Commit Graph

105 Commits

Author SHA1 Message Date
varjolintu
c5e9d3588a Fix ifdefs with UrlTools 2023-12-11 14:29:20 -05:00
Sami Vänttinen
6f2354c0e9
Add basic support for WebAuthn (Passkeys) (#8825)
---------

Co-authored-by: varjolintu <sami.vanttinen@protonmail.com>
Co-authored-by: droidmonkey <support@dmapps.us>
2023-10-25 10:12:55 -04:00
varjolintu
8f45431ecb Create new UrlTools class 2023-10-23 22:53:59 -04:00
Matthew Donoughe
ab95690043
CLI: Add Unicode support on Windows (#8618) 2022-10-29 08:07:31 -04:00
Carlo Teubner
bb4f5c2e94 Run tests with LANG=en_US.UTF-8
On my system, I have LANG=en_GB set, which causes the following test
failure:

    FAIL!  : TestCli::testInfo() Compared values are not the same
       Actual   (m_stdout->readLine())                                  : "Average password length: 11 character(s)\n"
       Expected (QByteArray("Average password length: 11 characters\n")): "Average password length: 11 characters\n"
       Loc: [tests/TestCli.cpp(876)]

And it so happens that the en_GB translation of that string has
'character(s)' where en_US has 'characters'.
2022-10-02 08:30:35 -04:00
Jonathan White
12990e59ad KeeShare: Remove checking signed container
* Remove QuaZip dependency in favor of minizip
* Remove signature checks, but maintain signatures for backwards compatibility
* Remove UI components related to certificates except for personal certificate for backwards compatibility
* Default to unsigned containers (*.kdbx)
2021-12-14 23:23:23 -05:00
louib
2b0a1fc63f
Remove WITH_GUI_TESTS exclusion for CLI tests (#6946)
Apparently this exclusion was only relevant for Linux
systems not running X, which was already handled dynamically
in the testClip function. The CLI tests will now run by default
will all the other core tests.
2021-09-26 12:36:54 +02:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Patrick Klein
57af7c131d Fix favicon download from URL with non-standard port.
Fixes #5001.

The favicon download URL was constructed from scheme and host only. This is fixed by simply replacing the path of the original URL with "/favicon.ico", thus keeping scheme, host, auth and port intact.

Further modification: URL's with a non-http schema are now rejected.
2021-03-01 21:42:19 -05:00
Jonathan White
d9ae449f04
Improve Auto-Type Select Dialog
Significant improvements to the Auto-Type select dialog. Reduce stale and unnecessary code paths.

* Close select dialog when databases are locked.
* Close open modal dialogs prior to showing the Auto-Type select dialog to prevent interference.
* Never perform Auto-Type on the KeePassXC window.
* Only filter match list based on Group, Title, and Username column data (ie, ignore sequence column)
* Always show the sequence column (revert feature)
* Show selection dialog if there are no matches to allow for a database search

* Close #3630 - Allow typing {USERNAME} and {PASSWORD} from selection dialog (right-click menu).
* Close #429 - Ability to search open databases for an entry from the Auto-Type selection dialog.
* Fix #5361 - Default size of selection dialog doesn't cut off matches
2021-02-21 16:33:54 -05:00
Aetf
44779bc862 FdoSecrets: add unit tests 2020-05-27 22:07:25 -04:00
Jonathan White
5142981018 Significantly enhance hardware key robustness
* Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC.

* Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write.

* Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize.

* Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations.

* Fixes #4400
* Fixes #4065
* Fixes #1050
* Fixes #1215
* Fixes #3087
* Fixes #1088
* Fixes #1869
2020-05-14 20:19:56 -04:00
ameyer0
560209550c
Change settings checkbox texts to positive phrasing (#4715) 2020-05-10 21:35:08 -04:00
Toni Spets
dce9af219f SSH Agent: Integration tests against ssh-agent
Windows testing is currently explicitly disabled due to too many different scenarios to run an agent and MSYS2 having its own.
2020-03-09 23:09:28 -04:00
Wolfram Rösler
a81c6469a8 Implement Password Health Report
Introduce a password health check to the application that evaluates every entry in a database. Entries that fail  various tests are listed for user review and action. Also moves the statistics panel to the new Database -> Reports  widget. Recycled entries are excluded from the results.

We now have two classes, PasswordHealth to deal with a single password and HealthChecker to deal with all passwords of a database.

