keepassx 0.1.0 → 1.0.0

data/lib/keepassx/hashable_payload.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+class HashablePayload < Hash
+  include Hashie::Extensions::MergeInitializer
+  include Hashie::Extensions::IndifferentAccess
+end

data/lib/keepassx/header.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # The keepass file header.
 #
 # From the KeePass doc:
@@ -32,38 +34,62 @@
 # - aContentsHash: "plain contents" refers to the database file, minus the
 #   database header, decrypted by FinalKey.
 #   * PlainContents = Decrypt_with_FinalKey(DatabaseFile - DatabaseHeader)
+
 module Keepassx
   class Header
 
     ENCRYPTION_FLAGS = [
-       [1 , 'SHA2'    ],
-       [2 , 'Rijndael'],
-       [2 , 'AES'     ],
-       [4 , 'ArcFour' ],
-       [8 , 'TwoFish' ]
-    ]
-
-    attr_reader :encryption_iv
-    attr_reader :ngroups, :nentries
-
-    def initialize(header_bytes)
-      @signature1 = header_bytes[0..4].unpack('L*').first
-      @signature2 = header_bytes[4..8].unpack('L*').first
-      @flags   = header_bytes[8..12].unpack('L*').first
-      @version = header_bytes[12..16].unpack('L*').first
-      @master_seed = header_bytes[16...32]
-      @encryption_iv = header_bytes[32...48]
-      @ngroups = header_bytes[48..52].unpack('L*').first
-      @nentries = header_bytes[52..56].unpack('L*').first
-      @contents_hash = header_bytes[56..88]
-      @master_seed2 = header_bytes[88...120]
-      @rounds = header_bytes[120..-1].unpack('L*').first
+      [1, 'SHA2'],
+      [2, 'Rijndael'],
+      [2, 'AES'],
+      [4, 'ArcFour'],
+      [8, 'TwoFish'],
+    ].freeze
+
+    SIGNATURES = [0x9AA2D903, 0xB54BFB65].freeze
+
+    attr_reader   :encryption_iv
+    attr_accessor :groups_count
+    attr_accessor :entries_count
+    attr_accessor :content_hash
+
+
+    # rubocop:disable Metrics/MethodLength
+    def initialize(header_bytes = nil)
+      if header_bytes.nil?
+        @signature1    = SIGNATURES[0]
+        @signature2    = SIGNATURES[1]
+        @flags         = 3 # SHA2 hashing, AES encryption
+        @version       = 0x30002
+        @master_seed   = SecureRandom.random_bytes(16)
+        @encryption_iv = SecureRandom.random_bytes(16)
+        @groups_count  = 0
+        @entries_count = 0
+        @master_seed2  = SecureRandom.random_bytes(32)
+        @rounds        = 50_000
+      else
+        header_bytes   = StringIO.new(header_bytes)
+        @signature1    = header_bytes.read(4).unpack('L*').first
+        @signature2    = header_bytes.read(4).unpack('L*').first
+        @flags         = header_bytes.read(4).unpack('L*').first
+        @version       = header_bytes.read(4).unpack('L*').first
+        @master_seed   = header_bytes.read(16)
+        @encryption_iv = header_bytes.read(16)
+        @groups_count  = header_bytes.read(4).unpack('L*').first
+        @entries_count = header_bytes.read(4).unpack('L*').first
+        @content_hash  = header_bytes.read(32)
+        @master_seed2  = header_bytes.read(32)
+        @rounds        = header_bytes.read(4).unpack('L*').first
+      end
     end
+    # rubocop:enable Metrics/MethodLength
+
 
     def valid?
-      @signature1 == 0x9AA2D903 && @signature2 == 0xB54BFB65
+      @signature1 == SIGNATURES[0] && @signature2 == SIGNATURES[1]
     end
 
+
     def encryption_type
       ENCRYPTION_FLAGS.each do |(flag_mask, encryption_type)|
         return encryption_type if @flags & flag_mask
@@ -71,17 +97,66 @@ module Keepassx
       'Unknown'
     end
 
-    def final_key(master_key)
+
+    # rubocop:disable Metrics/MethodLength
+    def final_key(master_key, keyfile_data = nil)
       key = Digest::SHA2.new.update(master_key).digest
-      aes = FastAES.new(@master_seed2)
 
