**Note:** on Windows make sure you are using a **MINGW shell** by checking the label before the current path -Navigate to the path you have downloaded KeePassXC and type these commands: +First, download the KeePassXC [source tarball](https://keepassxc.org/download#source) +or check out the latest version from our [Git repository](https://github.com/keepassxreboot/keepassxc). + +To clone the project from Git, `cd` to a suitable location and run + +```bash +git clone https://github.com/keepassxreboot/keepassxc.git +``` + +This will clone the entire contents of the repository and check out the current `develop` branch. + +To update the project from within the project's folder, you can run the following command: + +```bash +git pull +``` + +Navigate to the directory where you have downloaded KeePassXC and type these commands: ``` +cd directory-where-sources-live mkdir build cd build -cmake -DWITH_TESTS=OFF +cmake -DWITH_TESTS=OFF ...and other options - see below... make ``` +These steps place the compiled KeePassXC binary inside the `./build/src/` directory. +(Note the cmake notes/options below.) -**Note:** If you are on MacOS you must add this parameter to **Cmake**, with the Qt version you have installed
`-DCMAKE_PREFIX_PATH=/usr/local/Cellar/qt5/5.6.2/lib/cmake/` +**Cmake Notes:** -You will have the compiled KeePassXC binary inside the `./build/src/` directory. +* Common cmake parameters -Common cmake parameters -``` --DCMAKE_INSTALL_PREFIX=/usr/local --DCMAKE_VERBOSE_MAKEFILE=ON --DCMAKE_BUILD_TYPE=
`-DCMAKE_PREFIX_PATH=/usr/local/Cellar/qt5/5.6.2/lib/cmake/` + +:exclamation: When building with ASan support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (no LSan support in macOS). Installation ============ -To install this binary execute the following: +After you have successfully built KeePassXC, install the binary by executing the following: ```bash sudo make install diff --git a/README.md b/README.md index e379123c1..16f382b03 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,20 @@ -#
KeePassXC [](https://travis-ci.org/keepassxreboot/keepassxc) [](https://coveralls.io/github/keepassxreboot/keepassxc)
+# KeePassXC
+[](https://travis-ci.org/keepassxreboot/keepassxc) [](https://coveralls.io/github/keepassxreboot/keepassxc)
-KeePass Cross-platform Community Edition
-
-## About
-[KeePassXC](https://keepassxc.org) is a community fork of [KeePassX](https://www.keepassx.org/) with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager.
+## About KeePassXC
+[KeePassXC](https://keepassxc.org) is a cross-platform community fork of
+[KeePassX](https://www.keepassx.org/).
+Our goal is to extend and improve it with new features and bugfixes
+to provide a feature-rich, fully cross-platform and modern
+open-source password manager.
+## Installation
+The [KeePassXC QuickStart](./docs/QUICKSTART.md) gets you started using
+KeePassXC on your Windows, Mac, or Linux computer using pre-compiled binaries
+from the [downloads page](https://keepassxc.org/download).
+
+Additionally, individual Linux distributions may ship their own versions,
+so please check out your distribution's package list to see if KeePassXC is available.
## Additional features compared to KeePassX
- Auto-Type on all three major platforms (Linux, Windows, macOS)
@@ -19,67 +29,39 @@ KeePass Cross-platform Community Edition
- Using website favicons as entry icons
- Merging of databases
- Automatic reload when the database changed on disk
-- KeePassHTTP support for use with KeePassHTTP-Connector for [Mozilla Firefox](https://addons.mozilla.org/en-US/firefox/addon/keepasshttp-connector/) and [Google Chrome or Chromium](https://chrome.google.com/webstore/detail/keepasshttp-connector/dafgdjggglmmknipkhngniifhplpcldb), and [passafari](https://github.com/mmichaa/passafari.safariextension/) in Safari.
+- Browser integration with KeePassHTTP-Connector for
+[Mozilla Firefox](https://addons.mozilla.org/en-US/firefox/addon/keepasshttp-connector/) and
+[Google Chrome or Chromium](https://chrome.google.com/webstore/detail/keepasshttp-connector/dafgdjggglmmknipkhngniifhplpcldb), and
+[passafari](https://github.com/mmichaa/passafari.safariextension/) in Safari. [[See note about KeePassHTTP]](#Note_about_KeePassHTTP)
- Many bug fixes
For a full list of features and changes, read the [CHANGELOG](CHANGELOG) document.
-### Note about KeePassHTTP
-KeePassHTTP is not a highly secure protocol and has certain flaw which allow an attacker to decrypt your passwords when they manage to intercept communication between a KeePassHTTP server and PassIFox/chromeIPass over a network connection (see [here](https://github.com/pfn/keepasshttp/issues/258) and [here](https://github.com/keepassxreboot/keepassxc/issues/147)). KeePassXC therefore strictly limits communication between itself and the browser plugin to your local computer. As long as your computer is not compromised, your passwords are fairly safe that way, but use it at your own risk!
+## Building KeePassXC
-### Installation
-Pre-compiled binaries can be found on the [downloads page](https://keepassxc.org/download). Additionally, individual Linux distributions may ship their own versions, so please check out your distribution's package list to see if KeePassXC is available.
+Detailed instructions are available in the [Build and Install](./INSTALL.md)
+page or on the [Wiki page](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
-### Building KeePassXC
+## Contributing
-*More detailed instructions are available in the INSTALL file or on the [Wiki page](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).*
-
-First, you must download the KeePassXC [source tarball](https://keepassxc.org/download#source) or check out the latest version from our [Git repository](https://github.com/keepassxreboot/keepassxc).
-
-To clone the project from Git, `cd` to a suitable location and run
-
-```bash
-git clone https://github.com/keepassxreboot/keepassxc.git
-```
-
-This will clone the entire contents of the repository and check out the current `develop` branch.
-
-To update the project from within the project's folder, you can run the following command:
-
-```bash
-git pull
-```
-
-Once you have downloaded the source code, you can `cd` into the source code directory, build and install KeePassXC:
-
-```bash
-mkdir build
-cd build
-cmake -DWITH_TESTS=OFF ..
-make -j8
-sudo make install
-```
-
-cmake accepts the following options:
-
-```
- -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
- -DWITH_XC_HTTP=[ON|OFF] Enable/Disable KeePassHTTP and custom icon downloads (default: OFF)
- -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
-
- -DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
- -DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
- -DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
- -DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
- -DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
-```
-
-:exclamation: When building with ASan support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (no LSan support in macOS).
-
-### Contributing
-
-We are always looking for suggestions how to improve our application. If you find any bugs or have an idea for a new feature, please let us know by opening a report in our [issue tracker](https://github.com/keepassxreboot/keepassxc/issues) on GitHub or join us on IRC on freenode channels #keepassxc or #keepassxc-dev.
+We are always looking for suggestions how to improve our application.
+If you find any bugs or have an idea for a new feature, please let us know by
+opening a report in our [issue tracker](https://github.com/keepassxreboot/keepassxc/issues)
+on GitHub or join us on IRC on freenode channels #keepassxc or #keepassxc-dev.
You can of course also directly contribute your own code. We are happy to accept your pull requests.
Please read the [CONTRIBUTING document](.github/CONTRIBUTING.md) for further information.
+
+### Note about KeePassHTTP
+The KeePassHTTP protocol is not a highly secure protocol.
+It has a certain flaw which could allow an attacker to decrypt your passwords
+should they manage to impersonate the web browser extension from a remote address.
+
+(See [here](https://github.com/pfn/keepasshttp/issues/258) and [here](https://github.com/keepassxreboot/keepassxc/issues/147)).
+
+To minimize the risk, KeePassXC strictly limits communication between itself
+and the browser plugin to your local computer (localhost).
+This makes your passwords quite safe,
+but as with all open source software, use it at your own risk!
diff --git a/docs/KeePassXC-Accept-Button.png b/docs/KeePassXC-Accept-Button.png
new file mode 100644
index 000000000..de4b39261
Binary files /dev/null and b/docs/KeePassXC-Accept-Button.png differ
diff --git a/docs/KeePassXC-Confirm.png b/docs/KeePassXC-Confirm.png
new file mode 100644
index 000000000..989294a4e
Binary files /dev/null and b/docs/KeePassXC-Confirm.png differ
diff --git a/docs/KeePassXC-Connect.png b/docs/KeePassXC-Connect.png
new file mode 100644
index 000000000..55b0f3d49
Binary files /dev/null and b/docs/KeePassXC-Connect.png differ
diff --git a/docs/QUICKSTART.md b/docs/QUICKSTART.md
new file mode 100644
index 000000000..b4b2d38ca
--- /dev/null
+++ b/docs/QUICKSTART.md
@@ -0,0 +1,47 @@
+# Quick Start for KeePassXC
+
+This procedure gets KeePassXC running on your computer with browser integration,
+using the pre-built binaries available for [download](https://keepassxc.org/download)
+from [KeePassXC site](https://keepassxc.org).
+
+**TL;DR** KeePassXC saves your passwords securely.
+When you double-click a URL in KeePassXC, it launches your default browser to that URL.
+With browser integration configured, KeePassXC automatically enters
+username/password credentials into web page fields.
+
+## Installing and Starting KeePassXC
+
+* [Download the native installer](https://keepassxc.org/download) and install
+KeePassXC for your Windows, macOS, or Linux computer in the usual way for your platform.
+* Open the KeePassXC application.
+* Create a new database and give it a master key that's used to unlock the database file.
+This database holds entries (usernames, passwords, account numbers, notes)
+for all your websites, programs, etc.
+* Create a few entries - enter the username, password, URL, and optionally notes about the entry.
+* KeePassXC securely stores those entries in the database.
+
+
+## Setting up Browser Integration with KeePassXC
+
+* *Within KeePassXC*, go to **Tools->Settings** (on macOS, go to **KeePassXC->Preferences**.)
+* In **Browser Integration**, check **Enable KeePassHTTP server**
+Leave the other options at their defaults.
+* *In your default web browser,* install the KeePassHTTP-Connector extension/add-on. Instructions for [Firefox](https://addons.mozilla.org/en-US/firefox/addon/keepasshttp-connector/?src=api) or [Chrome](https://chrome.google.com/webstore/detail/keepasshttp-connector/dafgdjggglmmknipkhngniifhplpcldb?utm_source=chrome-app-launcher-info-dialog)
+* Click the KeePassXC icon in the upper-right corner. You'll see the dialog below.
+* Click the blue Connect button to make the browser extension connect to the KeePassXC application.
+
+
+* *Switch back to KeePassXC.* You'll see a dialog (below) indicating that a request to connect has arrived.
+* Give the connection a name (perhaps *Keepass-Browsername*, any unique name will suffice) and click OK to accept it.
+* This one-time operation connects KeePassXC and your browser.
+
+
+## Using Browser Integration
+
+* *Within KeePassXC,* double-click the URL of an entry,
+or select it and type Ctrl+U (Cmd+U on macOS).
+* Your browser opens to that URL.
+* If there are username/password fields on that page, you will see the dialog below.
+Click *Allow* to confirm that KeePassXC may access the credentials to auto-fill the fields.
+* Check *Remember this decision* to allow this each time you visit the page.
+
diff --git a/release-tool b/release-tool
index 8ad547468..a3813fd93 100755
--- a/release-tool
+++ b/release-tool
@@ -50,14 +50,14 @@ printUsage() {
local cmd
if [ "" == "$1" ] || [ "help" == "$1" ]; then
cmd="COMMAND"
- elif [ "check" == "$1" ] || [ "merge" == "$1" ] || [ "build" == "$1" ] || [ "sign" == "$1" ]; then
+ elif [ "check" == "$1" ] || [ "merge" == "$1" ] || [ "build" == "$1" ] || [ "gpgsign" == "$1" ] || [ "appsign" == "$1" ]; then
cmd="$1"
else
logError "Unknown command: '$1'\n"
cmd="COMMAND"
fi
-
- printf "\e[1mUsage:\e[0m $(basename $0) $cmd [--version x.y.z] [options]\n"
+
+ printf "\e[1mUsage:\e[0m $(basename $0) $cmd [options]\n"
if [ "COMMAND" == "$cmd" ]; then
cat << EOF
@@ -66,7 +66,8 @@ Commands:
check Perform a dry-run check, nothing is changed
merge Merge release branch into main branch and create release tags
build Build and package binary release from sources
- sign Sign previously compiled release packages
+ gpgsign Sign previously compiled release packages with GPG
+ appsign Sign binaries with code signing certificates on Windows and macOS
help Show help for the given command
EOF
elif [ "merge" == "$cmd" ]; then
@@ -113,16 +114,25 @@ Options:
-n, --no-source-tarball Don't build source tarball
-h, --help Show this help
EOF
- elif [ "sign" == "$cmd" ]; then
+ elif [ "gpgsign" == "$cmd" ]; then
cat << EOF
-Sign previously compiled release packages
+Sign previously compiled release packages with GPG
Options:
-f, --files Files to sign (required)
-g, --gpg-key GPG key used to sign the files (default: '${GPG_KEY}')
- --signtool Specify the signtool executable (default: 'signtool')
- --signtool-key Provide a key to be used with signtool (for Windows EXE)
+ -h, --help Show this help
+EOF
+ elif [ "appsign" == "$cmd" ]; then
+ cat << EOF
+
+Sign binaries with code signing certificates on Windows and macOS
+
+Options:
+ -f, --files Files to sign (required)
+ -k, --signtool-key Key to be used with signtool (required for Windows EXE)
+ -i, --identity Apple Developer ID to be used with codesign (required for macOS APP and DMG)
-h, --help Show this help
EOF
fi
@@ -264,13 +274,13 @@ checkChangeLog() {
}
checkAppStreamInfo() {
- if [ ! -f share/linux/org.keepassxc.appdata.xml ]; then
+ if [ ! -f share/linux/org.keepassxc.KeePassXC.appdata.xml ]; then
exitError "No AppStream info file found!"
