Store encrypted passwords with connections.
Closes #22 as encrypted password is now deleted as part of the connection record.
This commit is contained in:
eelke
parent
e5ae9663c4
commit
d489f11e52
11 changed files with 252 additions and 695 deletions
61
core/KeyStrengthener.cpp
Normal file
61
core/KeyStrengthener.cpp
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
#include "KeyStrengthener.h"
|
||||
#include <botan/scrypt.h>
|
||||
#include <botan/base64.h>
|
||||
#include <QSqlError>
|
||||
#include <QSqlQuery>
|
||||
#include <QVariant>
|
||||
|
||||
KeyStrengthener::KeyStrengthener(std::unique_ptr<Botan::PasswordHash> hasher, Botan::secure_vector<uint8_t> salt, size_t keysize)
|
||||
: m_hasher (std::move(hasher))
|
||||
, m_salt (std::move(salt))
|
||||
, m_keySize(keysize)
|
||||
{}
|
||||
|
||||
KeyStrengthener::KeyStrengthener(KeyStrengthener &&rhs)
|
||||
: m_hasher (std::move(rhs.m_hasher))
|
||||
, m_salt (std::move(rhs.m_salt))
|
||||
, m_keySize(rhs.m_keySize)
|
||||
{}
|
||||
|
||||
KeyStrengthener &KeyStrengthener::operator=(KeyStrengthener &&rhs)
|
||||
{
|
||||
if (&rhs != this) {
|
||||
m_hasher = std::move(rhs.m_hasher);
|
||||
m_salt = std::move(rhs.m_salt);
|
||||
m_keySize = rhs.m_keySize;
|
||||
}
|
||||
return *this;
|
||||
}
|
||||
|
||||
Botan::secure_vector<uint8_t> KeyStrengthener::derive(const std::string &passphrase)
|
||||
{
|
||||
Botan::secure_vector<uint8_t> master_key(m_keySize);
|
||||
m_hasher->derive_key(master_key.data(), master_key.size(), passphrase.c_str(), passphrase.length(), m_salt.data(), m_salt.size());
|
||||
|
||||
return master_key;
|
||||
}
|
||||
|
||||
void KeyStrengthener::saveParams(QSqlDatabase &db, const QString &table_name)
|
||||
{
|
||||
auto sc = dynamic_cast<Botan::Scrypt*>(m_hasher.get());
|
||||
size_t i1 = sc->N();
|
||||
size_t i2 = sc->r();
|
||||
size_t i3 = sc->p();
|
||||
|
||||
auto salt_str = QString::fromUtf8(Botan::base64_encode(m_salt).c_str());
|
||||
// SAVE parameters in database
|
||||
QSqlQuery insert_statement(db);
|
||||
insert_statement.prepare("INSERT OR REPLACE INTO " + table_name + "(id, algo, i1, i2, i3, ks, salt) "
|
||||
+ "VALUES(:id, :algo, :i1, :i2, :i3, :ks, :salt)");
|
||||
insert_statement.bindValue(":id", 1);
|
||||
insert_statement.bindValue(":algo", "Scrypt");
|
||||
insert_statement.bindValue(":i1", i1);
|
||||
insert_statement.bindValue(":i2", i2);
|
||||
insert_statement.bindValue(":i3", i3);
|
||||
insert_statement.bindValue(":ks", m_keySize);
|
||||
insert_statement.bindValue(":salt", salt_str);
|
||||
if (!insert_statement.exec()) {
|
||||
throw std::runtime_error("PasswordManager::KeyStrengthener::saveParams failed");
|
||||
// auto err = insert_statement.lastError();
|
||||
}
|
||||
}
|
||||
29
core/KeyStrengthener.h
Normal file
29
core/KeyStrengthener.h
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
#ifndef KEYSTRENGTHENER_H
