Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version
Go to top

KeePass Password Safe

, 6 Apr 2014
KeePass is a free, open-source, light-weight and easy-to-use password safe.
KeePass.zip
KeePass.chm
KeePass.exe
KeePass_Src.zip
Build
Docs
Ext
Icons
Finals
Finals2
plock-blu.ico
plock-dis.ico
plock.ico
plockb.ico
key-blu.png
key-bw.png
key-grn.ico
key-grn.png
plock-blu.ico
plock-blu.png
plock-bw.png
plock-dis.ico
plock-grn.ico
plock-grn.png
plock.ico
plock.png
plockb.png
plockbw-r.png
plockbw.png
Untitled.ico
key-org.ico
keyhole-grn.ico
lockblue.ico
lockgreen.ico
lockred.ico
lockyellow.ico
plockb.ico
plockb2.ico
plockbw.ico
plockg.ico
plocko.ico
plockr.ico
plocky.ico
KeePass.ini
KeePass.iss
KeePassMsi
KeePassMsi.vdproj
KeePassLibC
KeePassLibCpp
Crypto
SHA2
DataExchange
Details
IO
PasswordGenerator
SDK
Details
SysSpec_Windows
Util
KeePassAPI
KeePassLib.def
res
WinGUI
NewGUI
TaskbarListEx
TaskDialog
VistaMenu
Plugins
res
autotype.bmp
cancel.bmp
clienticex.bmp
clock.bmp
disk.bmp
document.bmp
entry_ed.ico
file.bmp
help_sma.bmp
help_smp.bmp
iconpic.ico
infoicon.bmp
infoiconex.bmp
key.ico
keyhole.ico
key_smal.bmp
language.bmp
locked.ico
lock_ovr.ico
MostPopularPasswords.bin
mouse_sm.bmp
ok.bmp
optionicex.bmp
options.ico
plugins.ico
PwSafe.ico
randomke.bmp
random_b.bmp
search.ico
tb_about.bmp
tb_adden.bmp
tb_copyp.bmp
tb_copyu.bmp
tb_defau.bmp
tb_delet.bmp
tb_edite.bmp
tb_find.bmp
tb_lock.bmp
tb_new.bmp
tb_open.bmp
tb_save.bmp
tb_save1.bmp
tb_saved.bmp
toolssma.bmp
unlocked.ico
winprops.bmp
world.ico
Util
CmdLine
SprEngine
/*
  KeePass Password Safe - The Open-Source Password Manager
  Copyright (C) 2003-2014 Dominik Reichl <dominik.reichl@t-online.de>

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/

#include "StdAfx.h"
#include "PasswordGenerator.h"
#include "CharSetBasedGenerator.h"
#include "PatternBasedGenerator.h"

#include <algorithm>
#include <boost/scoped_array.hpp>

#include "../Util/Base64.h"
#include "../Util/PwUtil.h"
#include "../Util/StrUtil.h"
#include "../Util/MemUtil.h"

using boost::scoped_array;

PWG_ERROR PwgGenerateEx(std::vector<TCHAR>& vOutPassword,
	const PW_GEN_SETTINGS_EX* pSettings, CNewRandom* pRandomSource)
{
	ASSERT(pSettings != NULL);
	if(pSettings == NULL) return PWGE_NULL_PTR;

	EraseTCharVector(vOutPassword);

	CNewRandom* pAllocatedRandom = NULL;
	CNewRandom* pRandom = pRandomSource;

	if(pRandom == NULL)
	{
		pAllocatedRandom = new CNewRandom();
		pRandom = pAllocatedRandom;
	}

	std::vector<WCHAR> vOutBuffer;

	PWG_ERROR pwgErr = PWGE_UNKNOWN_GENERATOR;
	if(pSettings->btGeneratorType == PWGT_CHARSET)
		pwgErr = CsbgGenerate(vOutBuffer, pSettings, pRandom);
	else if(pSettings->btGeneratorType == PWGT_PATTERN)
	{
		// Fill output buffer with dummy password
		PbgGenerate(vOutBuffer, pSettings, pRandom);