fi
- grep -qPzo "KeePassXC is an application for people with extremely high demands on secure @@ -19,56 +18,53 @@
-
+
- Prevent database corruption when locked [#1219] +
- Fixes apply button not saving new entries [#1141] +
- Switch to Consolas font on Windows for password edit [#1229] +
- Multiple fixes to AppImage deployment [#1115, #1228] +
- Fixes multiple memory leaks [#1213] +
- Resize message close to 16x16 pixels [#1253] +
Changes included in this release:
- Fixed entries with empty URLs being reported to KeePassHTTP clients [#1031]
- Fixed YubiKey detection and enabled CLI tool for AppImage binary [#1100] @@ -85,8 +81,10 @@
- Fixed screen lock and Google fallback settings [#1029]
Changes included in this release:
- Corrected multiple snap issues [#934, #1011]
- Corrected multiple custom icon issues [#708, #719, #994] @@ -103,6 +101,7 @@
Changes included in this release:
- Added YubiKey 2FA integration for unlocking databases [#127]
- Added TOTP support [#519] @@ -138,6 +137,7 @@
Changes included in this release:
- Bumped KeePassHTTP version to 1.8.4.2
- KeePassHTTP confirmation window comes to foreground [#466] @@ -146,6 +146,7 @@
Changes included in this release:
- Fix possible overflow in zxcvbn library [#363]
- Revert HiDPI setting to avoid problems on laptop screens [#332] @@ -160,6 +161,7 @@
Changes included in this release:
- Ask for save location when creating a new database [#302]
- Remove Libmicrohttpd dependency to clean up the code and ensure better OS X compatibility [#317, #265] @@ -177,6 +179,7 @@
Changes included in this release:
- Enabled HTTP plugin build; plugin is disabled by default and limited to localhost [#147]
- Escape HTML in dialog boxes [#247] @@ -189,6 +192,7 @@
Changes included in this release:
- Show unlock dialog when using autotype on a closed database [#10, #89]
- Show different tray icon when database is locked [#37, #46] diff --git a/share/linux/org.keepassxc.desktop b/share/linux/org.keepassxc.KeePassXC.desktop similarity index 94% rename from share/linux/org.keepassxc.desktop rename to share/linux/org.keepassxc.KeePassXC.desktop index d3b007bdc..8a0169800 100644 --- a/share/linux/org.keepassxc.desktop +++ b/share/linux/org.keepassxc.KeePassXC.desktop @@ -9,6 +9,7 @@ Comment=Community-driven port of the Windows application “KeePass Password Saf Exec=keepassxc %f TryExec=keepassxc Icon=keepassxc +StartupWMClass=keepassxc Terminal=false Type=Application Version=1.0 diff --git a/share/translations/keepassx_ca.ts b/share/translations/keepassx_ca.ts new file mode 100644 index 000000000..8d837c563 --- /dev/null +++ b/share/translations/keepassx_ca.ts @@ -0,0 +1,2395 @@ +
-
@@ -36,12 +24,6 @@ 0 -- - -20 -16777215 -- Generate TOTP Token +Close @@ -166,85 +148,19 @@ - - - -0 -0 -0 - + + - +
+ ++ +Qt::LinksAccessibleByMouse|Qt::TextSelectableByMouse +- -
-- - -
-- -- -- -0 -0 -- -PointingHandCursor -- -- - -
-- -- -- -0 -0 -- - -75 -true - -- -Expiration -- -Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter -- -
-- -- -- -0 -0 -- - -9 -75 -true - -- -URL -- -Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter -- -
-- @@ -267,6 +183,102 @@ - +
++ ++ +Qt::Horizontal ++ +QSizePolicy::Fixed ++ ++ +20 +20 +- +
++ - +
++ ++ +Qt::Vertical ++ ++ +20 +0 +- +
++ ++ ++ +0 +0 ++ + +9 +75 +true + ++ +URL ++ +Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter +- +
++ ++ ++ +0 +0 ++ +PointingHandCursor ++ ++ - +
++ ++ ++ +0 +0 ++ + +75 +true + ++ +Expiration ++ +Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter +- +
++ @@ -291,41 +303,11 @@ - -
-- -- -Qt::LinksAccessibleByMouse|Qt::TextSelectableByMouse -- -
- -- -Qt::Vertical -- -- -20 -40 -- - - -
-- -- -- -0 -0 -- +
+ @@ -347,7 +329,30 @@ - +
- +
++ ++ ++ +0 +0 +- +
++ ++ +Qt::Vertical ++ ++ +20 +0 +@@ -357,7 +362,7 @@ - +
@@ -379,7 +384,7 @@ - +
@@ -389,7 +394,7 @@ - +
@@ -411,15 +416,18 @@ - -
+ - +
- +Qt::Vertical +Qt::Horizontal ++ QSizePolicy::Fixed 20 -40 +20 Attributes - - +
+ - - -- -0 -1 -- -- -0 -80 -- - -16777215 -80 -Qt::ClickFocus Notes - - +
+ - - -- -0 -1 -- -- -0 -80 -- - -16777215 -80 -Qt::ClickFocus Autotype - - +
+ QFrame::Sunken diff --git a/src/gui/FileDialog.cpp b/src/gui/FileDialog.cpp index e293db2ba..9f3caf6da 100644 --- a/src/gui/FileDialog.cpp +++ b/src/gui/FileDialog.cpp @@ -27,7 +27,7 @@ QString FileDialog::getOpenFileName(QWidget* parent, const QString& caption, QSt { if (!m_nextFileName.isEmpty()) { QString result = m_nextFileName; - m_nextFileName = ""; + m_nextFileName.clear(); return result; } else { @@ -43,11 +43,37 @@ QString FileDialog::getOpenFileName(QWidget* parent, const QString& caption, QSt parent->activateWindow(); } - if (!result.isEmpty()) { - config()->set("LastDir", QFileInfo(result).absolutePath()); + saveLastDir(result); + return result; + } +} + +QStringList FileDialog::getOpenFileNames(QWidget *parent, const QString &caption, QString dir, + const QString &filter, QString *selectedFilter, + QFileDialog::Options options) +{ + if (!m_nextFileNames.isEmpty()) { + QStringList results = m_nextFileNames; + m_nextFileNames.clear(); + return results; + } + else { + if (dir.isEmpty()) { + dir = config()->get("LastDir").toString(); } - return result; + QStringList results = QFileDialog::getOpenFileNames(parent, caption, dir, filter, + selectedFilter, options); + + // on Mac OS X the focus is lost after closing the native dialog + if (parent) { + parent->activateWindow(); + } + + if (!results.isEmpty()) { + saveLastDir(results[0]); + } + return results; } } @@ -57,7 +83,7 @@ QString FileDialog::getSaveFileName(QWidget* parent, const QString& caption, QSt { if (!m_nextFileName.isEmpty()) { QString result = m_nextFileName; - m_nextFileName = ""; + m_nextFileName.clear(); return result; } else { @@ -95,11 +121,33 @@ QString FileDialog::getSaveFileName(QWidget* parent, const QString& caption, QSt parent->activateWindow(); } - if (!result.isEmpty()) { - config()->set("LastDir", QFileInfo(result).absolutePath()); + saveLastDir(result); + return result; + } +} + +QString FileDialog::getExistingDirectory(QWidget *parent, const QString &caption, QString dir, + QFileDialog::Options options) +{ + if (!m_nextDirName.isEmpty()) { + QString result = m_nextDirName; + m_nextDirName.clear(); + return result; + } + else { + if (dir.isEmpty()) { + dir = config()->get("LastDir").toString(); } - return result; + dir = QFileDialog::getExistingDirectory(parent, caption, dir, options); + + // on Mac OS X the focus is lost after closing the native dialog + if (parent) { + parent->activateWindow(); + } + + saveLastDir(dir); + return dir; } } @@ -108,10 +156,33 @@ void FileDialog::setNextFileName(const QString& fileName) m_nextFileName = fileName; } +void FileDialog::setNextFileNames(const QStringList &fileNames) +{ + m_nextFileNames = fileNames; +} + +void FileDialog::setNextDirName(const QString &dirName) +{ + m_nextDirName = dirName; +} + +void FileDialog::setNextForgetDialog() +{ + m_forgetLastDir = true; +} + FileDialog::FileDialog() { } +void FileDialog::saveLastDir(QString dir) { + if (!dir.isEmpty() && !m_forgetLastDir) { + config()->set("LastDir", QFileInfo(dir).absolutePath()); + } + + m_forgetLastDir = false; +} + FileDialog* FileDialog::instance() { if (!m_instance) { diff --git a/src/gui/FileDialog.h b/src/gui/FileDialog.h index 9f8fbb547..9a57a9218 100644 --- a/src/gui/FileDialog.h +++ b/src/gui/FileDialog.h @@ -26,22 +26,35 @@ public: QString getOpenFileName(QWidget* parent = nullptr, const QString& caption = QString(), QString dir = QString(), const QString& filter = QString(), QString* selectedFilter = nullptr, QFileDialog::Options options = 0); + QStringList getOpenFileNames(QWidget* parent = nullptr, const QString& caption = QString(), + QString dir = QString(), const QString& filter = QString(), + QString* selectedFilter = nullptr, QFileDialog::Options options = 0); QString getSaveFileName(QWidget* parent = nullptr, const QString& caption = QString(), QString dir = QString(), const QString& filter = QString(), QString* selectedFilter = nullptr, QFileDialog::Options options = 0, const QString& defaultExtension = QString()); + QString getExistingDirectory(QWidget* parent = nullptr, const QString& caption = QString(), + QString dir = QString(), QFileDialog::Options options = QFileDialog::ShowDirsOnly); + void setNextForgetDialog(); /** * Sets the result of the next get* method call. * Use only for testing. */ void setNextFileName(const QString& fileName); + void setNextFileNames(const QStringList& fileNames); + void setNextDirName(const QString& dirName); static FileDialog* instance(); private: FileDialog(); QString m_nextFileName; + QStringList m_nextFileNames; + QString m_nextDirName; + bool m_forgetLastDir = false; + + void saveLastDir(QString); static FileDialog* m_instance; diff --git a/src/gui/Font.cpp b/src/gui/Font.cpp new file mode 100644 index 000000000..3583622dd --- /dev/null +++ b/src/gui/Font.cpp @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2017 KeePassXC Team+ +QFont Font::fixedFont() +{ + QFont fixedFont = QFontDatabase::systemFont(QFontDatabase::FixedFont); + +#ifdef Q_OS_WIN + // try to use Consolas on Windows, because the default Courier New has too many similar characters + QFont consolasFont = QFontDatabase().font("Consolas", fixedFont.styleName(), fixedFont.pointSize()); + const QFont defaultFont; + if (fixedFont != defaultFont) { + fixedFont = consolasFont; + } +#endif + + return fixedFont; +} diff --git a/src/gui/Font.h b/src/gui/Font.h new file mode 100644 index 000000000..bfc3d7d36 --- /dev/null +++ b/src/gui/Font.h @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2017 KeePassXC Team + +class Font +{ +public: + static QFont fixedFont(); +private: + Font() {} +}; + +#endif // KEEPASSX_FONT_H diff --git a/src/gui/MainWindow.cpp b/src/gui/MainWindow.cpp index c82ea1751..fa16adb80 100644 --- a/src/gui/MainWindow.cpp +++ b/src/gui/MainWindow.cpp @@ -49,6 +49,11 @@ #include "http/OptionDialog.h" #endif +#ifdef WITH_XC_SSHAGENT +#include "sshagent/AgentSettingsPage.h" +#include "sshagent/SSHAgent.h" +#endif + #include "gui/SettingsWidget.h" #include "gui/PasswordGeneratorWidget.h" @@ -109,6 +114,8 @@ MainWindow::MainWindow() { m_ui->setupUi(this); + m_ui->toolBar->setContextMenuPolicy(Qt::PreventContextMenu); + // Setup the search widget in the toolbar SearchWidget *search = new SearchWidget(); search->connectSignals(m_actionMultiplexer); @@ -121,6 +128,10 @@ MainWindow::MainWindow() #ifdef WITH_XC_HTTP m_ui->settingsWidget->addSettingsPage(new HttpPlugin(m_ui->tabWidget)); #endif + #ifdef WITH_XC_SSHAGENT + SSHAgent::init(this); + m_ui->settingsWidget->addSettingsPage(new AgentSettingsPage(m_ui->tabWidget)); + #endif setWindowIcon(filePath()->applicationIcon()); m_ui->globalMessageWidget->setHidden(true); @@ -727,7 +738,9 @@ void MainWindow::changeEvent(QEvent* event) void MainWindow::saveWindowInformation() { - config()->set("GUI/MainWindowGeometry", saveGeometry()); + if (isVisible()) { + config()->set("GUI/MainWindowGeometry", saveGeometry()); + } } bool MainWindow::saveLastDatabases() @@ -811,11 +824,6 @@ void MainWindow::showGroupContextMenu(const QPoint& globalPos) m_ui->menuGroups->popup(globalPos); } -void MainWindow::saveToolbarState(bool value) -{ - config()->set("ShowToolbar", value); -} - void MainWindow::setShortcut(QAction* action, QKeySequence::StandardKey standard, int fallback) { if (!QKeySequence::keyBindings(standard).isEmpty()) { @@ -858,6 +866,7 @@ void MainWindow::trayIconTriggered(QSystemTrayIcon::ActivationReason reason) void MainWindow::hideWindow() { + saveWindowInformation(); #ifndef Q_OS_MAC setWindowState(windowState() | Qt::WindowMinimized); #endif diff --git a/src/gui/MainWindow.h b/src/gui/MainWindow.h index ea17107ad..ade339c56 100644 --- a/src/gui/MainWindow.h +++ b/src/gui/MainWindow.h @@ -87,7 +87,6 @@ private slots: void updateCopyAttributesMenu(); void showEntryContextMenu(const QPoint& globalPos); void showGroupContextMenu(const QPoint& globalPos); - void saveToolbarState(bool value); void rememberOpenDatabases(const QString& filePath); void applySettingsChanges(); void trayIconTriggered(QSystemTrayIcon::ActivationReason reason); diff --git a/src/gui/MainWindow.ui b/src/gui/MainWindow.ui index 6824904ab..d0cded220 100644 --- a/src/gui/MainWindow.ui +++ b/src/gui/MainWindow.ui @@ -557,7 +557,7 @@ - Empty recycle bin +E&mpty recycle bin false diff --git a/src/gui/PasswordEdit.cpp b/src/gui/PasswordEdit.cpp index 54b0ca288..b084f9cf0 100644 --- a/src/gui/PasswordEdit.cpp +++ b/src/gui/PasswordEdit.cpp @@ -19,8 +19,7 @@ #include "PasswordEdit.h" #include "core/Config.h" - -#include+#include "gui/Font.h" const QColor PasswordEdit::CorrectSoFarColor = QColor(255, 205, 15); const QColor PasswordEdit::ErrorColor = QColor(255, 125, 125); @@ -31,9 +30,9 @@ PasswordEdit::PasswordEdit(QWidget* parent) { setEchoMode(QLineEdit::Password); updateStylesheet(); - - // set font to system monospace font and increase letter spacing - QFont passwordFont = QFontDatabase::systemFont(QFontDatabase::FixedFont); + + // use a monospace font for the password field + QFont passwordFont = Font::fixedFont(); passwordFont.setLetterSpacing(QFont::PercentageSpacing, 110); setFont(passwordFont); } diff --git a/src/gui/PasswordGeneratorWidget.cpp b/src/gui/PasswordGeneratorWidget.cpp index d77634415..70375a048 100644 --- a/src/gui/PasswordGeneratorWidget.cpp +++ b/src/gui/PasswordGeneratorWidget.cpp @@ -21,6 +21,7 @@ #include #include +#include #include "core/Config.h" #include "core/PasswordGenerator.h" @@ -149,6 +150,19 @@ void PasswordGeneratorWidget::setStandaloneMode(bool standalone) } } +void PasswordGeneratorWidget::keyPressEvent(QKeyEvent* e) +{ + if (!e->modifiers() || (e->modifiers() & Qt::KeypadModifier && e->key() == Qt::Key_Enter)) { + if (e->key() == Qt::Key_Escape && m_standalone == true) { + emit dialogTerminated(); + } else { + e->ignore(); + } + } else { + e->ignore(); + } +} + void PasswordGeneratorWidget::regeneratePassword() { if (m_ui->tabWidget->currentIndex() == Password) { diff --git a/src/gui/PasswordGeneratorWidget.h b/src/gui/PasswordGeneratorWidget.h index 130106461..3d6d27a55 100644 --- a/src/gui/PasswordGeneratorWidget.h +++ b/src/gui/PasswordGeneratorWidget.h @@ -81,6 +81,9 @@ private: const QScopedPointer m_passwordGenerator; const QScopedPointer m_dicewareGenerator; const QScopedPointer Extended ASCII - Extended ASCII +Extended ASCII true diff --git a/src/gui/SettingsWidget.cpp b/src/gui/SettingsWidget.cpp index a8b0e9424..4ba81c6f7 100644 --- a/src/gui/SettingsWidget.cpp +++ b/src/gui/SettingsWidget.cpp @@ -241,6 +241,7 @@ void SettingsWidget::saveSettings() if (!config()->get("RememberLastKeyFiles").toBool()) { config()->set("LastKeyFiles", QVariant()); + config()->set("LastDir", ""); } for (const ExtraPage& page: asConst(m_extraPages)) { diff --git a/src/gui/SetupTotpDialog.cpp b/src/gui/SetupTotpDialog.cpp index 5521773bd..52d63f0ef 100644 --- a/src/gui/SetupTotpDialog.cpp +++ b/src/gui/SetupTotpDialog.cpp @@ -35,7 +35,9 @@ SetupTotpDialog::SetupTotpDialog(DatabaseWidget* parent, Entry* entry) connect(m_ui->buttonBox, SIGNAL(rejected()), SLOT(close())); connect(m_ui->buttonBox, SIGNAL(accepted()), SLOT(setupTotp())); - connect(m_ui->customSettingsCheckBox, SIGNAL(toggled(bool)), SLOT(toggleCustom(bool))); + connect(m_ui->radioDefault, SIGNAL(toggled(bool)), SLOT(toggleDefault(bool))); + connect(m_ui->radioSteam, SIGNAL(toggled(bool)), SLOT(toggleSteam(bool))); + connect(m_ui->radioCustom, SIGNAL(toggled(bool)), SLOT(toggleCustom(bool))); } @@ -43,19 +45,37 @@ void SetupTotpDialog::setupTotp() { quint8 digits; - if (m_ui->radio8Digits->isChecked()) { + if (m_ui->radioSteam->isChecked()) { + digits = Totp::ENCODER_STEAM; + } else if (m_ui->radio8Digits->isChecked()) { digits = 8; } else { digits = 6; } quint8 step = m_ui->stepSpinBox->value(); - QString seed = QTotp::parseOtpString(m_ui->seedEdit->text(), digits, step); + QString seed = Totp::parseOtpString(m_ui->seedEdit->text(), digits, step); m_entry->setTotp(seed, step, digits); emit m_parent->entrySelectionChanged(); close(); } +void SetupTotpDialog::toggleDefault(bool status) +{ + if (status) { + setStep(Totp::defaultStep); + setDigits(Totp::defaultDigits); + } +} + +void SetupTotpDialog::toggleSteam(bool status) +{ + if (status) { + setStep(Totp::defaultStep); + setDigits(Totp::ENCODER_STEAM); + } +} + void SetupTotpDialog::toggleCustom(bool status) { m_ui->digitsLabel->setEnabled(status); @@ -72,13 +92,25 @@ void SetupTotpDialog::setSeed(QString value) m_ui->seedEdit->setText(value); } +void SetupTotpDialog::setSettings(quint8 digits) { + quint8 step = m_ui->stepSpinBox->value(); + + bool isDefault = ((step == Totp::defaultStep) && + (digits == Totp::defaultDigits)); + bool isSteam = (digits == Totp::ENCODER_STEAM); + + if (isSteam) { + m_ui->radioSteam->setChecked(true); + } else if (isDefault) { + m_ui->radioDefault->setChecked(true); + } else { + m_ui->radioCustom->setChecked(true); + } +} + void SetupTotpDialog::setStep(quint8 step) { m_ui->stepSpinBox->setValue(step); - - if (step != QTotp::defaultStep) { - m_ui->customSettingsCheckBox->setChecked(true); - } } void SetupTotpDialog::setDigits(quint8 digits) @@ -90,13 +122,8 @@ void SetupTotpDialog::setDigits(quint8 digits) m_ui->radio6Digits->setChecked(true); m_ui->radio8Digits->setChecked(false); } - - if (digits != QTotp::defaultDigits) { - m_ui->customSettingsCheckBox->setChecked(true); - } } - SetupTotpDialog::~SetupTotpDialog() { } diff --git a/src/gui/SetupTotpDialog.h b/src/gui/SetupTotpDialog.h index 243a05f9f..9e90e9686 100644 --- a/src/gui/SetupTotpDialog.h +++ b/src/gui/SetupTotpDialog.h @@ -39,8 +39,11 @@ public: void setSeed(QString value); void setStep(quint8 step); void setDigits(quint8 digits); + void setSettings(quint8 digits); private Q_SLOTS: + void toggleDefault(bool status); + void toggleSteam(bool status); void toggleCustom(bool status); void setupTotp(); diff --git a/src/gui/SetupTotpDialog.ui b/src/gui/SetupTotpDialog.ui index a6d806287..c3a83e21d 100644 --- a/src/gui/SetupTotpDialog.ui +++ b/src/gui/SetupTotpDialog.ui @@ -7,7 +7,7 @@0 0 282 -257 +364 @@ -29,11 +29,38 @@ - -
- +- -Use custom settings -+ - +
++ ++ +Default RFC 6238 token settings ++ +settingsButtonGroup +- +
++ ++ +Steam token settings ++ +settingsButtonGroup +- +
++ ++ +Use custom settings ++ +settingsButtonGroup +@@ -134,4 +161,7 @@ + + diff --git a/src/gui/TotpDialog.cpp b/src/gui/TotpDialog.cpp index 17cc1120f..474acf773 100644 --- a/src/gui/TotpDialog.cpp +++ b/src/gui/TotpDialog.cpp @@ -87,8 +87,8 @@ void TotpDialog::updateSeconds() void TotpDialog::updateTotp() { QString totpCode = m_entry->totp(); - QString firstHalf = totpCode.left(totpCode.size()/2); - QString secondHalf = totpCode.right(totpCode.size()/2); + QString firstHalf = totpCode.left(totpCode.size() / 2); + QString secondHalf = totpCode.mid(totpCode.size() / 2); m_ui->totpLabel->setText(firstHalf + " " + secondHalf); } diff --git a/src/gui/csvImport/CsvImportWizard.cpp b/src/gui/csvImport/CsvImportWizard.cpp index eb4b21236..e9a8f4984 100644 --- a/src/gui/csvImport/CsvImportWizard.cpp +++ b/src/gui/csvImport/CsvImportWizard.cpp @@ -28,19 +28,9 @@ CsvImportWizard::CsvImportWizard(QWidget *parent) : DialogyWidget(parent) { m_layout = new QGridLayout(this); - m_pages = new QStackedWidget(parent); - m_layout->addWidget(m_pages, 0, 0); + m_layout->addWidget(m_parse = new CsvImportWidget(this), 0, 0); - m_pages->addWidget(key = new ChangeMasterKeyWidget(m_pages)); - m_pages->addWidget(parse = new CsvImportWidget(m_pages)); - key->headlineLabel()->setText(tr("Import CSV file")); - QFont headLineFont = key->headlineLabel()->font(); - headLineFont.setBold(true); - headLineFont.setPointSize(headLineFont.pointSize() + 2); - key->headlineLabel()->setFont(headLineFont); - - connect(key, SIGNAL(editFinished(bool)), this, SLOT(keyFinished(bool))); - connect(parse, SIGNAL(editFinished(bool)), this, SLOT(parseFinished(bool))); + connect(m_parse, SIGNAL(editFinished(bool)), this, SLOT(parseFinished(bool))); } CsvImportWizard::~CsvImportWizard() @@ -49,21 +39,18 @@ CsvImportWizard::~CsvImportWizard() void CsvImportWizard::load(const QString& filename, Database* database) { m_db = database; - parse->load(filename, database); - key->clearForms(); + m_parse->load(filename, database); } -void CsvImportWizard::keyFinished(bool accepted) +void CsvImportWizard::keyFinished(bool accepted, CompositeKey key) { if (!accepted) { emit importFinished(false); return; } - m_pages->setCurrentIndex(m_pages->currentIndex()+1); - QApplication::setOverrideCursor(QCursor(Qt::WaitCursor)); - bool result = m_db->setKey(key->newMasterKey()); + bool result = m_db->setKey(key); QApplication::restoreOverrideCursor(); if (!result) { diff --git a/src/gui/csvImport/CsvImportWizard.h b/src/gui/csvImport/CsvImportWizard.h index 317018d99..b6414c0c9 100644 --- a/src/gui/csvImport/CsvImportWizard.h +++ b/src/gui/csvImport/CsvImportWizard.h @@ -38,19 +38,17 @@ public: explicit CsvImportWizard(QWidget *parent = nullptr); ~CsvImportWizard(); void load(const QString& filename, Database *database); + void keyFinished(bool accepted, CompositeKey key); signals: void importFinished(bool accepted); private slots: - void keyFinished(bool accepted); void parseFinished(bool accepted); private: Database* m_db; - CsvImportWidget* parse; - ChangeMasterKeyWidget* key; - QStackedWidget *m_pages; + CsvImportWidget* m_parse; QGridLayout *m_layout; }; diff --git a/src/gui/entry/EditEntryWidget.cpp b/src/gui/entry/EditEntryWidget.cpp index 8457c5af3..db35b2f8f 100644 --- a/src/gui/entry/EditEntryWidget.cpp +++ b/src/gui/entry/EditEntryWidget.cpp @@ -19,6 +19,7 @@ #include "EditEntryWidget.h" #include "ui_EditEntryWidgetAdvanced.h" #include "ui_EditEntryWidgetAutoType.h" +#include "ui_EditEntryWidgetSSHAgent.h" #include "ui_EditEntryWidgetHistory.h" #include "ui_EditEntryWidgetMain.h" @@ -36,10 +37,17 @@ #include "core/Metadata.h" #include "core/TimeDelta.h" #include "core/Tools.h" +#ifdef WITH_XC_SSHAGENT +#include "sshagent/KeeAgentSettings.h" +#include "sshagent/OpenSSHKey.h" +#include "sshagent/SSHAgent.h" +#endif #include "gui/EditWidgetIcons.h" #include "gui/EditWidgetProperties.h" #include "gui/FileDialog.h" #include "gui/MessageBox.h" +#include "gui/Clipboard.h" +#include "gui/Font.h" #include "gui/entry/AutoTypeAssociationsModel.h" #include "gui/entry/EntryAttachmentsModel.h" #include "gui/entry/EntryAttributesModel.h" @@ -51,11 +59,13 @@ EditEntryWidget::EditEntryWidget(QWidget* parent) , m_mainUi(new Ui::EditEntryWidgetMain()) , m_advancedUi(new Ui::EditEntryWidgetAdvanced()) , m_autoTypeUi(new Ui::EditEntryWidgetAutoType()) + , m_sshAgentUi(new Ui::EditEntryWidgetSSHAgent()) , m_historyUi(new Ui::EditEntryWidgetHistory()) , m_mainWidget(new QWidget()) , m_advancedWidget(new QWidget()) , m_iconsWidget(new EditWidgetIcons()) , m_autoTypeWidget(new QWidget()) + , m_sshAgentWidget(new QWidget()) , m_editWidgetProperties(new EditWidgetProperties()) , m_historyWidget(new QWidget()) , m_entryAttachments(new EntryAttachments(this)) @@ -73,6 +83,14 @@ EditEntryWidget::EditEntryWidget(QWidget* parent) setupAdvanced(); setupIcon(); setupAutoType(); +#ifdef WITH_XC_SSHAGENT + if (config()->get("SSHAgent", false).toBool()) { + setupSSHAgent(); + m_sshAgentEnabled = true; + } else { + m_sshAgentEnabled = false; + } +#endif setupProperties(); setupHistory(); @@ -122,13 +140,14 @@ void EditEntryWidget::setupAdvanced() m_attachmentsModel->setEntryAttachments(m_entryAttachments); m_advancedUi->attachmentsView->setModel(m_attachmentsModel); + m_advancedUi->attachmentsView->setSelectionMode(QAbstractItemView::ExtendedSelection); connect(m_advancedUi->attachmentsView->selectionModel(), SIGNAL(currentChanged(QModelIndex,QModelIndex)), SLOT(updateAttachmentButtonsEnabled(QModelIndex))); connect(m_advancedUi->attachmentsView, SIGNAL(doubleClicked(QModelIndex)), SLOT(openAttachment(QModelIndex))); - connect(m_advancedUi->saveAttachmentButton, SIGNAL(clicked()), SLOT(saveCurrentAttachment())); - connect(m_advancedUi->openAttachmentButton, SIGNAL(clicked()), SLOT(openCurrentAttachment())); - connect(m_advancedUi->addAttachmentButton, SIGNAL(clicked()), SLOT(insertAttachment())); - connect(m_advancedUi->removeAttachmentButton, SIGNAL(clicked()), SLOT(removeCurrentAttachment())); + connect(m_advancedUi->saveAttachmentButton, SIGNAL(clicked()), SLOT(saveSelectedAttachments())); + connect(m_advancedUi->openAttachmentButton, SIGNAL(clicked()), SLOT(openSelectedAttachments())); + connect(m_advancedUi->addAttachmentButton, SIGNAL(clicked()), SLOT(insertAttachments())); + connect(m_advancedUi->removeAttachmentButton, SIGNAL(clicked()), SLOT(removeSelectedAttachments())); m_attributesModel->setEntryAttributes(m_entryAttributes); m_advancedUi->attributesView->setModel(m_attributesModel); @@ -244,6 +263,244 @@ void EditEntryWidget::updateHistoryButtons(const QModelIndex& current, const QMo } } +#ifdef WITH_XC_SSHAGENT +void EditEntryWidget::setupSSHAgent() +{ + m_sshAgentUi->setupUi(m_sshAgentWidget); + + QFont fixedFont = Font::fixedFont(); + m_sshAgentUi->fingerprintTextLabel->setFont(fixedFont); + m_sshAgentUi->commentTextLabel->setFont(fixedFont); + m_sshAgentUi->publicKeyEdit->setFont(fixedFont); + + connect(m_sshAgentUi->attachmentRadioButton, SIGNAL(clicked(bool)), SLOT(updateSSHAgentKeyInfo())); + connect(m_sshAgentUi->attachmentComboBox, SIGNAL(currentIndexChanged(int)), SLOT(updateSSHAgentKeyInfo())); + connect(m_sshAgentUi->externalFileRadioButton, SIGNAL(clicked(bool)), SLOT(updateSSHAgentKeyInfo())); + connect(m_sshAgentUi->externalFileEdit, SIGNAL(textChanged(QString)), SLOT(updateSSHAgentKeyInfo())); + connect(m_sshAgentUi->browseButton, SIGNAL(clicked()), SLOT(browsePrivateKey())); + connect(m_sshAgentUi->addToAgentButton, SIGNAL(clicked()), SLOT(addKeyToAgent())); + connect(m_sshAgentUi->removeFromAgentButton, SIGNAL(clicked()), SLOT(removeKeyFromAgent())); + connect(m_sshAgentUi->decryptButton, SIGNAL(clicked()), SLOT(decryptPrivateKey())); + connect(m_sshAgentUi->copyToClipboardButton, SIGNAL(clicked()), SLOT(copyPublicKey())); + + addPage(tr("SSH Agent"), FilePath::instance()->icon("apps", "utilities-terminal"), m_sshAgentWidget); +} + +void EditEntryWidget::updateSSHAgent() +{ + KeeAgentSettings settings; + settings.fromXml(m_entryAttachments->value("KeeAgent.settings")); + + m_sshAgentUi->addKeyToAgentCheckBox->setChecked(settings.addAtDatabaseOpen()); + m_sshAgentUi->removeKeyFromAgentCheckBox->setChecked(settings.removeAtDatabaseClose()); + m_sshAgentUi->requireUserConfirmationCheckBox->setChecked(settings.useConfirmConstraintWhenAdding()); + m_sshAgentUi->lifetimeCheckBox->setChecked(settings.useLifetimeConstraintWhenAdding()); + m_sshAgentUi->lifetimeSpinBox->setValue(settings.lifetimeConstraintDuration()); + m_sshAgentUi->attachmentComboBox->clear(); + m_sshAgentUi->addToAgentButton->setEnabled(false); + m_sshAgentUi->removeFromAgentButton->setEnabled(false); + m_sshAgentUi->copyToClipboardButton->setEnabled(false); + + m_sshAgentUi->attachmentComboBox->addItem(""); + + for (QString fileName : m_entryAttachments->keys()) { + if (fileName == "KeeAgent.settings") { + continue; + } + + m_sshAgentUi->attachmentComboBox->addItem(fileName); + } + + m_sshAgentUi->attachmentComboBox->setCurrentText(settings.attachmentName()); + m_sshAgentUi->externalFileEdit->setText(settings.fileName()); + + if (settings.selectedType() == "attachment") { + m_sshAgentUi->attachmentRadioButton->setChecked(true); + } else { + m_sshAgentUi->externalFileRadioButton->setChecked(true); + } + + m_sshAgentSettings = settings; + + updateSSHAgentKeyInfo(); +} + +void EditEntryWidget::updateSSHAgentKeyInfo() +{ + m_sshAgentUi->addToAgentButton->setEnabled(false); + m_sshAgentUi->removeFromAgentButton->setEnabled(false); + m_sshAgentUi->copyToClipboardButton->setEnabled(false); + m_sshAgentUi->fingerprintTextLabel->setText(tr("n/a")); + m_sshAgentUi->commentTextLabel->setText(tr("n/a")); + m_sshAgentUi->decryptButton->setEnabled(false); + m_sshAgentUi->publicKeyEdit->document()->setPlainText(""); + + OpenSSHKey key; + + if (!getOpenSSHKey(key)) { + return; + } + + m_sshAgentUi->fingerprintTextLabel->setText(key.fingerprint()); + + if (key.encrypted()) { + m_sshAgentUi->commentTextLabel->setText(tr("(encrypted)")); + m_sshAgentUi->decryptButton->setEnabled(true); + } else { + m_sshAgentUi->commentTextLabel->setText(key.comment()); + } + + m_sshAgentUi->publicKeyEdit->document()->setPlainText(key.publicKey()); + + // enable agent buttons only if we have an agent running + if (SSHAgent::instance()->isAgentRunning()) { + m_sshAgentUi->addToAgentButton->setEnabled(true); + m_sshAgentUi->removeFromAgentButton->setEnabled(true); + } + + m_sshAgentUi->copyToClipboardButton->setEnabled(true); +} + +void EditEntryWidget::saveSSHAgentConfig() +{ + KeeAgentSettings settings; + QString privateKeyPath = m_sshAgentUi->attachmentComboBox->currentText(); + + settings.setAddAtDatabaseOpen(m_sshAgentUi->addKeyToAgentCheckBox->isChecked()); + settings.setRemoveAtDatabaseClose(m_sshAgentUi->removeKeyFromAgentCheckBox->isChecked()); + settings.setUseConfirmConstraintWhenAdding(m_sshAgentUi->requireUserConfirmationCheckBox->isChecked()); + settings.setUseLifetimeConstraintWhenAdding(m_sshAgentUi->lifetimeCheckBox->isChecked()); + settings.setLifetimeConstraintDuration(m_sshAgentUi->lifetimeSpinBox->value()); + + if (m_sshAgentUi->attachmentRadioButton->isChecked()) { + settings.setSelectedType("attachment"); + } else { + settings.setSelectedType("file"); + } + settings.setAttachmentName(m_sshAgentUi->attachmentComboBox->currentText()); + settings.setFileName(m_sshAgentUi->externalFileEdit->text()); + + // we don't use this as we don't run an agent but for compatibility we set it if necessary + settings.setAllowUseOfSshKey(settings.addAtDatabaseOpen() || settings.removeAtDatabaseClose()); + + // we don't use this either but we don't want it to dirty flag the config + settings.setSaveAttachmentToTempFile(m_sshAgentSettings.saveAttachmentToTempFile()); + + if (settings.isDefault() && m_entryAttachments->hasKey("KeeAgent.settings")) { + m_entryAttachments->remove("KeeAgent.settings"); + } else if (settings != m_sshAgentSettings) { + m_entryAttachments->set("KeeAgent.settings", settings.toXml()); + } + + m_sshAgentSettings = settings; +} + +void EditEntryWidget::browsePrivateKey() +{ + QString fileName = QFileDialog::getOpenFileName(this, tr("Select private key"), ""); + if (!fileName.isEmpty()) { + m_sshAgentUi->externalFileEdit->setText(fileName); + } +} + +bool