-
Notifications
You must be signed in to change notification settings - Fork 13
/
Kdb4Reader.m
238 lines (205 loc) · 6.79 KB
/
Kdb4Reader.m
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
//
// Kdb4.m
// KeePass2
//
// Created by Qiang Yu on 1/3/10.
// Copyright 2010 Qiang Yu. All rights reserved.
//
#import <CommonCrypto/CommonCryptor.h>
#import "Kdb4Reader.h"
#import "Kdb.h"
#import "HashedInputData.h"
#import "GZipInputData.h"
#import "Kdb4Parser.h"
#import "Utils.h"
#import "AESDecryptSource.h"
#import "Arc4RandomStream.h"
#import "Salsa20RandomStream.h"
#define FILE_VERSION_32 0x00020000
#define FILE_VERSION_CRITICAL_MASK 0xFFFF0000
#define READ_BYTES(X, Y, Z) (X = [[ByteBuffer alloc] initWithSize:Y dataSource:Z])
@interface Kdb4Reader (PrivateMethods)
-(void)readHeader:(id<InputDataSource>) source;
-(id<InputDataSource>)createDecryptedInputDataSource:(id<InputDataSource>)source key:(ByteBuffer *)key;
@end
@implementation Kdb4Reader
@synthesize _tree;
#pragma mark -
#pragma mark alloc/dealloc
-(id)init{
if(self=[super init]){
_password = [[KdbPassword alloc]init];
}
return self;
}
-(void)dealloc{
[_cipherUUID release];
[_encryptionIV release];
[_protectedStreamKey release];
[_streamStartBytes release];
[_password release];
[_tree dealloc];
[super dealloc];
}
#pragma mark -
#pragma mark Public Methods
//TODO:
// only Kdb4Format.Default is supported; will add support for Kdb4Format.PlainXml
//
-(id<KdbTree>)load:(WrapperNSData *)source withPassword:(NSString *)password{
ByteBuffer * finalKey = nil;
id<InputDataSource> decrypted = nil;
id<InputDataSource> hashed = nil;
id<InputDataSource> readerStream = nil;
@try{
//read header
[self readHeader:source];
//decrypt data
finalKey = [_password createFinalKey32ForPasssword:password coding:NSUTF8StringEncoding kdbVersion:4];
decrypted = [self createDecryptedInputDataSource:source key:finalKey];
//double check start block
ByteBuffer * startBytes = [[ByteBuffer alloc]initWithSize:32];
[decrypted readBytes:startBytes._bytes length:32];
if(![startBytes isEqual:_streamStartBytes]){
[startBytes release];
@throw [NSException exceptionWithName:@"DecryptError" reason:@"DecryptError" userInfo:nil];
}
[startBytes release];
hashed = [[HashedInputData alloc] initWithDataSource:decrypted];
id<InputDataSource> readerStream = nil;
if(_compressionAlgorithm==COMPRESSION_GZIP){
readerStream = [[GZipInputData alloc]initWithDataSource:hashed];
}else{
readerStream = [hashed retain];
}
//should PlainXML supported?
