From 553d929f3a7543c55381894058ed7d3777e68e68 Mon Sep 17 00:00:00 2001 From: DenioD <41270280+DenioD@users.noreply.github.com> Date: Sun, 14 Jun 2020 21:19:22 +0200 Subject: [PATCH] use blake3 for salt and pwhash for passphrase hash --- src/chatmodel.cpp | 2 +- src/controller.cpp | 6 ++-- src/firsttimewizard.cpp | 44 +++++++++++++++++++------- src/mainwindow.cpp | 68 ++++++++++++++++++++++++++++++++--------- 4 files changed, 90 insertions(+), 30 deletions(-) diff --git a/src/chatmodel.cpp b/src/chatmodel.cpp index c27c495..876c296 100644 --- a/src/chatmodel.cpp +++ b/src/chatmodel.cpp @@ -443,7 +443,7 @@ Tx MainWindow::createTxFromChatPage() { int lengthmemo = memoplain.length(); char *memoplainchar = NULL; - memoplainchar = new char[lengthmemo+1]; + memoplainchar = new char[lengthmemo+2]; strncpy(memoplainchar, memoplain.toUtf8(), lengthmemo +1); QString pubkey = this->getPubkeyByAddress(addr); diff --git a/src/controller.cpp b/src/controller.cpp index 72f383d..6dfda83 100644 --- a/src/controller.cpp +++ b/src/controller.cpp @@ -1061,7 +1061,7 @@ void Controller::refreshTransactions() { } - const QByteArray ba = QByteArray::fromHex(memo.toLatin1()); + const QByteArray ba = QByteArray::fromHex(memo.toUtf8()); const unsigned char *encryptedMemo = reinterpret_cast(ba.constData()); const QByteArray ba1 = QByteArray::fromHex(headerbytes.toLatin1()); @@ -1321,7 +1321,7 @@ void Controller::refreshTransactions() { - const QByteArray ba = QByteArray::fromHex(memo.toLatin1()); + const QByteArray ba = QByteArray::fromHex(memo.toUtf8()); const unsigned char *encryptedMemo = reinterpret_cast(ba.constData()); const QByteArray ba1 = QByteArray::fromHex(headerbytes.toLatin1()); @@ -1341,7 +1341,7 @@ void Controller::refreshTransactions() { //////Set the length of the decrypted message - unsigned char decrypted[MESSAGE1_LEN]; + unsigned char decrypted[MESSAGE1_LEN+1]; unsigned char tag[crypto_secretstream_xchacha20poly1305_TAG_FINAL]; crypto_secretstream_xchacha20poly1305_state state; diff --git a/src/firsttimewizard.cpp b/src/firsttimewizard.cpp index 18f5487..f3f3348 100644 --- a/src/firsttimewizard.cpp +++ b/src/firsttimewizard.cpp @@ -61,10 +61,13 @@ NewOrRestorePage::NewOrRestorePage(FirstTimeWizard *parent) : QWizardPage(parent auto fnPasswordEdited = [=](const QString&) { // Enable the Finish button if the passwords match. - QString Password = form.txtPassword->text(); + QString passphraseBlank = form.txtPassword->text(); + + QString passphrase = QString("HUSH3") + passphraseBlank + QString("SDL"); + if (!form.txtPassword->text().isEmpty() && - form.txtPassword->text() == form.txtConfirmPassword->text() && Password.size() >= 16) { + form.txtPassword->text() == form.txtConfirmPassword->text() && passphraseBlank.size() >= 16) { form.lblPasswordMatch->setText(""); parent->button(QWizard::CommitButton)->setEnabled(true); @@ -72,18 +75,37 @@ NewOrRestorePage::NewOrRestorePage(FirstTimeWizard *parent) : QWizardPage(parent form.radioRestoreWallet->setEnabled(true); form.radioNewWallet->setEnabled(true); form.radioNewWallet->setChecked(true); - int length = Password.length(); - char *sequence = NULL; - sequence = new char[length+1]; - strncpy(sequence, Password.toUtf8(), length +1); - QString str = blake3_PW(sequence); - qDebug() << str; - DataStore::getChatDataStore()->setPassword(str); + int length = passphrase.length(); + + char *sequence = NULL; + sequence = new char[length+1]; + strncpy(sequence, passphrase.toUtf8(), length +1); + + QString passphraseHash = blake3_PW(sequence); + char *sequence1 = NULL; - sequence1 = new char[length]; - strncpy(sequence1, str.toUtf8(), length); + sequence1 = new char[length+1]; + strncpy(sequence1, passphraseHash.toUtf8(), length+1); + + #define MESSAGE ((const unsigned char *) sequence) + #define MESSAGE_LEN length + #define hash ((const unsigned char *) sequence1) + + #define PASSWORD sequence + #define KEY_LEN crypto_box_SEEDBYTES + + unsigned char key[KEY_LEN]; + + if (crypto_pwhash + (key, sizeof key, PASSWORD, strlen(PASSWORD), hash, + crypto_pwhash_OPSLIMIT_SENSITIVE, crypto_pwhash_MEMLIMIT_SENSITIVE, + crypto_pwhash_ALG_DEFAULT) != 0) { + /* out of memory */ +} + QString passphraseHash1 = QByteArray(reinterpret_cast(key), KEY_LEN).toHex(); + DataStore::getChatDataStore()->setPassword(passphraseHash1); //main->setPassword(Password); //qDebug()<<"Objekt gesetzt"; diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index df05260..2184a06 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -318,13 +318,16 @@ void MainWindow::closeEvent(QCloseEvent* event) { #define PASSWORD sequence #define KEY_LEN crypto_box_SEEDBYTES + + const QByteArray ba = QByteArray::fromHex(passphraseHash.toLatin1()); + const unsigned char *encryptedMemo1 = reinterpret_cast(ba.constData()); auto dir = QDir(QStandardPaths::writableLocation(QStandardPaths::AppDataLocation)); QString sourceWallet_file = dirwallet; QString target_encWallet_file = dirwalletenc; // FileEncryption::encrypt(target_enc_file, source_file, key); - FileEncryption::encrypt(target_encWallet_file, sourceWallet_file, PassphraseHashEnd); + FileEncryption::encrypt(target_encWallet_file, sourceWallet_file, encryptedMemo1); QFile wallet(dirwallet); wallet.remove(); @@ -375,7 +378,8 @@ void MainWindow::encryptWallet() { if (d.exec() == QDialog::Accepted) { - QString passphrase = ed.txtPassword->text(); // data comes from user inputs + QString passphraseBlank = ed.txtPassword->text(); // data comes from user inputs + QString passphrase = QString("HUSH3") + passphraseBlank + QString("SDL"); int length = passphrase.length(); @@ -390,18 +394,30 @@ void MainWindow::encryptWallet() { sequence1 = new char[length+1]; strncpy(sequence1, passphraseHash.toUtf8(), length+1); - #define MESSAGE1 ((const unsigned char *) sequence1) + #define MESSAGE ((const unsigned char *) sequence) #define MESSAGE_LEN length + #define hash ((const unsigned char *) sequence1) #define PASSWORD sequence #define KEY_LEN crypto_box_SEEDBYTES + unsigned char key[KEY_LEN]; + + if (crypto_pwhash + (key, sizeof key, PASSWORD, strlen(PASSWORD), hash, + crypto_pwhash_OPSLIMIT_SENSITIVE, crypto_pwhash_MEMLIMIT_SENSITIVE, + crypto_pwhash_ALG_DEFAULT) != 0) { + /* out of memory */ +} + QString passphraseHash1 = QByteArray(reinterpret_cast(key), KEY_LEN).toHex(); + DataStore::getChatDataStore()->setPassword(passphraseHash1); + auto dir = QDir(QStandardPaths::writableLocation(QStandardPaths::AppDataLocation)); auto dirHome = QDir(QStandardPaths::writableLocation(QStandardPaths::HomeLocation)); QString sourceWallet_file = dirwallet; QString target_encWallet_file = dirwalletenc; - FileEncryption::encrypt(target_encWallet_file, sourceWallet_file, MESSAGE1); + FileEncryption::encrypt(target_encWallet_file, sourceWallet_file, key); QFile wallet(dirwallet); wallet.rename(dirwalletbackup); @@ -445,7 +461,10 @@ void MainWindow::removeWalletEncryption() { if (d.exec() == QDialog::Accepted) { - QString passphrase = ed.txtPassword->text(); // data comes from user inputs + QString passphraseBlank = ed.txtPassword->text(); // data comes from user inputs + + QString passphrase = QString("HUSH3") + passphraseBlank + QString("SDL"); + int length = passphrase.length(); char *sequence = NULL; @@ -458,20 +477,27 @@ void MainWindow::removeWalletEncryption() { sequence1 = new char[length+1]; strncpy(sequence1, passphraseHash.toUtf8(), length+1); - #define MESSAGE3 ((const unsigned char *) sequence1) - #define MESSAGE3_LEN length + #define hash ((const unsigned char *) sequence1) #define PASSWORD sequence #define KEY_LEN crypto_box_SEEDBYTES + unsigned char key[KEY_LEN]; + + if (crypto_pwhash + (key, sizeof key, PASSWORD, strlen(PASSWORD), hash, + crypto_pwhash_OPSLIMIT_SENSITIVE, crypto_pwhash_MEMLIMIT_SENSITIVE, + crypto_pwhash_ALG_DEFAULT) != 0) { + /* out of memory */ +} auto dir = QDir(QStandardPaths::writableLocation(QStandardPaths::AppDataLocation)); auto dirHome = QDir(QStandardPaths::writableLocation(QStandardPaths::HomeLocation)); QString target_encwallet_file = dirwalletenc; QString target_decwallet_file = dirwallet; - FileEncryption::decrypt(target_decwallet_file, target_encwallet_file, MESSAGE3); + FileEncryption::decrypt(target_decwallet_file, target_encwallet_file, key); QFile filencrypted(dirwalletenc); @@ -507,7 +533,9 @@ void MainWindow::removeWalletEncryptionStartUp() { if (d.exec() == QDialog::Accepted) { - QString passphrase = ed.txtPassword->text(); // data comes from user inputs + QString passphraseBlank = ed.txtPassword->text(); // data comes from user inputs + + QString passphrase = QString("HUSH3") + passphraseBlank + QString("SDL"); int length = passphrase.length(); char *sequence = NULL; @@ -515,7 +543,7 @@ void MainWindow::removeWalletEncryptionStartUp() { strncpy(sequence, passphrase.toUtf8(), length +1); QString passphraseHash = blake3_PW(sequence); - DataStore::getChatDataStore()->setPassword(passphraseHash); + char *sequence1 = NULL; sequence1 = new char[length+1]; @@ -527,16 +555,26 @@ void MainWindow::removeWalletEncryptionStartUp() { #define PASSWORD sequence #define KEY_LEN crypto_box_SEEDBYTES - - { + + unsigned char key[KEY_LEN]; + + if (crypto_pwhash + (key, sizeof key, PASSWORD, strlen(PASSWORD), hash, + crypto_pwhash_OPSLIMIT_SENSITIVE, crypto_pwhash_MEMLIMIT_SENSITIVE, + crypto_pwhash_ALG_DEFAULT) != 0) { + /* out of memory */ +} + QString passphraseHash1 = QByteArray(reinterpret_cast(key), KEY_LEN).toHex(); + DataStore::getChatDataStore()->setPassword(passphraseHash1); + auto dir = QDir(QStandardPaths::writableLocation(QStandardPaths::AppDataLocation)); - auto dirHome = QDir(QStandardPaths::writableLocation(QStandardPaths::HomeLocation)); + QString target_encwallet_file = dirwalletenc; QString target_decwallet_file = dirwallet; - FileEncryption::decrypt(target_decwallet_file, target_encwallet_file, hash); + FileEncryption::decrypt(target_decwallet_file, target_encwallet_file, key); - } + auto dirHome = QDir(QStandardPaths::writableLocation(QStandardPaths::HomeLocation)); QFile wallet(dirwallet);