Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2024-10-01 01:26:01 -04:00
Code Issues Packages Projects Releases Wiki Activity
72fc00695c
keepassxc/tests
History
Jonathan White 72fc00695c Prevent byte-by-byte and attachment inference side channel attacks 
Attack - KeeShare attachments can be inferred because of attachment de-duplication.

Solution - Prevent de-duplication of normal database entry attachments with those entry attachments synchronized/associated with a KeeShare database. This is done using the KeeShare database UUID injected into the hash calculation of the attachment prior to de-dupe. The attachments themselves are not modified in any way.

--------

Attack - Side channel byte-by-byte inference due to compression de-duplication of data between a KeeShare database and it's parent.

Solution - Generate a random array between 64 and 512 bytes, convert to hex, and store in the database custom data.

--------

Attack vector assumptions:
1. Compression is enabled
2. The attacker has access to a KeeShare database actively syncing with the victim's database
3. The victim's database is unlocked and syncing
4. The attacker can see the exact size of the victim's database after saving, and syncing, the KeeShare database

Thank you to Andrés Fábrega from Cornell University for theorizing and informing us of this attack vector.
2024-03-09 12:39:00 -05:00
..
data Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
gui Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
mock Fix challenge-response key data after Botan 2021-05-19 22:36:30 -04:00
util Optimize includes across code base 2021-07-13 22:08:33 -04:00
CMakeLists.txt Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
config-keepassx-tests.h.cmake Remove KeePassHttp plugin and qhttp (#1752) 2018-03-31 11:36:18 -04:00
FailDevice.cpp Formatting the code. 2018-03-31 16:01:30 -04:00
FailDevice.h Make C++11 mandatory. 2015-09-12 13:55:50 +02:00
modeltest.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
modeltest.h Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords 2017-03-10 16:12:02 +01:00
TestAutoType.cpp Minor changes to Group API to make it more explicit 2024-03-09 10:44:54 -05:00
TestAutoType.h Auto-Type support for T-CONV, T-REPLACE-RX, and Comments 2021-02-22 07:41:23 -05:00
TestBase32.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestBase32.h Add new Base32 implementation 2017-10-21 13:15:02 +02:00
TestBrowser.cpp Allow groups to restrict by browser integration key (#6437) 2024-01-14 07:43:48 -05:00
TestBrowser.h Allow groups to restrict by browser integration key (#6437) 2024-01-14 07:43:48 -05:00
TestCli.cpp Minor changes to Group API to make it more explicit 2024-03-09 10:44:54 -05:00
TestCli.h CLI: Add Unicode support on Windows (#8618) 2022-10-29 08:07:31 -04:00
TestConfig.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestConfig.h Change settings checkbox texts to positive phrasing (#4715) 2020-05-10 21:35:08 -04:00
TestCryptoHash.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestCryptoHash.h Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords 2017-03-10 16:12:02 +01:00
TestCsvExporter.cpp Fix multiple TOTP issues 2024-01-06 15:17:13 -05:00
TestCsvExporter.h Refactor Database and Database widgets (#2491) 2018-11-22 11:47:31 +01:00
TestCsvParser.cpp Add braces around single line statements 2020-02-02 08:46:18 -05:00
TestCsvParser.h Moving CsvParser to format/ 2021-08-22 18:30:43 -04:00
TestDatabase.cpp Fix db history when adding new db (#9022) 2023-01-29 09:24:10 -05:00
TestDatabase.h Fix db history when adding new db (#9022) 2023-01-29 09:24:10 -05:00
TestDeletedObjects.cpp clang-tidy: use auto 2022-05-01 16:02:02 -04:00
TestDeletedObjects.h Implement KDBX 4.1 extended custom icons 2021-11-22 12:58:04 +01:00
TestEntry.cpp Fix various typos (#8748) 2023-01-29 09:38:44 -05:00
TestEntry.h Implement KDBX 4.1 PreviousParentGroup flag 2021-11-22 12:58:04 +01:00
TestEntryModel.cpp Show Row-Backgroundcolor in a column 2023-09-16 09:00:03 -04:00
TestEntryModel.h Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords 2017-03-10 16:12:02 +01:00
TestEntrySearcher.cpp Fix minor typos (#10124) 2023-12-22 15:12:07 -05:00
TestEntrySearcher.h Add uuid search (#9571) 2023-07-04 07:24:10 -04:00
TestFdoSecrets.cpp Fix various typos (#8748) 2023-01-29 09:38:44 -05:00
TestFdoSecrets.h Replace all crypto libraries with Botan 2021-04-05 22:56:03 -04:00
TestGroup.cpp Disable entry level Auto-Type 2023-07-30 09:56:09 -04:00
TestGroup.h Disable entry level Auto-Type 2023-07-30 09:56:09 -04:00
TestGroupModel.cpp clang-tidy: use auto 2022-05-01 16:02:02 -04:00
TestGroupModel.h Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords 2017-03-10 16:12:02 +01:00
