diff --git a/share/translations/keepassxc_en.ts b/share/translations/keepassxc_en.ts index 824846331..dbe5c95e0 100644 --- a/share/translations/keepassxc_en.ts +++ b/share/translations/keepassxc_en.ts @@ -1,6 +1,6 @@ - + AboutDialog @@ -82,6 +82,10 @@ Details + + Your decision will be remembered for the duration while both the requesting client AND KeePassXC are running. + + Remember @@ -90,10 +94,6 @@ Allow Selected - - Your decision will be remembered for the duration while both the requesting client AND KeePassXC are running. - - Deny All && Future @@ -124,6 +124,10 @@ Use OpenSSH + + Use both agents + + SSH_AUTH_SOCK override @@ -152,10 +156,6 @@ SSH Agent connection is working! - - Use both agents - - ApplicationSettingsWidget @@ -171,6 +171,10 @@ Security + + This setting cannot be enabled when minimize on unlock is enabled. + + Access error for config file %1 @@ -227,10 +231,6 @@ Select backup storage directory - - This setting cannot be enabled when minimize on unlock is enabled. - - ApplicationSettingsWidgetGeneral @@ -262,6 +262,10 @@ Remember previously used databases + + recent files + + Load previously open databases on startup @@ -414,6 +418,10 @@ Toolbar button style: + + Show passwords in color + + Use monospaced font for notes @@ -499,14 +507,6 @@ Remember last typed entry for: - - recent files - - - - Show passwords in color - - ApplicationSettingsWidgetSecurity @@ -639,6 +639,10 @@ Very long delay detected, max is %1: %2 + + Entry does not have attribute for PICKCHARS: %1 + + Invalid conversion type: %1 @@ -656,10 +660,6 @@ Invalid placeholder: %1 - - Entry does not have attribute for PICKCHARS: %1 - - AutoTypeAssociationsModel @@ -1396,6 +1396,10 @@ Backup database located at %2 Key File: + + <p>In addition to a password, you can use a secret file to enhance the security of your database. This file can be generated in your database's security settings.</p><p>This is <strong>not</strong> your *.kdbx database file!<br>If you do not have a key file, leave this field empty.</p><p>Click for more information…</p> + + Key file help @@ -1408,6 +1412,11 @@ Backup database located at %2 Hardware Key: + + <p>You can use a hardware security key such as a <strong>YubiKey</strong> or <strong>OnlyKey</strong> with slots configured for HMAC-SHA1.</p> +<p>Click for more information…</p> + + Hardware key help @@ -1542,15 +1551,6 @@ If you do not have a key file, please leave the field empty. Select hardware key… - - <p>In addition to a password, you can use a secret file to enhance the security of your database. This file can be generated in your database's security settings.</p><p>This is <strong>not</strong> your *.kdbx database file!<br>If you do not have a key file, leave this field empty.</p><p>Click for more information…</p> - - - - <p>You can use a hardware security key such as a <strong>YubiKey</strong> or <strong>OnlyKey</strong> with slots configured for HMAC-SHA1.</p> -<p>Click for more information…</p> - - authenticate to access the database @@ -1600,10 +1600,6 @@ If you do not have a key file, please leave the field empty. KeePassXC-Browser settings - - Refresh database root group ID - - Disconnect all browsers @@ -1612,6 +1608,10 @@ If you do not have a key file, please leave the field empty. Forget all site-specific settings on entries + + Refresh database root group ID + + Stored keys @@ -2169,6 +2169,18 @@ This is definitely a bug, please report it to the developers. Writing the HTML file failed. + + Export database to XML file + + + + XML file + + + + Writing the XML file failed + + Export Confirmation @@ -2191,21 +2203,13 @@ This is definitely a bug, please report it to the developers. Database tab name modifier - - Export database to XML file - - - - XML file - - - - Writing the XML file failed - - DatabaseWidget + + Searches and Tags + + Searching… @@ -2254,6 +2258,13 @@ This is definitely a bug, please report it to the developers. Expired entries + + Entries expiring within %1 day(s) + + + + + No current database. @@ -2278,6 +2289,18 @@ This is definitely a bug, please report it to the developers. No Results + + Save + + + + Enter a unique name or overwrite an existing search from the list: + + + + Save Search + + Lock Database? @@ -2363,29 +2386,6 @@ Disable safe saves and try again? Could not find