mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2024-10-01 01:26:01 -04:00
YubiKey: Fix database locking
* Save the master seed upon first challenge so it can be used as a challenge at a later point. * When verifyKey() is called, verify that the challenge is successful. * Uncheck YubiKey box to not leak information about how the database is protected. Signed-off-by: Kyle Manna <kyle@kylemanna.com>
This commit is contained in:
parent
77cc99acd3
commit
951fa96848
@ -183,6 +183,7 @@ QByteArray Database::challengeResponseKey() const
|
||||
|
||||
bool Database::challengeMasterSeed(const QByteArray& masterSeed)
|
||||
{
|
||||
m_data.masterSeed = masterSeed;
|
||||
return m_data.key.challenge(masterSeed, m_data.challengeResponseKey);
|
||||
}
|
||||
|
||||
@ -256,6 +257,22 @@ bool Database::verifyKey(const CompositeKey& key) const
|
||||
{
|
||||
Q_ASSERT(hasKey());
|
||||
|
||||
/* If the database has challenge response keys, then the the verification
|
||||
* key better as well */
|
||||
if (!m_data.challengeResponseKey.isEmpty()) {
|
||||
QByteArray result;
|
||||
|
||||
if (!key.challenge(m_data.masterSeed, result)) {
|
||||
/* Challenge failed, (YubiKey?) removed? */
|
||||
return false;
|
||||
}
|
||||
|
||||
if (m_data.challengeResponseKey != result) {
|
||||
/* Wrong response from challenged device(s) */
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return (m_data.key.rawKey() == key.rawKey());
|
||||
}
|
||||
|
||||
|
@ -59,6 +59,7 @@ public:
|
||||
QByteArray transformedMasterKey;
|
||||
CompositeKey key;
|
||||
bool hasKey;
|
||||
QByteArray masterSeed;
|
||||
QByteArray challengeResponseKey;
|
||||
};
|
||||
|
||||
|
@ -33,6 +33,7 @@ void UnlockDatabaseWidget::clearForms()
|
||||
m_ui->comboKeyFile->clear();
|
||||
m_ui->checkPassword->setChecked(false);
|
||||
m_ui->checkKeyFile->setChecked(false);
|
||||
m_ui->checkChallengeResponse->setChecked(false);
|
||||
m_ui->buttonTogglePassword->setChecked(false);
|
||||
m_db = nullptr;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user