		// Now generate the real password (this will overwrite
		// the characters in the buffer and won't do any memory
		// relocations, i.e. the final characters will be in
		// this place only and can be erased securely later)
		pwgErr = PbgGenerate(vOutBuffer, pSettings, pRandom);
	}

	if((vOutBuffer.size() == 0) || (std::find(vOutBuffer.begin(),
		vOutBuffer.end(), 0) == vOutBuffer.end()))
	{
		vOutBuffer.push_back(0); // Terminate string
		vOutBuffer.push_back(0);
	}

#ifdef _UNICODE
	vOutPassword.resize(vOutBuffer.size());
	for(size_t dwCopy = 0; dwCopy < vOutBuffer.size(); ++dwCopy)
		vOutPassword[dwCopy] = vOutBuffer[dwCopy];
#else
	char *pFinalString = _StringToAnsi(&vOutBuffer[0]);
	vOutPassword.resize(szlen(pFinalString) + 1);
	for(DWORD dwCopy = 0; dwCopy <= szlen(pFinalString); ++dwCopy)
		vOutPassword[dwCopy] = pFinalString[dwCopy];
	mem_erase((unsigned char *)pFinalString, szlen(pFinalString));
	SAFE_DELETE_ARRAY(pFinalString);
#endif

	EraseWCharVector(vOutBuffer);
	SAFE_DELETE(pAllocatedRandom);
	return pwgErr;
}

WCHAR PwgGenerateCharacter(const PW_GEN_SETTINGS_EX* pSettings,
	CNewRandom* pRandom, PwCharSet* pCharSet)
{
	ASSERT(pSettings != NULL); if(pSettings == NULL) return 0;
	ASSERT(pRandom != NULL); if(pRandom == NULL) return 0;
	ASSERT(pCharSet != NULL); if(pCharSet == NULL) return 0;

	if(pCharSet->Size() == 0) return 0;

	ASSERT(sizeof(UINT64) == 8);
	UINT64 uIndex;
	pRandom->GetRandomBuffer((BYTE *)&uIndex, sizeof(UINT64));

	uIndex %= static_cast<UINT64>(pCharSet->Size());

	const WCHAR wch = pCharSet->GetAt(static_cast<unsigned int>(uIndex));

	if(pSettings->bNoRepeat != FALSE) pCharSet->Remove(wch);

	return wch;
}

void PwgPrepareCharSet(PwCharSet* pCharSet, const PW_GEN_SETTINGS_EX* pSettings)
{
	ASSERT(pCharSet != NULL); if(pCharSet == NULL) return;
	ASSERT(pSettings != NULL); if(pSettings == NULL) return;

	pCharSet->Remove(PDCS_INVALID);

	if(pSettings->bNoConfusing != FALSE)
		pCharSet->Remove(PDCS_CONFUSING);

	if(pSettings->strExcludeChars.size() > 0)
		pCharSet->Remove(pSettings->strExcludeChars.c_str());
}

void PwgShufflePassword(std::vector<WCHAR>& vBuffer, CNewRandom* pRandom)
{
	ASSERT(pRandom != NULL); if(pRandom == NULL) return;

	DWORD dwLength = static_cast<DWORD>(vBuffer.size());

	// Update length by finding the first 0 character
	for(DWORD dwScan = 0; dwScan < vBuffer.size(); ++dwScan)
	{
		if(vBuffer[dwScan] == 0)
		{
			dwLength = dwScan;
			break;
		}
	}

	if(dwLength <= 1) return; // Nothing to permute

	ASSERT(sizeof(UINT64) == 8);
	UINT64 uRandomIndex;
	for(DWORD dwSelect = 0; dwSelect < (dwLength - 1); ++dwSelect)
	{
		pRandom->GetRandomBuffer((BYTE *)&uRandomIndex, sizeof(UINT64));
		uRandomIndex %= (UINT64)(dwLength - dwSelect);