database file: %1 - - Entries expiring within %1 day(s) - - - - - - - Searches and Tags - - - - Enter a unique name or overwrite an existing search from the list: - - - - Save - - - - Save Search - - EditEntryWidget @@ -2522,6 +2522,13 @@ Would you like to correct it? Hide + + %n hour(s) + + + + + %n week(s) @@ -2543,13 +2550,6 @@ Would you like to correct it? - - %n hour(s) - - - - - EditEntryWidgetAdvanced @@ -2668,10 +2668,20 @@ Would you like to correct it? Add new window association + + + + Add item + + Remove selected window association + + - + Remove item + + Window title: @@ -2696,16 +2706,6 @@ Would you like to correct it? Custom Auto-Type sequence for this window - - + - Add item - - - - - - Remove item - - EditEntryWidgetBrowser @@ -2926,19 +2926,6 @@ Would you like to correct it? Private key - - External file - - - - Browser for key file - - - - Browse… - Button for opening file dialog - - Attachment @@ -2955,6 +2942,23 @@ Would you like to correct it? Remove from agent + + External file + + + + Browser for key file + + + + Browse… + Button for opening file dialog + + + + Generate + + Select attachment file @@ -2990,10 +2994,6 @@ Would you like to correct it? Icon - - Browser Integration - - Properties @@ -3010,6 +3010,10 @@ Would you like to correct it? Group has unsaved changes + + Browser Integration + + Enable @@ -3796,7 +3800,7 @@ Error: %1 - Notes + URL @@ -3816,7 +3820,7 @@ Error: %1 - URL + Notes @@ -3867,6 +3871,10 @@ Error: %1 Never + + Double click to copy value + + Enabled @@ -3875,10 +3883,6 @@ Error: %1 Disabled - - Double click to copy value - - EntryURLModel @@ -4937,6 +4941,10 @@ Are you sure you want to continue with this file? TOTP + + Tags + + &Groups @@ -5137,6 +5145,10 @@ Are you sure you want to continue with this file? Copy title to clipboard + + Copy &URL + + Copy URL to clipboard @@ -5197,6 +5209,10 @@ Are you sure you want to continue with this file? Copy &TOTP + + Copy Password and TOTP + + E&mpty recycle bin @@ -5293,6 +5309,14 @@ Are you sure you want to continue with this file? Clone Group... + + &XML File… + + + + XML File… + + Clear history @@ -5321,6 +5345,10 @@ Expect some bugs and minor issues, this version is meant for testing purposes. + + No Tags + + Restore Entry(s) @@ -5352,6 +5380,13 @@ We recommend you use the AppImage available on our downloads page. Quit KeePassXC + + %1 Entry(s) + + + + + Please present or touch your YubiKey to continue… @@ -5364,37 +5399,6 @@ We recommend you use the AppImage available on our downloads page. You must restart the application to apply this setting. Would you like to restart now? - - Tags - - - - No Tags - - - - %1 Entry(s) - - - - - - - Copy Password and TOTP - - - - &XML File… - - - - XML File… - - - - Copy &URL - - ManageDatabase @@ -5700,6 +5704,10 @@ We recommend you use the AppImage available on our downloads page. Unknown cipher: %1 + + AES-256/GCM is currently not supported + + Passphrase is required to decrypt this key @@ -5764,8 +5772,23 @@ We recommend you use the AppImage available on our downloads page. Unexpected EOF when writing private key + + + OpenSSHKeyGenDialog - AES-256/GCM is currently not supported + SSH Key Generator + + + + Type + + + + Bits + + + + Comment @@ -5947,6 +5970,10 @@ We recommend you use the AppImage available on our downloads page. Also choose from: + + Excluded characters: "0", "1", "l", "I", "O", "|", "﹒" + + Exclude look-alike characters @@ -6027,6 +6054,30 @@ We recommend you use the AppImage available on our downloads page. Entropy: %1 bit + + Password Quality: %1 + + + + Poor + Password quality + + + + Weak + Password quality + + + + Good + Password quality + + + + Excellent + Password quality + + Confirm Delete Wordlist @@ -6072,34 +6123,6 @@ Do you want to overwrite it? Special Characters - - Password Quality: %1 - - - - Poor - Password quality - - - - Weak - Password quality - - - - Good - Password quality - - - - Excellent - Password quality - - - - Excluded characters: "0", "1", "l", "I", "O", "|", "﹒" - - PasswordWidget @@ -6600,6 +6623,10 @@ Do you want to overwrite it? Too many arguments provided. + + Path of the database. + + Target decryption time in MS for the database. @@ -6608,6 +6635,11 @@ Do you want to overwrite it? time + + Set the key file for the database. +This options