Support KDBX 4 format / Argon2 key derivation function about keepass-rs HOT 10 CLOSED

Just as a small update, I have started looking into KDBX4 and written a bunch of not-yet-functional code on the dev-kdbx4 branch. I still have to update the block decryption code, which is why there are Crypto errors.

KDBX4 definitely needs its own implementation of the DB parsing since the outer binary format has changed a lot. @sts10 this is way too much for a first PR but I'll try my best to get this working.

from keepass-rs.

Small update: I verified by patching some debug prints into the source code of KeepassXC that the keys seem to get transformed correctly also using the Argon2 KDF. Next up is verification of headers using Sha256/HMAC and the implementation of the HmacBlockStream now used for the encrypted data.

from keepass-rs.

Sorry for my delayed response here -- I was traveling.

Latest version of keepass-rs works great for Medic. Version 0.2.5 can successfully open a keepass 4 database! I added a test to make sure.

Thanks for your hard work!

from keepass-rs.

Yes, Argon2 is not currently supported and yes, it sounds like a good addition to this library. PRs are welcome, if you would like to contribute one.

I will be travelling for the next three weeks but can try to drop in here every now and then if you have questions.

Edit: And thanks for / good job on medic, that's a tool that I didn't realize I was missing!

from keepass-rs.

Gotcha. I'm a bit daunted by trying to make the change myself, but I can try!

I'm guessing that the error I'm seeing is from this LOC, so it's not really an "invalid compression suite" but rather an unsupported cipher. Maybe making this error message more descriptive would be a baby-step PR for me.

I'm also guessing that outer_cipher is the KDF, as opposed inner_ciper?

Upon some digging, it looks like for KDBX 4, "key derivation function parameters are stored in the header field with ID 11 (KdfParameters)" (source). So might need to write new parsing function(s) for KDBX 4?

from keepass-rs.

Correcting the error message sounds like a good first step.

No, the KDF is not the outer_cipher. Let me walk you through how the KeePass crypto used to work, hopefully that will clear things out.

In a nutshell, the KeePass crypto has several stages (see also this gist for some details https://gist.github.com/msmuenchen/9318327):

1. Derive a composite_key by concatenating password, keyfile, etc.

2. Key Derivation: Transform the composite_key into a transformed_key by repeatedly doing an AES/ECB encryption of the key in order to generate a high computational cost and protect against brute-forcing. Finally, hash the repeatedly encrypted key with SHA256 -- Probably, this is what you would have to replace with Argon2.

3. The master_key is a SHA256 hash of the concatenation of the master_seed and the transformed_key

4. The KeePass payload (several blocks of XML chunks) can now be decrypted using the outer_cipher - typically AES256 using CBC mode.. Since the first few bytes of decrypted payload are stored in the KeePass database, you can check here if everything went correctly until this step.

5. All blocks from the payload get assembled into an XML document representing the database

6. If a value in the XML (such as passwords) are marked as protected, the values can be decrypted using the inner_cipher (typically Salsa20), a stream_key and a fixed initialization vector. The code for the decryption of the XML fields is a bit hidden in the XML parsing code.

from keepass-rs.

Regarding what you will probably have to touch, the compression suite error could also come from this code checking for the compression_flag header value in addition to the line that you highlighted. According to the KDBX 4 docs that you linked, it looks like the header format changed quite a lot.

The KDBX 4 docs say:

As of KDBX 4, key derivation function parameters are stored in the header field with ID 11 (KdfParameters).

I didn't check this but here is the header parsing code that matches over the header field IDs. I am slightly confused why this code won't encounter an ID of 11 as the docs specify, though.

from keepass-rs.

Hmm, looking at the KDBX 4 docs, there might be a few more changes necessary. I unfortunately have to go right now but I hope that the notes that I left are still useful!

from keepass-rs.

I now managed to open a KDBX4 file and parse it, you can find the code in the dev-kdbx4 branch until I did some more cleanups. If you get a chance, please let me know if this is working for you!

from keepass-rs.

I've now merged into master together with some refactoring of the error handling and published v0.4.0 of the crate.

from keepass-rs.