Use PasswordKey for storing transformed secrets.

The transformed secrets were stored in normal QByteArrays, which are at risk of being swapped out. We now use secure PasswordKey objects instead. There are still a few areas where QByteArrays are used for storing secrets, but since they are all temporary, they are less critical. It may be worth hunting those down as well, though.
2019-11-08 22:21:33 +01:00
parent 22af66e3b5
commit 5996ba51c9
4 changed files with 85 additions and 31 deletions
--- a/src/core/Database.h
+++ b/src/core/Database.h
@@ -23,12 +23,15 @@
 #include <QHash>
 #include <QObject>
 #include <QPointer>
+#include <QScopedPointer>

 #include "config-keepassx.h"
 #include "crypto/kdf/AesKdf.h"
 #include "crypto/kdf/Kdf.h"
 #include "format/KeePass2.h"
+#include "keys/PasswordKey.h"
 #include "keys/CompositeKey.h"
+
 class Entry;
 enum class EntryReferenceType;
 class FileWatcher;
@@ -162,18 +165,39 @@ private:
        bool isReadOnly = false;
        QUuid cipher = KeePass2::CIPHER_AES256;
        CompressionAlgorithm compressionAlgorithm = CompressionGZip;
-        QByteArray transformedMasterKey;
-        QSharedPointer<Kdf> kdf = QSharedPointer<AesKdf>::create(true);
-        QSharedPointer<const CompositeKey> key;
+
+        QScopedPointer<PasswordKey> masterSeed;
+        QScopedPointer<PasswordKey> transformedMasterKey;
+        QScopedPointer<PasswordKey> challengeResponseKey;
+
        bool hasKey = false;
-        QByteArray masterSeed;
-        QByteArray challengeResponseKey;
+        QSharedPointer<const CompositeKey> key;
+        QSharedPointer<Kdf> kdf = QSharedPointer<AesKdf>::create(true);
+
        QVariantMap publicCustomData;

        DatabaseData()
+            : masterSeed(new PasswordKey())
+            , transformedMasterKey(new PasswordKey())
+            , challengeResponseKey(new PasswordKey())
        {
            kdf->randomizeSeed();
        }
+
+        void clear()
+        {
+            filePath.clear();
+
+            masterSeed.reset();
+            transformedMasterKey.reset();
+            challengeResponseKey.reset();
+
+            hasKey = false;
+            key.reset();
+            kdf.reset();
+
+            publicCustomData.clear();
+        }
    };

    void createRecycleBin();