is deprecated, use --set-key-file instead. + + Set the key file for the database. @@ -6620,10 +6652,6 @@ Do you want to overwrite it? Create a new database. - - Path of the database. - - Invalid decryption time %1. @@ -6668,6 +6696,158 @@ Do you want to overwrite it? Successfully created new database. + + Unset the password for the database. + + + + Unset the key file for the database. + + + + Edit a database. + + + + Cannot use %1 and %2 at the same time. + + + + Could not change the database key. + + + + Database was not modified. + + + + Writing the database failed: %1 + + + + Successfully edited the database. + + + + Cannot remove password: The database does not have a password. + + + + Cannot remove file key: The database does not have a file key. + + + + Loading the new key file failed: %1 + + + + Found unexpected Key type %1 + + + + Cannot remove all the keys from a database. + + + + Show a database's information. + + + + UUID: + + + + Name: + + + + Description: + + + + Cipher: + + + + KDF: + + + + Recycle bin is enabled. + + + + Recycle bin is not enabled. + + + + Location + + + + Database created + + + + Last saved + + + + Unsaved changes + + + + yes + + + + no + + + + Number of groups + + + + Number of entries + + + + Number of expired entries + + + + Unique passwords + + + + Non-unique passwords + + + + Maximum password reuse + + + + Number of short passwords + + + + Number of weak passwords + + + + Entries excluded from reports + + + + Average password length + + + + %1 characters + + Word count for the diceware passphrase. @@ -6718,10 +6898,6 @@ Do you want to overwrite it? Enter new password for entry: - - Writing the database failed: %1 - - Successfully edited entry %1. @@ -6946,106 +7122,6 @@ Do you want to overwrite it? Successfully imported database. - - Show a database's information. - - - - UUID: - - - - Name: - - - - Description: - - - - Cipher: - - - - KDF: - - - - Recycle bin is enabled. - - - - Recycle bin is not enabled. - - - - Location - - - - Database created - - - - Last saved - - - - Unsaved changes - - - - yes - - - - no - - - - Number of groups - - - - Number of entries - - - - Number of expired entries - - - - Unique passwords - - - - Non-unique passwords - - - - Maximum password reuse - - - - Number of short passwords - - - - Number of weak passwords - - - - Entries excluded from reports - - - - Average password length - - - - %1 characters - - Unknown command %1 @@ -7214,6 +7290,10 @@ Available commands: Show the protected attributes in clear text. + + Show all the attributes of the entry. + + Show the attachments of the entry. @@ -7281,6 +7361,10 @@ Please consider generating a new key file. Invalid YubiKey serial %1 + + Please present or touch your YubiKey to continue. + + Enter password to encrypt database (optional): @@ -7770,6 +7854,10 @@ Kernel: %3 %4 Another instance of KeePassXC is already running. + + KeePassXC is not running. No open database to lock + + Fatal error while testing the cryptographic functions. @@ -7804,71 +7892,6 @@ Kernel: %3 %4 Failed to sign challenge using Windows Hello. - - Please present or touch your YubiKey to continue. - - - - Show all the attributes of the entry. - - - - Edit a database. - - - - Could not change the database key. - - - - Database was not modified. - - - - Successfully edited the database. - - - - Loading the new key file failed: %1 - - - - Unset the password for the database. - - - - Unset the key file for the database. - - - - Cannot use %1 and %2 at the same time. - - - - Cannot remove all the keys from a database. - - - - Cannot remove password: The database does not have a password. - - - - Cannot remove file key: The database does not have a file key. - - - - Found unexpected Key type %1 - - - - Set the key file for the database. -This options is deprecated, use --set-key-file instead. - - - - KeePassXC is not running. No open database to lock - - QtIOCompressor @@ -8412,6 +8435,10 @@ This options is deprecated, use --set-key-file instead. Search Help + + Save Search + + Search (%1)… Search placeholder text, %1 is the keyboard shortcut @@ -8425,10 +8452,6 @@ This options is deprecated, use --set-key-file instead. Limit search to selected group - - Save Search - - SettingsClientModel @@ -8642,11 +8665,7 @@ This options is deprecated, use --set-key-file instead. TagModel - Expired - - - - Weak Passwords + Clear Search @@ -8654,7 +8673,11 @@ This options is deprecated, use --set-key-file instead. - Clear Search + Expired + + + + Weak Passwords diff --git a/src/gui/entry/EditEntryWidget.cpp b/src/gui/entry/EditEntryWidget.cpp index be7fd1467..b2977d6fd 100644 --- a/src/gui/entry/EditEntryWidget.cpp +++ b/src/gui/entry/EditEntryWidget.cpp @@ -41,6 +41,7 @@ #include "core/TimeDelta.h" #ifdef WITH_XC_SSHAGENT #include "sshagent/OpenSSHKey.h" +#include "sshagent/OpenSSHKeyGenDialog.h" #include "sshagent/SSHAgent.h" #endif #ifdef WITH_XC_BROWSER @@ -535,6 +536,7 @@ void EditEntryWidget::updateHistoryButtons(const QModelIndex& current, const QMo #ifdef WITH_XC_SSHAGENT void EditEntryWidget::setupSSHAgent() { + m_pendingPrivateKey = ""; m_sshAgentUi->setupUi(m_sshAgentWidget); QFont fixedFont = Font::fixedFont(); @@ -555,6 +557,7 @@ void EditEntryWidget::setupSSHAgent() connect(m_sshAgentUi->removeFromAgentButton, &QPushButton::clicked, this, &EditEntryWidget::removeKeyFromAgent); connect(m_sshAgentUi->decryptButton, &QPushButton::clicked, this, &EditEntryWidget::decryptPrivateKey); connect(m_sshAgentUi->copyToClipboardButton, &QPushButton::clicked, this, &EditEntryWidget::copyPublicKey); + connect(m_sshAgentUi->generateButton, &QPushButton::clicked, this, &EditEntryWidget::generatePrivateKey); connect(m_attachments.data(), &EntryAttachments::modified, this, &EditEntryWidget::updateSSHAgentAttachments); @@ -582,6 +585,12 @@ void EditEntryWidget::updateSSHAgent() m_sshAgentSettings.fromEntry(m_entry); setSSHAgentSettings(); + if (!m_pendingPrivateKey.isEmpty()) { + m_sshAgentSettings.setAttachmentName(m_pendingPrivateKey); + m_sshAgentSettings.setSelectedType("attachment"); + m_pendingPrivateKey = ""; + } + updateSSHAgentAttachments(); } @@ -784,6 +793,38 @@ void EditEntryWidget::copyPublicKey() { clipboard()->setText(m_sshAgentUi->publicKeyEdit->document()->toPlainText()); } + +void EditEntryWidget::generatePrivateKey() +{ + auto dialog = new OpenSSHKeyGenDialog(this); + + OpenSSHKey key; + dialog->setKey(&key); + + if (dialog->exec()) { + // derive openssh naming from type + QString keyPrefix = key.type(); + if (keyPrefix.startsWith("ecdsa")) { + keyPrefix = "id_ecdsa"; + } else { + keyPrefix.replace("ssh-", "id_"); + } + + for (int i = 0; i < 10; i++) { + QString keyName = keyPrefix; + + if (i > 0) { + keyName += "." + QString::number(i); + } + + if (!m_entry->attachments()->hasKey(keyName)) { + m_pendingPrivateKey = keyName; + m_entry->attachments()->set(m_pendingPrivateKey, key.privateKey().toUtf8()); + break; + } + } + } +} #endif void EditEntryWidget::useExpiryPreset(QAction* action) diff --git a/src/gui/entry/EditEntryWidget.h b/src/gui/entry/EditEntryWidget.h index 89422c0d4..582cdfbbc 100644 --- a/src/gui/entry/EditEntryWidget.h +++ b/src/gui/entry/EditEntryWidget.h @@ -123,6 +123,7 @@ private slots: void removeKeyFromAgent(); void decryptPrivateKey(); void copyPublicKey(); + void generatePrivateKey(); #endif #ifdef WITH_XC_BROWSER void updateBrowserModified(); @@ -167,6 +168,7 @@ private: bool m_history; #ifdef WITH_XC_SSHAGENT KeeAgentSettings m_sshAgentSettings; + QString m_pendingPrivateKey; #endif const QScopedPointer m_mainUi; const QScopedPointer m_advancedUi; diff --git a/src/gui/entry/EditEntryWidgetSSHAgent.ui b/src/gui/entry/EditEntryWidgetSSHAgent.ui index 81fac082a..3fa48baf3 100644 --- a/src/gui/entry/EditEntryWidgetSSHAgent.ui +++ b/src/gui/entry/EditEntryWidgetSSHAgent.ui @@ -118,23 +118,6 @@ Private key - - - - External file - - - - - - - Browser for key file - - - Browse… - - - @@ -145,7 +128,7 @@ - + Qt::ClickFocus @@ -155,7 +138,7 @@ - + @@ -173,7 +156,31 @@ - + + + + External file + + + + + + + Browser for key file + + + Browse… + + + + + + + Generate + + + + @@ -325,7 +332,6 @@ lifetimeCheckBox lifetimeSpinBox attachmentRadioButton - attachmentComboBox externalFileRadioButton browseButton addToAgentButton diff --git a/src/sshagent/CMakeLists.txt b/src/sshagent/CMakeLists.txt index 969467415..6bbb9c94d 100644 --- a/src/sshagent/CMakeLists.txt +++ b/src/sshagent/CMakeLists.txt @@ -8,6 +8,8 @@ if(WITH_XC_SSHAGENT) BinaryStream.cpp KeeAgentSettings.cpp OpenSSHKey.cpp + OpenSSHKeyGen.cpp + OpenSSHKeyGenDialog.cpp SSHAgent.cpp ) diff --git a/src/sshagent/OpenSSHKey.cpp b/src/sshagent/OpenSSHKey.cpp index e6b21c863..cdcc25701 100644 --- a/src/sshagent/OpenSSHKey.cpp +++ b/src/sshagent/OpenSSHKey.cpp @@ -20,6 +20,7 @@ #include "ASN1Key.h" #include "BinaryStream.h" +#include "crypto/Random.h" #include "crypto/SymmetricCipher.h" #include @@ -34,6 +35,7 @@ const QString OpenSSHKey::OPENSSH_CIPHER_SUFFIX = "@openssh.com"; OpenSSHKey::OpenSSHKey(QObject* parent) : QObject(parent) + , m_check(0) , m_type(QString()) , m_cipherName(QString("none")) , m_kdfName(QString("none")) @@ -49,6 +51,7 @@ OpenSSHKey::OpenSSHKey(QObject* parent) OpenSSHKey::OpenSSHKey(const OpenSSHKey& other) : QObject(nullptr) + , m_check(other.m_check) , m_type(other.m_type) , m_cipherName(other.m_cipherName) , m_kdfName(other.m_kdfName) @@ -126,6 +129,64 @@ const QString OpenSSHKey::publicKey() const return m_type + " " + QString::fromLatin1(publicKey.toBase64()) + " " + m_comment; } +const QString OpenSSHKey::privateKey() +{ + QByteArray sshKey; + BinaryStream stream(&sshKey); + + // magic + stream.write(QString("openssh-key-v1").toUtf8()); + stream.write(static_cast(0)); + + // cipher name + stream.writeString(QString("none")); + + // kdf name + stream.writeString(QString("none")); + + // kdf options + stream.writeString(QString("")); + + // number of keys + stream.write(static_cast(1)); + + // string wrapped public key + QByteArray publicKey; + BinaryStream publicStream(&publicKey); + writePublic(publicStream); + stream.writeString(publicKey); + + // string wrapper private key + QByteArray privateKey; + BinaryStream privateStream(&privateKey); + + // integrity check value + privateStream.write(m_check); + privateStream.write(m_check); + + writePrivate(privateStream); + + // padding for unencrypted key + for (quint8 i = 1; i <= privateKey.size() % 8; i++) { + privateStream.write(i); + } + + stream.writeString(privateKey); + + // encode to PEM format + QString out; + out += "-----BEGIN OPENSSH PRIVATE KEY-----\n"; + + auto base64Key = QString::fromUtf8(sshKey.toBase64()); + for (int i = 0; i < base64Key.size(); i += 70) { + out += base64Key.midRef(i, 70); + out += "\n"; + } + + out += "-----END OPENSSH PRIVATE KEY-----\n"; + return out; +} + const QString OpenSSHKey::errorString() const { return m_error; @@ -136,6 +197,11 @@ void OpenSSHKey::setType(const QString& type) m_type = type; } +void OpenSSHKey::setCheck(quint32 check) +{ + m_check = check; +} + void OpenSSHKey::setPublicData(const QByteArray& data) { m_rawPublicData = data; @@ -429,6 +495,8 @@ bool OpenSSHKey::openKey(const QString& passphrase) return false; } + m_check = checkInt1; + return readPrivate(keyStream); } diff --git a/src/sshagent/OpenSSHKey.h b/src/sshagent/OpenSSHKey.h index a42e433de..c2c831939 100644 --- a/src/sshagent/OpenSSHKey.h +++ b/src/sshagent/OpenSSHKey.h @@ -41,9 +41,11 @@ public: const QString fingerprint(QCryptographicHash::Algorithm algo = QCryptographicHash::Sha256) const; const QString comment() const; const QString publicKey() const; + const QString privateKey(); const QString errorString() const; void setType(const QString& type); + void setCheck(quint32 check); void setPublicData(const QByteArray& data); void setPrivateData(const QByteArray& data); void setComment(const QString& comment); @@ -70,6 +72,7 @@ private: bool extractPEM(const QByteArray& in, QByteArray& out); + quint32 m_check; QString m_type; QString m_cipherName; QByteArray m_cipherIV; diff --git a/src/sshagent/OpenSSHKeyGen.cpp b/src/sshagent/OpenSSHKeyGen.cpp new file mode 100644 index 000000000..c18f1b03e --- /dev/null +++ b/src/sshagent/OpenSSHKeyGen.cpp @@ -0,0 +1,141 @@ +/* + * Copyright (C) 2021 KeePassXC Team + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 or (at your option) + * version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "OpenSSHKeyGen.h" +#include "BinaryStream.h" +#include "OpenSSHKey.h" +#include "crypto/Random.h" + +#include +#include +#include + +namespace OpenSSHKeyGen +{ + namespace + { + void bigIntToStream(const Botan::BigInt& i, BinaryStream& stream, int padding = 0) + { + QByteArray ba(i.bytes() + padding, 0); + i.binary_encode(reinterpret_cast(ba.data() + padding), ba.size() - padding); + stream.writeString(ba); + } + + void vectorToStream(const std::vector& v, BinaryStream& stream) + { + QByteArray ba(reinterpret_cast(v.data()), v.size()); + stream.writeString(ba); + } + + void vectorToStream(const Botan::secure_vector& v, BinaryStream& stream) + { + QByteArray ba(reinterpret_cast(v.data()), v.size()); + stream.writeString(ba); + } + } // namespace + + bool generateRSA(OpenSSHKey& key, int bits) + { + auto rng = randomGen()->getRng(); + + try { + Botan::RSA_PrivateKey rsaKey(*rng, bits); + + QByteArray publicData; + BinaryStream publicStream(&publicData); + // intentionally flipped n e -> e n + bigIntToStream(rsaKey.get_e(), publicStream); + bigIntToStream(rsaKey.get_n(), publicStream, 1); + + QByteArray privateData; + BinaryStream privateStream(&privateData); + bigIntToStream(rsaKey.get_n(), privateStream, 1); + bigIntToStream(rsaKey.get_e(), privateStream); + bigIntToStream(rsaKey.get_d(), privateStream); + bigIntToStream(rsaKey.get_c(), privateStream, 1); + bigIntToStream(rsaKey.get_p(), privateStream, 1); + bigIntToStream(rsaKey.get_q(), privateStream, 1); + + key.setType("ssh-rsa"); + key.setCheck(randomGen()->randomUInt(std::numeric_limits::max() - 1) + 1); + key.setPublicData(publicData); + key.setPrivateData(privateData); + key.setComment("id_rsa"); + return true; + } catch (std::exception& e) { + return false; + } + } + + bool generateECDSA(OpenSSHKey& key, int bits) + { + auto rng = randomGen()->getRng(); + QString group = QString("nistp%1").arg(bits); + + try { + Botan::EC_Group domain(QString("secp%1r1").arg(bits).toStdString()); + Botan::ECDSA_PrivateKey ecdsaKey(*rng, domain); + + QByteArray publicData; + BinaryStream publicStream(&publicData); + publicStream.writeString(group); + vectorToStream(ecdsaKey.public_key_bits(), publicStream); + + QByteArray privateData; + BinaryStream privateStream(&privateData); + privateStream.writeString(group); + vectorToStream(ecdsaKey.public_key_bits(), privateStream); + bigIntToStream(ecdsaKey.private_value(), privateStream, 1); + + key.setType("ecdsa-sha2-" + group); + key.setCheck(randomGen()->randomUInt(std::numeric_limits::max() - 1) + 1); + key.setPublicData(publicData); + key.setPrivateData(privateData); + key.setComment("id_ecdsa"); + return true; + } catch (std::exception& e) { + return false; + } + } + + bool generateEd25519(OpenSSHKey& key) + { + auto rng = randomGen()->getRng(); + + try { + Botan::Ed25519_PrivateKey ed25519Key(*rng); + + QByteArray publicData; + BinaryStream publicStream(&publicData); + vectorToStream(ed25519Key.get_public_key(), publicStream); + + QByteArray privateData; + BinaryStream privateStream(&privateData); + vectorToStream(ed25519Key.get_public_key(), privateStream); + vectorToStream(ed25519Key.get_private_key(), privateStream); + + key.setType("ssh-ed25519"); + key.setCheck(randomGen()->randomUInt(std::numeric_limits::max() - 1) + 1); + key.setPublicData(publicData); + key.setPrivateData(privateData); + key.setComment("id_ed25519"); + return true; + } catch (std::exception& e) { + return false; + } + } +} // namespace OpenSSHKeyGen diff --git a/src/sshagent/OpenSSHKeyGen.h b/src/sshagent/OpenSSHKeyGen.h new file mode 100644 index 000000000..dfe122ac0 --- /dev/null +++ b/src/sshagent/OpenSSHKeyGen.h @@ -0,0 +1,30 @@ +/* + * Copyright (C) 2021 KeePassXC Team + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 or (at your option) + * version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef KEEPASSXC_OPENSSHKEYGEN_H +#define KEEPASSXC_OPENSSHKEYGEN_H + +class OpenSSHKey; + +namespace OpenSSHKeyGen +{ + bool generateRSA(OpenSSHKey& key, int bits); + bool generateECDSA(OpenSSHKey& key, int bits); + bool generateEd25519(OpenSSHKey& key); +} // namespace OpenSSHKeyGen + +#endif diff --git a/src/sshagent/OpenSSHKeyGenDialog.cpp b/src/sshagent/OpenSSHKeyGenDialog.cpp new file mode 100644 index 000000000..df06879e9 --- /dev/null +++ b/src/sshagent/OpenSSHKeyGenDialog.cpp @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2021 KeePassXC Team + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 or (at your option) + * version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "OpenSSHKeyGenDialog.h" +#include "OpenSSHKey.h" +#include "OpenSSHKeyGen.h" +#include "gui/Icons.h" +#include "ui_OpenSSHKeyGenDialog.h" +#include +#include + +OpenSSHKeyGenDialog::OpenSSHKeyGenDialog(QWidget* parent) + : QDialog(parent) + , m_ui(new