Tests include passwords that are expired, re-used, and weak.

* Closes #551

* Move zxcvbn usage to a centralized class (PasswordHealth)  and replace its usages across the application to ensure standardized interpretation of entropy calculations.

* Add new icons for the database reports view

* Updated the demo database to show off the reports
2020-02-01 09:30:12 -05:00
Janek Bevendorff
247ebf5a35 Ensure challenge-response key buffer is properly cleared.
The challenge-response key buffer is explicitly cleared
before the key transformation if no such key is configured
to ensure one is never injected into the hash even if the
database had a challenge-response key previously.

This patch also adds extensive tests for verifying that a
key change will not add any expired key material to the hash.

Fixes #4146
2020-01-11 11:16:03 +01:00
Wizz
0654ffc117 CLI: Fix keyfile from/to parameter collision in merge command
Rename 'k' to 'f' because 'k' is already used to specify the key for the target database of the merge

* Remove short -f option from keepassxc-cli.1
* Remove -f option from keepassxc-cli merge
* Add test cases covering cli options for merge
* Add functional test for merge with keys
2019-12-21 17:39:50 -05:00
Jonathan White
178bea6bbc Fix building without features
* Fix #3684 - Include YubiKey headers in CLI tests 

* Skip building testguibrowser if browser integration is disabled

* Cleanup test CMakeLists
2019-10-29 23:03:39 -04:00
Jonathan White
744b4abce8 Move FileWatcher into Database class
* Fix #3506
* Fix #2389
* Fix #2536
* Fix #2230

Every database that has been opened now watch's it's own file. This allows the database class to manage file changes and detect fail conditions during saving. Additionally, all stakeholders of the database can listen for the database file changed notification and respond accordingly.

Performed significant cleanup of the autoreload code within DatabaseWidget. Fixed several issues with handling changes due to merging, not merging, and other scenarios while reloading.

Prevent database saves to the same file if there are changes on disk that have not been merged with the open database.
2019-10-20 18:56:41 -04:00
varjolintu
f726d7501f Add support for multiple URLs in an entry
* Fixes #398

The new Browser Integration entry settings page has a list view with any additional URL's. These URL's are added to the entry attributes with KP2A_URL_<counter>, which means those are directly compatible with Keepass2Android.
2019-10-16 22:20:57 -04:00
Jonathan White
0e0cba653f CLI: add 'analyze' subcommand for offline HIBP breach checks
This new subcommand checks all passwords in the given database against a given list of SHA-1 password hashes. Such lists are available from the "Have I Been Pwned" project at https://haveibeenpwned.com/Passwords.

Note that this support offline checking only. The HIBP project also provides a web API for checking specific hash ranges; this is not currently supported.
2019-06-25 15:37:40 -04:00
Jonathan White
63aab99b9c
Merge branch 'release/2.4.2' into develop 2019-05-30 17:22:09 -04:00
varjolintu
5341a8215c Browser Integration tests 2019-05-29 09:24:22 -04:00
shaneknysh
7ead8e7290 Add word case option to passphrase generator (#3172)
* Closes #1933
* Adds word case options for lower, UPPER, and Title Case to passphrase generation
2019-05-24 18:23:19 -04:00
Jonathan White
125a81f2ed Implement 1Password Vault Import
* Support importing 1Password vaults (.opvault folders) into KDBX database
* Entry attributes are filled based on section and field name
* Expiration dates are set for entries
* Entry URL's are set from a wider array of fields
2019-05-19 18:21:34 -04:00
Aetf
e121f4bc28 Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403)
This plugin implements the Secret Storage specification version 0.2.
While running KeePassXC, it acts as a Secret Service server, registered
on DBus, so clients like seahorse, python-secretstorage, or other
implementations can connect and access the exposed database in KeePassXC.

Squashed commits:

- Initial code
- Add SessionAdaptor and fix build
- The skeletons for all dbus objects are in place
- Implement collection creation and deletion
- Emit collectionChanged signal
- Implement app-wise settings page
- Implement error message on GUI
- Implement settings
- Fix uuid to dbus path
- Implement app level settings
- Add freedesktop logo
- Implement database settings page
- Change database settings to a treeview
- Move all settings read/write to one place
- Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets
- Fix selected group can not be saved if the user hasn't click on the item
- Show selected group per database in app settings
- Disable editing of various readonly widgets
- Remove unused warning about non exposed database
- Fix method signature on dbus adaptors
- Fix type derived from DBusObject not recognized as QDBusContext
- Resolve a few TODOs around error handling
- Remove const when passing DBus exposed objects
- Move dismiss to PromptBase
- Implement per collection locking/unlocking
- Fix const correctness on Item::setSecret
- Implement SecretService::getSecrets
- Rework the signal connections around collections.
- Remove generateId from DBusObject
- Per spec, use encoded label as DBus object path for collections
- Fix some corner cases around collection name changes
- Implement alias
- Fix wrong alias dbus path
- Implement encryption per spec
- Cleanup SessionCipher
- Implement searchItems for SecretService
- Use Tools::uuidToHex
- Implement Item attributes and delete
- Implement createItem
- Always check if the database is unlocked before perform any operation
- Add missing ReadAlias/SetAlias on service
- Reorganize and fix OpenSession always returning empty output
- Overhaul error handling
- Make sure default alias is always present
- Remove collection aliases early in doDelete
- Handles all content types, fix setProperties not working
- Fix sometimes there is an extraneous leading zero when converting from MPI
- Fix session encryption negotiation
- Do not expose recycle bin
- Protect against the methods not called from DBus
- Also emit collectionChanged signal when lock state changes
- Show notification when entry secret is requested
- Add a README file
- Actually close session when client disconnects
- Gracefully return alternative label when collection is locked
- Reorganize, rename secretservice to fdosecrets
- Fix issues reported by clazy
- Unify UI strings and fix icon
- Implement a setting to skip confirmation when deleting entries from DBus
- Remove some unused debugging log
- Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter.
- Simplify GcryptMPI using std::unique_ptr and add unit test
- Format code in fdosecrets
- Move DBusReturnImpl to details namespace
- Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted
- Make sure Collection::searchItems works, whether it's locked or not
- Fix FdoSecrets::Collection becomes empty after a database reload
- Fix crash when looping while modifying the list
2019-05-12 12:35:42 -04:00
Weslly
779b529da2 Update checking feature (#2648)
* Check on startup (toggleable setting) and manually
* Option to check for pre-releases (eg, 2.4.0-beta1)
* Only included if WITH_XC_NETWORKING is enabled
2019-01-30 09:11:50 -05:00
Christian Kieschnick
d4c391deb2 Splitted KeeShare into secure and insecure parts
KeeShare is now supported in a secure and insecure flavor (set
CMake-Flags accordingly to allow or disallow the corresponding import
and exports)
2019-01-03 10:05:08 +01:00
Jonathan White
b96b86bfa7 Cleanup and replumb back to functional state 2018-12-28 17:54:52 -05:00
Jonathan White
9e2be34897
Merge branch 'develop'
Conflicts:
	CMakeLists.txt
	cmake/CLangFormat.cmake
	snapcraft.yaml
	src/CMakeLists.txt
	src/core/Database.cpp
	src/core/Database.h
	src/core/Tools.cpp
	src/crypto/CryptoHash.h
	src/crypto/ssh/ASN1Key.h
	src/crypto/ssh/OpenSSHKey.cpp
	src/format/Kdbx4Reader.cpp
	src/gui/DatabaseTabWidget.cpp
	src/gui/DatabaseTabWidget.h
	src/gui/DatabaseWidget.cpp
	src/gui/DatabaseWidget.h
	src/gui/DetailsWidget.cpp
	src/gui/DetailsWidget.ui
	src/gui/EditWidgetProperties.cpp
	src/gui/EntryPreviewWidget.cpp
	src/gui/EntryPreviewWidget.ui
	src/gui/FileDialog.cpp
	src/gui/dbsettings/DatabaseSettingsDialog.cpp
	src/gui/dbsettings/DatabaseSettingsDialog.h
	src/gui/group/EditGroupWidget.cpp
	src/gui/group/EditGroupWidget.h
	src/sshagent/ASN1Key.h
	src/sshagent/OpenSSHKey.cpp
	src/sshagent/SSHAgent.cpp
	tests/CMakeLists.txt
2018-12-18 22:28:56 -05:00
Janek Bevendorff
77adbef401 Reformat CMakeLists.txt files 2018-10-19 22:16:44 +02:00
Janek Bevendorff
bea31f9bcc Rename TestClock to MockClock and move it to the mock directory 2018-10-19 21:49:55 +02:00
Janek Bevendorff
108e4efc8a Fix tests on Windows 2018-10-19 21:49:55 +02:00
Janek Bevendorff
113c8eb702 Add CLI tests and improve coding style and i18n
The CLI module was lacking unit test coverage and showed some severe
coding style violations, which this patch addresses.

In addition, all uses of qCritical() with untranslatble raw char*
sequences were removed in favor of proper locale strings. These are
written to STDERR through QTextStreams and support output
redirection for testing purposes. With this change, error messages don't
depend on the global Qt logging settings and targets anymore and go
directly to the terminal or into a file if needed.

This patch also fixes a bug discovered during unit test development,
where the extract command would just dump the raw XML contents without
decrypting embedded Salsa20-protected values first, making the XML
export mostly useless, since passwords are scrambled.

Lastly, all CLI commands received a dedicated -h/--help option.
2018-10-19 21:49:54 +02:00
Christian Kieschnick
eca9c658f4
Add sharing of groups between databases
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
2018-10-01 10:39:37 -04:00
Jonathan White
c1e9f45df9 Introduce synchronize merge method
* Create history-based merging that keeps older data in history instead of discarding or deleting it
* Extract merge logic into the Merger class
* Allows special merge behavior
* Improve handling of deletion and changes on groups
* Enable basic change tracking while merging
* Prevent unintended timestamp changes while merging
* Handle differences in timestamp precision
* Introduce comparison operators to allow for more sophisticated comparisons (ignore special properties, ...)
* Introduce Clock class to handle datetime across the app

Merge Strategies:
* Default (use inherited/fallback method)
* Duplicate (duplicate conflicting nodes, apply all deletions)
* KeepLocal (use local values, but apply all deletions)
* KeepRemote (use remote values, but apply all deletions)
* KeepNewer (merge history only)
* Synchronize (merge history, newest value stays on top, apply all deletions)
2018-09-30 09:36:39 -04:00
Michal Kaptur
486b99b39d Add some unit tests to Tools
Clean up and test 3 methods from Tools:
- humanReadableFileSize
- isHex
- isBase64
2018-05-22 09:28:54 +02:00
Janek Bevendorff
199f0932bf Add additional KDBX4 upgrade tests for composite key integrity 2018-03-01 19:26:18 -05:00
Janek Bevendorff
e6c19fdcb1 Add MockChallengeResponseKey and additional composite key component test 2018-03-01 19:26:18 -05:00
Janek Bevendorff
7a6850d5fe Move useful QTest template specializations to global header file
Fix KDBX test linker errors on Windows
2018-01-24 13:32:37 +01:00
Janek Bevendorff
a595239624
Refactor and extend file format tests 2018-01-18 01:51:37 +01:00
Janek Bevendorff
cdefc7ea9b
Fix KDBX reader tests not being executed 2018-01-18 01:51:34 +01:00
Jonathan White
bef7ba2cfe
Implements KDBX4 format with Argon2 KDF
* Adds KDBX4 reader/writer interfaces
* Adds KDBX4 XML reader/write interfaces
* Implements test cases for KDBX4
* Fully compatible with KeePass2
* Corrects minor issues with Argon2 KDF
2018-01-13 14:24:55 -05:00
Jonathan White
9140893cd3
Correct Endian function use in Random tests 2018-01-13 14:23:29 -05:00
angelsl
3461cbfb06
Rename KeePass2{,Xml}{R,W} to Kdbx3{,Xml}{R,W}, and add a redirection class
This class will in future select Kdbx4{R,W} as appropriate.
2018-01-13 14:23:26 -05:00
Toni Spets
4840c2c64f SSH agent support 2017-11-19 14:38:59 +02:00
Adolfo E. García
522e132200 New base32 implementation (#984)
* Add new base32 encode/decode implementation
* Remove old base32 implementation
* Updates licensing info
2017-09-24 18:00:12 -04:00
louib
1220b7d501 Feature : Update entries across groups when merging (#807)
* Feature : Update entries across groups when merging

* Styling
2017-09-05 10:28:47 -04:00
thez3ro
35c6df2535 resolve URL for correct favicon downloading, fixes #240 #238 2017-07-18 18:40:18 +02:00
Weslly
bf57a28654 Add TOTP support 2017-05-03 20:55:14 -03:00