Correctly set KDBX envelope version

Shows a warning when trying to open with a newer minor version than what is currently supported.

We always try to save with the lowest KDBX version possible for maximum compatibility.

4 files changed, 54 insertions, 9 deletions

diff --git a/src/gui/DatabaseOpenWidget.cpp b/src/gui/DatabaseOpenWidget.cpp
index 43e529551..f0d494b27 100644
--- a/src/gui/DatabaseOpenWidget.cpp
+++ b/src/gui/DatabaseOpenWidget.cpp
@@ -206,6 +206,26 @@ void DatabaseOpenWidget::openDatabase()
     QApplication::restoreOverrideCursor();
     m_ui->passwordFormFrame->setEnabled(true);
 
+    if (ok && m_db->hasMinorVersionMismatch()) {
+        QScopedPointer<QMessageBox> msgBox(new QMessageBox(this));
+        msgBox->setIcon(QMessageBox::Warning);
+        msgBox->setWindowTitle(tr("Database Version Mismatch"));
+        msgBox->setText(tr("The database you are trying to open was most likely\n"
+                           "created by a newer version of KeePassXC.\n\n"
+                           "You can try to open it anyway, but it may be incomplete\n"
+                           "and saving any changes may incur data loss.\n\n"
+                           "We recommend you update your KeePassXC installation."));
+        auto btn = msgBox->addButton(tr("Open database anyway"), QMessageBox::ButtonRole::AcceptRole);
+        msgBox->setDefaultButton(btn);
+        msgBox->addButton(QMessageBox::Cancel);
+        msgBox->exec();
+        if (msgBox->clickedButton() != btn) {
+            m_db.reset(new Database());
+            m_ui->messageWidget->showMessage(tr("Database unlock canceled."), MessageWidget::MessageType::Error);
+            return;
+        }
+    }
+
     if (ok) {
 #ifdef WITH_XC_TOUCHID
         QHash<QString, QVariant> useTouchID = config()->get(Config::UseTouchID).toHash();
diff --git a/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.cpp b/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.cpp
index 1a967b773..67f894e44 100644
--- a/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.cpp
+++ b/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.cpp
@@ -24,6 +24,7 @@
 #include "core/Metadata.h"
 #include "crypto/kdf/Argon2Kdf.h"
 #include "format/KeePass2.h"
+#include "format/KeePass2Writer.h"
 #include "gui/MessageBox.h"
 
 const char* DatabaseSettingsWidgetEncryption::CD_DECRYPTION_TIME_PREFERENCE_KEY = "KPXC_DECRYPTION_TIME_PREFERENCE";
@@ -36,12 +37,13 @@ DatabaseSettingsWidgetEncryption::DatabaseSettingsWidgetEncryption(QWidget* pare
 
     connect(m_ui->transformBenchmarkButton, SIGNAL(clicked()), SLOT(benchmarkTransformRounds()));
     connect(m_ui->kdfComboBox, SIGNAL(currentIndexChanged(int)), SLOT(changeKdf(int)));
+    m_ui->formatCannotBeChanged->setVisible(false);
 
     connect(m_ui->memorySpinBox, SIGNAL(valueChanged(int)), this, SLOT(memoryChanged(int)));
     connect(m_ui->parallelismSpinBox, SIGNAL(valueChanged(int)), this, SLOT(parallelismChanged(int)));
 
-    m_ui->compatibilitySelection->addItem(tr("KDBX 4.0 (recommended)"), KeePass2::KDF_ARGON2D.toByteArray());
-    m_ui->compatibilitySelection->addItem(tr("KDBX 3.1"), KeePass2::KDF_AES_KDBX3.toByteArray());
+    m_ui->compatibilitySelection->addItem(tr("KDBX 4 (recommended)"), KeePass2::KDF_ARGON2D.toByteArray());
+    m_ui->compatibilitySelection->addItem(tr("KDBX 3"), KeePass2::KDF_AES_KDBX3.toByteArray());
     m_ui->decryptionTimeSlider->setMinimum(Kdf::MIN_ENCRYPTION_TIME / 100);
     m_ui->decryptionTimeSlider->setMaximum(Kdf::MAX_ENCRYPTION_TIME / 100);
     m_ui->decryptionTimeSlider->setValue(Kdf::DEFAULT_ENCRYPTION_TIME / 100);
@@ -93,6 +95,7 @@ void DatabaseSettingsWidgetEncryption::initialize()
         m_db->setCipher(KeePass2::CIPHER_AES256);
         isDirty = true;
     }
+    bool kdbx3Enabled = KeePass2Writer::kdbxVersionRequired(m_db.data(), true, true) <= KeePass2::FILE_VERSION_3_1;
 
     // check if the DB's custom data has a decryption time setting stored
     // and set the slider to it, otherwise just state that the time is unchanged
@@ -115,9 +118,14 @@ void DatabaseSettingsWidgetEncryption::initialize()
 
     updateFormatCompatibility(m_db->kdf()->uuid() == KeePass2::KDF_AES_KDBX3 ? KDBX3 : KDBX4, isDirty);
     setupAlgorithmComboBox();
-    setupKdfComboBox();
+    setupKdfComboBox(kdbx3Enabled);
     loadKdfParameters();
 
+    if (!kdbx3Enabled) {
+        m_ui->compatibilitySelection->setEnabled(false);
+        m_ui->formatCannotBeChanged->setVisible(true);
+    }
+
     m_isDirty = isDirty;
 }
 
@@ -143,13 +151,15 @@ void DatabaseSettingsWidgetEncryption::setupAlgorithmComboBox()
     }
 }
 
-void DatabaseSettingsWidgetEncryption::setupKdfComboBox()
+void DatabaseSettingsWidgetEncryption::setupKdfComboBox(bool enableKdbx3)
 {
-    // Setup kdf combo box
+    // Set up kdf combo box
     bool block = m_ui->kdfComboBox->blockSignals(true);
     m_ui->kdfComboBox->clear();
     for (auto& kdf : asConst(KeePass2::KDFS)) {
-        m_ui->kdfComboBox->addItem(kdf.second.toUtf8(), kdf.first.toByteArray());
+        if (kdf.first != KeePass2::KDF_AES_KDBX3 or enableKdbx3) {
+            m_ui->kdfComboBox->addItem(kdf.second.toUtf8(), kdf.first.toByteArray());
+        }
     }
     m_ui->kdfComboBox->blockSignals(block);
 }
@@ -393,8 +403,8 @@ void DatabaseSettingsWidgetEncryption::updateFormatCompatibility(int index, bool
         m_ui->compatibilitySelection->blockSignals(block);
     }
 
+    QUuid kdfUuid(m_ui->compatibilitySelection->itemData(index).toByteArray());
     if (retransform) {
-        QUuid kdfUuid(m_ui->compatibilitySelection->itemData(index).toByteArray());
         auto kdf = KeePass2::uuidToKdf(kdfUuid);
         m_db->setKdf(kdf);
 
diff --git a/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.h b/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.h
index 2c7b5bac9..c3d7ccf74 100644
--- a/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.h
+++ b/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.h
@@ -61,7 +61,7 @@ private slots:
     void updateDecryptionTime(int value);
     void updateFormatCompatibility(int index, bool retransform = true);
     void setupAlgorithmComboBox();
-    void setupKdfComboBox();
+    void setupKdfComboBox(bool enableKdbx3);
     void loadKdfParameters();
     void updateKdfFields();
     void activateChangeDecryptionTime();
diff --git a/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.ui b/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.ui
index 97da37475..2b8598862 100644
--- a/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.ui
+++ b/src/gui/dbsettings/DatabaseSettingsWidgetEncryption.ui
@@ -183,6 +183,9 @@
        </item>
        <item>
         <layout class="QFormLayout" name="formLayout">
+         <property name="verticalSpacing">
+          <number>2</number>
+         </property>
          <item row="0" column="0">
           <widget class="QLabel" name="compatibilityLabel">
            <property name="text">
@@ -203,12 +206,24 @@
            </property>
           </widget>
          </item>
+         <item row="1" column="1">
+          <widget class="QLabel" name="formatCannotBeChanged">
+           <property name="font">
+            <font>
+             <italic>true</italic>
+            </font>
+           </property>
+           <property name="text">
+            <string>Format cannot be changed: Your database uses KDBX 4 features</string>
+           </property>
+          </widget>
+         </item>
         </layout>
        </item>
        <item>
         <widget class="QLabel" name="label">
          <property name="text">
-          <string>This is only important if you need to use your database with other programs.</string>
+          <string>Unless you need to open your database with other programs, always use the latest format.</string>
          </property>
         </widget>
        </item>