EditEntryWidget::getOpenSSHKey(OpenSSHKey& key) +{ + QByteArray privateKeyData; + + if (m_sshAgentUi->attachmentRadioButton->isChecked()) { + privateKeyData = m_entryAttachments->value(m_sshAgentUi->attachmentComboBox->currentText()); + } else { + QFile localFile(m_sshAgentUi->externalFileEdit->text()); + + if (localFile.fileName().isEmpty()) { + return false; + } + + if (localFile.size() > 1024 * 1024) { + showMessage(tr("File too large to be a private key"), MessageWidget::Error); + return false; + } + + if (!localFile.open(QIODevice::ReadOnly)) { + showMessage(tr("Failed to open private key"), MessageWidget::Error); + return false; + } + + privateKeyData = localFile.readAll(); + } + + if (privateKeyData.length() == 0) { + return false; + } + + if (!key.parse(privateKeyData)) { + showMessage(key.errorString(), MessageWidget::Error); + return false; + } + + return true; +} + +void EditEntryWidget::addKeyToAgent() +{ + OpenSSHKey key; + + if (!getOpenSSHKey(key)) { + return; + } + + if (!key.openPrivateKey(m_entry->password())) { + showMessage(key.errorString(), MessageWidget::Error); + } else { + m_sshAgentUi->commentTextLabel->setText(key.comment()); + m_sshAgentUi->publicKeyEdit->document()->setPlainText(key.publicKey()); + } + + quint32 lifetime = 0; + bool confirm = m_sshAgentUi->requireUserConfirmationCheckBox->isChecked(); + + if (m_sshAgentUi->lifetimeCheckBox->isChecked()) { + lifetime = m_sshAgentUi->lifetimeSpinBox->value(); + } + + SSHAgent::instance()->addIdentity(key, lifetime, confirm); + + if (m_sshAgentUi->removeKeyFromAgentCheckBox->isChecked()) { + SSHAgent::instance()->removeIdentityAtLock(key, m_entry->uuid()); + } +} + +void EditEntryWidget::removeKeyFromAgent() +{ + OpenSSHKey key; + + if (getOpenSSHKey(key)) { + SSHAgent::instance()->removeIdentity(key); + } +} + +void EditEntryWidget::decryptPrivateKey() +{ + OpenSSHKey key; + + if (!getOpenSSHKey(key)) { + return; + } + + if (!key.openPrivateKey(m_entry->password())) { + showMessage(key.errorString(), MessageWidget::Error); + } else { + m_sshAgentUi->commentTextLabel->setText(key.comment()); + m_sshAgentUi->publicKeyEdit->document()->setPlainText(key.publicKey()); + } +} + +void EditEntryWidget::copyPublicKey() +{ + clipboard()->setText(m_sshAgentUi->publicKeyEdit->document()->toPlainText()); +} +#endif + void EditEntryWidget::useExpiryPreset(QAction* action) { m_mainUi->expireCheck->setChecked(true); @@ -285,6 +542,7 @@ void EditEntryWidget::loadEntry(Entry* entry, bool create, bool history, const Q m_database = database; m_create = create; m_history = history; + m_saved = false; if (history) { setHeadline(QString("%1 > %2").arg(parentName, tr("Entry history"))); @@ -397,6 +655,12 @@ void EditEntryWidget::setForms(const Entry* entry, bool restore) } updateAutoTypeEnabled(); +#ifdef WITH_XC_SSHAGENT + if (m_sshAgentEnabled) { + updateSSHAgent(); + } +#endif + m_editWidgetProperties->setFields(entry->timeInfo(), entry->uuid()); if (!m_history && !restore) { @@ -444,15 +708,28 @@ void EditEntryWidget::saveEntry() m_autoTypeAssoc->removeEmpty(); +#ifdef WITH_XC_SSHAGENT + if (m_sshAgentEnabled) { + saveSSHAgentConfig(); + } +#endif + if (!m_create) { m_entry->beginUpdate(); } updateEntryData(m_entry); + m_saved = true; if (!m_create) { m_entry->endUpdate(); } + +#ifdef WITH_XC_SSHAGENT + if (m_sshAgentEnabled) { + updateSSHAgent(); + } +#endif } void EditEntryWidget::acceptEntry() @@ -521,7 +798,7 @@ void EditEntryWidget::cancel() clear(); - emit editFinished(false); + emit editFinished(m_saved); } void EditEntryWidget::clear() @@ -672,6 +949,32 @@ void EditEntryWidget::displayAttribute(QModelIndex index, bool showProtected) m_advancedUi->protectAttributeButton->blockSignals(false); } +bool EditEntryWidget::openAttachment(const QModelIndex &index, QString *errorMessage) +{ + const QString filename = m_attachmentsModel->keyByIndex(index); + const QByteArray attachmentData = m_entryAttachments->value(filename); + + // tmp file will be removed once the database (or the application) has been closed + const QString tmpFileTemplate = QDir::temp().absoluteFilePath(QString("XXXXXX.").append(filename)); + QTemporaryFile* tmpFile = new QTemporaryFile(tmpFileTemplate, this); + + const bool saveOk = tmpFile->open() + && tmpFile->write(attachmentData) == attachmentData.size() + && tmpFile->flush(); + if (!saveOk) { + if (errorMessage) { + *errorMessage = tr("Unable to save the attachment:\n").append(tmpFile->errorString()); + } + delete tmpFile; + return false; + } + + tmpFile->close(); + QDesktopServices::openUrl(QUrl::fromLocalFile(tmpFile->fileName())); + + return true; +} + void EditEntryWidget::protectCurrentAttribute(bool state) { QModelIndex index = m_advancedUi->attributesView->currentIndex(); @@ -702,7 +1005,7 @@ void EditEntryWidget::revealCurrentAttribute() } } -void EditEntryWidget::insertAttachment() +void EditEntryWidget::insertAttachments() { Q_ASSERT(!m_history); @@ -710,53 +1013,115 @@ void EditEntryWidget::insertAttachment() if (defaultDir.isEmpty() || !QDir(defaultDir).exists()) { defaultDir = QStandardPaths::standardLocations(QStandardPaths::DocumentsLocation).value(0); } - QString filename = fileDialog()->getOpenFileName(this, tr("Select file"), defaultDir); - if (filename.isEmpty() || !QFile::exists(filename)) { + + const QStringList filenames = fileDialog()->getOpenFileNames(this, tr("Select files"), defaultDir); + if (filenames.isEmpty()) { return; } - QFile file(filename); - if (!file.open(QIODevice::ReadOnly)) { - showMessage(tr("Unable to open file").append(":\n").append(file.errorString()), MessageWidget::Error); - return; + config()->set("LastAttachmentDir", QFileInfo(filenames.first()).absolutePath()); + + QStringList errors; + for (const QString &filename: filenames) { + const QFileInfo fInfo(filename); + QFile file(filename); + QByteArray data; + const bool readOk = file.open(QIODevice::ReadOnly) && Tools::readAllFromDevice(&file, data); + if (!readOk) { + errors.append(QString("%1 - %2").arg(fInfo.fileName(), file.errorString())); + continue; + } + + m_entryAttachments->set(fInfo.fileName(), data); } - QByteArray data; - if (!Tools::readAllFromDevice(&file, data)) { - showMessage(tr("Unable to open file").append(":\n").append(file.errorString()), MessageWidget::Error); - return; + if (!errors.isEmpty()) { + showMessage(tr("Unable to open files:\n%1").arg(errors.join('\n')), MessageWidget::Error); } - - m_entryAttachments->set(QFileInfo(filename).fileName(), data); } -void EditEntryWidget::saveCurrentAttachment() +void EditEntryWidget::saveSelectedAttachment() { - QModelIndex index = m_advancedUi->attachmentsView->currentIndex(); + const QModelIndex index = m_advancedUi->attachmentsView->currentIndex(); if (!index.isValid()) { return; } - QString filename = m_attachmentsModel->keyByIndex(index); + const QString filename = m_attachmentsModel->keyByIndex(index); QString defaultDirName = config()->get("LastAttachmentDir").toString(); if (defaultDirName.isEmpty() || !QDir(defaultDirName).exists()) { defaultDirName = QStandardPaths::writableLocation(QStandardPaths::DocumentsLocation); } - QDir dir(defaultDirName); - QString savePath = fileDialog()->getSaveFileName(this, tr("Save attachment"), - dir.filePath(filename)); + + const QString savePath = fileDialog()->getSaveFileName(this, tr("Save attachment"), + QDir(defaultDirName).filePath(filename)); if (!savePath.isEmpty()) { - QByteArray attachmentData = m_entryAttachments->value(filename); + config()->set("LastAttachmentDir", QFileInfo(savePath).absolutePath()); QFile file(savePath); - if (!file.open(QIODevice::WriteOnly)) { + const QByteArray attachmentData = m_entryAttachments->value(filename); + const bool saveOk = file.open(QIODevice::WriteOnly) && file.write(attachmentData) == attachmentData.size(); + if (!saveOk) { showMessage(tr("Unable to save the attachment:\n").append(file.errorString()), MessageWidget::Error); + } + } +} + +void EditEntryWidget::saveSelectedAttachments() +{ + const QModelIndexList indexes = m_advancedUi->attachmentsView->selectionModel()->selectedIndexes(); + if (indexes.isEmpty()) { + return; + } else if (indexes.count() == 1) { + saveSelectedAttachment(); + return; + } + + QString defaultDirName = config()->get("LastAttachmentDir").toString(); + if (defaultDirName.isEmpty() || !QDir(defaultDirName).exists()) { + defaultDirName = QStandardPaths::writableLocation(QStandardPaths::DocumentsLocation); + } + + const QString savePath = fileDialog()->getExistingDirectory(this, tr("Save attachments"), defaultDirName); + if (savePath.isEmpty()) { + return; + } + + QDir saveDir(savePath); + if (!saveDir.exists()) { + if (saveDir.mkpath(saveDir.absolutePath())) { + showMessage(tr("Unable to create the directory:\n").append(saveDir.absolutePath()), MessageWidget::Error); return; } - if (file.write(attachmentData) != attachmentData.size()) { - showMessage(tr("Unable to save the attachment:\n").append(file.errorString()), MessageWidget::Error); - return; + } + config()->set("LastAttachmentDir", QFileInfo(saveDir.absolutePath()).absolutePath()); + + QStringList errors; + for (const QModelIndex &index: indexes) { + const QString filename = m_attachmentsModel->keyByIndex(index); + const QString attachmentPath = saveDir.absoluteFilePath(filename); + + if (QFileInfo::exists(attachmentPath)) { + const QString question(tr("Are you sure you want to overwrite existing file \"%1\" with the attachment?")); + auto ans = MessageBox::question(this, tr("Confirm overwrite"), question.arg(filename), + QMessageBox::Yes | QMessageBox::No | QMessageBox::Cancel); + if (ans == QMessageBox::No) { + continue; + } else if (ans == QMessageBox::Cancel) { + return; + } } + + QFile file(attachmentPath); + const QByteArray attachmentData = m_entryAttachments->value(filename); + const bool saveOk = file.open(QIODevice::WriteOnly) && file.write(attachmentData) == attachmentData.size(); + if (!saveOk) { + errors.append(QString("%1 - %2").arg(filename, file.errorString())); + } + } + + if (!errors.isEmpty()) { + showMessage(tr("Unable to save the attachments:\n").append(errors.join('\n')), MessageWidget::Error); } } @@ -767,55 +1132,51 @@ void EditEntryWidget::openAttachment(const QModelIndex& index) return; } - QString filename = m_attachmentsModel->keyByIndex(index); - QByteArray attachmentData = m_entryAttachments->value(filename); - - // tmp file will be removed once the database (or the application) has been closed - QString tmpFileTemplate = QDir::temp().absoluteFilePath(QString("XXXXXX.").append(filename)); - QTemporaryFile* file = new QTemporaryFile(tmpFileTemplate, this); - - if (!file->open()) { - showMessage(tr("Unable to save the attachment:\n").append(file->errorString()), MessageWidget::Error); - return; + QString errorMessage; + if (!openAttachment(index, &errorMessage)) { + showMessage(errorMessage, MessageWidget::Error); } - - if (file->write(attachmentData) != attachmentData.size()) { - showMessage(tr("Unable to save the attachment:\n").append(file->errorString()), MessageWidget::Error); - return; - } - - if (!file->flush()) { - showMessage(tr("Unable to save the attachment:\n").append(file->errorString()), MessageWidget::Error); - return; - } - - file->close(); - - QDesktopServices::openUrl(QUrl::fromLocalFile(file->fileName())); } -void EditEntryWidget::openCurrentAttachment() +void EditEntryWidget::openSelectedAttachments() { - QModelIndex index = m_advancedUi->attachmentsView->currentIndex(); + const QModelIndexList indexes = m_advancedUi->attachmentsView->selectionModel()->selectedIndexes(); + if (indexes.isEmpty()) { + return; + } - openAttachment(index); + QStringList errors; + for (const QModelIndex &index: indexes) { + QString errorMessage; + if (!openAttachment(index, &errorMessage)) { + const QString filename = m_attachmentsModel->keyByIndex(index); + errors.append(QString("%1 - %2").arg(filename, errorMessage)); + }; + } + + if (!errors.isEmpty()) { + showMessage(tr("Unable to open the attachments:\n").append(errors.join('\n')), MessageWidget::Error); + } } -void EditEntryWidget::removeCurrentAttachment() +void EditEntryWidget::removeSelectedAttachments() { Q_ASSERT(!m_history); - QModelIndex index = m_advancedUi->attachmentsView->currentIndex(); - if (!index.isValid()) { + const QModelIndexList indexes = m_advancedUi->attachmentsView->selectionModel()->selectedIndexes(); + if (indexes.isEmpty()) { return; } + const QString question = tr("Are you sure you want to remove %n attachments?", "", indexes.count()); QMessageBox::StandardButton ans = MessageBox::question(this, tr("Confirm Remove"), - tr("Are you sure you want to remove this attachment?"), - QMessageBox::Yes | QMessageBox::No); + question, QMessageBox::Yes | QMessageBox::No); if (ans == QMessageBox::Yes) { - QString key = m_attachmentsModel->keyByIndex(index); - m_entryAttachments->remove(key); + QStringList keys; + for (const QModelIndex &index: indexes) { + keys.append(m_attachmentsModel->keyByIndex(index)); + } + m_entryAttachments->remove(keys); } } diff --git a/src/gui/entry/EditEntryWidget.h b/src/gui/entry/EditEntryWidget.h index 74da2c46f..883e7e7fb 100644 --- a/src/gui/entry/EditEntryWidget.h +++ b/src/gui/entry/EditEntryWidget.h @@ -23,6 +23,7 @@ #include+ #include "gui/EditWidget.h" +#include "config-keepassx.h" class AutoTypeAssociations; class AutoTypeAssociationsModel; @@ -39,10 +40,15 @@ class QButtonGroup; class QMenu; class QSortFilterProxyModel; class QStackedLayout; +#ifdef WITH_XC_SSHAGENT +#include "sshagent/KeeAgentSettings.h" +class OpenSSHKey; +#endif namespace Ui { class EditEntryWidgetAdvanced; class EditEntryWidgetAutoType; + class EditEntryWidgetSSHAgent; class EditEntryWidgetMain; class EditEntryWidgetHistory; class EditWidget; @@ -80,11 +86,12 @@ private slots: void updateCurrentAttribute(); void protectCurrentAttribute(bool state); void revealCurrentAttribute(); - void insertAttachment(); - void saveCurrentAttachment(); + void insertAttachments(); + void saveSelectedAttachment(); + void saveSelectedAttachments(); void openAttachment(const QModelIndex& index); - void openCurrentAttachment(); - void removeCurrentAttachment(); + void openSelectedAttachments(); + void removeSelectedAttachments(); void updateAutoTypeEnabled(); void insertAutoTypeAssoc(); void removeAutoTypeAssoc(); @@ -101,12 +108,24 @@ private slots: void useExpiryPreset(QAction* action); void updateAttachmentButtonsEnabled(const QModelIndex& current); void toggleHideNotes(bool visible); +#ifdef WITH_XC_SSHAGENT + void updateSSHAgent(); + void updateSSHAgentKeyInfo(); + void browsePrivateKey(); + void addKeyToAgent(); + void removeKeyFromAgent(); + void decryptPrivateKey(); + void copyPublicKey(); +#endif private: void setupMain(); void setupAdvanced(); void setupIcon(); void setupAutoType(); +#ifdef WITH_XC_SSHAGENT + void setupSSHAgent(); +#endif void setupProperties(); void setupHistory(); @@ -114,22 +133,35 @@ private: void setForms(const Entry* entry, bool restore = false); QMenu* createPresetsMenu(); void updateEntryData(Entry* entry) const; +#ifdef WITH_XC_SSHAGENT + bool getOpenSSHKey(OpenSSHKey& key); + void saveSSHAgentConfig(); +#endif void displayAttribute(QModelIndex index, bool showProtected); + bool openAttachment(const QModelIndex& index, QString *errorMessage); + Entry* m_entry; Database* m_database; bool m_create; bool m_history; + bool m_saved; +#ifdef WITH_XC_SSHAGENT + bool m_sshAgentEnabled; + KeeAgentSettings m_sshAgentSettings; +#endif const QScopedPointer 100 - - Monospace -10 - -- diff --git a/src/gui/entry/EditEntryWidgetSSHAgent.ui b/src/gui/entry/EditEntryWidgetSSHAgent.ui new file mode 100644 index 000000000..34c8fae82 --- /dev/null +++ b/src/gui/entry/EditEntryWidgetSSHAgent.ui @@ -0,0 +1,275 @@ + +
+ diff --git a/src/http/AccessControlDialog.cpp b/src/http/AccessControlDialog.cpp index ef02215a3..30ab3f21c 100644 --- a/src/http/AccessControlDialog.cpp +++ b/src/http/AccessControlDialog.cpp @@ -44,7 +44,9 @@ void AccessControlDialog::setUrl(const QString &url) void AccessControlDialog::setItems(const QListEditEntryWidgetSSHAgent ++ ++ ++ +0 +0 +471 +480 ++ +Form ++ ++ +0 ++ +0 ++ +0 ++ +0 +- +
++ +- +
++ ++ +Remove key from agent after +- +
++ ++ +seconds ++ +999999999 +- +
++ ++ +Qt::Horizontal ++ ++ +40 +20 +- +
++ ++ +Fingerprint ++ +Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter +- +
++ ++ +Remove key from agent when database is closed/locked +- +
++ ++ +Public key ++ +Qt::AlignRight|Qt::AlignTop|Qt::AlignTrailing +- +
++ ++ +Add key to agent when database is opened/unlocked +- +
++ ++ +Comment ++ +Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter +- +
++ ++ +Decrypt +- +
++ +- +
++ ++ + +Monospace + ++ +n/a ++ +Qt::TextSelectableByKeyboard|Qt::TextSelectableByMouse +- +
++ ++ +Qt::Horizontal ++ ++ +40 +20 +- +
++ ++ +Copy to clipboard +- +
++ ++ +Private key ++ +- +
++ ++ +External file +- +
++ ++ +Browse... +- +
++ ++ +Attachment ++ +true +- +
++ - +
++ +- +
++ ++ +Add to agent +- +
++ ++ +Remove from agent +- +
++ ++ ++ +0 +0 ++ +false +- +
++ ++ +Require user confirmation when this key is used +- +
++ ++ + +Monospace + ++ +true +- +
++ +- +
++ ++ + +Monospace + ++ +n/a ++ +Qt::TextSelectableByKeyboard|Qt::TextSelectableByMouse +- +
++ ++ +Qt::Horizontal ++ ++ +40 +20 ++ + +#include +#include "ui_AgentSettingsWidget.h" + +namespace Ui { + class AgentSettingsWidget; +} + +class AgentSettingsWidget : public QWidget +{ + Q_OBJECT +public: + explicit AgentSettingsWidget(QWidget* parent = nullptr); + +signals: + +public slots: + void loadSettings(); + void saveSettings(); + +private: + QScopedPointer + diff --git a/src/sshagent/BinaryStream.cpp b/src/sshagent/BinaryStream.cpp new file mode 100644 index 000000000..b9ed236fd --- /dev/null +++ b/src/sshagent/BinaryStream.cpp @@ -0,0 +1,219 @@ +/* + * Copyright (C) 2017 Toni SpetsAgentSettingsWidget ++ ++ ++ +0 +0 +400 +300 ++ +Form ++ ++ +0 ++ +0 ++ +0 ++ +0 +- +
++ ++ +Enable SSH Agent (requires restart) +- +
++ ++ +Qt::Vertical ++ ++ +20 +40 ++ + + +BinaryStream::BinaryStream(QObject* parent) + : QObject(parent) + , m_timeout(-1) +{ + +} + +BinaryStream::BinaryStream(QIODevice* device) + : QObject(device) + , m_timeout(-1) + , m_device(device) +{ + +} + +BinaryStream::BinaryStream(QByteArray* ba, QObject* parent) + : QObject(parent) + , m_timeout(-1) +{ + setData(ba); +} + +BinaryStream::~BinaryStream() +{ +} + +const QString BinaryStream::errorString() const +{ + return m_error; +} + +QIODevice* BinaryStream::device() const +{ + return m_device; +} + +void BinaryStream::setDevice(QIODevice* device) +{ + m_device = device; +} + +void BinaryStream::setData(QByteArray* ba) +{ + m_buffer.reset(new QBuffer(ba)); + m_buffer->open(QIODevice::ReadWrite); + + m_device = m_buffer.data(); +} + +void BinaryStream::setTimeout(int timeout) +{ + m_timeout = timeout; +} + +bool BinaryStream::read(char* ptr, qint64 size) +{ + qint64 pos = 0; + + while (pos < size) { + if (m_device->bytesAvailable() == 0) { + if (!m_device->waitForReadyRead(m_timeout)) { + m_error = m_device->errorString(); + return false; + } + } + + qint64 nread = m_device->read(ptr + pos, size - pos); + + if (nread == -1) { + m_error = m_device->errorString(); + return false; + } + + pos += nread; + } + + return true; +} + +bool BinaryStream::read(QByteArray& ba) +{ + return read(ba.data(), ba.length()); +} + +bool BinaryStream::read(quint32& i) +{ + if (read(reinterpret_cast (&i), sizeof(i))) { + i = qFromBigEndian (i); + return true; + } + + return false; +} + +bool BinaryStream::read(quint16& i) +{ + if (read(reinterpret_cast (&i), sizeof(i))) { + i = qFromBigEndian (i); + return true; + } + + return false; +} + +bool BinaryStream::read(quint8& i) +{ + return read(reinterpret_cast (&i), sizeof(i)); +} + +bool BinaryStream::readString(QByteArray& ba) +{ + quint32 length; + + if (!read(length)) { + return false; + } + + ba.resize(length); + + if (!read(ba.data(), ba.length())) { + return false; + } + + return true; +} + +bool BinaryStream::readString(QString& str) +{ + QByteArray ba; + + if (!readString(ba)) { + return false; + } + + str = str.fromLatin1(ba); + return true; +} + + +bool BinaryStream::write(const char* ptr, qint64 size) +{ + if (m_device->write(ptr, size) < 0) { + m_error = m_device->errorString(); + return false; + } + + return true; +} + +bool BinaryStream::flush() +{ + if (!m_device->waitForBytesWritten(m_timeout)) { + m_error = m_device->errorString(); + return false; + } + + return true; +} + +bool BinaryStream::write(const QByteArray& ba) +{ + return write(ba.data(), ba.length()); +} + +bool BinaryStream::write(quint32 i) +{ + i = qToBigEndian (i); + return write(reinterpret_cast (&i), sizeof(i)); +} + +bool BinaryStream::write(quint16 i) +{ + i = qToBigEndian (i); + return write(reinterpret_cast (&i), sizeof(i)); +} + +bool BinaryStream::write(quint8 i) +{ + return write(reinterpret_cast (&i), sizeof(i)); +} + +bool BinaryStream::writeString(const QByteArray& ba) +{ + if (!write(static_cast (ba.length()))) { + return false; + } + + if (!write(ba)) { + return false; + } + + return true; +} + +bool BinaryStream::writeString(const QString& s) +{ + return writeString(s.toLatin1()); +} diff --git a/src/sshagent/BinaryStream.h b/src/sshagent/BinaryStream.h new file mode 100644 index 000000000..c61010180 --- /dev/null +++ b/src/sshagent/BinaryStream.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2017 Toni Spets +#include +#include + +class BinaryStream : QObject +{ + Q_OBJECT +public: + BinaryStream(QObject* parent = nullptr); + BinaryStream(QIODevice* device); + BinaryStream(QByteArray* ba, QObject* parent = nullptr); + ~BinaryStream(); + + const QString errorString() const; + QIODevice* device() const; + void setDevice(QIODevice* device); + void setData(QByteArray* ba); + void setTimeout(int timeout); + + bool read(QByteArray& ba); + bool read(quint32& i); + bool read(quint16& i); + bool read(quint8& i); + bool readString(QByteArray& ba); + bool readString(QString& s); + + bool write(const QByteArray& ba); + bool write(quint32 i); + bool write(quint16 i); + bool write(quint8 i); + bool writeString(const QByteArray& ba); + bool writeString(const QString& s); + + bool flush(); + +protected: + bool read(char* ptr, qint64 len); + bool write(const char* ptr, qint64 len); + +private: + int m_timeout; + QString m_error; + QIODevice* m_device; + QScopedPointer m_buffer; +}; + +#endif // BINARYSTREAM_H diff --git a/src/sshagent/CMakeLists.txt b/src/sshagent/CMakeLists.txt new file mode 100644 index 000000000..1733e21b1 --- /dev/null +++ b/src/sshagent/CMakeLists.txt @@ -0,0 +1,15 @@ +if(WITH_XC_SSHAGENT) + set(sshagent_SOURCES + bcrypt_pbkdf.cpp + blowfish.c + AgentSettingsPage.cpp + AgentSettingsWidget.cpp + BinaryStream.cpp + KeeAgentSettings.cpp + OpenSSHKey.cpp + SSHAgent.cpp + ) + + add_library(sshagent STATIC ${sshagent_SOURCES}) + target_link_libraries(sshagent Qt5::Core Qt5::Widgets Qt5::Network ${GCRYPT_LIBRARIES}) +endif() diff --git a/src/sshagent/KeeAgentSettings.cpp b/src/sshagent/KeeAgentSettings.cpp new file mode 100644 index 000000000..218e98acb --- /dev/null +++ b/src/sshagent/KeeAgentSettings.cpp @@ -0,0 +1,278 @@ +/* + * Copyright (C) 2017 Toni Spets +#include + +class KeeAgentSettings +{ +public: + KeeAgentSettings(); + + bool operator==(KeeAgentSettings& other); + bool operator!=(KeeAgentSettings& other); + bool isDefault(); + + bool fromXml(const QByteArray &ba); + QByteArray toXml(); + + bool allowUseOfSshKey() const; + bool addAtDatabaseOpen() const; + bool removeAtDatabaseClose() const; + bool useConfirmConstraintWhenAdding() const; + bool useLifetimeConstraintWhenAdding() const; + int lifetimeConstraintDuration() const; + + const QString selectedType() const; + const QString attachmentName() const; + bool saveAttachmentToTempFile() const; + const QString fileName() const; + + void setAllowUseOfSshKey(bool allowUseOfSshKey); + void setAddAtDatabaseOpen(bool addAtDatabaseOpen); + void setRemoveAtDatabaseClose(bool removeAtDatabaseClose); + void setUseConfirmConstraintWhenAdding(bool useConfirmConstraintWhenAdding); + void setUseLifetimeConstraintWhenAdding(bool useLifetimeConstraintWhenAdding); + void setLifetimeConstraintDuration(int lifetimeConstraintDuration); + + void setSelectedType(const QString& type); + void setAttachmentName(const QString& attachmentName); + void setSaveAttachmentToTempFile(bool); + void setFileName(const QString& fileName); + +private: + bool readBool(QXmlStreamReader& reader); + int readInt(QXmlStreamReader& reader); + + bool m_allowUseOfSshKey; + bool m_addAtDatabaseOpen; + bool m_removeAtDatabaseClose; + bool m_useConfirmConstraintWhenAdding; + bool m_useLifetimeConstraintWhenAdding; + int m_lifetimeConstraintDuration; + + // location + QString m_selectedType; + QString m_attachmentName; + bool m_saveAttachmentToTempFile; + QString m_fileName; +}; + +#endif // KEEAGENTSETTINGS_H diff --git a/src/sshagent/OpenSSHKey.cpp b/src/sshagent/OpenSSHKey.cpp new file mode 100644 index 000000000..2c51ee459 --- /dev/null +++ b/src/sshagent/OpenSSHKey.cpp @@ -0,0 +1,486 @@ +/* + * Copyright (C) 2017 Toni Spets +#include +#include +#include "crypto/SymmetricCipher.h" + +// bcrypt_pbkdf.cpp +int bcrypt_pbkdf(const QByteArray& pass, const QByteArray& salt, QByteArray& key, quint32 rounds); + +OpenSSHKey::OpenSSHKey(QObject *parent) + : QObject(parent) + , m_type(QString()) + , m_cipherName(QString("none")) + , m_kdfName(QString("none")) + , m_kdfOptions(QByteArray()) + , m_rawPrivateData(QByteArray()) + , m_publicData(QList ()) + , m_privateData(QList ()) + , m_comment(QString()) + , m_error(QString()) +{ + +} + +OpenSSHKey::OpenSSHKey(const OpenSSHKey& other) + : QObject(nullptr) + , m_type(other.m_type) + , m_cipherName(other.m_cipherName) + , m_kdfName(other.m_kdfName) + , m_kdfOptions(other.m_kdfOptions) + , m_rawPrivateData(other.m_rawPrivateData) + , m_publicData(other.m_publicData) + , m_privateData(other.m_privateData) + , m_comment(other.m_comment) + , m_error(other.m_error) +{ + +} + +bool OpenSSHKey::operator==(const OpenSSHKey& other) const +{ + // close enough for now + return (fingerprint() == other.fingerprint()); +} + +const QString OpenSSHKey::cipherName() const +{ + return m_cipherName; +} + +const QString OpenSSHKey::type() const +{ + return m_type; +} + +int OpenSSHKey::keyLength() const +{ + if (m_type == "ssh-dss" && m_publicData.length() == 4) { + return (m_publicData[0].length() - 1) * 8; + } else if (m_type == "ssh-rsa" && m_publicData.length() == 2) { + return (m_publicData[1].length() - 1) * 8; + } else if (m_type.startsWith("ecdsa-sha2-") && m_publicData.length() == 2) { + return (m_publicData[1].length() - 1) * 4; + } else if (m_type == "ssh-ed25519" && m_publicData.length() == 1) { + return m_publicData[0].length() * 8; + } + + return 0; +} + +const QString OpenSSHKey::fingerprint() const +{ + QByteArray publicKey; + BinaryStream stream(&publicKey); + + stream.writeString(m_type); + + for (QByteArray ba : m_publicData) { + stream.writeString(ba); + } + + QByteArray rawHash = QCryptographicHash::hash(publicKey, QCryptographicHash::Sha256); + + return "SHA256:" + QString::fromLatin1(rawHash.toBase64(QByteArray::OmitTrailingEquals)); +} + +const QString OpenSSHKey::comment() const +{ + return m_comment; +} + +const QString OpenSSHKey::publicKey() const +{ + QByteArray publicKey; + BinaryStream stream(&publicKey); + + stream.writeString(m_type); + + for (QByteArray ba : m_publicData) { + stream.writeString(ba); + } + + return m_type + " " + QString::fromLatin1(publicKey.toBase64()) + " " + m_comment; +} + +const QString OpenSSHKey::errorString() const +{ + return m_error; +} + +void OpenSSHKey::setType(const QString& type) +{ + m_type = type; +} + +void OpenSSHKey::setPublicData(const QList & data) +{ + m_publicData = data; +} + +void OpenSSHKey::setPrivateData(const QList & data) +{ + m_privateData = data; +} + +void OpenSSHKey::setComment(const QString& comment) +{ + m_comment = comment; +} + +void OpenSSHKey::clearPrivate() +{ + m_rawPrivateData.clear(); + m_privateData.clear(); +} + +bool OpenSSHKey::parsePEM(const QByteArray& in, QByteArray& out) +{ + QString pem = QString::fromLatin1(in); + QStringList rows = pem.split(QRegularExpression("(?:\r?\n|\r)"), QString::SkipEmptyParts); + + if (rows.length() < 3) { + m_error = tr("Invalid key file, expecting an OpenSSH key"); + return false; + } + + QString begin = rows.first(); + QString end = rows.last(); + + QRegularExpressionMatch beginMatch = QRegularExpression("^-----BEGIN ([^\\-]+)-----$").match(begin); + QRegularExpressionMatch endMatch = QRegularExpression("^-----END ([^\\-]+)-----$").match(end); + + if (!beginMatch.hasMatch() || !endMatch.hasMatch()) { + m_error = tr("Invalid key file, expecting an OpenSSH key"); + return false; + } + + if (beginMatch.captured(1) != endMatch.captured(1)) { + m_error = tr("PEM boundary mismatch"); + return false; + } + + if (beginMatch.captured(1) != "OPENSSH PRIVATE KEY") { + m_error = tr("This is not an OpenSSH key, only modern keys are supported"); + return false; + } + + rows.removeFirst(); + rows.removeLast(); + + out = QByteArray::fromBase64(rows.join("").toLatin1()); + + if (out.isEmpty()) { + m_error = tr("Base64 decoding failed"); + return false; + } + + return true; +} + +bool OpenSSHKey::parse(const QByteArray& in) +{ + QByteArray data; + + if (!parsePEM(in, data)) { + return false; + } + + BinaryStream stream(&data); + + QByteArray magic; + magic.resize(15); + + if (!stream.read(magic)) { + m_error = tr("Key file way too small."); + return false; + } + + if (QString::fromLatin1(magic) != "openssh-key-v1") { + m_error = tr("Key file magic header id invalid"); + return false; + } + + stream.readString(m_cipherName); + stream.readString(m_kdfName); + stream.readString(m_kdfOptions); + + quint32 numberOfKeys; + stream.read(numberOfKeys); + + if (numberOfKeys == 0) { + m_error = tr("Found zero keys"); + return false; + } + + for (quint32 i = 0; i < numberOfKeys; ++i) { + QByteArray publicKey; + if (!stream.readString(publicKey)) { + m_error = tr("Failed to read public key."); + return false; + } + + if (i == 0) { + BinaryStream publicStream(&publicKey); + if (!readPublic(publicStream)) { + return false; + } + } + } + + // padded list of keys + if (!stream.readString(m_rawPrivateData)) { + m_error = tr("Corrupted key file, reading private key failed"); + return false; + } + + // load private if no encryption + if (!encrypted()) { + return openPrivateKey(); + } + + return true; +} + +bool OpenSSHKey::encrypted() const +{ + return (m_cipherName != "none"); +} + +bool OpenSSHKey::openPrivateKey(const QString& passphrase) +{ + QScopedPointer cipher; + + if (!m_privateData.isEmpty()) { + return true; + } + + if (m_rawPrivateData.isEmpty()) { + m_error = tr("No private key payload to decrypt"); + return false; + } + + if (m_cipherName == "aes256-cbc") { + cipher.reset(new SymmetricCipher(SymmetricCipher::Aes256, SymmetricCipher::Cbc, SymmetricCipher::Decrypt)); + } else if (m_cipherName == "aes256-ctr") { + cipher.reset(new SymmetricCipher(SymmetricCipher::Aes256, SymmetricCipher::Ctr, SymmetricCipher::Decrypt)); + } else if (m_cipherName != "none") { + m_error = tr("Unknown cipher: ") + m_cipherName; + return false; + } + + if (m_kdfName == "bcrypt") { + if (!cipher) { + m_error = tr("Trying to run KDF without cipher"); + return false; + } + + if (passphrase.length() == 0) { + m_error = tr("Passphrase is required to decrypt this key"); + return false; + } + + BinaryStream optionStream(&m_kdfOptions); + + QByteArray salt; + quint32 rounds; + + optionStream.readString(salt); + optionStream.read(rounds); + + QByteArray decryptKey; + decryptKey.fill(0, cipher->keySize() + cipher->blockSize()); + + QByteArray phraseData = passphrase.toLatin1(); + if (bcrypt_pbkdf(phraseData, salt, decryptKey, rounds) < 0) { + m_error = tr("Key derivation failed, key file corrupted?"); + return false; + } + + QByteArray keyData, ivData; + keyData.setRawData(decryptKey.data(), cipher->keySize()); + ivData.setRawData(decryptKey.data() + cipher->keySize(), cipher->blockSize()); + + cipher->init(keyData, ivData); + } else if (m_kdfName != "none") { + m_error = tr("Unknown KDF: ") + m_kdfName; + return false; + } + + QByteArray rawPrivateData = m_rawPrivateData; + + if (cipher && cipher->isInitalized()) { + bool ok = false; + rawPrivateData = cipher->process(rawPrivateData, &ok); + if (!ok) { + m_error = tr("Decryption failed, wrong passphrase?"); + return false; + } + } + + BinaryStream keyStream(&rawPrivateData); + + quint32 checkInt1; + quint32 checkInt2; + + keyStream.read(checkInt1); + keyStream.read(checkInt2); + + if (checkInt1 != checkInt2) { + m_error = tr("Decryption failed, wrong passphrase?"); + return false; + } + + return readPrivate(keyStream); +} + +bool OpenSSHKey::readPublic(BinaryStream& stream) +{ + m_publicData.clear(); + + if (!stream.readString(m_type)) { + m_error = tr("Unexpected EOF while reading public key"); + return false; + } + + int keyParts; + if (m_type == "ssh-dss") { + keyParts = 4; + } else if (m_type == "ssh-rsa") { + keyParts = 2; + } else if (m_type.startsWith("ecdsa-sha2-")) { + keyParts = 2; + } else if (m_type == "ssh-ed25519") { + keyParts = 1; + } else { + m_error = tr("Unknown key type: ") + m_type; + return false; + } + + for (int i = 0; i < keyParts; ++i) { + QByteArray t; + + if (!stream.readString(t)) { + m_error = tr("Unexpected EOF while reading public key"); + return false; + } + + m_publicData.append(t); + } + + return true; +} + +bool OpenSSHKey::readPrivate(BinaryStream& stream) +{ + m_privateData.clear(); + + if (!stream.readString(m_type)) { + m_error = tr("Unexpected EOF while reading private key"); + return false; + } + + int keyParts; + if (m_type == "ssh-dss") { + keyParts = 5; + } else if (m_type == "ssh-rsa") { + keyParts = 6; + } else if (m_type.startsWith("ecdsa-sha2-")) { + keyParts = 3; + } else if (m_type == "ssh-ed25519") { + keyParts = 2; + } else { + m_error = tr("Unknown key type: ") + m_type; + return false; + } + + for (int i = 0; i < keyParts; ++i) { + QByteArray t; + + if (!stream.readString(t)) { + m_error = tr("Unexpected EOF while reading private key"); + return false; + } + + m_privateData.append(t); + } + + if (!stream.readString(m_comment)) { + m_error = tr("Unexpected EOF while reading private key"); + return false; + } + + return true; +} + +bool OpenSSHKey::writePublic(BinaryStream& stream) +{ + if (m_publicData.isEmpty()) { + m_error = tr("Can't write public key as it is empty"); + return false; + } + + if (!stream.writeString(m_type)) { + m_error = tr("Unexpected EOF when writing public key"); + return false; + } + + for (QByteArray t : m_publicData) { + if (!stream.writeString(t)) { + m_error = tr("Unexpected EOF when writing public key"); + return false; + } + } + + return true; +} + +bool OpenSSHKey::writePrivate(BinaryStream& stream) +{ + if (m_privateData.isEmpty()) { + m_error = tr("Can't write private key as it is empty"); + return false; + } + + if (!stream.writeString(m_type)) { + m_error = tr("Unexpected EOF when writing private key"); + return false; + } + + for (QByteArray t : m_privateData) { + if (!stream.writeString(t)) { + m_error = tr("Unexpected EOF when writing private key"); + return false; + } + } + + if (!stream.writeString(m_comment)) { + m_error = tr("Unexpected EOF when writing private key"); + return false; + } + + return true; +} + +uint qHash(const OpenSSHKey& key) +{ + return qHash(key.fingerprint()); +} diff --git a/src/sshagent/OpenSSHKey.h b/src/sshagent/OpenSSHKey.h new file mode 100644 index 000000000..eca6c9edd --- /dev/null +++ b/src/sshagent/OpenSSHKey.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2017 Toni Spets +#include "BinaryStream.h" + +class OpenSSHKey : QObject +{ + Q_OBJECT +public: + explicit OpenSSHKey(QObject* parent = nullptr); + OpenSSHKey(const OpenSSHKey& other); + bool operator==(const OpenSSHKey& other) const; + + bool parse(const QByteArray& in); + bool encrypted() const; + bool openPrivateKey(const QString& passphrase = QString()); + + const QString cipherName() const; + const QString type() const; + int keyLength() const; + const QString fingerprint() const; + const QString comment() const; + const QString publicKey() const; + const QString errorString() const; + + void setType(const QString& type); + void setPublicData(const QList & data); + void setPrivateData(const QList & data); + void setComment(const QString& comment); + + void clearPrivate(); + + bool readPublic(BinaryStream& stream); + bool readPrivate(BinaryStream& stream); + bool writePublic(BinaryStream& stream); + bool writePrivate(BinaryStream& stream); + +private: + bool parsePEM(const QByteArray& in, QByteArray& out); + + QString m_type; + QString m_cipherName; + QString m_kdfName; + QByteArray m_kdfOptions; + QByteArray m_rawPrivateData; + QList m_publicData; + QList m_privateData; + QString m_comment; + QString m_error; +}; + +uint qHash(const OpenSSHKey& key); + +#endif // OPENSSHKEY_H diff --git a/src/sshagent/SSHAgent.cpp b/src/sshagent/SSHAgent.cpp new file mode 100644 index 000000000..7969fe0cc --- /dev/null +++ b/src/sshagent/SSHAgent.cpp @@ -0,0 +1,272 @@ +/* + * Copyright (C) 2017 Toni Spets +#else +#include +#endif + +SSHAgent* SSHAgent::m_instance; + +SSHAgent::SSHAgent(QObject* parent) : QObject(parent) +{ +#ifndef Q_OS_WIN + m_socketPath = QProcessEnvironment::systemEnvironment().value("SSH_AUTH_SOCK"); +#endif +} + +SSHAgent::~SSHAgent() +{ + for (QSet keys : m_keys.values()) { + for (OpenSSHKey key : keys) { + removeIdentity(key); + } + } +} + +SSHAgent* SSHAgent::instance() +{ + if (m_instance == nullptr) { + qFatal("Race condition: instance wanted before it was initialized, this is a bug."); + } + + return m_instance; +} + +void SSHAgent::init(QObject* parent) +{ + m_instance = new SSHAgent(parent); +} + +bool SSHAgent::isAgentRunning() const +{ +#ifndef Q_OS_WIN + return !m_socketPath.isEmpty(); +#else + return (FindWindowA("Pageant", "Pageant") != nullptr); +#endif +} + +bool SSHAgent::sendMessage(const QByteArray& in, QByteArray& out) const +{ +#ifndef Q_OS_WIN + QLocalSocket socket; + BinaryStream stream(&socket); + + socket.connectToServer(m_socketPath); + if (!socket.waitForConnected(500)) { + return false; + } + + stream.writeString(in); + stream.flush(); + + if (!stream.readString(out)) { + return false; + } + + socket.close(); + + return true; +#else + HWND hWnd = FindWindowA("Pageant", "Pageant"); + + if (!hWnd) { + return false; + } + + if (static_cast (in.length()) > AGENT_MAX_MSGLEN - 4) { + return false; + } + + QByteArray mapName = (QString("SSHAgentRequest") + reinterpret_cast (QThread::currentThreadId())).toLatin1(); + + HANDLE handle = CreateFileMappingA(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, AGENT_MAX_MSGLEN, mapName.data()); + + if (!handle) { + return false; + } + + LPVOID ptr = MapViewOfFile(handle, FILE_MAP_WRITE, 0, 0, 0); + + if (!ptr) { + CloseHandle(handle); + return false; + } + + quint32 *requestLength = reinterpret_cast (in.length()); + memcpy(requestData, in.data(), in.length()); + + COPYDATASTRUCT data; + data.dwData = AGENT_COPYDATA_ID; + data.cbData = mapName.length() + 1; + data.lpData = reinterpret_cast (mapName.data()); + + LRESULT res = SendMessageA(hWnd, WM_COPYDATA, 0, reinterpret_cast (&data)); + + if (res) { + quint32 responseLength = qFromBigEndian (*requestLength); + if (responseLength <= AGENT_MAX_MSGLEN) { + out.resize(responseLength); + memcpy(out.data(), requestData, responseLength); + } + } + + UnmapViewOfFile(ptr); + CloseHandle(handle); + + return (res > 0); +#endif +} + + +bool SSHAgent::addIdentity(OpenSSHKey& key, quint32 lifetime, bool confirm) const +{ + QByteArray requestData; + BinaryStream request(&requestData); + + request.write((lifetime > 0 || confirm) ? SSH_AGENTC_ADD_ID_CONSTRAINED : SSH_AGENTC_ADD_IDENTITY); + key.writePrivate(request); + + if (lifetime > 0) { + request.write(SSH_AGENT_CONSTRAIN_LIFETIME); + request.write(lifetime); + } + + if (confirm) { + request.write(SSH_AGENT_CONSTRAIN_CONFIRM); + } + + QByteArray responseData; + sendMessage(requestData, responseData); + + if (responseData.length() < 1 || static_cast (responseData[0]) != SSH_AGENT_SUCCESS) { + return false; + } + + return true; +} + +bool SSHAgent::removeIdentity(OpenSSHKey& key) const +{ + QByteArray requestData; + BinaryStream request(&requestData); + + QByteArray keyData; + BinaryStream keyStream(&keyData); + key.writePublic(keyStream); + + request.write(SSH_AGENTC_REMOVE_IDENTITY); + request.writeString(keyData); + + QByteArray responseData; + sendMessage(requestData, responseData); + + if (responseData.length() < 1 || static_cast (responseData[0]) != SSH_AGENT_SUCCESS) { + return false; + } + + return true; +} + +void SSHAgent::removeIdentityAtLock(const OpenSSHKey& key, const Uuid& uuid) +{ + OpenSSHKey copy = key; + copy.clearPrivate(); + m_keys[uuid.toHex()].insert(copy); +} + +void SSHAgent::databaseModeChanged(DatabaseWidget::Mode mode) +{ + DatabaseWidget* widget = qobject_cast keys = m_keys.take(uuid.toHex()); + for (OpenSSHKey key : keys) { + removeIdentity(key); + } + } else if (mode == DatabaseWidget::ViewMode && !m_keys.contains(uuid.toHex())) { + for (Entry* e : widget->database()->rootGroup()->entriesRecursive()) { + + if (!e->attachments()->hasKey("KeeAgent.settings")) + continue; + + KeeAgentSettings settings; + settings.fromXml(e->attachments()->value("KeeAgent.settings")); + + if (!settings.allowUseOfSshKey()) { + continue; + } + + QByteArray keyData; + if (settings.selectedType() == "attachment") { + keyData = e->attachments()->value(settings.attachmentName()); + } else if (!settings.fileName().isEmpty()) { + QFile file(settings.fileName()); + + if (file.size() > 1024 * 1024) { + continue; + } + + if (!file.open(QIODevice::ReadOnly)) { + continue; + } + + keyData = file.readAll(); + } + + if (keyData.isEmpty()) { + continue; + } + + OpenSSHKey key; + + if (!key.parse(keyData)) { + continue; + } + + if (settings.removeAtDatabaseClose()) { + removeIdentityAtLock(key, uuid); + } + + if (settings.addAtDatabaseOpen() && key.openPrivateKey(e->password())) { + int lifetime = 0; + + if (settings.useLifetimeConstraintWhenAdding()) { + lifetime = settings.lifetimeConstraintDuration(); + } + + addIdentity(key, lifetime, settings.useConfirmConstraintWhenAdding()); + } + } + } +} diff --git a/src/sshagent/SSHAgent.h b/src/sshagent/SSHAgent.h new file mode 100644 index 000000000..078ff7b0d --- /dev/null +++ b/src/sshagent/SSHAgent.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2017 Toni Spets +#include +#include "OpenSSHKey.h" + +#include "gui/DatabaseWidget.h" + +class SSHAgent : public QObject +{ + Q_OBJECT + +public: + static SSHAgent* instance(); + static void init(QObject* parent); + + bool isAgentRunning() const; + bool addIdentity(OpenSSHKey& key, quint32 lifetime = 0, bool confirm = false) const; + bool removeIdentity(OpenSSHKey& key) const; + void removeIdentityAtLock(const OpenSSHKey& key, const Uuid& uuid); + +public slots: + void databaseModeChanged(DatabaseWidget::Mode mode = DatabaseWidget::LockedMode); + +private: + const quint8 SSH_AGENT_FAILURE = 5; + const quint8 SSH_AGENT_SUCCESS = 6; + const quint8 SSH_AGENTC_REQUEST_IDENTITIES = 11; + const quint8 SSH_AGENT_IDENTITIES_ANSWER = 12; + const quint8 SSH_AGENTC_ADD_IDENTITY = 17; + const quint8 SSH_AGENTC_REMOVE_IDENTITY = 18; + const quint8 SSH_AGENTC_ADD_ID_CONSTRAINED = 25; + + const quint8 SSH_AGENT_CONSTRAIN_LIFETIME = 1; + const quint8 SSH_AGENT_CONSTRAIN_CONFIRM = 2; + + explicit SSHAgent(QObject* parent = nullptr); + ~SSHAgent(); + + bool sendMessage(const QByteArray& in, QByteArray& out) const; + + static SSHAgent* m_instance; + +#ifndef Q_OS_WIN + QString m_socketPath; +#else + const quint32 AGENT_MAX_MSGLEN = 8192; + const quint32 AGENT_COPYDATA_ID = 0x804e50ba; +#endif + + QMap + +extern "C" { +#include "blf.h" +} + +#define MINIMUM(a,b) (((a) < (b)) ? (a) : (b)) + +/* + * pkcs #5 pbkdf2 implementation using the "bcrypt" hash + * + * The bcrypt hash function is derived from the bcrypt password hashing + * function with the following modifications: + * 1. The input password and salt are preprocessed with SHA512. + * 2. The output length is expanded to 256 bits. + * 3. Subsequently the magic string to be encrypted is lengthened and modifed + * to "OxychromaticBlowfishSwatDynamite" + * 4. The hash function is defined to perform 64 rounds of initial state + * expansion. (More rounds are performed by iterating the hash.) + * + * Note that this implementation pulls the SHA512 operations into the caller + * as a performance optimization. + * + * One modification from official pbkdf2. Instead of outputting key material + * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to + * generate (e.g.) 512 bits of key material for use as two 256 bit keys, an + * attacker can merely run once through the outer loop, but the user + * always runs it twice. Shuffling output bytes requires computing the + * entirety of the key material to assemble any subkey. This is something a + * wise caller could do; we just do it for you. + */ + +#define BCRYPT_WORDS 8 +#define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) +#define SHA512_DIGEST_LENGTH 64 + +// FIXME: explicit_bzero exists to ensure bzero is not optimized out +#define explicit_bzero bzero + +static void +bcrypt_hash(const quint8* sha2pass, const quint8* sha2salt, quint8* out) +{ + blf_ctx state; + quint8 ciphertext[BCRYPT_HASHSIZE] = // "OxychromaticBlowfishSwatDynamite" + { 0x4f, 0x78, 0x79, 0x63, 0x68, 0x72, 0x6f, 0x6d, + 0x61, 0x74, 0x69, 0x63, 0x42, 0x6c, 0x6f, 0x77, + 0x66, 0x69, 0x73, 0x68, 0x53, 0x77, 0x61, 0x74, + 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x74, 0x65 }; + quint32 cdata[BCRYPT_WORDS]; + int i; + quint16 j; + size_t shalen = SHA512_DIGEST_LENGTH; + + /* key expansion */ + Blowfish_initstate(&state); + Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); + for (i = 0; i < 64; i++) { + Blowfish_expand0state(&state, sha2salt, shalen); + Blowfish_expand0state(&state, sha2pass, shalen); + } + + /* encryption */ + j = 0; + for (i = 0; i < BCRYPT_WORDS; i++) + cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), + &j); + for (i = 0; i < 64; i++) + blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); + + /* copy out */ + for (i = 0; i < BCRYPT_WORDS; i++) { + out[4 * i + 3] = (cdata[i] >> 24) & 0xff; + out[4 * i + 2] = (cdata[i] >> 16) & 0xff; + out[4 * i + 1] = (cdata[i] >> 8) & 0xff; + out[4 * i + 0] = cdata[i] & 0xff; + } + + /* zap */ + explicit_bzero(ciphertext, sizeof(ciphertext)); + explicit_bzero(cdata, sizeof(cdata)); + explicit_bzero(&state, sizeof(state)); +} + +int bcrypt_pbkdf(const QByteArray& pass, const QByteArray& salt, QByteArray& key, quint32 rounds) +{ + QCryptographicHash ctx(QCryptographicHash::Sha512); + QByteArray sha2pass; + QByteArray sha2salt; + quint8 out[BCRYPT_HASHSIZE]; + quint8 tmpout[BCRYPT_HASHSIZE]; + quint8 countsalt[4]; + + /* nothing crazy */ + if (rounds < 1) { + return -1; + } + + if (pass.isEmpty() || salt.isEmpty() || key.isEmpty() || + static_cast (key.length()) > sizeof(out) * sizeof(out)) { + return -1; + } + + quint32 stride = (key.length() + sizeof(out) - 1) / sizeof(out); + quint32 amt = (key.length() + stride - 1) / stride; + + /* collapse password */ + ctx.reset(); + ctx.addData(pass); + sha2pass = ctx.result(); + + /* generate key, sizeof(out) at a time */ + for (quint32 count = 1, keylen = key.length(); keylen > 0; count++) { + countsalt[0] = (count >> 24) & 0xff; + countsalt[1] = (count >> 16) & 0xff; + countsalt[2] = (count >> 8) & 0xff; + countsalt[3] = count & 0xff; + + /* first round, salt is salt */ + ctx.reset(); + ctx.addData(salt); + ctx.addData(reinterpret_cast (countsalt), sizeof(countsalt)); + sha2salt = ctx.result(); + + bcrypt_hash(reinterpret_cast (sha2pass.data()), reinterpret_cast (sha2salt.data()), tmpout); + memcpy(out, tmpout, sizeof(out)); + + for (quint32 i = 1; i < rounds; i++) { + /* subsequent rounds, salt is previous output */ + ctx.reset(); + ctx.addData(reinterpret_cast (tmpout), sizeof(tmpout)); + sha2salt = ctx.result(); + bcrypt_hash(reinterpret_cast (sha2pass.data()), reinterpret_cast (sha2salt.data()), tmpout); + for (quint32 j = 0; j < sizeof(out); j++) + out[j] ^= tmpout[j]; + } + + /* + * pbkdf2 deviation: output the key material non-linearly. + */ + amt = MINIMUM(amt, keylen); + quint32 i; + for (i = 0; i < amt; i++) { + int dest = i * stride + (count - 1); + if (dest >= key.length()) + break; + key.data()[dest] = out[i]; + } + keylen -= i; + } + + /* zap */ + explicit_bzero(out, sizeof(out)); + + return 0; +} diff --git a/src/sshagent/blf.h b/src/sshagent/blf.h new file mode 100644 index 000000000..4878e5588 --- /dev/null +++ b/src/sshagent/blf.h @@ -0,0 +1,98 @@ +/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */ +/* + * Blowfish - a fast block cipher designed by Bruce Schneier + * + * Copyright 1997 Niels Provos + +typedef uint32_t u_int32_t; +typedef uint16_t u_int16_t; +typedef uint8_t u_int8_t; + +#define bzero(p,s) memset(p, 0, s) + +#endif + +#if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) + +/* Schneier specifies a maximum key length of 56 bytes. + * This ensures that every key bit affects every cipher + * bit. However, the subkeys can hold up to 72 bytes. + * Warning: For normal blowfish encryption only 56 bytes + * of the key affect all cipherbits. + */ + +#define BLF_N 16 /* Number of Subkeys */ +#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ +#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */ + +/* Blowfish context */ +typedef struct BlowfishContext { + u_int32_t S[4][256]; /* S-Boxes */ + u_int32_t P[BLF_N + 2]; /* Subkeys */ +} blf_ctx; + +/* Raw access to customized Blowfish + * blf_key is just: + * Blowfish_initstate( state ) + * Blowfish_expand0state( state, key, keylen ) + */ + +void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *); +void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *); +void Blowfish_initstate(blf_ctx *); +void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); +void Blowfish_expandstate +(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); + +/* Standard Blowfish */ + +void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); +void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); +void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); + +void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); +void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); + +void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); +void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); + +/* Converts u_int8_t to u_int32_t */ +u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *); + +#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */ +#endif /* _BLF_H */ + diff --git a/src/sshagent/blowfish.c b/src/sshagent/blowfish.c new file mode 100644 index 000000000..02e9ac0bd --- /dev/null +++ b/src/sshagent/blowfish.c @@ -0,0 +1,696 @@ +/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */ +/* + * Blowfish block cipher for OpenBSD + * Copyright 1997 Niels Provos /* used for debugging */ +#include +#endif + +#include +#ifdef HAVE_BLF_H +#include "blf.h" +#endif + +#undef inline +#ifdef __GNUC__ +#define inline __inline +#else /* !__GNUC__ */ +#define inline +#endif /* !__GNUC__ */ + +/* Function for Feistel Networks */ + +#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ + + (s)[0x100 + (((x)>>16)&0xFF)]) \ + ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ + + (s)[0x300 + ( (x) &0xFF)]) + +#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) + +void +Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) +{ + u_int32_t Xl; + u_int32_t Xr; + u_int32_t *s = c->S[0]; + u_int32_t *p = c->P; + + Xl = *xl; + Xr = *xr; + + Xl ^= p[0]; + BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); + BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); + BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); + BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); + BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); + BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); + BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); + BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); + + *xl = Xr ^ p[17]; + *xr = Xl; +} + +void +Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) +{ + u_int32_t Xl; + u_int32_t Xr; + u_int32_t *s = c->S[0]; + u_int32_t *p = c->P; + + Xl = *xl; + Xr = *xr; + + Xl ^= p[17]; + BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); + BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); + BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); + BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); + BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); + BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); + BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); + BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); + + *xl = Xr ^ p[0]; + *xr = Xl; +} + +void +Blowfish_initstate(blf_ctx *c) +{ + /* P-box and S-box tables initialized with digits of Pi */ + + static const blf_ctx initstate = + { { + { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, + { + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, + { + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, + { + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} + }, + { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b + } }; + + *c = initstate; +} + +u_int32_t +Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, + u_int16_t *current) +{ + u_int8_t i; + u_int16_t j; + u_int32_t temp; + + temp = 0x00000000; + j = *current; + + for (i = 0; i < 4; i++, j++) { + if (j >= databytes) + j = 0; + temp = (temp << 8) | data[j]; + } + + *current = j; + return temp; +} + +void +Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) +{ + u_int16_t i; + u_int16_t j; + u_int16_t k; + u_int32_t temp; + u_int32_t datal; + u_int32_t datar; + + j = 0; + for (i = 0; i < BLF_N + 2; i++) { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = Blowfish_stream2word(key, keybytes, &j); + c->P[i] = c->P[i] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for (i = 0; i < BLF_N + 2; i += 2) { + Blowfish_encipher(c, &datal, &datar); + + c->P[i] = datal; + c->P[i + 1] = datar; + } + + for (i = 0; i < 4; i++) { + for (k = 0; k < 256; k += 2) { + Blowfish_encipher(c, &datal, &datar); + + c->S[i][k] = datal; + c->S[i][k + 1] = datar; + } + } +} + + +void +Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, + const u_int8_t *key, u_int16_t keybytes) +{ + u_int16_t i; + u_int16_t j; + u_int16_t k; + u_int32_t temp; + u_int32_t datal; + u_int32_t datar; + + j = 0; + for (i = 0; i < BLF_N + 2; i++) { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = Blowfish_stream2word(key, keybytes, &j); + c->P[i] = c->P[i] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for (i = 0; i < BLF_N + 2; i += 2) { + datal ^= Blowfish_stream2word(data, databytes, &j); + datar ^= Blowfish_stream2word(data, databytes, &j); + Blowfish_encipher(c, &datal, &datar); + + c->P[i] = datal; + c->P[i + 1] = datar; + } + + for (i = 0; i < 4; i++) { + for (k = 0; k < 256; k += 2) { + datal ^= Blowfish_stream2word(data, databytes, &j); + datar ^= Blowfish_stream2word(data, databytes, &j); + Blowfish_encipher(c, &datal, &datar); + + c->S[i][k] = datal; + c->S[i][k + 1] = datar; + } + } + +} + +void +blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) +{ + /* Initialize S-boxes and subkeys with Pi */ + Blowfish_initstate(c); + + /* Transform S-boxes and subkeys with key */ + Blowfish_expand0state(c, k, len); +} + +void +blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) +{ + u_int32_t *d; + u_int16_t i; + + d = data; + for (i = 0; i < blocks; i++) { + Blowfish_encipher(c, d, d + 1); + d += 2; + } +} + +void +blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) +{ + u_int32_t *d; + u_int16_t i; + + d = data; + for (i = 0; i < blocks; i++) { + Blowfish_decipher(c, d, d + 1); + d += 2; + } +} + +void +blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i; + + for (i = 0; i < len; i += 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_encipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + data += 8; + } +} + +void +blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i; + + for (i = 0; i < len; i += 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + data += 8; + } +} + +void +blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int32_t i, j; + + for (i = 0; i < len; i += 8) { + for (j = 0; j < 8; j++) + data[j] ^= iv[j]; + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_encipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + iv = data; + data += 8; + } +} + +void +blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) +{ + u_int32_t l, r; + u_int8_t *iv; + u_int32_t i, j; + + iv = data + len - 16; + data = data + len - 8; + for (i = len - 8; i >= 8; i -= 8) { + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + for (j = 0; j < 8; j++) + data[j] ^= iv[j]; + iv -= 8; + data -= 8; + } + l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; + r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; + Blowfish_decipher(c, &l, &r); + data[0] = l >> 24 & 0xff; + data[1] = l >> 16 & 0xff; + data[2] = l >> 8 & 0xff; + data[3] = l & 0xff; + data[4] = r >> 24 & 0xff; + data[5] = r >> 16 & 0xff; + data[6] = r >> 8 & 0xff; + data[7] = r & 0xff; + for (j = 0; j < 8; j++) + data[j] ^= iva[j]; +} + +#if 0 +void +report(u_int32_t data[], u_int16_t len) +{ + u_int16_t i; + for (i = 0; i < len; i += 2) + printf("Block %0hd: %08lx %08lx.\n", + i / 2, data[i], data[i + 1]); +} +void +main(void) +{ + + blf_ctx c; + char key[] = "AAAAA"; + char key2[] = "abcdefghijklmnopqrstuvwxyz"; + + u_int32_t data[10]; + u_int32_t data2[] = + {0x424c4f57l, 0x46495348l}; + + u_int16_t i; + + /* First test */ + for (i = 0; i < 10; i++) + data[i] = i; + + blf_key(&c, (u_int8_t *) key, 5); + blf_enc(&c, data, 5); + blf_dec(&c, data, 1); + blf_dec(&c, data + 2, 4); + printf("Should read as 0 - 9.\n"); + report(data, 10); + + /* Second test */ + blf_key(&c, (u_int8_t *) key2, strlen(key2)); + blf_enc(&c, data2, 1); + printf("\nShould read as: 0x324ed0fe 0xf413a203.\n"); + report(data2, 2); + blf_dec(&c, data2, 1); + report(data2, 2); +} +#endif + +#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \ + !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */ + diff --git a/src/totp/totp.cpp b/src/totp/totp.cpp index 7a584def2..f102335aa 100644 --- a/src/totp/totp.cpp +++ b/src/totp/totp.cpp @@ -28,14 +28,47 @@ #include #include -const quint8 QTotp::defaultStep = 30; -const quint8 QTotp::defaultDigits = 6; +const quint8 Totp::defaultStep = 30; +const quint8 Totp::defaultDigits = 6; -QTotp::QTotp() +/** + * Custom encoder types. Each should be unique and >= 128 and < 255 + * Values have no meaning outside of keepassxc + */ +/** + * Encoder for Steam Guard TOTP + */ +const quint8 Totp::ENCODER_STEAM = 254; + +const Totp::Encoder Totp::defaultEncoder = { "", "", "0123456789", 0, 0, false }; +const QMap +#include +#include class QUrl; -class QTotp +class Totp { public: - QTotp(); + Totp(); static QString parseOtpString(QString rawSecret, quint8& digits, quint8& step); static QString generateTotp(const QByteArray key, quint64 time, const quint8 numDigits, const quint8 step); static QUrl generateOtpString(const QString& secret, @@ -34,10 +36,25 @@ public: const QString& issuer, const QString& username, const QString& algorithm, - const quint8& digits, - const quint8& step); + quint8 digits, + quint8 step); static const quint8 defaultStep; static const quint8 defaultDigits; + struct Encoder + { + QString name; + QString shortName; + QString alphabet; + quint8 digits; + quint8 step; + bool reverse; + }; + static const Encoder defaultEncoder; + // custom encoder values that overload the digits field + static const quint8 ENCODER_STEAM; + static const QMap #include #include +#include #include "core/CsvParser.h" @@ -37,7 +38,6 @@ private slots: void init(); void cleanup(); void initTestCase(); - void cleanupTestCase(); void testUnicode(); void testLF(); @@ -62,8 +62,8 @@ private slots: void testColumns(); private: - QTemporaryFile* file; - CsvParser* parser; + QScopedPointer file; + QScopedPointer parser; CsvTable t; void dumpRow(CsvTable table, int row); }; diff --git a/tests/TestEntry.cpp b/tests/TestEntry.cpp index 1e863dbeb..47082d12f 100644 --- a/tests/TestEntry.cpp +++ b/tests/TestEntry.cpp @@ -262,3 +262,244 @@ void TestEntry::testResolveRecursivePlaceholders() QCOMPARE(entry5->resolveMultiplePlaceholders(entry5->url()), url); QCOMPARE(entry5->resolveMultiplePlaceholders(entry5->title()), QString("title+/some/path+fragment+title")); } + +void TestEntry::testResolveReferencePlaceholders() +{ + Database db; + Group* root = db.rootGroup(); + + Entry* entry1 = new Entry(); + entry1->setGroup(root); + entry1->setUuid(Uuid::random()); + entry1->setTitle("Title1"); + entry1->setUsername("Username1"); + entry1->setPassword("Password1"); + entry1->setUrl("Url1"); + entry1->setNotes("Notes1"); + entry1->attributes()->set("CustomAttribute1", "CustomAttributeValue1"); + + Group* group = new Group(); + group->setParent(root); + Entry* entry2 = new Entry(); + entry2->setGroup(group); + entry2->setUuid(Uuid::random()); + entry2->setTitle("Title2"); + entry2->setUsername("Username2"); + entry2->setPassword("Password2"); + entry2->setUrl("Url2"); + entry2->setNotes("Notes2"); + entry2->attributes()->set("CustomAttribute2", "CustomAttributeValue2"); + + Entry* entry3 = new Entry(); + entry3->setGroup(group); + entry3->setUuid(Uuid::random()); + entry3->setTitle("{S:AttributeTitle}"); + entry3->setUsername("{S:AttributeUsername}"); + entry3->setPassword("{S:AttributePassword}"); + entry3->setUrl("{S:AttributeUrl}"); + entry3->setNotes("{S:AttributeNotes}"); + entry3->attributes()->set("AttributeTitle", "TitleValue"); + entry3->attributes()->set("AttributeUsername", "UsernameValue"); + entry3->attributes()->set("AttributePassword", "PasswordValue"); + entry3->attributes()->set("AttributeUrl", "UrlValue"); + entry3->attributes()->set("AttributeNotes", "NotesValue"); + + Entry* tstEntry = new Entry(); + tstEntry->setGroup(root); + tstEntry->setUuid(Uuid::random()); + + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@I:%1}").arg(entry1->uuid().toHex())), entry1->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@T:%1}").arg(entry1->title())), entry1->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@U:%1}").arg(entry1->username())), entry1->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@P:%1}").arg(entry1->password())), entry1->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@A:%1}").arg(entry1->url())), entry1->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@N:%1}").arg(entry1->notes())), entry1->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@O:%1}").arg(entry1->attributes()->value("CustomAttribute1"))), entry1->title()); + + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@I:%1}").arg(entry1->uuid().toHex())), entry1->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@T:%1}").arg(entry1->title())), entry1->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:U@U:%1}").arg(entry1->username())), entry1->username()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:P@P:%1}").arg(entry1->password())), entry1->password()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:A@A:%1}").arg(entry1->url())), entry1->url()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:N@N:%1}").arg(entry1->notes())), entry1->notes()); + + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@I:%1}").arg(entry2->uuid().toHex())), entry2->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@T:%1}").arg(entry2->title())), entry2->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@U:%1}").arg(entry2->username())), entry2->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@P:%1}").arg(entry2->password())), entry2->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@A:%1}").arg(entry2->url())), entry2->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@N:%1}").arg(entry2->notes())), entry2->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@O:%1}").arg(entry2->attributes()->value("CustomAttribute2"))), entry2->title()); + + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@T:%1}").arg(entry2->title())), entry2->title()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:U@U:%1}").arg(entry2->username())), entry2->username()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:P@P:%1}").arg(entry2->password())), entry2->password()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:A@A:%1}").arg(entry2->url())), entry2->url()); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:N@N:%1}").arg(entry2->notes())), entry2->notes()); + + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@I:%1}").arg(entry3->uuid().toHex())), entry3->attributes()->value("AttributeTitle")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:U@I:%1}").arg(entry3->uuid().toHex())), entry3->attributes()->value("AttributeUsername")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:P@I:%1}").arg(entry3->uuid().toHex())), entry3->attributes()->value("AttributePassword")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:A@I:%1}").arg(entry3->uuid().toHex())), entry3->attributes()->value("AttributeUrl")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:N@I:%1}").arg(entry3->uuid().toHex())), entry3->attributes()->value("AttributeNotes")); + + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:T@I:%1}").arg(entry3->uuid().toHex().toUpper())), entry3->attributes()->value("AttributeTitle")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:U@I:%1}").arg(entry3->uuid().toHex().toUpper())), entry3->attributes()->value("AttributeUsername")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:P@I:%1}").arg(entry3->uuid().toHex().toUpper())), entry3->attributes()->value("AttributePassword")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:A@I:%1}").arg(entry3->uuid().toHex().toUpper())), entry3->attributes()->value("AttributeUrl")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:N@I:%1}").arg(entry3->uuid().toHex().toUpper())), entry3->attributes()->value("AttributeNotes")); + + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:t@i:%1}").arg(entry3->uuid().toHex().toLower())), entry3->attributes()->value("AttributeTitle")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:u@i:%1}").arg(entry3->uuid().toHex().toLower())), entry3->attributes()->value("AttributeUsername")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:p@i:%1}").arg(entry3->uuid().toHex().toLower())), entry3->attributes()->value("AttributePassword")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:a@i:%1}").arg(entry3->uuid().toHex().toLower())), entry3->attributes()->value("AttributeUrl")); + QCOMPARE(tstEntry->resolveMultiplePlaceholders(QString("{REF:n@i:%1}").arg(entry3->uuid().toHex().toLower())), entry3->attributes()->value("AttributeNotes")); +} + +void TestEntry::testResolveNonIdPlaceholdersToUuid() +{ + Database db; + auto* root = db.rootGroup(); + + Entry referencedEntryTitle; + referencedEntryTitle.setGroup(root); + referencedEntryTitle.setTitle("myTitle"); + referencedEntryTitle.setUuid(Uuid::random()); + + Entry referencedEntryUsername; + referencedEntryUsername.setGroup(root); + referencedEntryUsername.setUsername("myUser"); + referencedEntryUsername.setUuid(Uuid::random()); + + Entry referencedEntryPassword; + referencedEntryPassword.setGroup(root); + referencedEntryPassword.setPassword("myPassword"); + referencedEntryPassword.setUuid(Uuid::random()); + + Entry referencedEntryUrl; + referencedEntryUrl.setGroup(root); + referencedEntryUrl.setUrl("myUrl"); + referencedEntryUrl.setUuid(Uuid::random()); + + Entry referencedEntryNotes; + referencedEntryNotes.setGroup(root); + referencedEntryNotes.setNotes("myNotes"); + referencedEntryNotes.setUuid(Uuid::random()); + + const QList placeholders{'T', 'U', 'P', 'A', 'N'}; + for (const QChar searchIn : placeholders) { + const Entry* referencedEntry = nullptr; + QString newEntryNotesRaw("{REF:I@%1:%2}"); + + switch(searchIn.toLatin1()) { + case 'T': + referencedEntry = &referencedEntryTitle; + newEntryNotesRaw = newEntryNotesRaw.arg(searchIn, referencedEntry->title()); + break; + case 'U': + referencedEntry = &referencedEntryUsername; + newEntryNotesRaw = newEntryNotesRaw.arg(searchIn, referencedEntry->username()); + break; + case 'P': + referencedEntry = &referencedEntryPassword; + newEntryNotesRaw = newEntryNotesRaw.arg(searchIn, referencedEntry->password()); + break; + case 'A': + referencedEntry = &referencedEntryUrl; + newEntryNotesRaw = newEntryNotesRaw.arg(searchIn, referencedEntry->url()); + break; + case 'N': + referencedEntry = &referencedEntryNotes; + newEntryNotesRaw = newEntryNotesRaw.arg(searchIn, referencedEntry->notes()); + break; + default: + break; + } + + Entry newEntry; + newEntry.setGroup(root); + newEntry.setNotes(newEntryNotesRaw); + + const auto newEntryNotesResolved = + newEntry.resolveMultiplePlaceholders(newEntry.notes()); + QCOMPARE(newEntryNotesResolved, QString(referencedEntry->uuid().toHex())); + } +} + +void TestEntry::testResolveClonedEntry() +{ + Database db; + Group* root = db.rootGroup(); + + Entry* original = new Entry(); + original->setGroup(root); + original->setUuid(Uuid::random()); + original->setTitle("Title"); + original->setUsername("SomeUsername"); + original->setPassword("SomePassword"); + + QCOMPARE(original->resolveMultiplePlaceholders(original->username()), original->username()); + QCOMPARE(original->resolveMultiplePlaceholders(original->password()), original->password()); + + // Top-level clones. + Entry* clone1 = original->clone(Entry::CloneNewUuid); + clone1->setGroup(root); + Entry* clone2 = original->clone(Entry::CloneUserAsRef | Entry::CloneNewUuid); + clone2->setGroup(root); + Entry* clone3 = original->clone(Entry::ClonePassAsRef | Entry::CloneNewUuid); + clone3->setGroup(root); + Entry* clone4 = original->clone(Entry::CloneUserAsRef | Entry::ClonePassAsRef | Entry::CloneNewUuid); + clone4->setGroup(root); + + QCOMPARE(clone1->resolveMultiplePlaceholders(clone1->username()), original->username()); + QCOMPARE(clone1->resolveMultiplePlaceholders(clone1->password()), original->password()); + QCOMPARE(clone2->resolveMultiplePlaceholders(clone2->username()), original->username()); + QCOMPARE(clone2->resolveMultiplePlaceholders(clone2->password()), original->password()); + QCOMPARE(clone3->resolveMultiplePlaceholders(clone3->username()), original->username()); + QCOMPARE(clone3->resolveMultiplePlaceholders(clone3->password()), original->password()); + QCOMPARE(clone4->resolveMultiplePlaceholders(clone4->username()), original->username()); + QCOMPARE(clone4->resolveMultiplePlaceholders(clone4->password()), original->password()); + + // Second-level clones. + Entry* cclone1 = clone4->clone(Entry::CloneNewUuid); + cclone1->setGroup(root); + Entry* cclone2 = clone4->clone(Entry::CloneUserAsRef | Entry::CloneNewUuid); + cclone2->setGroup(root); + Entry* cclone3 = clone4->clone(Entry::ClonePassAsRef | Entry::CloneNewUuid); + cclone3->setGroup(root); + Entry* cclone4 = clone4->clone(Entry::CloneUserAsRef | Entry::ClonePassAsRef | Entry::CloneNewUuid); + cclone4->setGroup(root); + + QCOMPARE(cclone1->resolveMultiplePlaceholders(cclone1->username()), original->username()); + QCOMPARE(cclone1->resolveMultiplePlaceholders(cclone1->password()), original->password()); + QCOMPARE(cclone2->resolveMultiplePlaceholders(cclone2->username()), original->username()); + QCOMPARE(cclone2->resolveMultiplePlaceholders(cclone2->password()), original->password()); + QCOMPARE(cclone3->resolveMultiplePlaceholders(cclone3->username()), original->username()); + QCOMPARE(cclone3->resolveMultiplePlaceholders(cclone3->password()), original->password()); + QCOMPARE(cclone4->resolveMultiplePlaceholders(cclone4->username()), original->username()); + QCOMPARE(cclone4->resolveMultiplePlaceholders(cclone4->password()), original->password()); + + // Change the original's attributes and make sure that the changes are tracked. + QString oldUsername = original->username(); + QString oldPassword = original->password(); + original->setUsername("DifferentUsername"); + original->setPassword("DifferentPassword"); + + QCOMPARE(clone1->resolveMultiplePlaceholders(clone1->username()), oldUsername); + QCOMPARE(clone1->resolveMultiplePlaceholders(clone1->password()), oldPassword); + QCOMPARE(clone2->resolveMultiplePlaceholders(clone2->username()), original->username()); + QCOMPARE(clone2->resolveMultiplePlaceholders(clone2->password()), oldPassword); + QCOMPARE(clone3->resolveMultiplePlaceholders(clone3->username()), oldUsername); + QCOMPARE(clone3->resolveMultiplePlaceholders(clone3->password()), original->password()); + QCOMPARE(clone4->resolveMultiplePlaceholders(clone4->username()), original->username()); + QCOMPARE(clone4->resolveMultiplePlaceholders(clone4->password()), original->password()); + + QCOMPARE(cclone1->resolveMultiplePlaceholders(cclone1->username()), original->username()); + QCOMPARE(cclone1->resolveMultiplePlaceholders(cclone1->password()), original->password()); + QCOMPARE(cclone2->resolveMultiplePlaceholders(cclone2->username()), original->username()); + QCOMPARE(cclone2->resolveMultiplePlaceholders(cclone2->password()), original->password()); + QCOMPARE(cclone3->resolveMultiplePlaceholders(cclone3->username()), original->username()); + QCOMPARE(cclone3->resolveMultiplePlaceholders(cclone3->password()), original->password()); + QCOMPARE(cclone4->resolveMultiplePlaceholders(cclone4->username()), original->username()); + QCOMPARE(cclone4->resolveMultiplePlaceholders(cclone4->password()), original->password()); +} diff --git a/tests/TestEntry.h b/tests/TestEntry.h index 50fec57a5..7c2350861 100644 --- a/tests/TestEntry.h +++ b/tests/TestEntry.h @@ -34,6 +34,9 @@ private slots: void testResolveUrl(); void testResolveUrlPlaceholders(); void testResolveRecursivePlaceholders(); + void testResolveReferencePlaceholders(); + void testResolveNonIdPlaceholdersToUuid(); + void testResolveClonedEntry(); }; #endif // KEEPASSX_TESTENTRY_H diff --git a/tests/TestGroup.cpp b/tests/TestGroup.cpp index 5a809670f..24bdfeb5a 100644 --- a/tests/TestGroup.cpp +++ b/tests/TestGroup.cpp @@ -18,9 +18,10 @@ #include "TestGroup.h" -#include -#include #include +#include +#include +#include #include #include "core/Database.h" @@ -75,6 +76,7 @@ void TestGroup::testParenting() QCOMPARE(g3->children().size(), 1); QCOMPARE(g4->children().size(), 0); + QVERIFY(rootGroup->children().at(0) == g1); QVERIFY(rootGroup->children().at(0) == g1); QVERIFY(g1->children().at(0) == g2); QVERIFY(g1->children().at(1) == g3); @@ -99,7 +101,6 @@ void TestGroup::testParenting() g3->setIcon(Uuid::random()); g1->setIcon(2); QCOMPARE(spy.count(), 6); - delete db; QVERIFY(rootGroup.isNull()); @@ -107,7 +108,6 @@ void TestGroup::testParenting() QVERIFY(g2.isNull()); QVERIFY(g3.isNull()); QVERIFY(g4.isNull()); - delete tmpRoot; } @@ -117,18 +117,18 @@ void TestGroup::testSignals() Database* db2 = new Database(); QPointer root = db->rootGroup(); - QSignalSpy spyAboutToAdd(db, SIGNAL(groupAboutToAdd(Group*,int))); + QSignalSpy spyAboutToAdd(db, SIGNAL(groupAboutToAdd(Group*, int))); QSignalSpy spyAdded(db, SIGNAL(groupAdded())); QSignalSpy spyAboutToRemove(db, SIGNAL(groupAboutToRemove(Group*))); QSignalSpy spyRemoved(db, SIGNAL(groupRemoved())); - QSignalSpy spyAboutToMove(db, SIGNAL(groupAboutToMove(Group*,Group*,int))); + QSignalSpy spyAboutToMove(db, SIGNAL(groupAboutToMove(Group*, Group*, int))); QSignalSpy spyMoved(db, SIGNAL(groupMoved())); - QSignalSpy spyAboutToAdd2(db2, SIGNAL(groupAboutToAdd(Group*,int))); + QSignalSpy spyAboutToAdd2(db2, SIGNAL(groupAboutToAdd(Group*, int))); QSignalSpy spyAdded2(db2, SIGNAL(groupAdded())); QSignalSpy spyAboutToRemove2(db2, SIGNAL(groupAboutToRemove(Group*))); QSignalSpy spyRemoved2(db2, SIGNAL(groupRemoved())); - QSignalSpy spyAboutToMove2(db2, SIGNAL(groupAboutToMove(Group*,Group*,int))); + QSignalSpy spyAboutToMove2(db2, SIGNAL(groupAboutToMove(Group*, Group*, int))); QSignalSpy spyMoved2(db2, SIGNAL(groupMoved())); Group* g1 = new Group(); @@ -251,7 +251,7 @@ void TestGroup::testEntries() void TestGroup::testDeleteSignals() { - Database* db = new Database(); + QScopedPointer