mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-04-06 05:57:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

YubiKey: Fix database locking

Browse source 
* Save the master seed upon first challenge so it can be used as a
  challenge at a later point.
* When verifyKey() is called, verify that the challenge is successful.
* Uncheck YubiKey box to not leak information about how the database is
  protected.

Signed-off-by: Kyle Manna <kyle@kylemanna.com>
This commit is contained in:
Kyle Manna 2014-09-07 16:43:04 -07:00
parent 77cc99acd3
commit 951fa96848
3 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/core/Database.cpp
View file

@ -183,6 +183,7 @@ QByteArray Database::challengeResponseKey() const
bool Database::challengeMasterSeed(const QByteArray& masterSeed)
{
m_data.masterSeed = masterSeed;
return m_data.key.challenge(masterSeed, m_data.challengeResponseKey);
}
@ -256,6 +257,22 @@ bool Database::verifyKey(const CompositeKey& key) const
{
Q_ASSERT(hasKey());
/* If the database has challenge response keys, then the the verification
* key better as well */
if (!m_data.challengeResponseKey.isEmpty()) {
QByteArray result;
if (!key.challenge(m_data.masterSeed, result)) {
/* Challenge failed, (YubiKey?) removed? */
return false;
}
if (m_data.challengeResponseKey != result) {
/* Wrong response from challenged device(s) */
return false;
}
}
return (m_data.key.rawKey() == key.rawKey());
}