Ui::OpenSSHKeyGenDialog()) + , m_key(nullptr) +{ + setAttribute(Qt::WA_DeleteOnClose); + setWindowIcon(icons()->icon("password-generator")); + + m_ui->setupUi(this); + + m_ui->typeComboBox->clear(); + m_ui->typeComboBox->addItem("Ed25519"); + m_ui->typeComboBox->addItem("RSA"); + m_ui->typeComboBox->addItem("ECDSA"); + + QString user = QProcessEnvironment::systemEnvironment().value("USER"); + m_ui->commentLineEdit->setText(user + "@" + QHostInfo::localHostName()); + + connect(m_ui->typeComboBox, SIGNAL(currentIndexChanged(int)), this, SLOT(typeChanged())); + + typeChanged(); +} + +// Required for QScopedPointer +OpenSSHKeyGenDialog::~OpenSSHKeyGenDialog() +{ +} + +void OpenSSHKeyGenDialog::typeChanged() +{ + m_ui->bitsComboBox->clear(); + + if (m_ui->typeComboBox->currentText() == QString("Ed25519")) { + m_ui->bitsComboBox->addItem("32"); + } else if (m_ui->typeComboBox->currentText() == QString("RSA")) { + m_ui->bitsComboBox->addItem("2048"); + m_ui->bitsComboBox->addItem("3072"); + m_ui->bitsComboBox->addItem("4096"); + m_ui->bitsComboBox->setCurrentText("3072"); + } else if (m_ui->typeComboBox->currentText() == QString("ECDSA")) { + m_ui->bitsComboBox->addItem("256"); + m_ui->bitsComboBox->addItem("384"); + m_ui->bitsComboBox->addItem("521"); + m_ui->bitsComboBox->setCurrentText("256"); + } +} + +void OpenSSHKeyGenDialog::accept() +{ + // disable form and try to process this update before blocking in key generation + setEnabled(false); + QCoreApplication::processEvents(); + + int bits = m_ui->bitsComboBox->currentText().toInt(); + + if (m_ui->typeComboBox->currentText() == QString("Ed25519")) { + OpenSSHKeyGen::generateEd25519(*m_key); + } else if (m_ui->typeComboBox->currentText() == QString("RSA")) { + OpenSSHKeyGen::generateRSA(*m_key, bits); + } else if (m_ui->typeComboBox->currentText() == QString("ECDSA")) { + OpenSSHKeyGen::generateECDSA(*m_key, bits); + } else { + reject(); + return; + } + + m_key->setComment(m_ui->commentLineEdit->text()); + QDialog::accept(); +} + +void OpenSSHKeyGenDialog::setKey(OpenSSHKey* key) +{ + m_key = key; +} diff --git a/src/sshagent/OpenSSHKeyGenDialog.h b/src/sshagent/OpenSSHKeyGenDialog.h new file mode 100644 index 000000000..f46a1abe3 --- /dev/null +++ b/src/sshagent/OpenSSHKeyGenDialog.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2021 Team KeePassXC + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 or (at your option) + * version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef KEEPASSXC_OPENSSHKEYGENDIALOG_H +#define KEEPASSXC_OPENSSHKEYGENDIALOG_H + +#include +class OpenSSHKey; + +namespace Ui +{ + class OpenSSHKeyGenDialog; +} + +class OpenSSHKeyGenDialog : public QDialog +{ + Q_OBJECT + +public: + explicit OpenSSHKeyGenDialog(QWidget* parent = nullptr); + ~OpenSSHKeyGenDialog() override; + + void accept() override; + void setKey(OpenSSHKey* key); + +private slots: + void typeChanged(); + +private: + QScopedPointer m_ui; + OpenSSHKey* m_key; +}; + +#endif // KEEPASSXC_OPENSSHKEYGENDIALOG_H diff --git a/src/sshagent/OpenSSHKeyGenDialog.ui b/src/sshagent/OpenSSHKeyGenDialog.ui new file mode 100644 index 000000000..0ab2c1716 --- /dev/null +++ b/src/sshagent/OpenSSHKeyGenDialog.ui @@ -0,0 +1,138 @@ + + + OpenSSHKeyGenDialog + + + + 0 + 0 + 200 + 100 + + + + + 0 + 0 + + + + SSH Key Generator + + + true + + + + + + + 0 + 0 + + + + QComboBox::AdjustToContents + + + + + + + + 0 + 0 + + + + Type + + + + + + + + 0 + 0 + + + + Bits + + + + + + + Comment + + + + + + + + 0 + 0 + + + + QComboBox::AdjustToMinimumContentsLength + + + 4 + + + + + + + + + + Qt::Horizontal + + + QDialogButtonBox::Cancel|QDialogButtonBox::Ok + + + + + + + + + buttonBox + accepted() + OpenSSHKeyGenDialog + accept() + + + 248 + 254 + + + 157 + 274 + + + + + buttonBox + rejected() + OpenSSHKeyGenDialog + reject() + + + 316 + 260 + + + 286 + 274 + + + + + diff --git a/tests/TestOpenSSHKey.cpp b/tests/TestOpenSSHKey.cpp index 1f0053474..a20b248ed 100644 --- a/tests/TestOpenSSHKey.cpp +++ b/tests/TestOpenSSHKey.cpp @@ -254,6 +254,7 @@ void TestOpenSSHKey::testParseRSACompare() QCOMPARE(oldKey.type(), newKey.type()); QCOMPARE(oldKey.fingerprint(), newKey.fingerprint()); QCOMPARE(oldPrivateKey, newPrivateKey); + QCOMPARE(newKeyString, newKey.privateKey()); } void TestOpenSSHKey::testParseECDSA256() @@ -277,6 +278,7 @@ void TestOpenSSHKey::testParseECDSA256() QCOMPARE(key.type(), QString("ecdsa-sha2-nistp256")); QCOMPARE(key.comment(), QString("opensshkey-test-ecdsa256@keepassxc")); QCOMPARE(key.fingerprint(), QString("SHA256:nwwovZmQbBeiR3GZRpK4OWHgCUE7E0wFtCN7Ng7eX5g")); + QCOMPARE(keyString, key.privateKey()); } void TestOpenSSHKey::testParseECDSA384() @@ -302,6 +304,7 @@ void TestOpenSSHKey::testParseECDSA384() QCOMPARE(key.type(), QString("ecdsa-sha2-nistp384")); QCOMPARE(key.comment(), QString("opensshkey-test-ecdsa384@keepassxc")); QCOMPARE(key.fingerprint(), QString("SHA256:B5tLMG976BZ6nyi/oRUmKaTJcaEaFagEjBfOAgru0OY")); + QCOMPARE(keyString, key.privateKey()); } void TestOpenSSHKey::testParseECDSA521() @@ -328,6 +331,7 @@ void TestOpenSSHKey::testParseECDSA521() QCOMPARE(key.type(), QString("ecdsa-sha2-nistp521")); QCOMPARE(key.comment(), QString("opensshkey-test-ecdsa521@keepassxc")); QCOMPARE(key.fingerprint(), QString("SHA256:m3LtA9MtZW8FN0R3vwA0AAI+YtegbggGCy3EGKWya+s")); + QCOMPARE(keyString, key.privateKey()); } void TestOpenSSHKey::testDecryptOpenSSHAES256CBC() @@ -533,6 +537,7 @@ void TestOpenSSHKey::testParseECDSASecurityKey() QCOMPARE(key.type(), QString("sk-ecdsa-sha2-nistp256@openssh.com")); QCOMPARE(key.comment(), QString("opensshkey-test-ecdsa-sk@keepassxc")); QCOMPARE(key.fingerprint(), QString("SHA256:ctOtAsPMqbtumGI41o2oeWfGDah4m1ACILRj+x0gx0E")); + QCOMPARE(keyString, key.privateKey()); } void TestOpenSSHKey::testParseED25519SecurityKey() @@ -557,4 +562,5 @@ void TestOpenSSHKey::testParseED25519SecurityKey() QCOMPARE(key.type(), QString("sk-ssh-ed25519@openssh.com")); QCOMPARE(key.comment(), QString("opensshkey-test-ed25519-sk@keepassxc")); QCOMPARE(key.fingerprint(), QString("SHA256:PGtS5WvbnYmNqFIeRbzO6cVP9GLh8eEzENgkHp02XIA")); + QCOMPARE(keyString, key.privateKey()); } diff --git a/tests/TestSSHAgent.cpp b/tests/TestSSHAgent.cpp index 3acf3352a..092cbb411 100644 --- a/tests/TestSSHAgent.cpp +++ b/tests/TestSSHAgent.cpp @@ -20,6 +20,7 @@ #include "core/Config.h" #include "crypto/Crypto.h" #include "sshagent/KeeAgentSettings.h" +#include "sshagent/OpenSSHKeyGen.h" #include "sshagent/SSHAgent.h" #include @@ -224,6 +225,66 @@ void TestSSHAgent::testToOpenSSHKey() QVERIFY(!key.publicKey().isEmpty()); } +void TestSSHAgent::testKeyGenRSA() +{ + SSHAgent agent; + agent.setEnabled(true); + agent.setAuthSockOverride(m_agentSocketFileName); + + QVERIFY(agent.isAgentRunning()); + + OpenSSHKey key; + KeeAgentSettings settings; + bool keyInAgent; + + QVERIFY(OpenSSHKeyGen::generateRSA(key, 2048)); + + QVERIFY(agent.addIdentity(key, settings, m_uuid)); + QVERIFY(agent.checkIdentity(key, keyInAgent) && keyInAgent); + QVERIFY(agent.removeIdentity(key)); + QVERIFY(agent.checkIdentity(key, keyInAgent) && !keyInAgent); +} + +void TestSSHAgent::testKeyGenECDSA() +{ + SSHAgent agent; + agent.setEnabled(true); + agent.setAuthSockOverride(m_agentSocketFileName); + + QVERIFY(agent.isAgentRunning()); + + OpenSSHKey key; + KeeAgentSettings settings; + bool keyInAgent; + + QVERIFY(OpenSSHKeyGen::generateECDSA(key, 256)); + + QVERIFY(agent.addIdentity(key, settings, m_uuid)); + QVERIFY(agent.checkIdentity(key, keyInAgent) && keyInAgent); + QVERIFY(agent.removeIdentity(key)); + QVERIFY(agent.checkIdentity(key, keyInAgent) && !keyInAgent); +} + +void TestSSHAgent::testKeyGenEd25519() +{ + SSHAgent agent; + agent.setEnabled(true); + agent.setAuthSockOverride(m_agentSocketFileName); + + QVERIFY(agent.isAgentRunning()); + + OpenSSHKey key; + KeeAgentSettings settings; + bool keyInAgent; + + QVERIFY(OpenSSHKeyGen::generateEd25519(key)); + + QVERIFY(agent.addIdentity(key, settings, m_uuid)); + QVERIFY(agent.checkIdentity(key, keyInAgent) && keyInAgent); + QVERIFY(agent.removeIdentity(key)); + QVERIFY(agent.checkIdentity(key, keyInAgent) && !keyInAgent); +} + void TestSSHAgent::cleanupTestCase() { if (m_agentProcess.state() != QProcess::NotRunning) { diff --git a/tests/TestSSHAgent.h b/tests/TestSSHAgent.h index 12c115b23..36b9b2bff 100644 --- a/tests/TestSSHAgent.h +++ b/tests/TestSSHAgent.h @@ -35,6 +35,9 @@ private slots: void testLifetimeConstraint(); void testConfirmConstraint(); void testToOpenSSHKey(); + void testKeyGenRSA(); + void testKeyGenECDSA(); + void testKeyGenEd25519(); void cleanupTestCase(); private: