Commit Graph

19 Commits

Author SHA1 Message Date
Toni Spets
860fcfd78d SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys
Closes #4334
2021-10-01 16:25:14 -04:00
Toni Spets
17d51b558e SSH Agent: Add missing ECDSA tests for OpenSSHKey 2021-10-01 16:25:14 -04:00
peter
6b14b5dc27 Optimize includes across code base 2021-07-13 22:08:33 -04:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Jonathan White
9e2be34897
Merge branch 'develop'
Conflicts:
	CMakeLists.txt
	cmake/CLangFormat.cmake
	snapcraft.yaml
	src/CMakeLists.txt
	src/core/Database.cpp
	src/core/Database.h
	src/core/Tools.cpp
	src/crypto/CryptoHash.h
	src/crypto/ssh/ASN1Key.h
	src/crypto/ssh/OpenSSHKey.cpp
	src/format/Kdbx4Reader.cpp
	src/gui/DatabaseTabWidget.cpp
	src/gui/DatabaseTabWidget.h
	src/gui/DatabaseWidget.cpp
	src/gui/DatabaseWidget.h
	src/gui/DetailsWidget.cpp
	src/gui/DetailsWidget.ui
	src/gui/EditWidgetProperties.cpp
	src/gui/EntryPreviewWidget.cpp
	src/gui/EntryPreviewWidget.ui
	src/gui/FileDialog.cpp
	src/gui/dbsettings/DatabaseSettingsDialog.cpp
	src/gui/dbsettings/DatabaseSettingsDialog.h
	src/gui/group/EditGroupWidget.cpp
	src/gui/group/EditGroupWidget.h
	src/sshagent/ASN1Key.h
	src/sshagent/OpenSSHKey.cpp
	src/sshagent/SSHAgent.cpp
	tests/CMakeLists.txt
2018-12-18 22:28:56 -05:00
Gianluca Recchia
fc930bae69
Restore correct formatting
Many lines were not conformant with the project's formatting rules.
This patch should fix all formatting and whitespace issues in the code
base.
A clang-format directive was put around the connect() calls containing
SIGNALs and SLOTs whose signatures would be denormalized because of the
formatting rules.
2018-11-28 18:29:15 -05:00
Christian Kieschnick
eca9c658f4
Add sharing of groups between databases
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
2018-10-01 10:39:37 -04:00
Jonathan White
ca27fb06d5
Merge branch 'master'
Conflicts:
	INSTALL.md
	release-tool
	src/browser/BrowserOptionDialog.cpp
	src/browser/BrowserService.cpp
	src/browser/BrowserService.h
	src/browser/NativeMessagingBase.h
	src/browser/NativeMessagingHost.h
	src/core/Uuid.cpp
	src/gui/DatabaseTabWidget.cpp
	src/gui/DatabaseWidget.cpp
	src/gui/EditWidget.cpp
	src/gui/MainWindow.cpp
	src/gui/MainWindow.ui
	src/proxy/NativeMessagingHost.h
	src/sshagent/ASN1Key.cpp
2018-08-24 09:42:38 -04:00
Toni Spets
07efabed03 SSH Agent: Show MD5 fingerprint of keys
Fixes #2050
2018-07-16 18:45:20 -04:00
Toni Spets
3727d37101 SSH Agent: Expect passphrases to be in UTF-8
The previous default was to expect passphrases to be ASCII or
rather Latin-1. It would be reasonable to expect modern keys to
use UTF-8 instead.

This is a non-breaking change if passphrases only use characters
that fall within ASCII.

Fixes #2102
2018-07-14 17:07:07 -04:00
Toni Spets
8c70856a82 SSH Agent: Fix invalid iqmp output for RSA keys
This fixes loading RSA keys to Pageant.
2018-06-26 22:52:47 -04:00
Jonathan White
aae6d09fd3
Merge branch 'master' into develop
Conflicts:
	src/CMakeLists.txt
	src/autotype/xcb/AutoTypeXCB.cpp
	src/browser/BrowserAction.cpp
	src/browser/BrowserService.cpp
	src/browser/BrowserService.h
	src/browser/BrowserSettings.h
	src/browser/NativeMessagingHost.cpp
	src/browser/NativeMessagingHost.h
	src/gui/EditWidgetIcons.cpp
	src/gui/EditWidgetIcons.h
	src/gui/MainWindow.cpp
	src/proxy/NativeMessagingHost.cpp
	tests/TestOpenSSHKey.cpp
2018-05-07 23:24:30 -04:00
Steven Noonan
c21f4b5ec2 OpenSSHKey: correctly parse aes-256-cbc/ctr keys (#1682)
AES-256 uses a 32-byte (256-bit) key size. This un-breaks the loader and
tests added for AES-256-CBC and AES-256-CTR PEM keys.

* OpenSSHKey: correctly parse encrypted PEM AES-256-CBC/AES-256-CTR keys
* OpenSSHKey: use correct key derivation for AES-256
2018-04-04 21:58:34 -04:00
Louis-Bertrand Varin
8324d03f0a Formatting the code. 2018-03-31 16:01:30 -04:00
Toni Spets
d58e3ca34d SSH Agent: Support old AES-128-CBC encrypted keys 2018-02-11 15:31:06 +01:00
Toni Spets
cbb70cdc7c SSH Agent: Support old unencrypted DSA and RSA keys 2018-02-04 15:59:08 +02:00
Janek Bevendorff
7a6850d5fe Move useful QTest template specializations to global header file
Fix KDBX test linker errors on Windows
2018-01-24 13:32:37 +01:00
Toni Spets
a0bfa710be Add missing crypto init to OpenSSHKey test 2017-11-25 11:32:13 +02:00
Toni Spets
4840c2c64f SSH agent support 2017-11-19 14:38:59 +02:00