Commit Graph

66 Commits

Author SHA1 Message Date
Lapse
6e8fa34b1e Update FindBotan.cmake
The recent debug library is called botan-3.lib, which is unable to be found by this since BOTAN_NAMES_DEBUG does not contain the keyword "botan-3". This commit adds that keyword.
2023-11-22 22:45:06 -05:00
Thomas Hobson
f93adaa854 Add Polkit Quick Unlock Support
Closes #5991
Closes #3337 - Support fingerprint readers on Linux

Polkit allows for authentication of many means, including fingerprint scanning. Furthermore, a common interface for Quick Unlocking has been implemented, and has been replaced throughout to make implementing other quick unlock strategies easier.

Refactor QuickUnlock to use UUID stored in headers. This is a new feature using the KDBX 4 standard to store a randomly generated UUID in the public headers of the database. This enables identification of KDBX file without relying on path or filename and will eventually support persistent Quick Unlock.
2023-10-23 23:07:27 -04:00
Barnabás Pőcze
16b3d32ca5
Fix Botan 3 build (#9388)
* SymmetricCipher: Fix Botan 3 build

Botan commit 819cf8fe6278a19b8266f449228f02fc28a4f784 changed
Botan::Cipher_Dir to be a scoped enumeration, so the users
must be adapted.

This change causes no issues with Botan 2 because normal
enumeration values can also be referred to the same way
scoped enumeration values are accessed.

* Auto detect Botan3

* AsyncTask: Do not use `std::result_of`

`std::result_of` was deprecated in C++17 and then it was
subsequently removed in C++20. One could use `std::invoke_result_t`,
but let Qt figure out the return type instead.

* Collapse Botan2 and Botan3 find package into one

* Update COPYING

---------

Co-authored-by: Jonathan White <support@dmapps.us>
2023-05-07 08:48:58 -04:00
Pat Long
f9f82e9705
Add optional support for Botan3 (#8994) 2023-02-18 16:38:39 -05:00
luzpaz
880cc230ac
Fix various typos (#8748) 2023-01-29 09:38:44 -05:00
Dennis
bd809ba90b
TouchID support refactoring (#8311)
Fixes #7695 - Properly set compile flags based on availability of watch unlock in the API.
2022-09-05 10:38:02 -04:00
alcroito
ab153a24ec Run macdeployqt only once at install time
Instead of running macdeployqt once for each extra helper binary and
plugin (plus the main run for the application itself), collect all the
binaries that should be processed and run macdeloyqt only once after
all the binaries have been installed.

This also moves the main app macdeployqt call from a POST_BUILD step
to an install(CODE) step, making increment rebuilds of the app faster.

To ensure that macdeployqt is called after all the binaries are
installed, a new post_install subdirectory is needed to
circumvent CMake's limitation regarding the default order of
installation.
CMake first runs the current directory install() calls and then it's
child subdirectory ones. Because we want macdeployqt to be the last
install() call, it needs to be done inside a subdirectory that is
added last.

Note due to a bug in macdeployqt, the deployed app inside the .dmg
file will fail to run on arm macs, due to broken code signature.
See https://bugreports.qt.io/browse/QTBUG-101696 for details.

For the final release, the release-tool should take care of proper
resigning.
2022-03-21 00:15:57 +01:00
alcroito
abfebea4f2 Fix rpath handling and deployment of macOS helper binaries
CPack by default invokes the 'make install' target to install
all project files into a staging area for further packaging.

The order of installation follows the order of install() commands.

One of the first install() commands is the one that installs the
KeePassXC.app bundle and all the contents inside of it,
which includes POST_BUILD copied binaries like keepassxc-cli
and keepassxc-proxy.

Subsequent install(TARGETS) commands would then override the
keepassxc-cli and keepassxc-proxy binaries inside the staging area
with the ones which didn't have macdeployqt run on them (the ones from
src/cli and src/proxy).
Launching the binaries would then fail because of missing rpath
adjustments.

The libkeepassxc-autotype-cocoa.so library was working fine because
there is no install(TARGETS) command for it in a WITH_APP_BUNDLE build,
so the POST_BUILD copy with the adjusted rpaths was preserved.

To fix the issue and make the handling consistent, macdeployqt is no
longer run at POST_BUILD time, but instead at 'make install' time,
after each binary is installed by install(TARGETS).

libkeepassxc-autotype-cocoa.so also has its install command run
unconditionally now.

The build dir binaries that are POST_BUILD copied into
src/KeePassXC.app continue to run because they use the build dir
rpaths that CMake embeds by default. They don't macdeployqt run for
them anymore, which slightly speeds up the build time.

Fixes: #7475
2022-03-05 11:03:50 -05:00
Jonathan White
3c824cb500 Add powershell version of release-tool 2022-01-31 07:00:08 -05:00
Xavier Valls
4a21cee98c Add tags feature
* show the tags in the entry preview
* allow searching by tag
* add a sidebar listing the tags in the database
* filter entries by tag on click
* Introduce a new TagsEdit widget that provides pill aesthetics, fast removal functionality and autocompletion
* add tests for the tags feature
* introduce the "is" tag for searching. Support for weak passwords and expired added.
2022-01-28 16:13:49 -05:00
Jonathan White
12990e59ad KeeShare: Remove checking signed container
* Remove QuaZip dependency in favor of minizip
* Remove signature checks, but maintain signatures for backwards compatibility
* Remove UI components related to certificates except for personal certificate for backwards compatibility
* Default to unsigned containers (*.kdbx)
2021-12-14 23:23:23 -05:00
Jonathan White
035757e228
Improve Visual Studio and vcpkg support 2021-11-16 07:01:48 -05:00
Christoph Honal
6d1fc31e96
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895)
* Support NFC readers for hardware tokens using PC/SC

This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.

* Split hardware key access into multiple classes to handle different methods of communicating with the keys.

* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.

* Add PC/SC interface for YubiKey challenge-response

This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.

Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.

This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.

* Remove PC/SC ATR whitelist, instead scan for AIDs

Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.

This enables the support of currently unknown or unreleased hardware.

Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
Janek Bevendorff
c198541b6f Improve clang-format performance 2021-09-28 14:15:37 +02:00
Janek Bevendorff
7ff8720a39 Clean up code coverage reporting.
CTest is now run directly and `make coverage` (like `make test`) now
expects you to run `make` beforehand, which is more flexible for the
user. This patch also reduces clutter by properly excluding unwanted
files and reduces the number of explicit exlusion regexes that are
required.

Gcov reports are still confusing and report very low branch coverage
(which is picked up by Codecov, unfortunately), but the llvm-cov reports
are nice and clean now.
2021-09-28 14:15:37 +02:00
Janek Bevendorff
a46231a39a
Fix tests on macOS and update coverage config (#6945)
Simplifies coverage generation and uses llvm-cov instead of gcov if
compiler is clang.
2021-09-26 12:35:42 +02:00
a1346054
e3c7b570ae
Minor documentation and script cleanups (#6868)
* Remove mention of no longer used IRC network

Channels exist on matrix, and on libera.chat now.

* Correctly match only files with .png extension

The current search would match files such as 'createpng'.

* Fix comparison in script

The result was always false, due to comparing a literal string instead of a variable.

* Use correct license files from upstream

Correct license files obtained from:
https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
https://www.gnu.org/licenses/gpl-3.0.txt
https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt
https://www.gnu.org/licenses/lgpl-3.0.txt

* Refresh several shell scripts

This fixes several shellcheck warnings, as well as makes the code more
robust and have consistent codestyle between all the files.

* Trim excess whitespace
2021-09-21 00:17:46 -04:00
smlu
0c6587b5b7 Add support for Microsoft Visual Studio buildchain
* Use C++17 when using MSVC compiler
* Remove unneeded header files and macros
* Removed unnecessary Yubikey cmake file
* Enhance release tool
* Updated INSTALL.md
2021-09-19 17:16:45 -04:00
Jonathan White
6e27dd8db5 Initial ykcore import into code base 2021-09-05 09:11:04 -04:00
Jonathan White
3c2abaaa82 Remove obsolete cmake helper files
* Fixes #6490
2021-05-11 06:21:24 -04:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Janek Bevendorff
6d2ca74878 Add OSUtils for platform-specific functionality.
Moves MacUtils into a separate sub folder and adds
WinUtils, NixUtils, and OSUtils for platform-native
code on Windows, Unix-like, and generic/all systems.
2020-03-05 09:24:11 +01:00
James Ring
b1eda37cca CLI: Add interactive session mode command open
This change adds a GNU Readline-based interactive mode to keepassxc-cli. If GNU Readline is not available, commands are just read from stdin with no editing or auto-complete support.

DatabaseCommand is modified to add the path to the current database to the arguments passed to executeWithDatabase. In this way, instances of DatabaseCommand do not have to prompt to re-open the database after each invocation, and existing command implementations do not have to be changed to support interactive mode.

This change also introduces a new way of handling commands between interactive and batch modes.

* Fixes #3224.
* Ran make format
2019-09-28 11:24:42 -04:00
Tobias Kortkamp
ef3c2daef1 Unbreak build on FreeBSD (#3304)
* Unbreak build on FreeBSD

```
In file included from src/core/Alloc.cpp:24:
/usr/include/malloc.h:3:2: error: "<malloc.h> has been replaced by <stdlib.h>"
 ^
src/core/Alloc.cpp:65:28: error: use of undeclared identifier 'malloc_usable_size'
    ::operator delete(ptr, malloc_usable_size(ptr));
                           ^
2 errors generated.
```

Non-standard APIs like `malloc_usable_size()` [1] are defined in
`malloc_np.h` on FreeBSD, so use it instead of `malloc.h` there.

[1] https://man.freebsd.org/jemalloc(3)

* Allow Browser HostInstaller to work on FreeBSD and other OS's

* Drop custom GNUInstallDirs cmake module and use cmake's own module

It seems to be an outdated version and cmake generally provides it
itself, so there should be no need for keepassxc to provide its own
custom version.

On FreeBSD this fixes the issue that man pages were installed into
the wrong directory, i.e., `/usr/local/share/man` vs `/usr/local/man`
as per FreeBSD's current packaging policy.

Signed-off-by: Tobias Kortkamp <tobik@FreeBSD.org>
2019-06-22 08:18:47 -04:00
Janek Bevendorff
01a3d5b0ba Fix QuaZip find module on macOS and clean up code.
Finding libquazip failed on macOS due to path differences.
This patch also cleans up the find module's code, aligns it
with the coding style of the other CMake files and removes
clutter that is not needed for KeePassXC such as non-Msys
builds on Windows.
2019-05-01 18:25:32 -04:00
Jonathan White
53796a216e Windows: use winqtdeploy instead of DeplyQt4 from CMake (#3025)
* Ensure Qt dlls find plugins in bundled directory
* Reduce complexity of deployment code
* Standardize use of CMAKE_BUILD_TYPE_LOWER for more robust comparisons

Fixes #3023. Fixes part of #1535.
2019-04-20 18:12:00 +02:00
Jonathan White
21d1e981ca
Cleanup CMakeFiles prior to release
* Remove Git revision finding code in favor of a simple command call: git rev-parse --short=7 HEAD
* Added GIT_HEAD_OVERRIDE to explicitly define the hash for the current commit in case git is not available 
* Made WIX default over NSIS in release tool 
* Rename version.h to git-info.h
2019-01-30 15:03:03 -05:00
Jonathan White
7e1b16250c Performed project-wide code formatting
* Updated format CMake command to properly
ignore new directories and files
* Added output when command is run
* Resolves #2623
2019-01-28 22:38:59 -05:00
Jonathan White
a8e266129a
Corrected formatting and cleanup 2019-01-16 22:53:29 -05:00
Christian Kieschnick
a978880b0b Fixed QuaZip for windows, renaming
QuaZip should now usable under windows (fixed include in FindQuaZip)

Renamed the representation from secure and unsecure to signed and
unsigned
2019-01-07 12:02:21 +01:00
Christian Kieschnick
ba604390d2 Fixed ci builds
ubuntu:14.04 does not have quazip5 libraries in the standard repository, therefore only insecure builds are created using the ci server
2019-01-04 11:03:15 +01:00
Jonathan White
9e2be34897
Merge branch 'develop'
Conflicts:
	CMakeLists.txt
	cmake/CLangFormat.cmake
	snapcraft.yaml
	src/CMakeLists.txt
	src/core/Database.cpp
	src/core/Database.h
	src/core/Tools.cpp
	src/crypto/CryptoHash.h
	src/crypto/ssh/ASN1Key.h
	src/crypto/ssh/OpenSSHKey.cpp
	src/format/Kdbx4Reader.cpp
	src/gui/DatabaseTabWidget.cpp
	src/gui/DatabaseTabWidget.h
	src/gui/DatabaseWidget.cpp
	src/gui/DatabaseWidget.h
	src/gui/DetailsWidget.cpp
	src/gui/DetailsWidget.ui
	src/gui/EditWidgetProperties.cpp
	src/gui/EntryPreviewWidget.cpp
	src/gui/EntryPreviewWidget.ui
	src/gui/FileDialog.cpp
	src/gui/dbsettings/DatabaseSettingsDialog.cpp
	src/gui/dbsettings/DatabaseSettingsDialog.h
	src/gui/group/EditGroupWidget.cpp
	src/gui/group/EditGroupWidget.h
	src/sshagent/ASN1Key.h
	src/sshagent/OpenSSHKey.cpp
	src/sshagent/SSHAgent.cpp
	tests/CMakeLists.txt
2018-12-18 22:28:56 -05:00
Janek Bevendorff
77adbef401 Reformat CMakeLists.txt files 2018-10-19 22:16:44 +02:00
Janek Bevendorff
18b22834c1 Update and fix test coverage report generation
Generation of unit test coverage reports used to be quite complicated
and required a lot of different settings, including a custom CMake
build type. This patch updates the coverage CMake module to only
require -DWITH_COVERAGE=ON to be set on a normal Debug build in order
to create a coverage target.

This patch also moves away from lcov in favor of gcovr, since lcov appears
to be broken in GCC 8. However, the routines for generating lcov reports
still exist, so provided lcov receives updates and there is sufficient
reason to switch back, it is easy to do so.
2018-10-19 21:45:53 +02:00
Adolfo E. García
bb16dc6d01 Add QR code generator for TOTP export (#1167)
* Resolves #764
* Add libqrencode and qtsvg dependencies 
* Ensure QR code remains square
* Auto-close QR code dialog when database is locked
* Add databaseLocked() Signal to databaseWidget
* Correct otpauth URI output in Totp::writeSettings(...)
2018-10-19 14:42:49 -04:00
Christian Kieschnick
eca9c658f4
Add sharing of groups between databases
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
2018-10-01 10:39:37 -04:00
Jonathan White
a64d2ec716 Revert appveyor addition and DeployQt cmake 2018-09-19 12:25:39 -04:00
Jonathan White
4e7aeca3b7 Add support for SonarCloud analysis 2018-06-20 20:37:50 -04:00
Adolfo E. García
83917299db Add AppVeyor support (#1380) 2018-06-10 18:16:30 -04:00
Louis-Bertrand Varin
74efc57369 Removed http/ from excluded dirs. 2018-03-31 12:15:51 -04:00
Louis-Bertrand Varin
3eb917055e Add ClangFormat exceptions 2018-03-31 12:15:09 -04:00
Janek Bevendorff
0b6eb3b30e Use xargs to avoid long command lines 2018-03-31 12:15:09 -04:00
Louis-Bertrand Varin
07bc9a7b4b Add ClangFormat rules 2018-03-31 12:15:09 -04:00
Jonathan White
e17bee8e31
Properly rename argon2 symbols on Win32 builds 2018-02-27 21:34:54 -05:00
Jonathan White
d911987787 Ensure yubikey libs are dynamic; bump to c99 2018-02-01 21:40:47 +01:00
Jonathan White
3e2443a861 Add support for nightly builds to release tool 2018-01-30 21:21:23 +01:00
Janek Bevendorff
21a6c0fd89 Fix linker definition clashes between libargon2 and libsodium on Windows 2018-01-14 11:21:17 -05:00
Janek Bevendorff
824607080a
Install needed PPA packages for deployment 2018-01-13 14:25:01 -05:00
Jonathan White
542ee42313
Add Argon2Kdf and enable parameters in db settings
Note: This implementation is not yet connected to the
database itself and will corrupt existing kdbx3 db's.

* Implemented memory and parallelism parameters for Argon2Kdf
* Using libargon2; libsodium does not support Argon2d algorithm
* Moved basic rounds parameter into Kdf class
* Reimplemented benchmark algorithm; previous was utterly broken
2018-01-13 14:23:30 -05:00
varjolintu
06518c5736 keepassxc-browser 2018-01-04 21:42:20 +01:00