MiKee
/
KeePass


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
							// Header.swift
// This file is part of KeePass.swift
//
// Copyright © 2021 Maxime Epain. All rights reserved.
//
// KeePass.swift is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// KeePass.swift is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with KeePass.swift. If not, see <https://www.gnu.org/licenses/>.

import Binary
import Crypto
import Foundation

struct Header {
    let cipher: Flag
    let version: UInt32
    let masterSeed: Bytes
    let initialVector: Bytes
    var groups: UInt32
    var entries: UInt32
    var contentHash: Bytes
    let transformSeed: Bytes
    let transformRounds: UInt32
}

struct Flag: OptionSet, Streamable {
    let rawValue: UInt32

    static let sha2 = Flag(rawValue: 1 << 0)
    static let aes = Flag(rawValue: 1 << 1)
    static let arc4 = Flag(rawValue: 1 << 2)
    static let twofish = Flag(rawValue: 1 << 3)
}

extension Header: Streamable {

    init(from input: Input) throws {
        cipher = try input.read()
        version = try input.read()
        masterSeed = try input.read(lenght: 16)
        initialVector = try input.read(lenght: 16)
        groups = try input.read()
        entries = try input.read()
        contentHash = try input.read(lenght: 32)
        transformSeed = try input.read(lenght: 32)
        transformRounds = try input.read()
    }

    func write(to output: Output) throws {
        try output.write(cipher)
        try output.write(version)
        try output.write(masterSeed)
        try output.write(initialVector)
        try output.write(groups)
        try output.write(entries)
        try output.write(contentHash)
        try output.write(transformSeed)
        try output.write(transformRounds)
    }
}

extension Header {

    func cipher(key: Bytes) throws -> Cipher {
        if cipher.contains(.aes) {
            return try AESCipher(key: key, iv: initialVector)
        }

        if cipher.contains(.twofish) {
            return try Twofish(key: key, iv: initialVector)
        }

        throw KDBError.unsupportedCipher
    }

    func masterKey(from compositeKey: CompositeKey) throws -> Bytes {
        let key = try compositeKey.serialize()

        // Key Derivation
        let kdf = try AESKeyDerivation(seed: transformSeed, rounds: UInt64(transformRounds))
        let derivedKey = try kdf.derive(key: key)

        return SHA256.hash(masterSeed + derivedKey)
    }
}