << "Error encrypt: " << encrypter.errorString();
return output;
}
output.parameters = IV;
bool ok;
output.value = input.value;
output.value = encrypter.process(padPkcs7(output.value, encrypter.blockSize()), &ok);
if (!ok) {
qWarning() << "Error encrypt: " << encrypter.errorString();
return output;
}
return output;
}
QByteArray& DhIetf1024Sha256Aes128CbcPkcs7::padPkcs7(QByteArray& input, int blockSize)
{
// blockSize must be a power of 2.
Q_ASSERT_X(blockSize > 0 && !(blockSize & (blockSize - 1)), "padPkcs7", "blockSize must be a power of 2");
int padLen = blockSize - (input.size() & (blockSize - 1));
input.append(QByteArray(padLen, static_cast<char>(padLen)));
return input;
}
SecretStruct DhIetf1024Sha256Aes128CbcPkcs7::decrypt(const SecretStruct& input)
{
auto IV = input.parameters;
SymmetricCipher decrypter(SymmetricCipher::Aes128, SymmetricCipher::Cbc, SymmetricCipher::Decrypt);
if (!decrypter.init(m_aesKey, IV)) {
qWarning() << "Error decoding: " << decrypter.errorString();
return input;
}
bool ok;
SecretStruct output = input;
output.parameters.clear();
output.value = decrypter.process(input.value, &ok);
if (!ok) {
qWarning() << "Error decoding: " << decrypter.errorString();
return input;
}
unpadPkcs7(output.value);
return output;
}
QByteArray& DhIetf1024Sha256Aes128CbcPkcs7::unpadPkcs7(QByteArray& input)
{
if (input.isEmpty()) {
return input;
}
int padLen = input[input.size() - 1];
input.chop(padLen);
return input;
}
bool DhIetf1024Sha256Aes128CbcPkcs7::isValid() const
{
return m_valid;
}
QVariant DhIetf1024Sha256Aes128CbcPkcs7::negotiationOutput() const
{
return m_publicKey;
}
} // namespace FdoSecrets
Reference in New Issue View Git Blame Copy Permalink