From add4846d799315d4149b96ca09c65db0dd7675eb Mon Sep 17 00:00:00 2001
From: Kyle Manna <kyle@kylemanna.com>
Date: Mon, 26 May 2014 00:29:41 -0700
Subject: [PATCH] format: Add challenge response result to final key hash

* The challengeMasterSeed() function return empty if not present
  maintaining backwards compatability.
* This commit is where the challenge response result is computed into
  the final key  used to encrypt or decrypt the database.

Signed-off-by: Kyle Manna <kyle@kylemanna.com>
---
 src/format/KeePass2Reader.cpp | 1 +
 src/format/KeePass2Writer.cpp | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/format/KeePass2Reader.cpp b/src/format/KeePass2Reader.cpp
index b45cefa6..17e007d7 100644
--- a/src/format/KeePass2Reader.cpp
+++ b/src/format/KeePass2Reader.cpp
@@ -115,6 +115,7 @@ Database* KeePass2Reader::readDatabase(QIODevice* device, const CompositeKey& ke
 
     CryptoHash hash(CryptoHash::Sha256);
     hash.addData(m_masterSeed);
+    hash.addData(m_db->challengeMasterSeed(m_masterSeed));
     hash.addData(m_db->transformedMasterKey());
     QByteArray finalKey = hash.result();
 
diff --git a/src/format/KeePass2Writer.cpp b/src/format/KeePass2Writer.cpp
index dfbbf353..3a3195a0 100644
--- a/src/format/KeePass2Writer.cpp
+++ b/src/format/KeePass2Writer.cpp
@@ -53,6 +53,7 @@ void KeePass2Writer::writeDatabase(QIODevice* device, Database* db)
 
     CryptoHash hash(CryptoHash::Sha256);
     hash.addData(masterSeed);
+    hash.addData(db->challengeMasterSeed(masterSeed));
     Q_ASSERT(!db->transformedMasterKey().isEmpty());
     hash.addData(db->transformedMasterKey());
     QByteArray finalKey = hash.result();