|
||||
#define KEYSTRENGTHENER_H
|
||||
|
||||
#include <QSqlDatabase>
|
||||
#include <botan/pwdhash.h>
|
||||
#include <botan/secmem.h>
|
||||
#include <memory>
|
||||
|
||||
class KeyStrengthener {
|
||||
public:
|
||||
KeyStrengthener() = default;
|
||||
KeyStrengthener(std::unique_ptr<Botan::PasswordHash> hasher, Botan::secure_vector<uint8_t> salt, size_t keysize);
|
||||
|
||||
KeyStrengthener(const KeyStrengthener&) = delete;
|
||||
KeyStrengthener& operator=(const KeyStrengthener &) = delete;
|
||||
|
||||
KeyStrengthener(KeyStrengthener &&rhs);
|
||||
|
||||
KeyStrengthener& operator=(KeyStrengthener &&rhs);
|
||||
|
||||
Botan::secure_vector<uint8_t> derive(const std::string &passphrase);
|
||||
void saveParams(QSqlDatabase &db, const QString &table_name);
|
||||
private:
|
||||
std::unique_ptr<Botan::PasswordHash> m_hasher;
|
||||
Botan::secure_vector<uint8_t> m_salt;
|
||||
size_t m_keySize;
|
||||
};
|
||||
|
||||
#endif // KEYSTRENGTHENER_H
|
||||
|
|
@ -7,11 +7,11 @@
|
|||
#include <botan/hash.h>
|
||||
#include <botan/auto_rng.h>
|
||||
#include <botan/base64.h>
|
||||
//#include <botan/psk_db_sql.h>
|
||||
#include <botan/psk_db.h>
|
||||
|
||||
//#include <botan/sqlite3.h>
|
||||
#include <botan/scrypt.h>
|
||||
#include <botan/nist_keywrap.h>
|
||||
#include <botan/base64.h>
|
||||
#include <botan/mac.h>
|
||||
#include <botan/block_cipher.h>
|
||||
#include <boost/lexical_cast.hpp>
|
||||
|
||||
namespace {
|
||||
|
|
@ -26,141 +26,59 @@ namespace {
|
|||
|
||||
};
|
||||
|
||||
class QPSK_Database : public Botan::Encrypted_PSK_Database
|
||||
}
|
||||
|
||||
using namespace Botan;
|
||||
|
||||
class PasswordCryptoEngine {
|
||||
public:
|
||||
PasswordCryptoEngine(const secure_vector<uint8_t>& master_key)
|
||||
{
|
||||
public:
|
||||
/**
|
||||
* @param master_key specifies the master key used to encrypt all
|
||||
* keys and value. It can be of any length, but should be at least 256 bits.
|
||||
*
|
||||
* Subkeys for the cryptographic algorithms used are derived from this
|
||||
* master key. No key stretching is performed; if encrypting a PSK database
|
||||
* using a password, it is recommended to use PBKDF2 to derive the database
|
||||
* master key.
|
||||
*/
|
||||
QPSK_Database(const Botan::secure_vector<uint8_t>& master_key, QSqlDatabase &db, const QString &table_name)
|
||||
: Encrypted_PSK_Database(master_key)
|
||||
, m_db(db)
|
||||
, m_tableName(table_name)
|
||||
{
|
||||
QSqlQuery q_create_table(m_db);
|
||||
q_create_table.prepare("CREATE TABLE IF NOT EXISTS " + table_name +
|
||||
"(psk_name TEXT PRIMARY KEY, psk_value TEXT)");
|
||||
if (!q_create_table.exec()) {
|
||||
auto err = q_create_table.lastError();
|
||||
throw SqlException(err);
|
||||
}
|
||||
}
|
||||
|
||||
protected:
|
||||
/// Save a encrypted (name.value) pair to the database. Both will be base64 encoded strings.