-      @rounds.times do |i|
-        key = aes.encrypt(key)
+      if keyfile_data
+        keyfile_hash = extract_keyfile_hash(keyfile_data)
+        key = master_key == '' ? keyfile_hash : Digest::SHA2.new.update(key + keyfile_hash).digest
+      end
+
+      aes = OpenSSL::Cipher.new('AES-256-ECB')
+      aes.encrypt
+      aes.key = @master_seed2
+      aes.padding = 0
+
+      @rounds.times do
+        key = aes.update(key) + aes.final
       end
 
       key = Digest::SHA2.new.update(key).digest
       key = Digest::SHA2.new.update(@master_seed + key).digest
       key
     end
+    # rubocop:enable Metrics/MethodLength
+
+
+    # Return encoded header
+    #
+    # @return [String] Encoded header representation.
+    def encode
+      [@signature1].pack('L*')      <<
+        [@signature2].pack('L*')    <<
+        [@flags].pack('L*')         <<
+        [@version].pack('L*')       <<
+        @master_seed                <<
+        @encryption_iv              <<
+        [@groups_count].pack('L*')  <<
+        [@entries_count].pack('L*') <<
+        @content_hash               <<
+        @master_seed2               <<
+        [@rounds].pack('L*')
+    end
+
+
+    private
+
+
+      def extract_keyfile_hash(keyfile_data)
+        # Hex encoded key
+        if keyfile_data.size == 64
+          [keyfile_data].pack('H*')
+
+        # Raw key
+        elsif keyfile_data.size == 32
+          keyfile_data
+
+        else
+          Digest::SHA2.new.update(keyfile_data).digest
+        end
+      end
+
   end
 end

data/lib/keepassx/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Keepassx
+  VERSION = '1.0.0'
+end

data/spec/factories.rb

@@ -0,0 +1,23 @@
+FactoryBot.define do
+
+  factory :group, class: Keepassx::Group do
+    id    { 1 }
+    name  { 'test_group' }
+    icon  { 20 }
+
+    initialize_with { new(attributes) }
+  end
+
+  factory :entry, class: Keepassx::Entry do
+    name      { 'test_entry' }
+    group     { build(:group) }
+    username  { 'test' }
+    password  { 'test' }
+    icon      { 20 }
+    url       { 'https://example.com' }
+    notes     { 'Test comment' }
+
+    initialize_with { new(attributes) }
+  end
+
+end

data/spec/fixtures/database_test_dumped.yml

@@ -0,0 +1,76 @@
+---
+- id: 503880962
+  name: Internet
+  icon: 1
+  level: 0
+  flags: 0
+  entries:
+  - id: 678f624ea0204444f775fb252d754ff3
+    group_id: 503880962
+    icon: 1
+    name: test entry
+    url: http://example.com/testurl
+    username: testuser
+    password: testpassword
+    notes: test comment
+  - id: 8bfa7a503bb6046b1ab6331f3de3bdeb
+    group_id: 503880962
+    icon: 1
+    name: entry2
+    url: http://example.com
+    username: user
+    password: pass2
+    notes: comment
+  - id: '00000000000000000000000000000000'
+    group_id: 503880962
+    icon: 0
+    name: Meta-Info
+    url: "$"
+    username: SYSTEM
+    password: ''
+    notes: KPX_CUSTOM_ICONS_4
+  - id: '00000000000000000000000000000000'
+    group_id: 503880962
+    icon: 0
+    name: Meta-Info
+    url: "$"
+    username: SYSTEM
+    password: ''
+    notes: KPX_GROUP_TREE_STATE
+  groups:
+  - id: 3210836170
+    name: Web
+    icon: 61
+    level: 1
+    flags: 0
+    entries:
+    - id: fb3bd253ca650a0faaf8b1c94ffdd648
+      group_id: 3210836170
+      icon: 20
+      name: test entry 2
+      url: ''
+      username: ''
+      password: ''
+      notes: ''
+    groups:
+    - id: 1532025522
+      name: Wikipedia
+      icon: 54
+      level: 2
+      flags: 0
+      entries: []
+      groups: []
+- id: 2863278214
+  name: eMail
+  icon: 19
+  level: 0
+  flags: 0
+  entries: []
+  groups: []
+- id: 1190700005
+  name: Backup
+  icon: 4
+  level: 0
+  flags: 0
+  entries: []
+  groups: []

data/spec/fixtures/database_with_key.key

@@ -0,0 +1 @@
+D27454A8D561887ADA616E972FA4A00BCF2F869FB49E03EF06CB27DB2060737D

data/spec/fixtures/database_with_key2.key

@@ -0,0 +1 @@
+2BAD1145C4EA3E0A1DE25B3302DE8FC03634916137A3BB03D064647094DB30A1

data/spec/fixtures/test_data_array.yml

@@ -0,0 +1,113 @@
+---
+- :name: Internet
+  :icon: 1
+  :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+  :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+  :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+  :groups:
+  - :name: Web
+    :icon: 61
+    :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+    :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+    :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+    :groups:
+    - :name: Amazon
+      :icon: 30
+      :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+    - :name: Wikipedia
+      :icon: 54
+      :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+      :entries:
+      - :name: Wikipedia URL 1
+        :username: testwiki1
+        :url: http://wiki.com/testurl1
+        :password: testwiki1
+        :notes: test wiki comment1
+        :group: Wikipedia
+        :id: f720371d-15f1-4b9b-918e-68bb83e4407e
+        :last_mod_time: 2008-09-07 23:40:43
+        :last_acc_time: 2008-09-07 23:40:43
+        :creation_time: 2008-09-07 23:40:43
+      - :name: Wikipedia URL 2
+        :username: testwiki2
+        :url: http://wiki.com/testurl2
+        :password: testwiki2
+        :notes: test wiki comment2
+        :group: Wikipedia
+        :id: e720371d-15f1-4c9b-918e-68bb83e4407e
+        :last_mod_time: 2008-09-07 23:43:43
+        :last_acc_time: 2008-09-07 23:20:43
+        :creation_time: 2008-09-07 23:50:43
+  :entries:
+  - :name: Internet URL 1
+    :username: testuser1
+    :url: http://example.com/testurl1
+    :password: testuser1
+    :notes: test comment1
+    :id: 2d3fae36-e89f-48bd-8900-389cc01ef248
+    :group: Internet
+    :last_mod_time: 2008-09-03 23:40:43
+    :last_acc_time: 2008-09-03 23:40:43
+    :creation_time: 2008-09-03 23:40:43
+  - :name: Internet URL 2
+    :username: testuser2
+    :url: http://example.com/testurl2
+    :password: testuser2
+    :notes: text comment2
+    :id: 866216ea-3a57-43df-8847-becfc3593939
+    :group: Internet
+    :last_mod_time: 2008-09-07 22:40:43
+    :last_acc_time: 2008-09-07 22:40:43
+    :creation_time: 2008-09-07 22:40:43
+- :name: eMail
+  :icon: 19
+  :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+  :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+  :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+  :groups:
+  - :name: Personnal
+    :icon: 61
+    :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+    :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+    :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+    :groups:
+    - :name: Microsoft
+      :icon: 80
+      :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+    - :name: Apple
+      :icon: 81
+      :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+    - :name: Google
+      :icon: 82
+      :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+  - :name: Profesionnal
+    :icon: 61
+    :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+    :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+    :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+    :groups:
+    - :name: Microsoft
+      :icon: 70
+      :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+    - :name: Apple
+      :icon: 71
+      :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00
+    - :name: Google
+      :icon: 72
+      :creation_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_mod_time: 2016-09-03 21:09:06.000000000 +02:00
+      :last_acc_time: 2016-09-03 21:09:06.000000000 +02:00

data/spec/fixtures/test_data_array_dumped.yml

@@ -0,0 +1,124 @@
+---
+- id: 1
+  name: Internet
+  icon: 1
+  level: 0
+  flags: 0
+  entries:
+  - id: 2d3fae36de89fd48bdd8900d389cc01ef248
+    group_id: 1
+    icon: 1
+    name: Internet URL 1
+    url: http://example.com/testurl1
+    username: testuser1
+    password: testuser1
+    notes: test comment1
+  - id: 866216ead3a57d43dfd8847dbecfc3593939
+    group_id: 1
+    icon: 1
+    name: Internet URL 2
+    url: http://example.com/testurl2
+    username: testuser2
+    password: testuser2
+    notes: text comment2
+  groups:
+  - id: 2
+    name: Web
+    icon: 61
+    level: 1
+    flags: 0
+    entries: []
+    groups:
+    - id: 3
+      name: Amazon
+      icon: 30
+      level: 2
+      flags: 0
+      entries: []
+      groups: []
+    - id: 4
+      name: Wikipedia
+      icon: 54
+      level: 2
+      flags: 0
+      entries:
+      - id: f720371dd15f1d4b9bd918ed68bb83e4407e
+        group_id: 4
+        icon: 1
+        name: Wikipedia URL 1
+        url: http://wiki.com/testurl1
+        username: testwiki1
+        password: testwiki1
+        notes: test wiki comment1
+      - id: e720371dd15f1d4c9bd918ed68bb83e4407e
+        group_id: 4
+        icon: 1
+        name: Wikipedia URL 2
+        url: http://wiki.com/testurl2
+        username: testwiki2
+        password: testwiki2
+        notes: test wiki comment2
+      groups: []
+- id: 5
+  name: eMail
+  icon: 19
+  level: 0
+  flags: 0
+  entries: []
+  groups:
+  - id: 6
+    name: Personnal
+    icon: 61
+    level: 1
+    flags: 0
+    entries: []
+    groups:
+    - id: 7
+      name: Microsoft
+      icon: 80
+      level: 2
+      flags: 0
+      entries: []
+      groups: []
+    - id: 8
+      name: Apple
+      icon: 81
+      level: 2
+      flags: 0
+      entries: []
+      groups: []
+    - id: 9
+      name: Google
+      icon: 82
+      level: 2
+      flags: 0
+      entries: []
+      groups: []
+  - id: 10
+    name: Profesionnal
+    icon: 61
+    level: 1
+    flags: 0
+    entries: []
+    groups:
+    - id: 11
+      name: Microsoft
+      icon: 70
+      level: 2
+      flags: 0
+      entries: []
+      groups: []
+    - id: 12
+      name: Apple
+      icon: 71
+      level: 2
+      flags: 0
+      entries: []
+      groups: []
+    - id: 13
+      name: Google
+      icon: 72
+      level: 2
+      flags: 0
+      entries: []
+      groups: []