From c8b49e6b5cb0f4215501238176a66e400f8e2727 Mon Sep 17 00:00:00 2001
From: Herbert Poul <herbert@codeux.design>
Date: Wed, 18 Mar 2020 20:53:13 +0100
Subject: [PATCH] support for chacha20 encryption.

---
 lib/src/kdbx_format.dart  |  16 +++++++++++---
 test/chacha20.kdbx        | Bin 0 -> 1536 bytes
 test/kdbx4_test.dart      |  45 ++++++++++++++++++++++++--------------
 test_output_chacha20.kdbx | Bin 0 -> 1604 bytes
 4 files changed, 42 insertions(+), 19 deletions(-)
 create mode 100644 test/chacha20.kdbx
 create mode 100644 test_output_chacha20.kdbx

diff --git a/lib/src/kdbx_format.dart b/lib/src/kdbx_format.dart
index caf37db..0e926e2 100644
--- a/lib/src/kdbx_format.dart
+++ b/lib/src/kdbx_format.dart
@@ -5,6 +5,7 @@ import 'dart:typed_data';
 
 import 'package:convert/convert.dart' as convert;
 import 'package:crypto/crypto.dart' as crypto;
+import 'package:cryptography/cryptography.dart' as cryptography;
 import 'package:kdbx/kdbx.dart';
 import 'package:kdbx/src/crypto/argon2.dart';
 import 'package:kdbx/src/crypto/key_encrypter_kdf.dart';
@@ -285,8 +286,8 @@ class KdbxBody extends KdbxNode {
       return result;
     } else if (cipherId == CryptoConsts.CIPHER_IDS[Cipher.chaCha20].uuid) {
       _logger.fine('We need chacha20');
-      // TODO can we combine this with _encryptV3?
-      throw UnsupportedError('Unsupported cipher chacha20 for kdbx 4.x');
+      return kdbxFile.kdbxFormat
+          .transformContentV4ChaCha20(header, compressedBytes, cipherKey);
     } else {
       throw UnsupportedError('Unsupported cipherId $cipherId');
     }
@@ -509,12 +510,21 @@ class KdbxFormat {
       return result;
     } else if (cipherId == CryptoConsts.CIPHER_IDS[Cipher.chaCha20].uuid) {
       _logger.fine('We need chacha20');
-      throw UnsupportedError('chacha20 not yet supported $cipherId');
+//      throw UnsupportedError('chacha20 not yet supported $cipherId');
+      return transformContentV4ChaCha20(header, encrypted, cipherKey);
     } else {
       throw UnsupportedError('Unsupported cipherId $cipherId');
     }
   }
 
+  Uint8List transformContentV4ChaCha20(
+      KdbxHeader header, Uint8List encrypted, Uint8List cipherKey) {
+    final encryptionIv = header.fields[HeaderFields.EncryptionIV].bytes;
+    final key = cryptography.SecretKey(cipherKey);
+    final nonce = cryptography.SecretKey(encryptionIv);
+    return cryptography.chacha20.decrypt(encrypted, key, nonce: nonce);
+  }
+
 //  Uint8List _transformDataV4Aes() {
 //  }
 