|
||||
virtual void kv_set(const std::string& index, const std::string& value) override
|
||||
{
|
||||
QSqlQuery q(m_db);
|
||||
q.prepare("insert or replace into " + m_tableName + " values(:name, :value)");
|
||||
q.bindValue(":name", QString::fromUtf8(index.c_str()));
|
||||
q.bindValue(":value", QString::fromUtf8(value.c_str()));
|
||||
if (!q.exec()) {
|
||||
auto err = q.lastError();
|
||||
throw SqlException(err);
|
||||
}
|
||||
}
|
||||
|
||||
/// Get a value previously saved with set_raw_value. Should return an empty
|
||||
/// string if index is not found.
|
||||
virtual std::string kv_get(const std::string& index) const override
|
||||
{
|
||||
QSqlQuery q(m_db);
|
||||
q.prepare("SELECT psk_value FROM " + m_tableName +
|
||||
" WHERE psk_name = :name");
|
||||
q.bindValue(":name", QString::fromUtf8(index.c_str()));
|
||||
if (q.exec()) {
|
||||
if (q.next()) {
|
||||
return q.value(0).toString().toUtf8().data();
|
||||
}
|
||||
}
|
||||
else {
|
||||
auto err = q.lastError();
|
||||
throw SqlException(err);
|
||||
}
|
||||
return std::string();
|
||||
}
|
||||
|
||||
/// Remove an index
|
||||
virtual void kv_del(const std::string& index) override
|
||||
{
|
||||
QSqlQuery q(m_db);
|
||||
q.prepare("DELETE FROM " + m_tableName + " WHERE psk_name=:name");
|
||||
q.bindValue(":name", QString::fromUtf8(index.c_str()));
|
||||
if (!q.exec()) {
|
||||
auto err = q.lastError();
|
||||
throw SqlException(err);
|
||||
}
|
||||
}
|
||||
|
||||
/// Return all indexes in the table.
|
||||
virtual std::set<std::string> kv_get_all() const override
|
||||
{
|
||||
QSqlQuery q(m_db);
|
||||
q.prepare("SELECT psk_name FROM " + m_tableName);
|
||||
|
||||
std::set<std::string> result;
|
||||
if (q.exec()) {
|
||||
while (q.next()) {
|
||||
result.insert(q.value(0).toString().toUtf8().data());
|
||||
}
|
||||
}
|
||||
else {
|
||||
auto err = q.lastError();
|
||||
throw SqlException(err);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
private:
|
||||
QSqlDatabase &m_db;
|
||||
QString m_tableName;
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
Botan::secure_vector<uint8_t> PasswordManager::KeyStrengthener::derive(const std::string &passphrase)
|
||||
{
|
||||
Botan::secure_vector<uint8_t> master_key(m_keySize);
|
||||
m_hasher->derive_key(master_key.data(), master_key.size(), passphrase.c_str(), passphrase.length(), m_salt.data(), m_salt.size());
|
||||
|
||||
return master_key;
|
||||
}
|
||||
|
||||
void PasswordManager::KeyStrengthener::saveParams(QSqlDatabase &db, const QString &table_name)
|
||||
{
|
||||
auto sc = dynamic_cast<Botan::Scrypt*>(m_hasher.get());
|
||||
size_t i1 = sc->N();
|
||||
size_t i2 = sc->r();
|
||||
size_t i3 = sc->p();
|
||||
|
||||
|
||||
auto salt_str = QString::fromUtf8(Botan::base64_encode(m_salt).c_str());
|
||||
// SAVE parameters in database
|
||||
QSqlQuery insert_statement(db);
|
||||
insert_statement.prepare("INSERT OR REPLACE INTO " + table_name + "(id, algo, i1, i2, i3, ks, salt) "
|
||||
