Commit Graph

46 Commits

Author SHA1 Message Date
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Janek Bevendorff
6d2ca74878 Add OSUtils for platform-specific functionality.
Moves MacUtils into a separate sub folder and adds
WinUtils, NixUtils, and OSUtils for platform-native
code on Windows, Unix-like, and generic/all systems.
2020-03-05 09:24:11 +01:00
James Ring
b1eda37cca CLI: Add interactive session mode command open
This change adds a GNU Readline-based interactive mode to keepassxc-cli. If GNU Readline is not available, commands are just read from stdin with no editing or auto-complete support.

DatabaseCommand is modified to add the path to the current database to the arguments passed to executeWithDatabase. In this way, instances of DatabaseCommand do not have to prompt to re-open the database after each invocation, and existing command implementations do not have to be changed to support interactive mode.

This change also introduces a new way of handling commands between interactive and batch modes.

* Fixes #3224.
* Ran make format
2019-09-28 11:24:42 -04:00
Tobias Kortkamp
ef3c2daef1 Unbreak build on FreeBSD (#3304)
* Unbreak build on FreeBSD

```
In file included from src/core/Alloc.cpp:24:
/usr/include/malloc.h:3:2: error: "<malloc.h> has been replaced by <stdlib.h>"
 ^
src/core/Alloc.cpp:65:28: error: use of undeclared identifier 'malloc_usable_size'
    ::operator delete(ptr, malloc_usable_size(ptr));
                           ^
2 errors generated.
```

Non-standard APIs like `malloc_usable_size()` [1] are defined in
`malloc_np.h` on FreeBSD, so use it instead of `malloc.h` there.

[1] https://man.freebsd.org/jemalloc(3)

* Allow Browser HostInstaller to work on FreeBSD and other OS's

* Drop custom GNUInstallDirs cmake module and use cmake's own module

It seems to be an outdated version and cmake generally provides it
itself, so there should be no need for keepassxc to provide its own
custom version.

On FreeBSD this fixes the issue that man pages were installed into
the wrong directory, i.e., `/usr/local/share/man` vs `/usr/local/man`
as per FreeBSD's current packaging policy.

Signed-off-by: Tobias Kortkamp <tobik@FreeBSD.org>
2019-06-22 08:18:47 -04:00
Janek Bevendorff
01a3d5b0ba Fix QuaZip find module on macOS and clean up code.
Finding libquazip failed on macOS due to path differences.
This patch also cleans up the find module's code, aligns it
with the coding style of the other CMake files and removes
clutter that is not needed for KeePassXC such as non-Msys
builds on Windows.
2019-05-01 18:25:32 -04:00
Jonathan White
53796a216e Windows: use winqtdeploy instead of DeplyQt4 from CMake (#3025)
* Ensure Qt dlls find plugins in bundled directory
* Reduce complexity of deployment code
* Standardize use of CMAKE_BUILD_TYPE_LOWER for more robust comparisons

Fixes #3023. Fixes part of #1535.
2019-04-20 18:12:00 +02:00
Jonathan White
21d1e981ca
Cleanup CMakeFiles prior to release
* Remove Git revision finding code in favor of a simple command call: git rev-parse --short=7 HEAD
* Added GIT_HEAD_OVERRIDE to explicitly define the hash for the current commit in case git is not available 
* Made WIX default over NSIS in release tool 
* Rename version.h to git-info.h
2019-01-30 15:03:03 -05:00
Jonathan White
7e1b16250c Performed project-wide code formatting
* Updated format CMake command to properly
ignore new directories and files
* Added output when command is run
* Resolves #2623
2019-01-28 22:38:59 -05:00
Jonathan White
a8e266129a
Corrected formatting and cleanup 2019-01-16 22:53:29 -05:00
Christian Kieschnick
a978880b0b Fixed QuaZip for windows, renaming
QuaZip should now usable under windows (fixed include in FindQuaZip)

Renamed the representation from secure and unsecure to signed and
unsigned
2019-01-07 12:02:21 +01:00
Christian Kieschnick
ba604390d2 Fixed ci builds
ubuntu:14.04 does not have quazip5 libraries in the standard repository, therefore only insecure builds are created using the ci server
2019-01-04 11:03:15 +01:00
Jonathan White
9e2be34897
Merge branch 'develop'
Conflicts:
	CMakeLists.txt
	cmake/CLangFormat.cmake
	snapcraft.yaml
	src/CMakeLists.txt
	src/core/Database.cpp
	src/core/Database.h
	src/core/Tools.cpp
	src/crypto/CryptoHash.h
	src/crypto/ssh/ASN1Key.h
	src/crypto/ssh/OpenSSHKey.cpp
	src/format/Kdbx4Reader.cpp
	src/gui/DatabaseTabWidget.cpp
	src/gui/DatabaseTabWidget.h
	src/gui/DatabaseWidget.cpp
	src/gui/DatabaseWidget.h
	src/gui/DetailsWidget.cpp
	src/gui/DetailsWidget.ui
	src/gui/EditWidgetProperties.cpp
	src/gui/EntryPreviewWidget.cpp
	src/gui/EntryPreviewWidget.ui
	src/gui/FileDialog.cpp
	src/gui/dbsettings/DatabaseSettingsDialog.cpp
	src/gui/dbsettings/DatabaseSettingsDialog.h
	src/gui/group/EditGroupWidget.cpp
	src/gui/group/EditGroupWidget.h
	src/sshagent/ASN1Key.h
	src/sshagent/OpenSSHKey.cpp
	src/sshagent/SSHAgent.cpp
	tests/CMakeLists.txt
2018-12-18 22:28:56 -05:00
Janek Bevendorff
77adbef401 Reformat CMakeLists.txt files 2018-10-19 22:16:44 +02:00
Janek Bevendorff
18b22834c1 Update and fix test coverage report generation
Generation of unit test coverage reports used to be quite complicated
and required a lot of different settings, including a custom CMake
build type. This patch updates the coverage CMake module to only
require -DWITH_COVERAGE=ON to be set on a normal Debug build in order
to create a coverage target.