TestHashedBlockStream.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestHashedBlockStream.h Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords 2017-03-10 16:12:02 +01:00
TestHibp.cpp clang-tidy: use auto 2022-05-01 16:02:02 -04:00
TestHibp.h CLI: add 'analyze' subcommand for offline HIBP breach checks 2019-06-25 15:37:40 -04:00
TestIconDownloader.cpp Add a URL that preserves the URL path when trying to resolve favicons. (#8565) 2022-10-19 20:50:17 -04:00
TestIconDownloader.h Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestImports.cpp Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
TestImports.h Add 1Password 1PUX and Bitwarden JSON Importers 2024-03-09 10:44:54 -05:00
TestKdbx2.cpp Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
TestKdbx2.h Refactor Database and Database widgets (#2491) 2018-11-22 11:47:31 +01:00
TestKdbx3.cpp Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 12:39:00 -05:00
TestKdbx3.h Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 12:39:00 -05:00
TestKdbx4.cpp Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 12:39:00 -05:00
TestKdbx4.h Prevent byte-by-byte and attachment inference side channel attacks 2024-03-09 12:39:00 -05:00
TestKeePass1Reader.cpp clang-tidy: use braced init list (#7998) 2023-01-29 10:05:44 -05:00
TestKeePass1Reader.h Refactor Database and Database widgets (#2491) 2018-11-22 11:47:31 +01:00
TestKeePass2Format.cpp Minor changes to Group API to make it more explicit 2024-03-09 10:44:54 -05:00
TestKeePass2Format.h Correctly set KDBX envelope version 2021-11-22 12:58:04 +01:00
TestKeePass2RandomStream.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestKeePass2RandomStream.h Replace Q_EMIT, Q_SIGNALS and Q_SLOTS macros with MOC keywords 2017-03-10 16:12:02 +01:00
TestKeys.cpp Add key serialization to support Quick Unlock 2022-02-22 17:53:50 -05:00
TestKeys.h Add MockChallengeResponseKey and additional composite key component test 2018-03-01 19:26:18 -05:00
TestMerge.cpp Minor changes to Group API to make it more explicit 2024-03-09 10:44:54 -05:00
TestMerge.h refactor: remove unused merge methods 2023-12-10 08:19:08 -05:00
TestModified.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestModified.h Properly block modified signal during Database destruction (#6438) 2021-05-27 21:50:15 -04:00
TestOpenSSHKey.cpp SSH Agent: Add support for generating SSH keys 2023-02-01 23:32:56 -05:00
TestOpenSSHKey.h SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys 2021-10-01 16:25:14 -04:00
TestPasskeys.cpp Skip a few Passkeys tests with Botan <= 2.14 (#10360) 2024-03-08 08:43:06 -05:00
TestPasskeys.h Skip a few Passkeys tests with Botan <= 2.14 (#10360) 2024-03-08 08:43:06 -05:00
TestPassphraseGenerator.cpp Add word case option to passphrase generator (#3172) 2019-05-24 18:23:19 -04:00
TestPassphraseGenerator.h Add word case option to passphrase generator (#3172) 2019-05-24 18:23:19 -04:00
TestPasswordGenerator.cpp Add -i/--include option to "generate" CLI command. (#7112) 2021-12-07 23:40:09 -05:00
TestPasswordGenerator.h Add -i/--include option to "generate" CLI command. (#7112) 2021-12-07 23:40:09 -05:00
TestPasswordHealth.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestPasswordHealth.h Implement Password Health Report 2020-02-01 09:30:12 -05:00
TestRandomGenerator.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestRandomGenerator.h Replace all crypto libraries with Botan 2021-04-05 22:56:03 -04:00
TestSharing.cpp KeeShare: Remove checking signed container 2021-12-14 23:23:23 -05:00
TestSharing.h KeeShare: Remove checking signed container 2021-12-14 23:23:23 -05:00
TestSSHAgent.cpp SSH Agent: Add support for generating SSH keys 2023-02-01 23:32:56 -05:00
TestSSHAgent.h SSH Agent: Add support for generating SSH keys 2023-02-01 23:32:56 -05:00
TestSymmetricCipher.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestSymmetricCipher.h Replace all crypto libraries with Botan 2021-04-05 22:56:03 -04:00
TestTools.cpp Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
TestTools.h Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
TestTotp.cpp Fix multiple TOTP issues 2024-01-06 15:17:13 -05:00
TestTotp.h Complete refactor of TOTP integration 2018-09-15 12:10:26 -04:00
TestUpdateCheck.cpp Optimize includes across code base 2021-07-13 22:08:33 -04:00
TestUpdateCheck.h Ran make format 2019-03-19 18:56:17 -04:00
TestUrlTools.cpp Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
TestUrlTools.h Passkeys improvements (#10318) 2024-03-06 07:42:01 -05:00
TestYkChallengeResponseKey.cpp Automatically detect USB device changes 2024-03-08 10:55:22 -05:00
TestYkChallengeResponseKey.h Significantly enhance hardware key robustness 2020-05-14 20:19:56 -04:00