mirror of
https://github.com/keepassxreboot/keepassxc.git
synced 2024-12-27 08:19:47 -05:00
e443cde452
This patch implements a new database wizard to guide users through the process of setting up a new database and choosing sane encryption settings. It also reimplements the master key settings to be more user-friendly. Users can now add, change, or remove individual composite key components instead of having to set all components at once. This avoids confusion about a password being reset if the user only wants to add a key file. With these changes comes a major refactor of how database composite keys and key components are handled. Copying of keys is prohibited and each key exists only once in memory and is referenced via shared pointers. GUI components for changing individual keys are encapsulated into separate classes to be more reusable. The password edit and generator widgets have also been refactored to be more reusable.
304 lines
9.6 KiB
C++
304 lines
9.6 KiB
C++
/*
|
|
* Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
|
|
* Copyright (C) 2011 Felix Geyer <debfx@fobos.de>
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 2 or (at your option)
|
|
* version 3 of the License.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "TestKeys.h"
|
|
#include "TestGlobal.h"
|
|
|
|
#include <QBuffer>
|
|
|
|
#include "config-keepassx-tests.h"
|
|
|
|
#include "core/Metadata.h"
|
|
#include "crypto/Crypto.h"
|
|
#include "crypto/CryptoHash.h"
|
|
#include "crypto/kdf/AesKdf.h"
|
|
#include "format/KeePass2Reader.h"
|
|
#include "format/KeePass2Writer.h"
|
|
#include "keys/FileKey.h"
|
|
#include "keys/PasswordKey.h"
|
|
#include "mock/MockChallengeResponseKey.h"
|
|
|
|
QTEST_GUILESS_MAIN(TestKeys)
|
|
Q_DECLARE_METATYPE(FileKey::Type);
|
|
|
|
void TestKeys::initTestCase()
|
|
{
|
|
QVERIFY(Crypto::init());
|
|
}
|
|
|
|
void TestKeys::testComposite()
|
|
{
|
|
auto compositeKey1 = QSharedPointer<CompositeKey>::create();
|
|
auto passwordKey1 = QSharedPointer<PasswordKey>::create();
|
|
auto passwordKey2 = QSharedPointer<PasswordKey>::create("test");
|
|
|
|
// make sure that addKey() creates a copy of the keys
|
|
compositeKey1->addKey(passwordKey1);
|
|
compositeKey1->addKey(passwordKey2);
|
|
|
|
AesKdf kdf;
|
|
kdf.setRounds(1);
|
|
QByteArray transformed1;
|
|
QVERIFY(compositeKey1->transform(kdf, transformed1));
|
|
QCOMPARE(transformed1.size(), 32);
|
|
|
|
QScopedPointer<CompositeKey> compositeKey3(new CompositeKey());
|
|
QScopedPointer<CompositeKey> compositeKey4(new CompositeKey());
|
|
|
|
// test clear()
|
|
compositeKey3->addKey(QSharedPointer<PasswordKey>::create("test"));
|
|
compositeKey3->clear();
|
|
QCOMPARE(compositeKey3->rawKey(), compositeKey4->rawKey());
|
|
}
|
|
|
|
void TestKeys::testFileKey()
|
|
{
|
|
QFETCH(FileKey::Type, type);
|
|
QFETCH(QString, typeString);
|
|
|
|
QString name = QString("FileKey").append(typeString);
|
|
|
|
KeePass2Reader reader;
|
|
|
|
QString dbFilename = QString("%1/%2.kdbx").arg(QString(KEEPASSX_TEST_DATA_DIR), name);
|
|
QString keyFilename = QString("%1/%2.key").arg(QString(KEEPASSX_TEST_DATA_DIR), name);
|
|
|
|
auto compositeKey = QSharedPointer<CompositeKey>::create();
|
|
auto fileKey = QSharedPointer<FileKey>::create();
|
|
QVERIFY(fileKey->load(keyFilename));
|
|
QCOMPARE(fileKey->rawKey().size(), 32);
|
|
|
|
QCOMPARE(fileKey->type(), type);
|
|
|
|
compositeKey->addKey(fileKey);
|
|
|
|
QScopedPointer<Database> db(reader.readDatabase(dbFilename, compositeKey));
|
|
QVERIFY(db);
