Commit Graph

10 Commits

Author SHA1 Message Date
peter
6b14b5dc27 Optimize includes across code base 2021-07-13 22:08:33 -04:00
Jonathan White
80809ace67 Replace all crypto libraries with Botan
Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out.

The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt.

Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's.

Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead.

Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan.

Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR.

NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established.

Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots.

Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG.

Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-05 22:56:03 -04:00
Jonathan White
7e1b16250c Performed project-wide code formatting
* Updated format CMake command to properly
ignore new directories and files
* Added output when command is run
* Resolves #2623
2019-01-28 22:38:59 -05:00
Christian Kieschnick
2bfe66e840 Another attempt to make GCC happy 2019-01-04 12:38:34 +01:00
Christian Kieschnick
51d63f0e83 Fixed GCC issues for const initialization
Fixed issues reported by GCC for initialization of const variables
2019-01-04 12:28:36 +01:00
Christian Kieschnick
b204451d06 More ci issues (missing initialize for const)
Fixed issues detected in TestSharing
2019-01-04 12:11:20 +01:00
Christian Kieschnick
6e25da6a19 Fixed issues detected by test suite and ci
Fixed serialization for KeeShareSettings::ScopedCertificate
Fixed tests for KeeShareSettings serialization
Fixed tests Cli features - tests translation for recycle bin since the
tests are executed with the system locale
Fixed initialization issue in ShareObserver
2019-01-04 12:04:46 +01:00
Christian Kieschnick
3d02013513 Changed KeeShareSettings to explicitly ask
KeeShareSettings now allow to trust, untrust or ask on next import from
a specific publisher with a specific container
2019-01-03 18:22:41 +01:00
Christian Kieschnick
2e18388825 Fixed bug in FileWatcher, improved unsafe sharing
BulkFileWatcher didn't recognize added files in observed directory

Improved UI for unsecured sharing only (hide certificate ui, added
warnings and adjusted indicators)
2019-01-03 17:50:36 +01:00
Christian Kieschnick
eca9c658f4
Add sharing of groups between databases
* Add source folder keeshare for sharing with corresponding define WITH_XC_KEESHARE
* Move common crypto parts to src/crypto/ssh
* Extended OpenSSHKey
* Move filewatching to own file (currently in two related classes DelayedFileWatcher and BulkFileWatcher)
* Small improvements for style and code in several classes
* Sharing is secured using RSA-Keys which are generated on demand
* Publisher signs the container using their private key
* Client can verify the signed container and choose to decline an import,
import only once or trust the publisher and automatically import all
data of this source henceforth
* Integration of settings into Group-Settings, Database-Settings and Application-Settings
* Introduced dependency QuaZip as dependency to allow combined export of
key container and the (custom format) certificate
2018-10-01 10:39:37 -04:00