Exemple #1
0
QString Security::decrypt(QString input)
{
    if(input.isEmpty())
    {
        return input;
    }
    QCA::Initializer init = QCA::Initializer();
    QCA::SymmetricKey key = QCA::SymmetricKey(QCA::SecureArray(ENC_KEY));
    QCA::InitializationVector iv = QCA::InitializationVector(QCA::SecureArray(ENC_INIT_VECTOR));
    QCA::Cipher cipher = QCA::Cipher(QString("aes128"), QCA::Cipher::CBC,
                                     QCA::Cipher::DefaultPadding, QCA::Encode,
                                     key, iv);
    if (!QCA::isSupported("aes128-cbc-pkcs7"))
    {
        qDebug() << "AES128 CBC PKCS7 not supported - "
                    "please check if qca-ossl plugin is"
                    "installed correctly !";
        return "";
    }
    cipher.setup(QCA::Decode, key, iv);
    QCA::SecureArray encryptedData = QCA::SecureArray(QCA::hexToArray(input));
    QCA::SecureArray decryptedData = cipher.process(encryptedData);
    //check if decryption succeded
    if (!cipher.ok())
    {
        return "";
    }
    return QString(decryptedData.data());
}
Exemple #2
0
QString Security::encrypt(QString input)
{
    //This uses QCA to encrypt passwords for FPT/SFTP before saving them with QSettings
    //This should probably have more randomness to be completely secure, but it's a bit better than plaintext.
    QCA::Initializer init = QCA::Initializer();
    QCA::SymmetricKey key = QCA::SymmetricKey(QCA::SecureArray(ENC_KEY));
    QCA::InitializationVector iv = QCA::InitializationVector(QCA::SecureArray(ENC_INIT_VECTOR));
    QCA::Cipher cipher = QCA::Cipher(QString("aes128"), QCA::Cipher::CBC,
                                     QCA::Cipher::DefaultPadding, QCA::Encode,
                                     key, iv);
    //check if aes128 is available
    if (!QCA::isSupported("aes128-cbc-pkcs7"))
    {
        qDebug() << "AES128 CBC PKCS7 not supported - "
                    "please check if qca-ossl plugin is"
                    "installed correctly !";
        return "";
    }
    QCA::SecureArray secureData = input.toAscii();
    QCA::SecureArray encryptedData = cipher.process(secureData);
    //check if encryption succeded
    if (!cipher.ok())
    {
        return "";
    }
    return QString(qPrintable(QCA::arrayToHex(encryptedData.toByteArray())));
}
Exemple #3
0
void
HatchetSipPlugin::webSocketConnected()
{
    tLog() << Q_FUNC_INFO << "WebSocket connected";

    if ( m_token.isEmpty() || !m_account->credentials().contains( "username" ) )
    {
        tLog() << Q_FUNC_INFO << "access token or username is empty, aborting";
        disconnectPlugin();
        return;
    }

    hatchetAccount()->setConnectionState( Tomahawk::Accounts::Account::Connected );
    m_sipState = AcquiringVersion;

    m_uuid = QUuid::createUuid().toString();
    QCA::SecureArray sa( m_uuid.toLatin1() );
    QCA::SecureArray result = m_publicKey->encrypt( sa, QCA::EME_PKCS1_OAEP );

    tDebug( LOGVERBOSE ) << Q_FUNC_INFO << "uuid:" << m_uuid << ", size of uuid:" << m_uuid.size() << ", size of sa:" << sa.size() << ", size of result:" << result.size();

    QVariantMap nonceVerMap;
    nonceVerMap[ "version" ] = VERSION;
    nonceVerMap[ "nonce" ] = QString( result.toByteArray().toBase64() );
    sendBytes( nonceVerMap );
}
Exemple #4
0
/**
 * @paragraph This method encrypts a data string and returns a map of the key, hash and vector
 * @brief ServerPanel::EncryptEntity
 * @param QString sData
 * @return QVariantMap
 */
QVariantMap ServerPanel::EncryptEntity(QString sData) {
    // Initialize the cryptographer
    QCA::Initializer qiInitialization           = QCA::Initializer();
    // Generate the key
    QCA::SymmetricKey qskKey                    = QCA::SymmetricKey(2048);
    // Generate the vector
    QCA::InitializationVector qivInitialization = QCA::InitializationVector(2048);
    // Create the cipher
    QCA::Cipher qcrCipher                       = QCA::Cipher("aes128", QCA::Cipher::CBC, QCA::Cipher::DefaultPadding, QCA::Encode, qskKey, qivInitialization);
    // Make sure AES128 is supported
    if (!QCA::isSupported("aes128-cbc-pkcs7")) {
        qDebug("AES128 CBC PKCS7 not supported - please check if qca-ossl plugin installed correctly !");
    }
    // Encrypt the data
    QCA::SecureArray qsaHash = qcrCipher.process(QCA::SecureArray(sData.toAscii()));
    // Setup the map to resturn
    QVariantMap qvmReturn;
    // Add the key
    qvmReturn.insert("qbaKey",    qskKey.toByteArray());
    // Add the vector
    qvmReturn.insert("qbaVector", qivInitialization.toByteArray());
    // Add the hash
    qvmReturn.insert("qbaHash",   qsaHash.toByteArray());
    // Return the map
    return qvmReturn;
}
QByteArray MessageContainerEncypted::bytes() {
    QByteArray buf = MessageContainerWrapper::bytes();

    if(!this->isEncryptionSupported()) {
        return buf;
    }
    //buf.prepend(this->version);
    
    QCA::Cipher* cipher = this->createCipher(QCA::Encode);
    //qDebug("MessageContainerEncyptor::bytes: message raw '%s'", qPrintable(QCA::arrayToHex(buf)));
    QCA::SecureArray secretText = cipher->process(buf);
    //qDebug("MessageContainerEncyptor::bytes: message encryped '%s'", qPrintable(QCA::arrayToHex(secretText.toByteArray())));
    return secretText.toByteArray();    
}
QByteArray EncryptioNgSimliteDecryptor::decrypt(const QByteArray &data, bool *ok)
{
	if (ok)
		*ok = false;

	if (!Valid)
		return data;

	//check if the message has at least the length of the shortest possible encrypted message
	if (data.length() < 192)
		return data;

	//decode the message from the Base64 encoding
	QCA::Base64 decoder(QCA::Decode);
	QCA::SecureArray decodedMessage = decoder.stringToArray(data);

	if (!decoder.ok())
		return data;

	//extract the Blowfish key (first 128 characters)
	QCA::SecureArray encryptedBlowfishKey(decodedMessage.toByteArray().left(128));
	//and the encrypted message (the rest)
	QCA::SecureArray encryptedMessage(decodedMessage.toByteArray().mid(128));

	QCA::SymmetricKey blowfishKey;
	if (!DecodingKey.decrypt(encryptedBlowfishKey, &blowfishKey, QCA::EME_PKCS1_OAEP))
		return data;

	//recreate the initialization vector (should be the same as the one used for ciphering)
	char ivec[8] = {0, 0, 0, 0, 0, 0, 0, 0};
	QCA::InitializationVector iv(QByteArray(ivec, 8));
	//now that we have the symmetric Blowfish key, we can decrypt the message;
	//create a 128 bit Blowfish cipher object using Cipher Block Chaining (CBC) mode,
	//with default padding and for decoding
	QCA::Cipher cipher(QString("blowfish"), QCA::Cipher::CBC, QCA::Cipher::DefaultPadding, QCA::Decode, blowfishKey, iv);

	//decipher the message (put the message into the decoding cipher object)
	QCA::SecureArray plainText = cipher.process(encryptedMessage);
	if (!cipher.ok())
		return data;

	//check whether the decrypted data length is at least the size of the header -
	//if not, then we have an invalid message
	if (plainText.size() < (int)sizeof(sim_message_header))
		return data;

	//extract the header from the decrypted data and check if the magic number is
	//correct
	sim_message_header head;
	memcpy(&head, plainText.data(), sizeof(sim_message_header));
	if (head.magicFirstPart != SIM_MAGIC_V1_1 || head.magicSecondPart != SIM_MAGIC_V1_2)
		return data;

	if (ok)
		*ok = true;

	//the message has been decrypted! :D
	//put it into the input/output byte array
	return cp2unicode(&plainText.data()[sizeof(sim_message_header)]).toUtf8();
}
bool MessageContainerEncypted::isValidFormat(const QByteArray& bytes) {

    if(!this->isEncryptionSupported()) {
        return MessageContainerWrapper::isValidFormat(bytes);
    }

    QByteArray myBytes = bytes;
    //if (bytes.length() && (byte)bytes[0] == this->version) {
    //    int len = bytes.length() - 1;
    //    myBytes = bytes.right(len);
    //
    //}

    QCA::Cipher* cipher = this->createCipher(QCA::Decode);
    //qDebug("SteganoCore::decryptData: message raw '%s'", qPrintable(QCA::arrayToHex(buf)));
    QCA::SecureArray clearText = cipher->process(myBytes);
    //qDebug("SteganoCore::decryptData: message decryped '%s'", qPrintable(QCA::arrayToHex(clearText.toByteArray())));
    return MessageContainerWrapper::isValidFormat(clearText.toByteArray());
}
Exemple #8
0
/**
 * @paragraph This method decrypts a system encrypted hash
 * @brief ServerPanel::DecryptEntity
 * @param QByteArray qbaKey
 * @param QByteArray qbaVector
 * @param QByteArray qbaHash
 * @return QString
 */
QVariantMap ServerPanel::DecryptEntity(QByteArray qbaKey, QByteArray qbaVector, QByteArray qbaHash) {
    // Initialize the cryptographer
    QCA::Initializer qiInitializer = QCA::Initializer();
    // Create the cipher
    QCA::Cipher qcrCipher          = QCA::Cipher("aes128", QCA::Cipher::CBC, QCA::Cipher::DefaultPadding, QCA::Decode, QCA::SymmetricKey(qbaKey), QCA::InitializationVector(qbaVector));
    // Decode the hash
    QCA::SecureArray qsaPlain      = qcrCipher.process(QCA::SecureArray(qbaHash));
    // Setup the return map
    QVariantMap qvmReturn;
    // Check the decryption status
    if (qcrCipher.ok()) {
        // Set the plain text entity
        qvmReturn.insert("sPlainText", QString(qsaPlain.data()));
        // Set the decryption status
        qvmReturn.insert("bSuccess", true);
    } else {
        // Set the decryption status
        qvmReturn.insert("bSuccess", false);
    }
    // Return the map
    return qvmReturn;
}
// Click on "OK"
void AdminPasswordOffice::setNewPassword() {

	// Get the current office password (without the salt)
	ConfigData cfg(pwOffice);
	QCA::SecureArray officeNoSalt = cfg.getOfficePasswordWithoutSalt();
	QString address = cfg.getAddress();

	// Check if old password for authorisation is the right one
	if(oldPw->text().toLatin1() != officeNoSalt.data()) {
		QMessageBox::warning(this,"Wrong Password","The current office password you entered is incorrect. Please enter the right password.");
		oldPw->setFocus();
		return;
	}

	// Make sure the new password matches the confirmation
	if(newPw->text() != newPwConfirm->text()) {
		QMessageBox::warning(this,"Invalid Password","The new password does not match its confirmation. Please try again!");
		newPwConfirm->setFocus();
		return;
	}

	// Make sure the new password has at least 4 characters
	if(newPw->text().length() < 4) {
		QMessageBox::warning(this,"Password too short","The password you entered is too short. Please enter one with at least 4 characters.");
		newPwConfirm->setFocus();
		return;
	}


	// Display splashscreen while working
	busy->show();
	qApp->setOverrideCursor(Qt::BusyCursor);
	// We need to call this 5 times (with 10ms sleep in between), otherwise the "busy dialog" wouldn't get painted (i.e. only a grey rectangle would be shown)
	for(unsigned int i = 0; i < 5; ++i) {
		qApp->processEvents(QEventLoop::ExcludeUserInputEvents);
		I::sleep(10);
	}


	// This string is used to make sure (on the server) the submitted data is valid
	QString salt = "bookercheck";
	QString pw = salt + oldPw->text() + "_._._._" + newPw->text();

	// Encrypt the salt + new password
	Cryptor cr(officeNoSalt, true);
	pw = cr.encrypt(pw.toLatin1()).join("__");


	// The current office password is encrypted with the iv
	cr.setPassword(cr.getIv());

	// We submit the new pw and also the old password (needed to update pws in database)
	QUrlQuery params;
	params.addQueryItem("newdata", pw);
	params.addQueryItem("officepw", cr.encrypt(officeNoSalt.data()).join("__"));

	// Request data file (encrypted with office password)
	// First we set all the headers:
	QNetworkRequest request(QUrl("http://" + address + "/booker/update/officepw.php"));
	request.setRawHeader("Host", address.toLatin1());
	request.setRawHeader("User-Agent", "Mozilla/5.0 Firefox");
	request.setRawHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
	request.setRawHeader("Accept-Language", "en-us;q=0.7,en;q=0.3");
	request.setRawHeader("Accept-Encoding", "gzip,deflate");
	request.setRawHeader("Accept-Charset", "windows-1252,utf-8;q=0.7,*;q=0.7");
	request.setRawHeader("Keep-Alive", "300");
	request.setRawHeader("Connection", "keep-alive");
	request.setRawHeader("Referer", "booker.qt");
	request.setRawHeader("Content-Type", "application/x-www-form-urlencoded");

	// Send request with salt + new password as POST data
	manager.post(request,params.toString().toLatin1());

	// Disable lineedits and buttons
	oldPw->setEnabled(false);
	newPw->setEnabled(false);
	newPwConfirm->setEnabled(false);
	ok->setEnabled(false);
	cancel->setEnabled(false);

}
	s = PK11_DigestBegin(m_context);
	if (s != SECSuccess) {
	    qDebug() << "DigestBegin failed";
	    return;
	}
    }

    void update(const QCA::MemoryRegion &a)
    {
	PK11_DigestOp(m_context, (const unsigned char*)a.data(), a.size());
    }

    QCA::MemoryRegion final()
    {
	unsigned int len = 0;
	QCA::SecureArray a( 64 );
	PK11_DigestFinal(m_context, (unsigned char*)a.data(), &len, a.size());
	a.resize(len);
	return a;
    }

private:
    PK11SlotInfo *m_slot;
    int m_status;
    PK11Context *m_context;
    SECOidTag m_hashAlgo;
};


//-----------------------------------------------------------
class nssHmacContext : public QCA::MACContext
Exemple #11
0
bool EncryptedStore::closeWrite()
{
    Q_D(KOdfStore);
    bool passWasAsked = false;
    if (d->fileName == MANIFEST_FILE) {
        m_manifestBuffer = static_cast<QBuffer*>(d->stream)->buffer();
        return true;
    }

    // Find a password
    // Do not accept empty passwords for compatibility with OOo
    if (m_password.isEmpty()) {
        findPasswordInKWallet();
    }
    while (m_password.isEmpty()) {
        QPointer<KNewPasswordDialog> dlg = new KNewPasswordDialog(d->window);
        dlg->setPrompt(i18n("Please enter the password to encrypt the document with."));
        if (! dlg->exec()) {
            // Without the first password, prevent asking again by deadsimply refusing to continue functioning
            // TODO: This feels rather hackish. There should be a better way to do this.
            delete m_pZip;
            m_pZip = 0;
            d->good = false;
	    delete dlg;
            return false;
        }
	if (dlg){
            m_password = QCA::SecureArray(dlg->password().toUtf8());
            passWasAsked = true;
	}
	delete dlg;
    }

    // Ask the user to save the password
    if (passWasAsked && KMessageBox::questionYesNo(d->window, i18n("Do you want to save the password?")) == KMessageBox::Yes) {
        savePasswordInKWallet();
    }

    QByteArray resultData;
    if (d->fileName == THUMBNAIL_FILE) {
        // TODO: Replace with a generic 'encrypted'-thumbnail
        resultData = static_cast<QBuffer*>(d->stream)->buffer();
    } else if (!isToBeEncrypted(d->fileName)) {
        resultData = static_cast<QBuffer*>(d->stream)->buffer();
    } else {
        m_bPasswordUsed = true;
        // Build all cryptographic data
        QCA::SecureArray passwordHash = QCA::Hash("sha1").hash(m_password);
        QCA::Random random;
        KoEncryptedStore_EncryptionData encData;
        encData.initVector = random.randomArray(8);
        encData.salt = random.randomArray(16);
        encData.iterationCount = 1024;
        QCA::SymmetricKey key = QCA::PBKDF2("sha1").makeKey(passwordHash, QCA::InitializationVector(encData.salt), 16, encData.iterationCount);
        QCA::Cipher encrypter("blowfish", QCA::Cipher::CFB, QCA::Cipher::DefaultPadding, QCA::Encode, key, QCA::InitializationVector(encData.initVector));

        // Get the written data
        QByteArray data = static_cast<QBuffer*>(d->stream)->buffer();
        encData.filesize = data.size();

        // Compress the data
        QBuffer compressedData;
        QIODevice *compressDevice = KFilterDev::device(&compressedData, "application/x-gzip", false);
        if (!compressDevice) {
            return false;
        }
        static_cast<KFilterDev*>(compressDevice)->setSkipHeaders();
        if (!compressDevice->open(QIODevice::WriteOnly)) {
            delete compressDevice;
            return false;
        }
        if (compressDevice->write(data) != data.size()) {
            delete compressDevice;
            return false;
        }
        compressDevice->close();
        delete compressDevice;

        encData.checksum = QCA::Hash("sha1").hash(QCA::SecureArray(compressedData.buffer()));
        encData.checksumShort = false;

        // Encrypt the data
        QCA::SecureArray result = encrypter.update(QCA::SecureArray(compressedData.buffer()));
        result += encrypter.final();
        resultData = result.toByteArray();

        m_encryptionData.insert(d->fileName, encData);
    }

    if (!m_pZip->writeData(resultData.data(), resultData.size())) {
        m_pZip->finishWriting(resultData.size());
        return false;
    }

    return m_pZip->finishWriting(resultData.size());
}
Exemple #12
0
bool EncryptedStore::openRead(const QString& name)
{
    Q_D(KOdfStore);
    if (bad())
        return false;

    const KArchiveEntry* fileArchiveEntry = m_pZip->directory()->entry(name);
    if (!fileArchiveEntry) {
        return false;
    }
    if (fileArchiveEntry->isDirectory()) {
        kWarning(30002) << name << " is a directory!";
        return false;
    }
    const KZipFileEntry* fileZipEntry = static_cast<const KZipFileEntry*>(fileArchiveEntry);

    delete d->stream;
    d->stream = fileZipEntry->createDevice();
    d->size = fileZipEntry->size();
    if (m_encryptionData.contains(name)) {
        // This file is encrypted, do some decryption first
        if (m_bPasswordDeclined) {
            // The user has already declined to give a password
            // Open the file as empty
            d->stream->close();
            delete d->stream;
            d->stream = new QBuffer();
            d->stream->open(QIODevice::ReadOnly);
            d->size = 0;
            return true;
        }
        QCA::SecureArray encryptedFile(d->stream->readAll());
        if (encryptedFile.size() != d->size) {
            // Read error detected
            d->stream->close();
            delete d->stream;
            d->stream = NULL;
            kWarning(30002) << "read error";
            return false;
        }
        d->stream->close();
        delete d->stream;
        d->stream = NULL;
        KoEncryptedStore_EncryptionData encData = m_encryptionData.value(name);
        QCA::SecureArray decrypted;

        // If we don't have a password yet, try and find one
        if (m_password.isEmpty()) {
            findPasswordInKWallet();
        }

        while (true) {
            QByteArray pass;
            QCA::SecureArray password;
            bool keepPass = false;
            // I already have a password! Let's test it. If it's not good, we can dump it, anyway.
            if (!m_password.isEmpty()) {
                password = m_password;
                m_password = QCA::SecureArray();
            } else {
                if (!m_filename.isNull())
                    keepPass = false;
                QPointer<KPasswordDialog> dlg = new KPasswordDialog(d->window , 
				keepPass ? KPasswordDialog::ShowKeepPassword : static_cast<KPasswordDialog::KPasswordDialogFlags>(0));
                dlg->setPrompt(i18n("Please enter the password to open this file."));
                if (! dlg->exec()) {
                    m_bPasswordDeclined = true;
                    d->stream = new QBuffer();
                    d->stream->open(QIODevice::ReadOnly);
                    d->size = 0;
		    delete dlg;
                    return true;
                }
		if (dlg) {
                    password = QCA::SecureArray(dlg->password().toUtf8());
                    if (keepPass)
                        keepPass = dlg->keepPassword();
                    if (password.isEmpty()) {
		        delete dlg;
                        continue;
                    }
		}
		delete dlg;
            }

            decrypted = decryptFile(encryptedFile, encData, password);
            if (decrypted.isEmpty()) {
                kError(30002) << "empty decrypted file" << endl;
                return false;
            }

            if (!encData.checksum.isEmpty()) {
                QCA::SecureArray checksum;
                if (encData.checksumShort && decrypted.size() > 1024) {
                    // TODO: Eww!!!! I don't want to convert via insecure arrays to get the first 1K characters of a secure array <- fix QCA?
                    checksum = QCA::Hash("sha1").hash(QCA::SecureArray(decrypted.toByteArray().left(1024)));
                } else {
                    checksum = QCA::Hash("sha1").hash(decrypted);
                }
                if (checksum != encData.checksum) {
                    continue;
                }
            }

            // The password passed all possible tests, so let's accept it
            m_password = password;
            m_bPasswordUsed = true;

            if (keepPass) {
                savePasswordInKWallet();
            }

            break;
        }

        QByteArray *resultArray = new QByteArray(decrypted.toByteArray());
        QIODevice *resultDevice = KFilterDev::device(new QBuffer(resultArray, NULL), "application/x-gzip");
        if (!resultDevice) {
            delete resultArray;
            return false;
        }
        static_cast<KFilterDev*>(resultDevice)->setSkipHeaders();
        d->stream = resultDevice;
        d->size = encData.filesize;
    }
    d->stream->open(QIODevice::ReadOnly);

    return true;
}
Exemple #13
0
bool EncryptedStore::doFinalize()
{
    Q_D(KOdfStore);
    if (d->good) {
        if (isOpen()) {
            close();
        }
        if (d->mode == Write) {
            // First change the manifest file and write it
            // We'll use the QDom classes here, since KXmlReader and KXmlWriter have no way of copying a complete xml-file
            // other than parsing it completely and rebuilding it.
            // Errorhandling here is done to prevent data from being lost whatever happens
            // TODO: Convert this to KoXML when KoXML is extended enough
            // Note: right now this is impossible due to lack of possibilities to copy an element as-is
            QDomDocument document;
            if (m_manifestBuffer.isEmpty()) {
                // No manifest? Better create one
                document = QDomDocument();
                QDomElement rootElement = document.createElement("manifest:manifest");
                rootElement.setAttribute("xmlns:manifest", "urn:oasis:names:tc:opendocument:xmlns:manifest:1.0");
                document.appendChild(rootElement);
            }
            if (!m_manifestBuffer.isEmpty() && !document.setContent(m_manifestBuffer)) {
                // Oi! That's fresh XML we should have here!
                // This is the only case we can't fix
                KMessage::message(KMessage::Error, i18n("The manifest file seems to be corrupted. It cannot be modified and the document will remain unreadable. Please try and save the document again to prevent losing your work."));
                m_pZip->close();
                return false;
            }
            QDomElement documentElement = document.documentElement();
            QDomNodeList fileElements = documentElement.elementsByTagName("manifest:file-entry");
            // Search all files in the manifest
            QStringList foundFiles;
            for (int i = 0; i < fileElements.size(); i++) {
                QDomElement fileElement = fileElements.item(i).toElement();
                QString fullpath = fileElement.toElement().attribute("manifest:full-path");
                // See if it's encrypted
                if (fullpath.isEmpty() || !m_encryptionData.contains(fullpath)) {
                    continue;
                }
                foundFiles += fullpath;
                KoEncryptedStore_EncryptionData encData = m_encryptionData.value(fullpath);
                // Set the unencrypted size of the file
                fileElement.setAttribute("manifest:size", encData.filesize);
                // See if the user of this store has already provided (old) encryption data
                QDomNodeList childElements = fileElement.elementsByTagName("manifest:encryption-data");
                QDomElement encryptionElement;
                QDomElement algorithmElement;
                QDomElement keyDerivationElement;
                if (childElements.isEmpty()) {
                    encryptionElement = document.createElement("manifest:encryption-data");
                    fileElement.appendChild(encryptionElement);
                } else {
                    encryptionElement = childElements.item(0).toElement();
                }
                childElements = encryptionElement.elementsByTagName("manifest:algorithm");
                if (childElements.isEmpty()) {
                    algorithmElement = document.createElement("manifest:algorithm");
                    encryptionElement.appendChild(algorithmElement);
                } else {
                    algorithmElement = childElements.item(0).toElement();
                }
                childElements = encryptionElement.elementsByTagName("manifest:key-derivation");
                if (childElements.isEmpty()) {
                    keyDerivationElement = document.createElement("manifest:key-derivation");
                    encryptionElement.appendChild(keyDerivationElement);
                } else {
                    keyDerivationElement = childElements.item(0).toElement();
                }
                // Set the right encryption data
                QCA::Base64 encoder;
                QCA::SecureArray checksum = encoder.encode(encData.checksum);
                if (encData.checksumShort) {
                    encryptionElement.setAttribute("manifest:checksum-type", "SHA1/1K");
                } else {
                    encryptionElement.setAttribute("manifest:checksum-type", "SHA1");
                }
                encryptionElement.setAttribute("manifest:checksum", QString(checksum.toByteArray()));
                QCA::SecureArray initVector = encoder.encode(encData.initVector);
                algorithmElement.setAttribute("manifest:algorithm-name", "Blowfish CFB");
                algorithmElement.setAttribute("manifest:initialisation-vector", QString(initVector.toByteArray()));
                QCA::SecureArray salt = encoder.encode(encData.salt);
                keyDerivationElement.setAttribute("manifest:key-derivation-name", "PBKDF2");
                keyDerivationElement.setAttribute("manifest:iteration-count", QString::number(encData.iterationCount));
                keyDerivationElement.setAttribute("manifest:salt", QString(salt.toByteArray()));
            }
            if (foundFiles.size() < m_encryptionData.size()) {
                QList<QString> keys = m_encryptionData.keys();
                for (int i = 0; i < keys.size(); i++) {
                    if (!foundFiles.contains(keys.value(i))) {
                        KoEncryptedStore_EncryptionData encData = m_encryptionData.value(keys.value(i));
                        QDomElement fileElement = document.createElement("manifest:file-entry");
                        fileElement.setAttribute("manifest:full-path", keys.value(i));
                        fileElement.setAttribute("manifest:size", encData.filesize);
                        fileElement.setAttribute("manifest:media-type", "");
                        documentElement.appendChild(fileElement);
                        QDomElement encryptionElement = document.createElement("manifest:encryption-data");
                        QCA::Base64 encoder;
                        QCA::SecureArray checksum = encoder.encode(encData.checksum);
                        QCA::SecureArray initVector = encoder.encode(encData.initVector);
                        QCA::SecureArray salt = encoder.encode(encData.salt);
                        if (encData.checksumShort) {
                            encryptionElement.setAttribute("manifest:checksum-type", "SHA1/1K");
                        } else {
                            encryptionElement.setAttribute("manifest:checksum-type", "SHA1");
                        }
                        encryptionElement.setAttribute("manifest:checksum", QString(checksum.toByteArray()));
                        fileElement.appendChild(encryptionElement);
                        QDomElement algorithmElement = document.createElement("manifest:algorithm");
                        algorithmElement.setAttribute("manifest:algorithm-name", "Blowfish CFB");
                        algorithmElement.setAttribute("manifest:initialisation-vector", QString(initVector.toByteArray()));
                        encryptionElement.appendChild(algorithmElement);
                        QDomElement keyDerivationElement = document.createElement("manifest:key-derivation");
                        keyDerivationElement.setAttribute("manifest:key-derivation-name", "PBKDF2");
                        keyDerivationElement.setAttribute("manifest:iteration-count", QString::number(encData.iterationCount));
                        keyDerivationElement.setAttribute("manifest:salt", QString(salt.toByteArray()));
                        encryptionElement.appendChild(keyDerivationElement);
                    }
                }
            }
            m_manifestBuffer = document.toByteArray();
            m_pZip->setCompression(KZip::DeflateCompression);
            if (!m_pZip->writeFile(MANIFEST_FILE, "", "", m_manifestBuffer.data(), m_manifestBuffer.size())) {
                KMessage::message(KMessage::Error, i18n("The manifest file cannot be written. The document will remain unreadable. Please try and save the document again to prevent losing your work."));
                m_pZip->close();
                return false;
            }
        }
    }
    if (m_pZip)
        return m_pZip->close();
    else
        return true;
}
// Click on "OK"
void AdminPasswordMaster::setNewPassword() {

	// Get the current office password (without the salt)
	ConfigData cfg(pwOffice);
	QCA::SecureArray officeNoSalt = cfg.getOfficePasswordWithoutSalt();
	QCA::SecureArray oldMaster = cfg.getMasterPassword();

	// Check if old password for authorisation is the right one
	if(oldPw->text().toLatin1() != oldMaster.data()) {
		QMessageBox::warning(this,"Wrong Password","The current Master password you entered is incorrect. Please enter the right password.");
		oldPw->setFocus();
		return;
	}

	// Make sure the new password matches the confirmation
	if(newPw->text() != newPwConfirm->text()) {
		QMessageBox::warning(this,"Invalid Password","The new password does not match its confirmation. Please try again!");
		newPwConfirm->setFocus();
		return;
	}

	// Make sure the new password has at least 4 characters
	if(newPw->text().length() < 4) {
		QMessageBox::warning(this,"Password too short","The password you entered is too short. Please enter one with at least 4 characters.");
		newPwConfirm->setFocus();
		return;
	}


	// Show busy cursor
	qApp->setOverrideCursor(Qt::BusyCursor);

	// Disable lineedits and buttons
	oldPw->setEnabled(false);
	newPw->setEnabled(false);
	newPwConfirm->setEnabled(false);
	ok->setEnabled(false);
	cancel->setEnabled(false);


	QSqlDatabase db = QSqlDatabase::addDatabase("QMYSQL",QString("masterpw%1").arg(QDateTime::currentMSecsSinceEpoch()));
	SaverDbCred s = cfg.getDbLogin();
	db.setHostName(s.host.data());
	db.setDatabaseName(s.database.data());
	db.setUserName(s.username.data());
	db.setPassword(s.password.data());

	bool error = false;

	if(!db.open()) {
		QMessageBox::critical(this,"ERROR","ERROR, unable to open database. Can't proceed!");
		error = true;
	} else {

		QSqlQuery query(db);
		query.prepare("SELECT txt FROM current WHERE id='master'");
		if(!query.exec()) {
			QMessageBox::critical(this,"ERROR","Error, unable to get old password (encrypted) from database. Unable to proceed");
			error = true;
		} else {
			if(query.size() != 1) {
				QMessageBox::critical(this,"ERROR","ERROR, received more than one result... don't know what to do...");
				error = true;
			} else {
				while(query.next()) {
					Cryptor cr(officeNoSalt, true);
					QByteArray pw = cr.decrypt(query.value(query.record().indexOf("txt")).toByteArray()).data();
					if(pw == "") {
						QMessageBox::critical(this,"ERROR", "ERROR, unable to decrypt old password! Can't continue...");
						error = true;
						continue;
					}
					QString pw_new = cr.encrypt(newPw->text().toLatin1()).join("\n");
					QSqlQuery query2(db);
					query2.prepare("UPDATE current SET txt=:pw WHERE id='master'");
					query2.bindValue(":pw",pw_new);
					if(!query2.exec()) {
						QMessageBox::critical(this,"ERROR", "ERROR, unable to save encrypted new password! Operation failed!!");
						error = true;
						continue;
					}
					query.clear();
				}
			}
		}
		query.clear();
	}
	db.close();

	// Restore cursor
	qApp->restoreOverrideCursor();

	// Success :-)
	if(!error) {

		QMessageBox::information(this,"Success!","The new master password was set successfully!");

		emit configChanged();

		this->accept();

		QMessageBox::information(this,"Pleae restart Booker","Please quit and restart Booker at your earliest convenience!");

	}

	// Re-enable lineedits and buttons
	oldPw->setEnabled(true);
	newPw->setEnabled(true);
	newPwConfirm->setEnabled(true);
	ok->setEnabled(true);
	cancel->setEnabled(true);

}
Exemple #15
0
int main(int argc, char** argv)
{
    // the Initializer object sets things up, and
    // also does cleanup when it goes out of scope
    QCA::Initializer init;

    QCoreApplication app(argc, argv);

    // We need to ensure that we have certificate handling support
    if ( !QCA::isSupported( "cert" ) ) {
	std::cout << "Sorry, no PKI certificate support" << std::endl;
    	return 1;
    }

    // Read in a private key
    QCA::PrivateKey privKey;
    QCA::ConvertResult convRes;
    QCA::SecureArray passPhrase = "start";
    privKey = QCA::PrivateKey::fromPEMFile( "Userkey.pem", passPhrase, &convRes );
    if ( convRes != QCA::ConvertGood ) {
	std::cout << "Sorry, could not import Private Key" << std::endl;
	return 1;
    }

    // Read in a matching public key cert
    // you could also build this using the fromPEMFile() method
    QCA::Certificate pubCert( "User.pem" );
    if ( pubCert.isNull() ) {
	std::cout << "Sorry, could not import public key certificate" << std::endl;
	return 1;
    }
    // We are building the certificate into a SecureMessageKey object, via a
    // CertificateChain
    QCA::SecureMessageKey secMsgKey;
    QCA::CertificateChain chain;
    chain += pubCert;
    secMsgKey.setX509CertificateChain( chain );

    // build up a SecureMessage object, based on our public key certificate
    QCA::CMS cms;
    QCA::SecureMessage msg(&cms);
    msg.setRecipient(secMsgKey);

    // Some plain text - we use the first command line argument if provided
    QByteArray plainText = (argc >= 2) ? argv[1] : "What do ya want for nuthin'";

    // Now use the SecureMessage object to encrypt the plain text.
    msg.startEncrypt();
    msg.update(plainText);
    msg.end();
    // I think it is reasonable to wait for 1 second for this
    msg.waitForFinished(1000);

    // check to see if it worked
    if(!msg.success())
    {
	std::cout << "Error encrypting: " << msg.errorCode() << std::endl;
	return 1;
    }

    // get the result
    QCA::SecureArray cipherText = msg.read();
    QCA::Base64 enc;
    std::cout << plainText.data() << " encrypts to (in base 64): ";
    std::cout << qPrintable( enc.arrayToString( cipherText ) ) << std::endl;

    // Show we can decrypt it with the private key
    if ( !privKey.canDecrypt() ) {
	std::cout << "Private key cannot be used to decrypt" << std::endl;
	return 1;
    }
    QCA::SecureArray plainTextResult;
    if ( 0 == privKey.decrypt(cipherText, &plainTextResult, QCA::EME_PKCS1_OAEP ) ) {
	std::cout << "Decryption process failed" << std::endl;
	return 1;
    }

    std::cout << qPrintable( enc.arrayToString( cipherText ) );
    std::cout << " (in base 64) decrypts to: ";
    std::cout << plainTextResult.data() << std::endl;

    return 0;
}