		ASSERT((dwSelect + (DWORD)uRandomIndex) < dwLength);

		WCHAR wchTemp = vBuffer[dwSelect];
		vBuffer[dwSelect] = vBuffer[dwSelect + (DWORD)uRandomIndex];
		vBuffer[dwSelect + (DWORD)uRandomIndex] = wchTemp;
	}

	ASSERT(wcslen(&vBuffer[0]) == dwLength);
}

LPCTSTR PwgErrorToString(PWG_ERROR uError)
{
	if(uError == PWGE_SUCCESS) return _T("Success");
	if(uError == PWGE_NULL_PTR) return _T("Internal error");
	if(uError == PWGE_UNKNOWN_GENERATOR) return _T("Internal error");
	if(uError == PWGE_TOO_FEW_CHARACTERS)
		return _T("There are too few characters in the character set to build up a password matching the specified rules");

	return _T("Unknown error");
}

/* std::basic_string<WCHAR> HexStrToWCharStr(LPCTSTR lpString)
{
	std::basic_string<WCHAR> str;

	ASSERT(lpString != NULL); if(lpString == NULL) return str;

	DWORD dwLength = _tcslen(lpString), i = 0;
	if((dwLength & 3) != 0) { ASSERT(FALSE); return str; }

	BYTE bt1, bt2;

	while(true)
	{
		TCHAR ch1 = lpString[i], ch2 = lpString[i + 1];
		TCHAR ch3 = lpString[i + 2], ch4 = lpString[i + 3];

		ConvertStrToHex(ch1, ch2, bt1);
		ConvertStrToHex(ch3, ch4, bt2);

		str += (WCHAR)((((WCHAR)bt1) << 8) | ((WCHAR)bt2));

		i += 4;
		if(lpString[i] == 0) break;
	}

	return str;
}

std::basic_string<TCHAR> WCharVecToHexStr(const std::vector<WCHAR>& vec)
{
	std::basic_string<TCHAR> strOut;
	TCHAR ch1, ch2;

	for(DWORD i = 0; i < vec.size(); ++i)
	{
		ConvertHexToStr((BYTE)(vec[i] >> 8), ch1, ch2);
		strOut += ch1;
		strOut += ch2;

		ConvertHexToStr((BYTE)(vec[i] & 0xFF), ch1, ch2);
		strOut += ch1;
		strOut += ch2;
	}

	return strOut;
} */

std::basic_string<TCHAR> PwgProfileToString(const PW_GEN_SETTINGS_EX* pSettings)
{
	std::basic_string<TCHAR> strEmpty;

	ASSERT(pSettings != NULL);
	if(pSettings == NULL) return strEmpty;

	std::vector<BYTE> s;

	s.push_back(PWGD_VERSION_BYTE);

	UTF8_BYTE *pbName = _StringToUTF8(pSettings->strName.c_str());
	UTF8_BYTE *pb = pbName;
	while(*pb != 0) { s.push_back(*pb); ++pb; }
	s.push_back(0);
	SAFE_DELETE_ARRAY(pbName);

	s.push_back(pSettings->btGeneratorType);
	s.push_back((pSettings->bCollectUserEntropy == TRUE) ? (BYTE)'U' : (BYTE)'N');
	s.push_back((BYTE)((pSettings->dwLength >> 24) & 0xFF));
	s.push_back((BYTE)((pSettings->dwLength >> 16) & 0xFF));
	s.push_back((BYTE)((pSettings->dwLength >> 8) & 0xFF));
	s.push_back((BYTE)(pSettings->dwLength & 0xFF));

	PwCharSet pcs(pSettings->strCharSet.c_str());
	USHORT usFlags = pcs.PackAndRemoveCharRanges();
	s.push_back((BYTE)((usFlags >> 8) & 0xFF));
	s.push_back((BYTE)(usFlags & 0xFF));

	std::basic_string<WCHAR> strRemChars = pcs.ToString();
	for(unsigned int uCS = 0; uCS < strRemChars.size(); ++uCS)
	{
		s.push_back((BYTE)(strRemChars[uCS] >> 8));
		s.push_back((BYTE)(strRemChars[uCS] & 0xFF));
	}
	s.push_back(0);
	s.push_back(0);

	for(unsigned int uPat = 0; uPat < pSettings->strPattern.size(); ++uPat)
	{
		s.push_back((BYTE)(pSettings->strPattern[uPat] >> 8));
		s.push_back((BYTE)(pSettings->strPattern[uPat] & 0xFF));
	}
	s.push_back(0);
	s.push_back(0);

	s.push_back((BYTE)((pSettings->bNoConfusing == TRUE) ? 'N' : 'A'));
	s.push_back((BYTE)((pSettings->bPatternPermute == TRUE) ? 'P' : 'N'));
	s.push_back((BYTE)((pSettings->bNoRepeat == TRUE) ? 'N' : 'R'));

	for(unsigned int uExc = 0; uExc < pSettings->strExcludeChars.size(); ++uExc)
	{
		s.push_back((BYTE)(pSettings->strExcludeChars[uExc] >> 8));
		s.push_back((BYTE)(pSettings->strExcludeChars[uExc] & 0xFF));
	}
	s.push_back(0);
	s.push_back(0);

	DWORD dwOutSize = static_cast<DWORD>(s.size() * 4 + 12);
	BYTE *pBase64 = new BYTE[dwOutSize];
	if(CBase64Codec::Encode(&s[0], (DWORD)s.size(), pBase64, &dwOutSize) == false)
	{
		ASSERT(FALSE);
		return strEmpty;
	}

#ifdef _UNICODE
	TCHAR *lpFinal = _StringToUnicode((char *)pBase64);
#else
	TCHAR *lpFinal = (TCHAR *)pBase64;
#endif

	std::basic_string<TCHAR> strFinal = lpFinal;

	SAFE_DELETE_ARRAY(pBase64);
#ifdef _UNICODE
	SAFE_DELETE_ARRAY(lpFinal);
#endif

	return strFinal;
}

void PwgStringToProfile(const std::basic_string<TCHAR>& strProfile,
	PW_GEN_SETTINGS_EX* s)
{
	ASSERT(s != NULL); if(s == NULL) return;

	PwgGetDefaultProfile(s);

#ifdef _UNICODE
	const char *lpEncoded = _StringToAnsi(strProfile.c_str());
	std::basic_string<char> strEncoded = lpEncoded;
	SAFE_DELETE_ARRAY(lpEncoded);
#else
	std::basic_string<char> strEncoded = strProfile.c_str();
#endif

	DWORD dwDecodedSize = static_cast<DWORD>(strProfile.size() + 130);

	scoped_array<BYTE> pDecoded(new BYTE[dwDecodedSize]);
	memset(pDecoded.get(), 0, dwDecodedSize);

	if(CBase64Codec::Decode((BYTE *)strEncoded.c_str(),
		static_cast<DWORD>(strEncoded.size()), pDecoded.get(),
		&dwDecodedSize) == false) { ASSERT(FALSE); return; }

	ASSERT(pDecoded.get()[0] <= PWGD_VERSION_BYTE);

	TCHAR* lpName = _UTF8ToString(&pDecoded.get()[1]);
	s->strName = lpName;

	BYTE *pb = (BYTE *)memchr(pDecoded.get(), 0, dwDecodedSize);
	if(pb == NULL) { ASSERT(FALSE); return; }

	++pb;
	s->btGeneratorType = *pb; ++pb;
	s->bCollectUserEntropy = ((*pb == (BYTE)'U') ? TRUE : FALSE); ++pb;

	s->dwLength = (static_cast<DWORD>(*pb) << 24); ++pb;
	s->dwLength |= (static_cast<DWORD>(*pb) << 16); ++pb;
	s->dwLength |= (static_cast<DWORD>(*pb) << 8); ++pb;
	s->dwLength |= static_cast<DWORD>(*pb); ++pb;

	USHORT usFlags = (USHORT)(*pb) << 8; ++pb;
	usFlags |= (USHORT)(*pb); ++pb;

	PwCharSet pcs;
	pcs.UnpackCharRanges(usFlags);

	while(true)
	{
		BYTE bt1 = *pb; ++pb;
		BYTE bt2 = *pb; ++pb;
		if((bt1 == 0) && (bt2 == 0)) break;
		pcs.Add(((WCHAR)bt1 << 8) | (WCHAR)bt2);
	}
	s->strCharSet = pcs.ToString();

	while(true)
	{
		BYTE bt1 = *pb; ++pb;
		BYTE bt2 = *pb; ++pb;
		if((bt1 == 0) && (bt2 == 0)) break;
		s->strPattern += (WCHAR)(((WCHAR)bt1 << 8) | (WCHAR)bt2);
	}

	ASSERT((*pb == (BYTE)'N') || (*pb == (BYTE)'A'));
	s->bNoConfusing = ((*pb == (BYTE)'N') ? TRUE : FALSE); ++pb;
	ASSERT((*pb == (BYTE)'P') || (*pb == (BYTE)'N') || (*pb == 0));
	s->bPatternPermute = ((*pb == (BYTE)'P') ? TRUE : FALSE); ++pb;
	ASSERT((*pb == (BYTE)'N') || (*pb == (BYTE)'R') || (*pb == 0));
	s->bNoRepeat = ((*pb == (BYTE)'N') ? TRUE : FALSE); ++pb;

	while(true)
	{
		BYTE bt1 = *pb; ++pb;
		BYTE bt2 = *pb; ++pb;
		if((bt1 == 0) && (bt2 == 0)) break;
		s->strExcludeChars += (WCHAR)(((WCHAR)bt1 << 8) | (WCHAR)bt2);
	}

	SAFE_DELETE_ARRAY(lpName);
}

void PwgGetDefaultProfile(PW_GEN_SETTINGS_EX* s)
{
	ASSERT(s != NULL); if(s == NULL) return;

	s->strName.clear();

	s->btGeneratorType = PWGT_CHARSET;
	s->bCollectUserEntropy = FALSE;

	s->dwLength = 20;

	PwCharSet pcs;
	pcs.Add(PDCS_UPPER_CASE, PDCS_LOWER_CASE, PDCS_NUMERIC);
	s->strCharSet = pcs.ToString();

	s->strPattern.clear();
	s->bPatternPermute = FALSE;

	s->bNoConfusing = FALSE;
	s->bNoRepeat = FALSE;

	s->strExcludeChars.clear();
}

BOOL PwgHasSecurityReducingOption(const PW_GEN_SETTINGS_EX* pSettings)
{
	ASSERT(pSettings != NULL); if(pSettings == NULL) return FALSE;

	if(pSettings->bNoConfusing != FALSE) return TRUE;
	if(pSettings->bNoRepeat != FALSE) return TRUE;
	if(pSettings->strExcludeChars.size() > 0) return TRUE;

	return FALSE;
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Dominik Reichl
Software Developer
Germany Germany
Dominik started programming in Omikron Basic, a programming language for the good old Atari ST. After this, there was some short period of QBasic programming on the PC, but soon he began learning C++, which is his favorite language up to now.
 
Today, his programming experience includes C / C++ / [Visual] C++ [MFC], C#/.NET, Java, JavaScript, PHP and HTML and the basics of pure assembler.
 
He is interested in almost everything that has to do with computing, his special interests are security and data compression.
 
You can find his latest freeware, open-source projects and all articles on his homepage: http://www.dominik-reichl.de/

| Advertise | Privacy | Mobile
Web04 | 2.8.140916.1 | Last Updated 6 Apr 2014
Article Copyright 2003 by Dominik Reichl
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid