Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-01-25 22:16:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
keepassxc/tests
History
Jonathan White 72fc00695c Prevent byte-by-byte and attachment inference side channel attacks 
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
2024-03-09 12:39:00 -05:00
..
data
Add 1Password 1PUX and Bitwarden JSON Importers
2024-03-09 10:44:54 -05:00
gui
Add 1Password 1PUX and Bitwarden JSON Importers
2024-03-09 10:44:54 -05:00
mock
Fix challenge-response key data after Botan
2021-05-19 22:36:30 -04:00
util
Optimize includes across code base
2021-07-13 22:08:33 -04:00
CMakeLists.txt
Add 1Password 1PUX and Bitwarden JSON Importers
2024-03-09 10:44:54 -05:00
config-keepassx-tests.h.cmake
Remove KeePassHttp plugin and qhttp (#1752)
2018-03-31 11:36:18 -04:00
FailDevice.cpp
Formatting the code.
2018-03-31 16:01:30 -04:00
FailDevice.h
Make C++11 mandatory.
2015-09-12 13:55:50 +02:00
modeltest.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
modeltest.h
Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords
2017-03-10 16:12:02 +01:00
TestAutoType.cpp
Minor changes to Group API to make it more explicit
2024-03-09 10:44:54 -05:00
TestAutoType.h
Auto-Type support for T-CONV, T-REPLACE-RX, and Comments
2021-02-22 07:41:23 -05:00
TestBase32.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestBase32.h
Add new Base32 implementation
2017-10-21 13:15:02 +02:00
TestBrowser.cpp
Allow groups to restrict by browser integration key (#6437)
2024-01-14 07:43:48 -05:00
TestBrowser.h
Allow groups to restrict by browser integration key (#6437)
2024-01-14 07:43:48 -05:00
TestCli.cpp
Minor changes to Group API to make it more explicit
2024-03-09 10:44:54 -05:00
TestCli.h
CLI: Add Unicode support on Windows (#8618)
2022-10-29 08:07:31 -04:00
TestConfig.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestConfig.h
Change settings checkbox texts to positive phrasing (#4715)
2020-05-10 21:35:08 -04:00
TestCryptoHash.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestCryptoHash.h
Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords
2017-03-10 16:12:02 +01:00
TestCsvExporter.cpp
Fix multiple TOTP issues
2024-01-06 15:17:13 -05:00
TestCsvExporter.h
Refactor Database and Database widgets (#2491)
2018-11-22 11:47:31 +01:00
TestCsvParser.cpp
Add braces around single line statements
2020-02-02 08:46:18 -05:00
TestCsvParser.h
Moving CsvParser to format/
2021-08-22 18:30:43 -04:00
TestDatabase.cpp
Fix db history when adding new db (#9022)
2023-01-29 09:24:10 -05:00
TestDatabase.h
Fix db history when adding new db (#9022)
2023-01-29 09:24:10 -05:00
TestDeletedObjects.cpp
clang-tidy: use auto
2022-05-01 16:02:02 -04:00
TestDeletedObjects.h
Implement KDBX 4.1 extended custom icons
2021-11-22 12:58:04 +01:00
TestEntry.cpp
Fix various typos (#8748)
2023-01-29 09:38:44 -05:00
TestEntry.h
Implement KDBX 4.1 PreviousParentGroup flag
2021-11-22 12:58:04 +01:00
TestEntryModel.cpp
Show Row-Backgroundcolor in a column
2023-09-16 09:00:03 -04:00
TestEntryModel.h
Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords
2017-03-10 16:12:02 +01:00
TestEntrySearcher.cpp
Fix minor typos (#10124)
2023-12-22 15:12:07 -05:00
TestEntrySearcher.h
Add uuid search (#9571)
2023-07-04 07:24:10 -04:00
TestFdoSecrets.cpp
Fix various typos (#8748)
2023-01-29 09:38:44 -05:00
TestFdoSecrets.h
Replace all crypto libraries with Botan
2021-04-05 22:56:03 -04:00
TestGroup.cpp
Disable entry level Auto-Type
2023-07-30 09:56:09 -04:00
TestGroup.h
Disable entry level Auto-Type
2023-07-30 09:56:09 -04:00
TestGroupModel.cpp
clang-tidy: use auto
2022-05-01 16:02:02 -04:00
TestGroupModel.h
Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords
2017-03-10 16:12:02 +01:00
TestHashedBlockStream.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestHashedBlockStream.h
Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords
2017-03-10 16:12:02 +01:00
TestHibp.cpp
clang-tidy: use auto
2022-05-01 16:02:02 -04:00
TestHibp.h
CLI: add 'analyze' subcommand for offline HIBP breach checks
2019-06-25 15:37:40 -04:00
TestIconDownloader.cpp
Add a URL that preserves the URL path when trying to resolve favicons. (#8565)
2022-10-19 20:50:17 -04:00
TestIconDownloader.h
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestImports.cpp
Add 1Password 1PUX and Bitwarden JSON Importers
2024-03-09 10:44:54 -05:00
TestImports.h
Add 1Password 1PUX and Bitwarden JSON Importers
2024-03-09 10:44:54 -05:00
TestKdbx2.cpp
Correctly set KDBX envelope version
2021-11-22 12:58:04 +01:00
TestKdbx2.h
Refactor Database and Database widgets (#2491)
2018-11-22 11:47:31 +01:00
TestKdbx3.cpp
Prevent byte-by-byte and attachment inference side channel attacks
2024-03-09 12:39:00 -05:00
TestKdbx3.h
Prevent byte-by-byte and attachment inference side channel attacks
2024-03-09 12:39:00 -05:00
TestKdbx4.cpp
Prevent byte-by-byte and attachment inference side channel attacks
2024-03-09 12:39:00 -05:00
TestKdbx4.h
Prevent byte-by-byte and attachment inference side channel attacks
2024-03-09 12:39:00 -05:00
TestKeePass1Reader.cpp
clang-tidy: use braced init list (#7998)
2023-01-29 10:05:44 -05:00
TestKeePass1Reader.h
Refactor Database and Database widgets (#2491)
2018-11-22 11:47:31 +01:00
TestKeePass2Format.cpp
Minor changes to Group API to make it more explicit
2024-03-09 10:44:54 -05:00
TestKeePass2Format.h
Correctly set KDBX envelope version
2021-11-22 12:58:04 +01:00
TestKeePass2RandomStream.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestKeePass2RandomStream.h
Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords
2017-03-10 16:12:02 +01:00
TestKeys.cpp
Add key serialization to support Quick Unlock
2022-02-22 17:53:50 -05:00
TestKeys.h
Add MockChallengeResponseKey and additional composite key component test
2018-03-01 19:26:18 -05:00
TestMerge.cpp
Minor changes to Group API to make it more explicit
2024-03-09 10:44:54 -05:00
TestMerge.h
refactor: remove unused merge methods
2023-12-10 08:19:08 -05:00
TestModified.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestModified.h
Properly block modified signal during Database destruction (#6438)
2021-05-27 21:50:15 -04:00
TestOpenSSHKey.cpp
SSH Agent: Add support for generating SSH keys
2023-02-01 23:32:56 -05:00
TestOpenSSHKey.h
SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys
2021-10-01 16:25:14 -04:00
TestPasskeys.cpp
Skip a few Passkeys tests with Botan <= 2.14 (#10360)
2024-03-08 08:43:06 -05:00
TestPasskeys.h
Skip a few Passkeys tests with Botan <= 2.14 (#10360)
2024-03-08 08:43:06 -05:00
TestPassphraseGenerator.cpp
Add word case option to passphrase generator (#3172)
2019-05-24 18:23:19 -04:00
TestPassphraseGenerator.h
Add word case option to passphrase generator (#3172)
2019-05-24 18:23:19 -04:00
TestPasswordGenerator.cpp
Add -i/--include option to "generate" CLI command. (#7112)
2021-12-07 23:40:09 -05:00
TestPasswordGenerator.h
Add -i/--include option to "generate" CLI command. (#7112)
2021-12-07 23:40:09 -05:00
TestPasswordHealth.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestPasswordHealth.h
Implement Password Health Report
2020-02-01 09:30:12 -05:00
TestRandomGenerator.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestRandomGenerator.h
Replace all crypto libraries with Botan
2021-04-05 22:56:03 -04:00
TestSharing.cpp
KeeShare: Remove checking signed container
2021-12-14 23:23:23 -05:00
TestSharing.h
KeeShare: Remove checking signed container
2021-12-14 23:23:23 -05:00
TestSSHAgent.cpp
SSH Agent: Add support for generating SSH keys
2023-02-01 23:32:56 -05:00
TestSSHAgent.h
SSH Agent: Add support for generating SSH keys
2023-02-01 23:32:56 -05:00
TestSymmetricCipher.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestSymmetricCipher.h
Replace all crypto libraries with Botan
2021-04-05 22:56:03 -04:00
TestTools.cpp
Passkeys improvements (#10318)
2024-03-06 07:42:01 -05:00
TestTools.h
Passkeys improvements (#10318)
2024-03-06 07:42:01 -05:00
TestTotp.cpp
Fix multiple TOTP issues
2024-01-06 15:17:13 -05:00
TestTotp.h
Complete refactor of TOTP integration
2018-09-15 12:10:26 -04:00
TestUpdateCheck.cpp
Optimize includes across code base
2021-07-13 22:08:33 -04:00
TestUpdateCheck.h
Ran make format
2019-03-19 18:56:17 -04:00
TestUrlTools.cpp
Passkeys improvements (#10318)
2024-03-06 07:42:01 -05:00
TestUrlTools.h
Passkeys improvements (#10318)
2024-03-06 07:42:01 -05:00
TestYkChallengeResponseKey.cpp
Automatically detect USB device changes
2024-03-08 10:55:22 -05:00
TestYkChallengeResponseKey.h
Significantly enhance hardware key robustness
2020-05-14 20:19:56 -04:00