diff --git a/test/chacha20.kdbx b/test/chacha20.kdbx
new file mode 100644
index 0000000000000000000000000000000000000000..bc488fa3de00a87241b514ce1876fb98acbe53a5
GIT binary patch
literal 1536
zcmV+b2LJg3*`k_f`%AR|00aO65C8xG)&q(wi*HP|r6e<&G26A80|Wp70096100bZa
z006h-7~w=f>cyT@6bX7ON5WRoh6`QIji)LO-W;l4MHB}N0002W+09(MY3dr#;b%n)
zivR!s00BY;0000aRaHqu5C8xG?_+J>j44D*k@u;j1LFz|1pxp607(b{000UA00000
z000F60000@2mk;800004000001OWg508j(~00062002S(0000}AOHXW5F$Ust@=p)
z<v>{5ElK-7X}yq(Kj9mQ>!dyq*5EA;1OWg509FJ5000vJ000001ONa44GIkk@+a9-
zxB}5o7VkcsZsKvqyodty-L2_DRQqafT>sR`%b?&>{^i7)gSH|m{d5(c&&~;|&jf~4
z#4MXxGn%@V4<ubt-vW>*Q>EwsRk2-rrRqxP96ekqdr>3u>Jrf(e*^#kc!W-mSkejS
z=-+z)>7d|{xmuB<jxIjYJR}o+D6Hx2pMQo3?4olqOZNsj)`zT#sq>Rg2;vfVGvna*
zzBmPbmUAS9^2tGYR!%GdKoAWc3OwPWxTq9jJ~!8Fm?KFf%*4t-&QWR81$h@pDOxiu
z)&prKJMFNM%F-R#G-=X!L!lc=t<O0&?Yg=5Q=IRB4wj`~v0FA)!f|rSERuml;vt4;
zX~N-V!<huNa9Tcf@I)tqw?|*N?!W(;O&aaxdsypV^8oPjdV<sn2QSTK9$IASC+iQu
z*~qF$E8F!A(xvRGr-r#7CkL4m_hHg-GU_X>nb4c7i`SEIywV8UnZKsSgex+>SN!Q+
zAz44u#oN1ncFrk>W3<w?Mv0MfeI>6t^>}o{cH)!2@_Z8bN|uiIMXwUJtFZJhj@e5r
zZ+}qbiNQ{b`d_GRFDT0pGWJP~Gp`+DQ~Ll^y(vCW$iEifoyOZo3N_+EtEWxu@f|c8
zv*I{FzwTSL&wC-FA94}FujA;No-g&9KLAXNFNOeMBs+1`6XK3&!l{FLtZq;t6S0IL
zqMhol@>in~?2-o>J7bC$pnnHS0FrS#@?lKY5S@chhx)+0-nUNzzJL3BXCKwzcS1JJ
zbyd7AISQ^;j!g#zG=3endAo>RSKV}m)%<!%Q_jj9^E#$fOtu6$4Ua&1PK(hM2woW%
zb86c%PP$@*nPR67{k*5#CJB^c+PL-d!wN(Is{rdS4}6Nx$6;o-twouK2=*HwojL*i
zgMhlvbKfEf_BB)CB&TFvtySno1111Un&d<|H{=-JR^Ub%jS|p9U(%kI5oJ7jO@Xg4
z^4$bfv*vJR)g=#C`GuvZU$)DXiYQt%f+G_4dq}-a6d6^~0LLCHTn^)!27$QONaecg
zfvu8`n-9E_B6m(u;7xsUzXZt3>k1%Ud`%q?K1C!RNHWA4G`O>%oBhai49vP>RE7nU
zif`eyjrLM5Sa!?^XK7J{LT9TAd7;0Mr}MwI$~noqnGbF%wJ%a7N>PRIS`>8;nL{K6
zW&0}UENaq&Vm&+a@}w%kM5!A1j>A9%_4~1DU|380o$CSUvsUibaRp(VdK9(D38f3X
zC?fxLPnag#SuW8zKezBLlI6-D(|f<O+aw8hOj<ydugzVZ=-M2=WYHSPcP2(J_(eb{
z+%<A(Ycvo!yUXD(wLu>`D7kpUGQDHH&UWZQd7w2veYz9h>g{6PXtT44YaJ;fGjT(w
zWhtm9!y>X#EnD9j>HR=a<*Y3nlOR*HuILD(rXIKBVuHD85&%h!T15_Uj2_W2QOgBt
z@=0K`Xs--JJcmLw3n41~BgWCiKz3_F{p6zr5-Of6D}XcqjG9z}WPx(KBHf$nmIEdF
z-@6k9-j6-Wyk>(KqG-J9lFyN5mv*xfo-GT;=zLam`tOQFYsV#!c-|3b0{2DjMm{n|
z(;&H1KWLf}PkBKu8{}QTYcK)kr~P;PAPQJb#KI6JGxKPV>CuSB!3C#US*K?XCY$qm
m5FUN0-gpaI=Q$TZnWTKlehn<G?kgA-hZ;tXxDvep0000GWT}e)