id<RandomStream> rs = nil;
if(_randomStreamID == CSR_SALSA20){
rs = [[Salsa20RandomStream alloc]init:_protectedStreamKey._bytes len:_protectedStreamKey._size];
}else if (_randomStreamID == CSR_ARC4VARIANT){
rs = [[Arc4RandomStream alloc]init:_protectedStreamKey._bytes len:_protectedStreamKey._size];
}else{
@throw [NSException exceptionWithName:@"Unsupported" reason:@"UnsupportedRandomStreamID" userInfo:nil];
}
Kdb4Parser * parser = [[Kdb4Parser alloc]init];
parser._randomStream = rs;
self._tree = (Kdb4Tree *)[parser parse:readerStream];
[parser release];
}
@finally{
[hashed release];
[decrypted release];
[readerStream release];
[finalKey release];
[source release];
}
return self._tree;
}
-(id<KdbTree>)getKdbTree{
return self._tree;
}
#pragma mark -
#pragma mark Private Methods
/*
* Decrypt remaining bytes
*/
-(id<InputDataSource>)createDecryptedInputDataSource:(id<InputDataSource>)source key:(ByteBuffer *)key{
AESDecryptSource * rv = [[AESDecryptSource alloc]initWithInputSource:source Keys:key._bytes andIV:_encryptionIV._bytes];
return rv;
}
-(void)readHeader:(id<InputDataSource>)source{
uint32_t version = [Utils readInt32LE:source];
DLog(@"VERSION:%X", version);
if((version & FILE_VERSION_CRITICAL_MASK) > (FILE_VERSION_32 & FILE_VERSION_CRITICAL_MASK)){
@throw [NSException exceptionWithName:@"Unsupported" reason:@"UnsupportedVersion" userInfo:nil];
}
BOOL eoh = NO; //end of header
while(!eoh){
uint8_t fieldType = [Utils readInt8LE:source];
uint16_t fieldSize = [Utils readInt16LE:source];
switch (fieldType) {
case HEADER_COMMENT:{
ByteBuffer * comment;
READ_BYTES(comment, fieldSize, source);
//DLog(@"HEADER_COMMENT:%@", comment);
[comment release];
break;
}
case HEADER_EOH:{
ByteBuffer * header;
READ_BYTES(header, fieldSize, source);
//DLog(@"HEADER_EOH:%@", header);
[header release];
eoh = YES;
break;
}
case HEADER_CIPHERID:{
if(fieldSize!=16)
@throw [NSException exceptionWithName:@"InvalidHeader" reason:@"InvalidCipherId" userInfo:nil];
_cipherUUID = [[UUID alloc]initWithSize:16 dataSource:source];
//DLog(@"HEADER_CIPHERID:%@", _cipherUUID);
if(![_cipherUUID isEqual:[UUID getAESUUID]]){
@throw [NSException exceptionWithName:@"Unsupported" reason:@"UnsupportedCipher" userInfo:nil];
}
break;
}
case HEADER_MASTERSEED:{
if(fieldSize!=32)
@throw [NSException exceptionWithName:@"InvalidHeader" reason:@"InvalidMasterSeed" userInfo:nil];
ByteBuffer * masterSeed;
READ_BYTES(masterSeed, fieldSize, source);
_password._masterSeed = masterSeed;
//DLog(@"HEADER_MASTERSEED:%@", masterSeed);
[masterSeed release];
break;
}
case HEADER_TRANSFORMSEED:{
if(fieldSize!=32)
@throw [NSException exceptionWithName:@"InvalidHeader" reason:@"InvalidTransformSeed" userInfo:nil];
ByteBuffer * transformSeed;
READ_BYTES(transformSeed, fieldSize, source);
_password._transformSeed = transformSeed;
//DLog(@"HEADER_TRANSFORMSEED:%@", transformSeed);
[transformSeed release];
break;
}
case HEADER_ENCRYPTIONIV:{
READ_BYTES(_encryptionIV, fieldSize, source);
//DLog(@"HEADER_ENCRYPTIONIV:%@", _encryptionIV);
break;
}
case HEADER_PROTECTEDKEY:{
READ_BYTES(_protectedStreamKey, fieldSize, source);
DLog(@"HEADER_PROTECTEDKEY:%@", _protectedStreamKey);
break;
}
case HEADER_STARTBYTES:{
READ_BYTES(_streamStartBytes, fieldSize, source);
//DLog(@"HEADER_STARTBYTES:%@", _streamStartBytes);
break;
}
case HEADER_TRANSFORMROUNDS:{
_password._rounds = [Utils readInt64LE:source];
//DLog(@"HEADER_TRANSFORMROUNDS:%qX", _password._rounds);
break;
}
case HEADER_COMPRESSION:{
_compressionAlgorithm = [Utils readInt32LE:source];
if(_compressionAlgorithm >= COMPRESSION_COUNT)
@throw [NSException exceptionWithName:@"InvalidHeader" reason:@"InvalidCompression" userInfo:nil];
//DLog(@"HEADER_COMPRESSION:%X", _compressionAlgorithm);
break;
}
case HEADER_RANDOMSTREAMID:{
_randomStreamID = [Utils readInt32LE:source];
if(_randomStreamID >= CSR_COUNT)
@throw [NSException exceptionWithName:@"InvalidHeader" reason:@"InvalidCSRAlgorithm" userInfo:nil];
//DLog(@"HEADER_RANDOMSTREAMID:%X", _randomStreamID);
break;
}
default:
@throw [NSException exceptionWithName:@"InvalidHeader" reason:@"InvalidField" userInfo:nil];
}
}
}
@end