+ "VALUES(:id, :algo, :i1, :i2, :i3, :ks, :salt)");
|
||||
insert_statement.bindValue(":id", 1);
|
||||
insert_statement.bindValue(":algo", "Scrypt");
|
||||
insert_statement.bindValue(":i1", i1);
|
||||
insert_statement.bindValue(":i2", i2);
|
||||
insert_statement.bindValue(":i3", i3);
|
||||
insert_statement.bindValue(":ks", m_keySize);
|
||||
insert_statement.bindValue(":salt", salt_str);
|
||||
if (!insert_statement.exec()) {
|
||||
//throw std::runtime_error("PasswordManager::KeyStrengthener::saveParams failed");
|
||||
auto err = insert_statement.lastError();
|
||||
throw SqlException(err);
|
||||
m_cipher = BlockCipher::create_or_throw("AES-256");
|
||||
m_hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)");
|
||||
m_hmac->set_key(master_key);
|
||||
|
||||
m_cipher->set_key(m_hmac->process("wrap"));
|
||||
m_hmac->set_key(m_hmac->process("hmac"));
|
||||
}
|
||||
|
||||
}
|
||||
std::string set(const std::string& name, const uint8_t val[], size_t len) const
|
||||
{
|
||||
/*
|
||||
* Both as a basic precaution wrt key seperation, and specifically to prevent
|
||||
* cut-and-paste attacks against the database, each PSK is encrypted with a
|
||||
* distinct key which is derived by hashing the wrapped key name with HMAC.
|
||||
*/
|
||||
const std::vector<uint8_t> wrapped_name =
|
||||
nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()),
|
||||
name.size(),
|
||||
*m_cipher);
|
||||
|
||||
std::unique_ptr<BlockCipher> wrap_cipher(m_cipher->clone());
|
||||
wrap_cipher->set_key(m_hmac->process(wrapped_name));
|
||||
const std::vector<uint8_t> wrapped_key = nist_key_wrap_padded(val, len, *wrap_cipher);
|
||||
|
||||
return base64_encode(wrapped_key);
|
||||
}
|
||||
|
||||
secure_vector<uint8_t> get(const std::string& name, const std::string &wrapped_key) const
|
||||
{
|
||||
const std::vector<uint8_t> wrapped_name =
|
||||
nist_key_wrap_padded(cast_char_ptr_to_uint8(name.data()),
|
||||
name.size(),
|
||||
*m_cipher);
|
||||
|
||||
const secure_vector<uint8_t> val = base64_decode(wrapped_key);
|
||||
|
||||
std::unique_ptr<BlockCipher> wrap_cipher(m_cipher->clone());
|
||||
wrap_cipher->set_key(m_hmac->process(wrapped_name));
|
||||
|
||||
return nist_key_unwrap_padded(val.data(), val.size(), *wrap_cipher);
|
||||
}
|
||||
private:
|
||||
std::unique_ptr<BlockCipher> m_cipher;
|
||||
std::unique_ptr<MessageAuthenticationCode> m_hmac;
|
||||
};
|
||||
|
||||
// -------------------------
|
||||
|
||||
|
|
@ -173,18 +91,27 @@ bool PasswordManager::initialized(QSqlDatabase& db)
|
|||
return isPskStoreInitialized(db);
|
||||
}
|
||||
|
||||
std::tuple<Botan::secure_vector<uint8_t>, Botan::secure_vector<uint8_t>>
|
||||
PasswordManager::deriveKey(KeyStrengthener &ks, QString passphrase)
|
||||
{
|
||||
auto master_key = ks.derive(passphrase.toUtf8().data());
|
||||
|
||||
std::unique_ptr<Botan::HashFunction> hash3(Botan::HashFunction::create("SHA-3"));
|
||||
hash3->update(master_key);
|
||||
auto mkh = hash3->final();
|
||||
return { master_key, mkh };
|
||||
}
|