literal 0
HcmV?d00001

diff --git a/test/kdbx4_test.dart b/test/kdbx4_test.dart
index c8b15bb..e89db92 100644
--- a/test/kdbx4_test.dart
+++ b/test/kdbx4_test.dart
@@ -88,6 +88,12 @@ void main() {
           Credentials.composite(ProtectedValue.fromString('asdf'), keyFile));
       expect(file.body.rootGroup.entries, hasLength(1));
     });
+    test('Reading chacha20', () async {
+      final data = await File('test/chacha20.kdbx').readAsBytes();
+      final file =
+          kdbxFormat.read(data, Credentials(ProtectedValue.fromString('asdf')));
+      expect(file.body.rootGroup.entries, hasLength(1));
+    });
   });
   group('Writing', () {
     test('Create and save', () {
@@ -98,22 +104,8 @@ void main() {
         header: KdbxHeader.createV4(),
       );
       final rootGroup = kdbx.body.rootGroup;
-      {
-        final entry = KdbxEntry.create(kdbx, rootGroup);
-        rootGroup.addEntry(entry);
-        entry.setString(KdbxKey('Username'), PlainValue('user1'));
-        entry.setString(
-            KdbxKey('Password'), ProtectedValue.fromString('LoremIpsum'));
-      }
-      {
-        final entry = KdbxEntry.create(kdbx, rootGroup);
-        rootGroup.addEntry(entry);
-        entry.setString(KdbxKey('Username'), PlainValue('user2'));
-        entry.setString(
-          KdbxKey('Password'),
-          ProtectedValue.fromString('Second Password'),
-        );
-      }
+      _createEntry(kdbx, rootGroup, 'user1', 'LoremIpsum');
+      _createEntry(kdbx, rootGroup, 'user2', 'Second Password');
       final saved = kdbx.save();
 
       final loadedKdbx = kdbxFormat.read(
@@ -126,5 +118,26 @@ void main() {
       final file =
           kdbxFormat.read(data, Credentials(ProtectedValue.fromString('asdf')));
     });
+    test('write chacha20', () async {
+      final data = await File('test/chacha20.kdbx').readAsBytes();
+      final file =
+          kdbxFormat.read(data, Credentials(ProtectedValue.fromString('asdf')));
+      expect(file.body.rootGroup.entries, hasLength(1));
+      _createEntry(file, file.body.rootGroup, 'user1', 'LoremIpsum');
+
+      // and try to write it.
+      final output = file.save();
+      expect(output, isNotNull);
+      File('test_output_chacha20.kdbx').writeAsBytesSync(output);
+    });
   });
 }
+
+KdbxEntry _createEntry(
+    KdbxFile file, KdbxGroup group, String username, String password) {
+  final entry = KdbxEntry.create(file, group);
+  group.addEntry(entry);
+  entry.setString(KdbxKey('UserName'), PlainValue(username));
+  entry.setString(KdbxKey('Password'), ProtectedValue.fromString(password));
+  return entry;
+}
diff --git a/test_output_chacha20.kdbx b/test_output_chacha20.kdbx
new file mode 100644
index 0000000000000000000000000000000000000000..49974011cec98481522ec222d41ee67f04049bc9
GIT binary patch
literal 1604
zcmV-K2D|wK*`k_f`%AR|00aO65C8xG)&q(wi*HP|r6e<&G26A80|Wp70096100bZa
z005hS6TLg0E=a;OH}N(nf7Hc7c~-~>JrOqcNDEC!6>tX(0001SLVoFfNm=qe4uh==
zivR!s00BY;0000aRaHqu5C8xG?_+J>j44D*k@u;j1LFz|1pxp607(b{000UA00000
z000F60000@2mk;800004000001OWg508j(~00062002S(0000}AOHXW5F$Ust@=p)
z<v>{5ElK-7X}yq(Kj9mQ>!dyq*5EA;1OWg509FJ5000vJ0000000000DR0z*J{$lw
zx$vLNq!YKyx|U^rVsDzJC_^{KruG7eYw+1|0#$Ftfg7q@I)n}!B|}yDxJ)f42!cb@
zX^#E@NuF3&=h;a*2;gdTtqx2#_mLd6f9=|xsv!coCnNBn#{>WXydhrNK=<r|lXlV+
z`6WKYPv0}4Kjr055PPon8$gep<Vp%rn>hbMzmvMU1Z{J_Jixt&eMF7qd8b>4z5Z>j
zb?%h9Uzo70-efd09~tWzA3(k|iV}Tdj8V|41U9b~lSnb51I(98zoKI36lI#Yl>t0|
zlc_7~O5#(VZW}x^tNo~Yy(C-9nV+u<FJsbicqo&!Hpxw00HT{N-M@sP(LS#E+;il|
z0+;7d+ABIQMF_RkO7=5)&-dyYamqY9N*D1Hn3djL@W%Ir)08DiOA5hN6A#>g#C^~F
zPn6+PjDo-GW{yrf`r=PBZkFC>tFZSd$L@NE0p|ms9q&|uyDTaaI%dGP?M3s1Sl7Xy
z5-^IOLDXo~c#BmIe`N4jkxeR_8D|YRlTrg&Fjh0`-=Yr4j*w1exmbQ~8vs=ZoEm6P
zyZLlHTCs_qAmcf_{SaSnQV0K4pu7@@6Cpr^dWDNCvM|WwvL}3>tY3;lLw^bS$R1GN
zG=L!%lOSd=@}R5JWc6h2?D@hNd|`Dd=_}_&qeq2dH<pdb>3s)UX3Uj^&Z5rduZPF?
zPqG3S8qN5fj}AxW$|{r4?#1+ByMp=IpLg3ND!D*gZqIhNpuB$a!>l|MjF>tcwFX!h
zqYh=B#PTJ|NkVwI)^4-eyCP09!)`0XnM7+(!@7W<hb&<~RBBj{`p(dA3fIyqs7x+N
z<eqG%Z|Gz`vDfwONGEI<@o%VKA|_So#u$jRmAG|}q>s%rzMmZ7Cc-sTz_vZ*8IQi`
zEh^_`LP%c^f>z^2&4{bbi*h$;HFbkS#hml^)C!S8fhXUj?-ELmJ3j9LT#)jYXOqrM
zm2x(a<eHRrskrzDP^~8miXv`_D`QqsZ8~Je#OXwW@8+{jwz;w2R&3=_-*weRNH$P;
zng$GX*Aw=?_#D=Dxb>cX83l|PNy|T0KNV$DrB~2eb<yYw*K73DjkiMD1CjMVT+JAn
z&=nEbw3Z?N5YsWKlpfI*tg9NEf->n3Ci39NzW3rNm2`(ApHBtv=H53YTkrI=E!VSo
z^vyl2S~GuxT4ZW{`kbCwTY_YmlDgW{!gzK<c-$R*vdK@l!Ma))9Dxyqk`+ryPN(w&
z27mVc(B+n`cO)%AUeAS=MCLL+1>+|9!DdnY5HqC}z!~dZ{DL(kDK~@K<IE%5dU!Ed
zt?ca@uC0JyZ0lraClptI6B?i1U0bOWiy#8tGNTfFC!nFyn1jIaBnt+9#!b=m*JdUi
zqkC-Kbuyc;%>6~uojTh_2cSp3whXP&?AVvfF-0W-9jyV373fyUd&qkqU51*T+@__q
z20G2-9XUt&Zvm-`0p5+4B=kp4Yb0@3JNW+(WiXPP6#36}POw}*Xd~`~)34?w)#r{V
zE~mR&M1BRV@yYUaH*2X@ICSNUgYBId42mQ`8lKbx_@6~jVnTscc^Y-{N4YFqXyU)_
zJ7iP^nZYl2*4j;37|Cr+npTAC!DV_)n#nDnHxRC6tbJ11@>ddLvw<m<(Cid?$uU6a
zZPtt!m!@^l0MxQ0B|K)w#Gol~k@|a`g!7z|rO>dih4XAN!45$H)mW!ePz<QDj2SQx
z?|p5`)(|Dj^pg?K+<CVHR@fKE02e*ry!T-Z=5E`UI3q;LZY`bm-P${?vcB8^0001S
C-Q4d0

literal 0
HcmV?d00001