Add optional support for Botan3 (#8994)

2023-02-18 16:38:39 -05:00
parent 4a30417f76
commit f9f82e9705
11 changed files with 171 additions and 14 deletions
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -338,7 +338,7 @@ target_link_libraries(keepassx_core
        Qt5::Concurrent
        Qt5::Network
        Qt5::Widgets
-        ${BOTAN2_LIBRARIES}
+        ${BOTAN_LIBRARIES}
        ${PCSC_LIBRARIES}
        ${ZXCVBN_LIBRARIES}
        ${ZLIB_LIBRARIES}
--- a/src/browser/CMakeLists.txt
+++ b/src/browser/CMakeLists.txt
@@ -33,5 +33,5 @@ if(WITH_XC_BROWSER)
            )

    add_library(keepassxcbrowser STATIC ${keepassxcbrowser_SOURCES})
-    target_link_libraries(keepassxcbrowser Qt5::Core Qt5::Concurrent Qt5::Widgets Qt5::Network ${BOTAN2_LIBRARIES})
+    target_link_libraries(keepassxcbrowser Qt5::Core Qt5::Concurrent Qt5::Widgets Qt5::Network ${BOTAN_LIBRARIES})
 endif()
--- a/src/config-keepassx.h.cmake
+++ b/src/config-keepassx.h.cmake
@@ -14,6 +14,7 @@

 #cmakedefine WITH_XC_AUTOTYPE
 #cmakedefine WITH_XC_NETWORKING
+#cmakedefine KPXC_DEV_BOTAN3
 #cmakedefine WITH_XC_BROWSER
 #cmakedefine WITH_XC_YUBIKEY
 #cmakedefine WITH_XC_SSHAGENT
--- a/src/crypto/Crypto.cpp
+++ b/src/crypto/Crypto.cpp
@@ -18,6 +18,8 @@

 #include "Crypto.h"

+#include "config-keepassx.h"
+
 #include "crypto/CryptoHash.h"
 #include "crypto/SymmetricCipher.h"

@@ -237,8 +239,16 @@ namespace Crypto
 {
    bool init()
    {
-        if (Botan::version_major() != 2 || Botan::version_minor() < 11) {
-            g_cryptoError = QObject::tr("Botan library must be at least 2.11.x, found %1.%2.%3")
+#ifdef KPXC_DEV_BOTAN3
+        unsigned int version_major = 3, min_version_minor = 0;
+        QString versionString = "3.x";
+#else
+        unsigned int version_major = 2, min_version_minor = 11;
+        QString versionString = "2.11.x";
+#endif
+        if (Botan::version_major() != version_major || Botan::version_minor() < min_version_minor) {
+            g_cryptoError = QObject::tr("Botan library must be at least %1, found %2.%3.%4")
+                                .arg(versionString)
                                .arg(Botan::version_major())
                                .arg(Botan::version_minor())
                                .arg(Botan::version_patch());
--- a/src/fdosecrets/CMakeLists.txt
+++ b/src/fdosecrets/CMakeLists.txt
@@ -31,5 +31,5 @@ if(WITH_XC_FDOSECRETS)
        objects/Prompt.cpp
        dbus/DBusTypes.cpp
    )
-    target_link_libraries(fdosecrets Qt5::Core Qt5::Widgets Qt5::DBus ${BOTAN2_LIBRARIES})
+    target_link_libraries(fdosecrets Qt5::Core Qt5::Widgets Qt5::DBus ${BOTAN_LIBRARIES})
 endif()
--- a/src/fdosecrets/objects/SessionCipher.cpp
+++ b/src/fdosecrets/objects/SessionCipher.cpp
@@ -17,12 +17,19 @@

 #include "SessionCipher.h"

+#include "config-keepassx.h"
+
 #include "crypto/Random.h"
 #include "crypto/SymmetricCipher.h"

 #include <QDebug>
 #include <botan/dh.h>
+
+#ifdef KPXC_DEV_BOTAN3
+#include <botan/pubkey.h>
+#else
 #include <botan/pk_ops.h>
+#endif

 namespace FdoSecrets
 {
@@ -50,6 +57,15 @@ namespace FdoSecrets

        try {
            Botan::secure_vector<uint8_t> salt(32, '\0');
+#ifdef KPXC_DEV_BOTAN3
+            Botan::PK_Key_Agreement dhka(*m_privateKey, *randomGen()->getRng(), "HKDF(SHA-256)", "");
+            auto aesKey = dhka.derive_key(16,
+                                          reinterpret_cast<const uint8_t*>(clientPublicKey.constData()),
+                                          clientPublicKey.size(),
+                                          salt.data(),
+                                          salt.size());
+            m_aesKey = QByteArray(reinterpret_cast<const char*>(aesKey.begin()), aesKey.size());
+#else
            auto dhka = m_privateKey->create_key_agreement_op(*randomGen()->getRng(), "HKDF(SHA-256)", "");
            auto aesKey = dhka->agree(16,
                                      reinterpret_cast<const uint8_t*>(clientPublicKey.constData()),
@@ -57,6 +73,7 @@ namespace FdoSecrets
                                      salt.data(),
                                      salt.size());
            m_aesKey = QByteArray(reinterpret_cast<char*>(aesKey.data()), aesKey.size());
+#endif
            return true;
        } catch (std::exception& e) {
            qCritical("Failed to update client public key: %s", e.what());
--- a/src/keeshare/CMakeLists.txt
+++ b/src/keeshare/CMakeLists.txt
@@ -16,6 +16,6 @@ if(WITH_XC_KEESHARE)
    find_package(Minizip REQUIRED)

    add_library(keeshare STATIC ${keeshare_SOURCES})
-    target_link_libraries(keeshare PUBLIC Qt5::Core Qt5::Widgets ${BOTAN2_LIBRARIES} ${ZLIB_LIBRARIES} PRIVATE ${MINIZIP_LIBRARIES})
+    target_link_libraries(keeshare PUBLIC Qt5::Core Qt5::Widgets ${BOTAN_LIBRARIES} ${ZLIB_LIBRARIES} PRIVATE ${MINIZIP_LIBRARIES})
    include_directories(${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
 endif(WITH_XC_KEESHARE)
--- a/src/proxy/CMakeLists.txt
+++ b/src/proxy/CMakeLists.txt
@@ -21,7 +21,7 @@ if(WITH_XC_BROWSER)

    # Alloc must be defined in a static library to prevent clashing with clang ASAN definitions
    add_library(proxy_alloc STATIC ../core/Alloc.cpp)
-    target_link_libraries(proxy_alloc PRIVATE Qt5::Core ${BOTAN2_LIBRARIES})
+    target_link_libraries(proxy_alloc PRIVATE Qt5::Core ${BOTAN_LIBRARIES})

    add_executable(keepassxc-proxy ${proxy_SOURCES})
    target_link_libraries(keepassxc-proxy proxy_alloc Qt5::Core Qt5::Network)