* User is prompted to disable safe saves after three failed attempts
* Completely retooled basic settings to group settings logically
* Added setting for "atomic saves"
* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF
Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.
* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken
* core: database: make UUID searching case-insensitive
4c4d8a5e84 ("Implement search for reference placeholder based on
fields other than ID") changed the semantics of searching-by-reference
in KeePassXC. Unforuntately it contained a bug where it implicitly
became case-sensitive to UUIDs, which broke existing databases that used
references (especially since the default reference format uses a
different case to the UUID used while searching).
The tests didn't catch this because ->toHex() preserves the case that it
was provided, they have been updated to check that UUIDs are case
insensitive.
* cli: show: resolve references in output
Previously, `keepassxc-cli show` would not resolve references. This
would make it quite hard to script around its output (since there's not
interface to resolve references manually either). Fix this by using
resolveMultiplePlaceholders as with all other users of ->password() and
related entry fields.
Fixes: keepassxreboot/keepassxc#1260
* tests: entry: add tests for ref-cloned entries
This ensures that the most "intuitive" current usage of references
(through the clone feature of the GUI) remains self-consistent and
always produces the correct results. In addition, explicitly test that
case insensitivity works as expected. These should avoid similar
regressions in reference handling in the future.
* http: resolve references in AccessControlDialog
The access control dialog previously would not show the "real" username
or "real" title when asking for permission to give access to entries.
Fix this by resolving it, as we do in many other places.
Fixes: keepassxreboot/keepassxc#1269
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
* Save the master seed upon first challenge so it can be used as a
challenge at a later point.
* When verifyKey() is called, verify that the challenge is successful.
* Uncheck YubiKey box to not leak information about how the database is
protected.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* Tweak the logic so it more closely resembles other code (i.e.
trasnformKey()). Matches existing style better.
* Save the challengeResponseKey in the database structure so that
it can be referred to later (i.e. database unlocking).
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* If a removed Yubikey is to blame, re-inserting the Yubikey won't
resolve the issue. Hot plug isn't supported at this point.
* The caller should detect the error and cancel the database write.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
* Pass the master seed from the database to CompositeKey::challenge()
function which will in turn issue challenges to all selected
drivers.
Signed-off-by: Kyle Manna <kyle@kylemanna.com>