||||
|
||||
bool PasswordManager::createDatabase(QSqlDatabase &db, QString passphrase)
|
||||
{
|
||||
m_cryptoEngine.reset();
|
||||
if (!isPskStoreInitialized(db)) {
|
||||
initializeNewPskStore(db);
|
||||
auto ks = createKeyStrengthener();
|
||||
ks.saveParams(db, m_secretAlgoTableName);
|
||||
|
||||
auto master_key = ks.derive(passphrase.toUtf8().data());
|
||||
|
||||
std::unique_ptr<Botan::HashFunction> hash3(Botan::HashFunction::create("SHA-3"));
|
||||
hash3->update(master_key);
|
||||
auto mkh = QString::fromUtf8(Botan::base64_encode(hash3->final()).c_str());
|
||||
auto [master_key, mkh_bin] = deriveKey(ks, passphrase);
|
||||
auto mkh = QString::fromUtf8(Botan::base64_encode(mkh_bin).c_str());
|
||||
|
||||
QSqlQuery q_ins_hash(db);
|
||||
q_ins_hash.prepare("INSERT INTO " + m_secretHashTableName + "(id, hash) VALUES(:id, :hash)");
|
||||
|
|
@ -196,7 +123,7 @@ bool PasswordManager::createDatabase(QSqlDatabase &db, QString passphrase)
|
|||
throw SqlException(err);
|
||||
}
|
||||
|
||||
m_pskDatabase = std::make_unique<QPSK_Database>(master_key, db, m_passwordTableName);
|
||||
m_cryptoEngine = std::make_unique<PasswordCryptoEngine>(master_key);
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
|
@ -204,20 +131,17 @@ bool PasswordManager::createDatabase(QSqlDatabase &db, QString passphrase)
|
|||
|
||||
bool PasswordManager::openDatabase(QSqlDatabase &db, QString passphrase)
|
||||
{
|
||||
m_cryptoEngine.reset();
|
||||
if (isPskStoreInitialized(db)) {
|
||||
auto ks = getKeyStrengthener(db);
|
||||
|
||||
auto master_key = ks.derive(passphrase.toUtf8().data());
|
||||
std::unique_ptr<Botan::HashFunction> hash3(Botan::HashFunction::create("SHA-3"));
|
||||
hash3->update(master_key);
|
||||
auto mkh_bin = hash3->final();
|
||||
auto [master_key, mkh_bin] = deriveKey(ks, passphrase);
|
||||
|
||||
QSqlQuery q("SELECT hash FROM " + m_secretHashTableName + " WHERE id=1", db);
|
||||
if (q.next()) {
|
||||
auto hash_b64 = q.value(0).toString().toUtf8();
|
||||
auto hash_bin = Botan::base64_decode(hash_b64.data(), static_cast<size_t>(hash_b64.size()));
|
||||
if (hash_bin == mkh_bin) {
|
||||
m_pskDatabase = std::make_unique<QPSK_Database>(master_key, db, m_passwordTableName);
|
||||
m_cryptoEngine = std::make_unique<PasswordCryptoEngine>(master_key);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -227,52 +151,35 @@ bool PasswordManager::openDatabase(QSqlDatabase &db, QString passphrase)
|
|||
|
||||
void PasswordManager::closeDatabase()
|
||||
{
|
||||
m_pskDatabase.reset();
|
||||
m_cryptoEngine.reset();
|
||||
}
|
||||
|
||||
bool PasswordManager::locked() const
|
||||
{
|
||||
return m_pskDatabase == nullptr;
|
||||
return m_cryptoEngine == nullptr;
|
||||
}
|
||||
|
||||
void PasswordManager::set(const std::string &id, const std::string &passwd)
|
||||
std::string PasswordManager::encrypt(const std::string &name, const std::string &passwd)
|
||||
{
|
||||
if (m_pskDatabase) {
|
||||
m_pskDatabase->set_str(id, passwd);
|
||||
if (m_cryptoEngine) {