|
|
QVERIFY(!reader.hasError());
|
|
QCOMPARE(db->metadata()->name(), QString("%1 Database").arg(name));
|
|
}
|
|
|
|
// clang-format off
|
|
void TestKeys::testFileKey_data()
|
|
{
|
|
QTest::addColumn<FileKey::Type>("type");
|
|
QTest::addColumn<QString>("typeString");
|
|
QTest::newRow("Xml") << FileKey::KeePass2XML << QString("Xml");
|
|
QTest::newRow("XmlBrokenBase64") << FileKey::Hashed << QString("XmlBrokenBase64");
|
|
QTest::newRow("Binary") << FileKey::FixedBinary << QString("Binary");
|
|
QTest::newRow("Hex") << FileKey::FixedBinaryHex << QString("Hex");
|
|
QTest::newRow("Hashed") << FileKey::Hashed << QString("Hashed");
|
|
}
|
|
// clang-format on
|
|
|
|
void TestKeys::testCreateFileKey()
|
|
{
|
|
QBuffer keyBuffer1;
|
|
keyBuffer1.open(QBuffer::ReadWrite);
|
|
|
|
FileKey::create(&keyBuffer1, 128);
|
|
QCOMPARE(keyBuffer1.size(), 128);
|
|
|
|
QBuffer keyBuffer2;
|
|
keyBuffer2.open(QBuffer::ReadWrite);
|
|
FileKey::create(&keyBuffer2, 64);
|
|
QCOMPARE(keyBuffer2.size(), 64);
|
|
}
|
|
|
|
void TestKeys::testCreateAndOpenFileKey()
|
|
{
|
|
const QString dbName("testCreateFileKey database");
|
|
|
|
QBuffer keyBuffer;
|
|
keyBuffer.open(QBuffer::ReadWrite);
|
|
|
|
FileKey::create(&keyBuffer);
|
|
keyBuffer.reset();
|
|
|
|
auto fileKey = QSharedPointer<FileKey>::create();
|
|
QVERIFY(fileKey->load(&keyBuffer));
|
|
auto compositeKey = QSharedPointer<CompositeKey>::create();
|
|
compositeKey->addKey(fileKey);
|
|
|
|
QScopedPointer<Database> dbOrg(new Database());
|
|
QVERIFY(dbOrg->setKey(compositeKey));
|
|
dbOrg->metadata()->setName(dbName);
|
|
|
|
QBuffer dbBuffer;
|
|
dbBuffer.open(QBuffer::ReadWrite);
|
|
|
|
KeePass2Writer writer;
|
|
writer.writeDatabase(&dbBuffer, dbOrg.data());
|
|
bool writeSuccess = writer.writeDatabase(&dbBuffer, dbOrg.data());
|
|
if (writer.hasError()) {
|
|
QFAIL(writer.errorString().toUtf8().constData());
|
|
}
|
|
QVERIFY(writeSuccess);
|
|
dbBuffer.reset();
|
|
|
|
KeePass2Reader reader;
|
|
QScopedPointer<Database> dbRead(reader.readDatabase(&dbBuffer, compositeKey));
|
|
if (reader.hasError()) {
|
|
QFAIL(reader.errorString().toUtf8().constData());
|
|
}
|
|
QVERIFY(dbRead);
|
|
QCOMPARE(dbRead->metadata()->name(), dbName);
|
|
}
|
|
|
|
void TestKeys::testFileKeyHash()
|
|
{
|
|
QBuffer keyBuffer;
|
|
keyBuffer.open(QBuffer::ReadWrite);
|
|
|
|
FileKey::create(&keyBuffer);
|
|
|
|
CryptoHash cryptoHash(CryptoHash::Sha256);
|
|
cryptoHash.addData(keyBuffer.data());
|
|
|
|
FileKey fileKey;
|
|
fileKey.load(&keyBuffer);
|
|
|
|
QCOMPARE(fileKey.rawKey(), cryptoHash.result());
|
|
}
|
|
|
|
void TestKeys::testFileKeyError()
|
|
{
|
|
bool result;
|
|
QString errorMsg;
|
|
const QString fileName(QString(KEEPASSX_TEST_DATA_DIR).append("/does/not/exist"));
|
|
|
|
FileKey fileKey;
|
|
result = fileKey.load(fileName, &errorMsg);
|
|
QVERIFY(!result);
|
|
QVERIFY(!errorMsg.isEmpty());
|
|
errorMsg = "";
|
|
|
|
result = FileKey::create(fileName, &errorMsg);
|
|
QVERIFY(!result);
|
|
QVERIFY(!errorMsg.isEmpty());
|
|
errorMsg = "";
|
|
}
|
|
|
|
void TestKeys::benchmarkTransformKey()
|
|
{
|
|
QByteArray env = qgetenv("BENCHMARK");
|
|
|
|
if (env.isEmpty() || env == "0" || env == "no") {
|
|
QSKIP("Benchmark skipped. Set env variable BENCHMARK=1 to enable.");
|
|
}
|
|
|
|
auto pwKey = QSharedPointer<PasswordKey>::create();
|
|
pwKey->setPassword("password");
|
|
auto compositeKey = QSharedPointer<CompositeKey>::create();
|
|
compositeKey->addKey(pwKey);
|
|
|
|
QByteArray seed(32, '\x4B');
|
|
|
|
