Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2024-10-01 01:26:01 -04:00
Code Issues Packages Projects Releases Wiki Activity

YubiKey: Fix database locking

Browse Source 
* Save the master seed upon first challenge so it can be used as a
  challenge at a later point.
* When verifyKey() is called, verify that the challenge is successful.
* Uncheck YubiKey box to not leak information about how the database is
  protected.

Signed-off-by: Kyle Manna <kyle@kylemanna.com>
This commit is contained in:
Kyle Manna 2014-09-07 16:43:04 -07:00
parent 77cc99acd3
commit 951fa96848
3 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/core/Database.cpp
View File

@ -183,6 +183,7 @@ QByteArray Database::challengeResponseKey() const
bool Database::challengeMasterSeed(const QByteArray& masterSeed) bool Database::challengeMasterSeed(const QByteArray& masterSeed)
{ {
m_data.masterSeed = masterSeed;
return m_data.key.challenge(masterSeed, m_data.challengeResponseKey); return m_data.key.challenge(masterSeed, m_data.challengeResponseKey);
} }
@ -256,6 +257,22 @@ bool Database::verifyKey(const CompositeKey& key) const
{ {
Q_ASSERT(hasKey()); Q_ASSERT(hasKey());
/* If the database has challenge response keys, then the the verification
* key better as well */
if (!m_data.challengeResponseKey.isEmpty()) {
QByteArray result;
if (!key.challenge(m_data.masterSeed, result)) {
/* Challenge failed, (YubiKey?) removed? */
return false;
}
if (m_data.challengeResponseKey != result) {
/* Wrong response from challenged device(s) */
return false;
}
}
return (m_data.key.rawKey() == key.rawKey()); return (m_data.key.rawKey() == key.rawKey());
} }

1
src/core/Database.h
View File

@ -59,6 +59,7 @@ public:
QByteArray transformedMasterKey; QByteArray transformedMasterKey;
CompositeKey key; CompositeKey key;
bool hasKey; bool hasKey;
QByteArray masterSeed;
QByteArray challengeResponseKey; QByteArray challengeResponseKey;
}; };

1
src/gui/UnlockDatabaseWidget.cpp
View File

@ -33,6 +33,7 @@ void UnlockDatabaseWidget::clearForms()
m_ui->comboKeyFile->clear(); m_ui->comboKeyFile->clear();
m_ui->checkPassword->setChecked(false); m_ui->checkPassword->setChecked(false);
m_ui->checkKeyFile->setChecked(false); m_ui->checkKeyFile->setChecked(false);
m_ui->checkChallengeResponse->setChecked(false);
m_ui->buttonTogglePassword->setChecked(false); m_ui->buttonTogglePassword->setChecked(false);
m_db = nullptr; m_db = nullptr;
} }