* Save the master seed upon first challenge so it can be used as a
challenge at a later point.
* When verifyKey() is called, verify that the challenge is successful.
* Uncheck YubiKey box to not leak information about how the database is
protected.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* Tweak the logic so it more closely resembles other code (i.e.
trasnformKey()). Matches existing style better.
* Save the challengeResponseKey in the database structure so that
it can be referred to later (i.e. database unlocking).
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* If a removed Yubikey is to blame, re-inserting the Yubikey won't
resolve the issue. Hot plug isn't supported at this point.
* The caller should detect the error and cancel the database write.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* Implement a YubiKey challenge response class. One object will be
created for each challenge response key available.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* Use compile time detection of the YubiKey libraries and link against
the libraries if present. Can be disabled with:
$ cmake -DCMAKE_DISABLE_FIND_PACKAGE_YubiKey=FALSE
* A stub file provides empty calls for all the function calls integrated
in to the UI to support this. In the future a more modular approach
maybe better, but opting for simplicity initially.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* The challengeMasterSeed() function return empty if not present
maintaining backwards compatability.
* This commit is where the challenge response result is computed into
the final key used to encrypt or decrypt the database.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* Pass the master seed from the database to CompositeKey::challenge()
function which will in turn issue challenges to all selected
drivers.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* Each Challenge Response Key consists of a list of regular keys and now
challenge response keys.
* Copy ChallengeResponseKeys when copying the object.
* Challenge consists of challenging each driver in the list and hashing
the concatenated data result using SHA256.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* Add initial header file for forthcoming challenge response support.
* A ChallengeResponseKey operates by submitting some challenge data and
getting a deterministic result.
* In the case of the forthcoming YubiKey integration, the master seed is
submitted as the challenge to the YubiKey hardware and the YubiKey
returns a HMAC-SHA1 response.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>