QByteArray result;
|
|
AesKdf kdf;
|
|
kdf.setSeed(seed);
|
|
kdf.setRounds(1e6);
|
|
|
|
QBENCHMARK
|
|
{
|
|
Q_UNUSED(compositeKey->transform(kdf, result));
|
|
};
|
|
}
|
|
|
|
void TestKeys::testCompositeKeyComponents()
|
|
{
|
|
auto passwordKeyEnc = QSharedPointer<PasswordKey>::create("password");
|
|
auto fileKeyEnc = QSharedPointer<FileKey>::create();
|
|
QString error;
|
|
fileKeyEnc->load(QString("%1/%2").arg(QString(KEEPASSX_TEST_DATA_DIR), "FileKeyHashed.key"), &error);
|
|
if (!error.isNull()) {
|
|
QFAIL(qPrintable(error));
|
|
}
|
|
auto challengeResponseKeyEnc = QSharedPointer<MockChallengeResponseKey>::create(QByteArray(16, 0x10));
|
|
|
|
auto compositeKeyEnc = QSharedPointer<CompositeKey>::create();
|
|
compositeKeyEnc->addKey(passwordKeyEnc);
|
|
compositeKeyEnc->addKey(fileKeyEnc);
|
|
compositeKeyEnc->addChallengeResponseKey(challengeResponseKeyEnc);
|
|
|
|
QScopedPointer<Database> db1(new Database());
|
|
db1->setKey(compositeKeyEnc);
|
|
|
|
KeePass2Writer writer;
|
|
QBuffer buffer;
|
|
buffer.open(QBuffer::ReadWrite);
|
|
QVERIFY(writer.writeDatabase(&buffer, db1.data()));
|
|
|
|
buffer.seek(0);
|
|
QScopedPointer<Database> db2;
|
|
KeePass2Reader reader;
|
|
auto compositeKeyDec1 = QSharedPointer<CompositeKey>::create();
|
|
|
|
// try decryption and subsequently add key components until decryption is successful
|
|
db2.reset(reader.readDatabase(&buffer, compositeKeyDec1));
|
|
QVERIFY(reader.hasError());
|
|
|
|
compositeKeyDec1->addKey(passwordKeyEnc);
|
|
buffer.seek(0);
|
|
db2.reset(reader.readDatabase(&buffer, compositeKeyDec1));
|
|
QVERIFY(reader.hasError());
|
|
|
|
compositeKeyDec1->addKey(fileKeyEnc);
|
|
buffer.seek(0);
|
|
db2.reset(reader.readDatabase(&buffer, compositeKeyDec1));
|
|
QVERIFY(reader.hasError());
|
|
|
|
compositeKeyDec1->addChallengeResponseKey(challengeResponseKeyEnc);
|
|
buffer.seek(0);
|
|
db2.reset(reader.readDatabase(&buffer, compositeKeyDec1));
|
|
// now we should be able to open the database
|
|
if (reader.hasError()) {
|
|
QFAIL(qPrintable(reader.errorString()));
|
|
}
|
|
|
|
// try the same again, but this time with one wrong key component each time
|
|
auto compositeKeyDec2 = QSharedPointer<CompositeKey>::create();
|
|
compositeKeyDec2->addKey(QSharedPointer<PasswordKey>::create("wrong password"));
|
|
compositeKeyDec2->addKey(fileKeyEnc);
|
|
compositeKeyDec2->addChallengeResponseKey(challengeResponseKeyEnc);
|
|
buffer.seek(0);
|
|
db2.reset(reader.readDatabase(&buffer, compositeKeyDec2));
|
|
QVERIFY(reader.hasError());
|
|
|
|
auto compositeKeyDec3 = QSharedPointer<CompositeKey>::create();
|
|
compositeKeyDec3->addKey(passwordKeyEnc);
|
|
auto fileKeyWrong = QSharedPointer<FileKey>::create();
|
|
fileKeyWrong->load(QString("%1/%2").arg(QString(KEEPASSX_TEST_DATA_DIR), "FileKeyHashed2.key"), &error);
|
|
if (!error.isNull()) {
|
|
QFAIL(qPrintable(error));
|
|
}
|
|
compositeKeyDec3->addKey(fileKeyWrong);
|
|
compositeKeyDec3->addChallengeResponseKey(challengeResponseKeyEnc);
|
|
buffer.seek(0);
|
|
db2.reset(reader.readDatabase(&buffer, compositeKeyDec3));
|
|
QVERIFY(reader.hasError());
|
|
|
|
auto compositeKeyDec4 = QSharedPointer<CompositeKey>::create();
|
|
compositeKeyDec4->addKey(passwordKeyEnc);
|
|
compositeKeyDec4->addKey(fileKeyEnc);
|
|
compositeKeyDec4->addChallengeResponseKey(QSharedPointer<MockChallengeResponseKey>::create(QByteArray(16, 0x20)));
|
|
buffer.seek(0);
|
|
db2.reset(reader.readDatabase(&buffer, compositeKeyDec4));
|
|
QVERIFY(reader.hasError());
|
|
}
|