|
||||
return m_cryptoEngine->set(name, reinterpret_cast<const uint8_t*>(passwd.data()), passwd.length());
|
||||
}
|
||||
else {
|
||||
throw PasswordManagerLockedException();
|
||||
}
|
||||
}
|
||||
|
||||
bool PasswordManager::get(const std::string &id, std::string &password)
|
||||
std::string PasswordManager::decrypt(const std::string &id, const std::string &encpwd)
|
||||
{
|
||||
if (m_pskDatabase) {
|
||||
try {
|
||||
password = m_pskDatabase->get_str(id);
|
||||
return true;
|
||||
}
|
||||
catch (const Botan::Invalid_Argument &) {
|
||||
// not present
|
||||
return false;
|
||||
}
|
||||
if (m_cryptoEngine) {
|
||||
secure_vector<uint8_t> decoded = m_cryptoEngine->get(id, encpwd);
|
||||
return std::string(reinterpret_cast<const char*>(decoded.data()), decoded.size());
|
||||
}
|
||||
else {
|
||||
throw PasswordManagerLockedException();
|
||||
}
|
||||
}
|
||||
|
||||
void PasswordManager::remove(const std::string &id)
|
||||
{
|
||||
if (m_pskDatabase) {
|
||||
m_pskDatabase->remove(id);
|
||||
}
|
||||
else {
|
||||
throw PasswordManagerLockedException();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void PasswordManager::initializeNewPskStore(QSqlDatabase &db)
|
||||
{
|
||||
// // Create tables
|
||||
|
|
@ -347,7 +254,7 @@ bool PasswordManager::isPskStoreInitialized(QSqlDatabase& db)
|
|||
return true;
|
||||
}
|
||||
|
||||
PasswordManager::KeyStrengthener PasswordManager::getKeyStrengthener(QSqlDatabase &db)
|
||||
KeyStrengthener PasswordManager::getKeyStrengthener(QSqlDatabase &db)
|
||||
{
|
||||
QSqlQuery query("SELECT algo, i1, i2, i3, ks, salt FROM " + m_secretAlgoTableName + " WHERE id=1", db);
|
||||
if (query.next()) {
|
||||
|
|
@ -370,10 +277,8 @@ PasswordManager::KeyStrengthener PasswordManager::getKeyStrengthener(QSqlDatabas
|
|||
}
|
||||
}
|
||||
|
||||
PasswordManager::KeyStrengthener PasswordManager::createKeyStrengthener()
|
||||
KeyStrengthener PasswordManager::createKeyStrengthener()
|
||||
{
|
||||
// std::unique_ptr<Botan::PasswordHash> pwh;
|
||||
|
||||
size_t key_size = 64;
|
||||
Botan::secure_vector<uint8_t> salt(key_size);
|
||||
Botan::AutoSeeded_RNG rng;
|
||||
|
|
|
|||
|
|
@ -2,23 +2,19 @@
|
|||
#define PASSWORDMANAGER_H
|
||||
|
||||
#include "Expected.h"
|
||||
#include "KeyStrengthener.h"
|
||||
#include <QSqlDatabase>
|
||||
#include <botan/secmem.h>
|
||||
#include <string>
|
||||
#include <tuple>
|
||||
#include <memory>
|
||||
|
||||
#include <botan/pwdhash.h>
|
||||
|
||||
|
||||
//#include <botan/botan.h>
|
||||
//#include <botan/symkey.h>
|
||||
|
||||
#include <map>
|
||||
|
||||
namespace Botan {
|
||||
|
||||
class Encrypted_PSK_Database;
|
||||
//class Sqlite3_Database;
|
||||
class PasswordHash;
|
||||
|
||||
}
|
||||
|
|
@ -33,6 +29,7 @@ public:
|
|||
using PasswordManagerException::PasswordManagerException;
|
||||
|
||||
};
|
||||
class PasswordCryptoEngine;
|
||||
|
||||
class PasswordManager {
|
||||
public:
|
||||
|
|
@ -57,58 +54,24 @@ public:
|
|||
void closeDatabase();
|
||||
bool locked() const;
|
||||
|
||||
void set(const std::string &id, const std::string &passwd);
|
||||
bool get(const std::string &id, std::string &password);
|
||||
void remove(const std::string &id);
|
||||
std::string encrypt(const std::string &id, const std::string &passwd);
|
||||
std::string decrypt(const std::string &id, const std::string &encpwd);
|
||||
// void remove(const std::string &id);
|
||||
private:
|
||||
QString m_passwordTableName = "psk_passwd";
|
||||
QString m_secretAlgoTableName = "psk_masterkey_algo";
|
||||
QString m_secretHashTableName = "psk_masterkey_hash";
|
||||
std::unique_ptr<Botan::Encrypted_PSK_Database> m_pskDatabase;
|
||||
std::unique_ptr<PasswordCryptoEngine> m_cryptoEngine;
|
||||
|
||||
bool isPskStoreInitialized(QSqlDatabase& db);
|
||||
void initializeNewPskStore(QSqlDatabase &db);
|
||||
|
||||
class KeyStrengthener {
|
||||
public:
|
||||
KeyStrengthener() = default;
|
||||
KeyStrengthener(std::unique_ptr<Botan::PasswordHash> hasher, Botan::secure_vector<uint8_t> salt, size_t keysize)
|
||||
: m_hasher (std::move(hasher))
|
||||
, m_salt (std::move(salt))
|
||||
, m_keySize(keysize)
|
||||
{}
|
||||
|
||||
KeyStrengthener(const KeyStrengthener&) = delete;
|
||||
KeyStrengthener& operator=(const KeyStrengthener &) = delete;
|
||||
|
||||
KeyStrengthener(KeyStrengthener &&rhs)
|
||||
: m_hasher (std::move(rhs.m_hasher))
|
||||
, m_salt (std::move(rhs.m_salt))
|
||||
, m_keySize(rhs.m_keySize)
|
||||
{}
|
||||
|
||||
KeyStrengthener& operator=(KeyStrengthener &&rhs)
|
||||
{
|
||||
if (&rhs != this) {
|
||||
m_hasher = std::move(rhs.m_hasher);
|
||||
m_salt = std::move(rhs.m_salt);
|
||||
m_keySize = rhs.m_keySize;
|
||||
}
|
||||
return *this;
|
||||
}
|
||||
|
||||
Botan::secure_vector<uint8_t> derive(const std::string &passphrase);
|
||||
void saveParams(QSqlDatabase &db, const QString &table_name);
|
||||
private:
|
||||
std::unique_ptr<Botan::PasswordHash> m_hasher;
|
||||
Botan::secure_vector<uint8_t> m_salt;
|
||||
size_t m_keySize;
|
||||
};
|
||||
|
||||
/// Get PasswordHash from parameters in database
|
||||
KeyStrengthener getKeyStrengthener(QSqlDatabase &db);
|
||||
KeyStrengthener createKeyStrengthener();
|
||||
|
||||
std::tuple<Botan::secure_vector<uint8_t>, Botan::secure_vector<uint8_t>>
|
||||
deriveKey(KeyStrengthener &ks, QString passphrase);
|
||||
};
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ error( "Couldn't find the common.pri file!" )
|
|||
#DEFINES += QT_DISABLE_DEPRECATED_BEFORE=0x060000 # disables all the APIs deprecated before Qt 6.0.0
|
||||
|
||||
SOURCES += my_boost_assert_handler.cpp \
|
||||
KeyStrengthener.cpp \
|
||||
SqlLexer.cpp \
|
||||
PasswordManager.cpp \
|
||||
CsvWriter.cpp \
|
||||
|
|
@ -36,6 +37,7 @@ SOURCES += my_boost_assert_handler.cpp \
|
|||
SqlAstExpression.cpp
|
||||
|
||||
HEADERS += PasswordManager.h \
|
||||
KeyStrengthener.h \
|
||||
SqlLexer.h \
|
||||
ScopeGuard.h \
|
||||
CsvWriter.h \
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue