24 #define CIPHER_SIGNATURE "aes256-cbc-pkcs7"
25 #define CIPHER_TYPE "aes256"
26 #define CIPHER_MODE QCA::Cipher::CBC
27 #define CIPHER_PADDING QCA::Cipher::PKCS7
28 #define CIPHER_IV_LENGTH 32
29 #define CIPHER_PROVIDER "qca-ossl"
30 #define PASSWORD_HASH_ALGORITHM "sha256"
31 #define KEY_GEN_ITERATIONS 10000
32 #define KEY_GEN_LENGTH 16
33 #define KEY_GEN_IV_LENGTH 16
39 qDebug(
"Authentication system DISABLED: QCA's qca-ossl (OpenSSL) plugin is missing" );
50 return encryptdecrypt( pass, cipheriv, text,
true );
58 return encryptdecrypt( pass, cipheriv, text,
false );
61 static QCA::SymmetricKey passwordKey_(
const QString &pass,
const QCA::InitializationVector &salt )
63 const QCA::SecureArray passarray( QByteArray( pass.toUtf8().constData() ) );
73 const QCA::InitializationVector saltiv = QCA::InitializationVector(
KEY_GEN_IV_LENGTH );
74 const QCA::SymmetricKey key = passwordKey_( pass, saltiv );
78 *salt = QCA::arrayToHex( saltiv.toByteArray() );
79 qDebug(
"salt hex: %s", qPrintable( *salt ) );
81 *hash = QCA::arrayToHex( key.toByteArray() );
82 qDebug(
"hash hex: %s", qPrintable( *hash ) );
86 *cipheriv = QCA::arrayToHex( QCA::InitializationVector(
CIPHER_IV_LENGTH ).toByteArray() );
87 qDebug(
"cipheriv hex: %s", qPrintable( *cipheriv ) );
95 QString *hashderived )
100 const QCA::InitializationVector saltiv( QCA::hexToArray( salt ) );
101 const QString derived( QCA::arrayToHex( passwordKey_( pass, saltiv ).toByteArray() ) );
105 *hashderived = derived;
108 return hash == derived;
111 QString QgsAuthCrypto::encryptdecrypt(
const QString &passstr,
112 const QString &cipheriv,
113 const QString &textstr,
116 QString outtxt = QString();
120 const QCA::InitializationVector iv( QCA::hexToArray( cipheriv ) );
122 const QCA::SymmetricKey key( QCA::SecureArray( QByteArray( passstr.toUtf8().constData() ) ) );
127 QCA::Encode, key, iv,
130 const QCA::SecureArray securedata( textstr.toUtf8() );
131 const QCA::SecureArray encrypteddata( cipher.process( securedata ) );
134 qDebug(
"Encryption failed!" );
137 outtxt = QCA::arrayToHex( encrypteddata.toByteArray() );
143 QCA::Decode, key, iv,
146 const QCA::SecureArray ciphertext( QCA::hexToArray( textstr ) );
147 const QCA::SecureArray decrypteddata( cipher.process( ciphertext ) );
150 qDebug(
"Decryption failed!" );
154 outtxt = QString( decrypteddata.toByteArray() );
static void passwordKeyHash(const QString &pass, QString *salt, QString *hash, QString *cipheriv=nullptr)
Generate SHA256 hash for master password, with iterations and salt.
static const QString encrypt(const QString &pass, const QString &cipheriv, const QString &text)
Encrypt data using master password.
static bool verifyPasswordKeyHash(const QString &pass, const QString &salt, const QString &hash, QString *hashderived=nullptr)
Verify existing master password hash to a re-generated one.
static const QString decrypt(const QString &pass, const QString &cipheriv, const QString &text)
Decrypt data using master password.
static bool isDisabled()
Whether QCA has the qca-ossl plugin, which a base run-time requirement.
#define KEY_GEN_IV_LENGTH
#define PASSWORD_HASH_ALGORITHM
#define KEY_GEN_ITERATIONS