This patch also moves away from lcov in favor of gcovr, since lcov appears
to be broken in GCC 8. However, the routines for generating lcov reports
still exist, so provided lcov receives updates and there is sufficient
reason to switch back, it is easy to do so.
2018-10-19 21:45:53 +02:00
Adolfo E. García
bb16dc6d01 Add QR code generator for TOTP export (#1167)
* Resolves #764
* Add libqrencode and qtsvg dependencies 
* Ensure QR code remains square
* Auto-close QR code dialog when database is locked
* Add databaseLocked() Signal to databaseWidget
* Correct otpauth URI output in Totp::writeSettings(...)
2018-10-19 14:42:49 -04:00
Christian Kieschnick
eca9c658f4
Add sharing of groups between databases
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
2018-10-01 10:39:37 -04:00
Jonathan White
a64d2ec716 Revert appveyor addition and DeployQt cmake 2018-09-19 12:25:39 -04:00
Jonathan White
4e7aeca3b7 Add support for SonarCloud analysis 2018-06-20 20:37:50 -04:00
Adolfo E. García
83917299db Add AppVeyor support (#1380) 2018-06-10 18:16:30 -04:00
Louis-Bertrand Varin
74efc57369 Removed http/ from excluded dirs. 2018-03-31 12:15:51 -04:00
Louis-Bertrand Varin
3eb917055e Add ClangFormat exceptions 2018-03-31 12:15:09 -04:00
Janek Bevendorff
0b6eb3b30e Use xargs to avoid long command lines 2018-03-31 12:15:09 -04:00
Louis-Bertrand Varin
07bc9a7b4b Add ClangFormat rules 2018-03-31 12:15:09 -04:00
Jonathan White
e17bee8e31
Properly rename argon2 symbols on Win32 builds 2018-02-27 21:34:54 -05:00
Jonathan White
d911987787 Ensure yubikey libs are dynamic; bump to c99 2018-02-01 21:40:47 +01:00
Jonathan White
3e2443a861 Add support for nightly builds to release tool 2018-01-30 21:21:23 +01:00
Janek Bevendorff
21a6c0fd89 Fix linker definition clashes between libargon2 and libsodium on Windows 2018-01-14 11:21:17 -05:00
Janek Bevendorff
824607080a
Install needed PPA packages for deployment 2018-01-13 14:25:01 -05:00
Jonathan White
542ee42313
Add Argon2Kdf and enable parameters in db settings
Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.

* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken
2018-01-13 14:23:30 -05:00
varjolintu
06518c5736 keepassxc-browser 2018-01-04 21:42:20 +01:00
thez3ro
a53b111182
Update and fix copyright headers 2017-06-14 15:54:43 +02:00
Jonathan White
5c8809e55d
Update cmake files, fixes #331 2017-05-06 11:51:43 -04:00
Janek Bevendorff
6125988f35
Mark CMake library variables as advanced 2017-02-26 18:39:03 +01:00
Janek Bevendorff
a27147a75e
Merge branch 'develop' into feature/yubikey 2017-02-20 20:24:38 +01:00
Janek Bevendorff
a56bcc8903 Set windows EXE resource properties, resolves #329 2017-02-20 00:33:11 +01:00
Janek Bevendorff
37c7318097
Merge branch 'develop' into feature/yubikey 2017-02-15 00:24:28 +01:00
Janek Bevendorff
292ed892c1
Fix Windows linker and runtime errors when building against static Qt 2017-01-26 01:15:12 +01:00
Kyle Manna
82aed2caab keys: yk: Add YubiKey hardware driver support
* Use compile time detection of the YubiKey libraries and link against
  the libraries if present.  Can be disabled with:

      $ cmake -DCMAKE_DISABLE_FIND_PACKAGE_YubiKey=FALSE

* A stub file provides empty calls for all the function calls integrated
  in to the UI to support this.  In the future a more modular approach
  maybe better, but opting for simplicity initially.

Signed-off-by: Kyle Manna <kyle@kylemanna.com>
2017-01-07 23:18:59 -08:00
Jonathan White
29be837b97 Updated README badges and added code coverage 2016-11-04 00:47:04 -04:00
Jonathan White
aba4fa94be Merge remote-tracking branch 'keepassx/master'
# Conflicts:
#	README.md
#	share/translations/keepassx_de.ts
#	src/CMakeLists.txt
#	src/gui/MainWindow.h
2016-02-27 19:11:09 -05:00
Florian Geyer
3efc8f457a Display git revision in about dialog. 2015-07-18 13:14:13 +02:00
Keith Bennett
b27ba03d42 Replaced qhttpserver with libmicrohttp.
The qhttpserver seems to be riddled with memory leaks and was
continuously crashing. I don't know Qt well enough to fix it so
I have replaced it with libmicrohttp. This is not nearly as
elegant but it is much more stable.
2014-03-23 17:25:39 +00:00
Felix Geyer
eee909e948 Parse the libgcrypt version in the cmake module. 2014-01-12 13:42:19 +01:00
Felix Geyer
fd18bc0330 Use standard GNU install dirs and make them overridable. 2013-04-29 22:17:31 +02:00
Felix Geyer
b0bec62c07 Rewrite Gcrypt cmake module. 2011-11-12 12:00:49 +01:00
Felix Geyer
6a2034fa24 Add crypto classes and tests. Link to libgcrypt. 2010-09-11 19:49:30 +02:00