Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-01-26 06:26:11 -05:00
Code Issues Packages Projects Releases Wiki Activity
keepassxc/src/core/HibpOffline.cpp

110 lines
3.1 KiB
C++
Raw Normal View History

CLI: add 'analyze' subcommand for offline HIBP breach checks This new subcommand checks all passwords in the given database against a given list of SHA-1 password hashes. Such lists are available from the "Have I Been Pwned" project at https://haveibeenpwned.com/Passwords. Note that this support offline checking only. The HIBP project also provides a web API for checking specific hash ranges; this is not currently supported.
2019-06-24 18:03:42 -04:00
/*
* Copyright (C) 2019 KeePassXC Team <team@keepassxc.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 2 or (at your option)
* version 3 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "HibpOffline.h"
#include <QCryptographicHash>
#include <QMultiHash>
#include "core/Database.h"
#include "core/Group.h"
namespace HibpOffline
{
const std::size_t SHA1_BYTES = 20;
enum class ParseResult
{
Ok,
Eof,
Error
};
ParseResult parseHibpLine(QIODevice& input, QByteArray& sha1, int& count)
{
QByteArray hexSha1(SHA1_BYTES * 2, '\0');
const qint64 rc = input.read(hexSha1.data(), hexSha1.size());
if (rc == 0) {
return ParseResult::Eof;
} else if (rc != hexSha1.size()) {
return ParseResult::Error;
}
sha1 = QByteArray::fromHex(hexSha1);
char c;
if (!input.getChar(&c) || c != ':') {
return ParseResult::Error;
}
count = 0;
while (true) {
if (!input.getChar(&c)) {
return ParseResult::Error;
}
if (c == '\n' || c == '\r') {
break;
}
if (!('0' <= c && c <= '9')) {
return ParseResult::Error;
}
count *= 10;
count += (c - '0');
}
while (1 == input.peek(&c, 1) && (c == '\n' || c == '\r')) {
input.getChar(&c);
}
return ParseResult::Ok;
}
bool
report(QSharedPointer<Database> db, QIODevice& hibpInput, QList<QPair<const Entry*, int>>& findings, QString* error)
{
QMultiHash<QByteArray, const Entry*> entriesBySha1;
for (const auto* entry : db->rootGroup()->entriesRecursive()) {
if (!entry->isRecycled()) {
const auto sha1 = QCryptographicHash::hash(entry->password().toUtf8(), QCryptographicHash::Sha1);
entriesBySha1.insert(sha1, entry);
}
}
QByteArray sha1;
for (quint64 lineNum = 1;; ++lineNum) {
int count = 0;
switch (parseHibpLine(hibpInput, sha1, count)) {
case ParseResult::Eof:
return true;
case ParseResult::Error:
*error = QObject::tr("HIBP file, line %1: parse error").arg(lineNum);
return false;
default:
break;
}
for (const auto* entry : entriesBySha1.values(sha1)) {
findings.append({entry, count});
}
}
}
} // namespace HibpOffline
Reference in New Issue Copy Permalink