diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f7616dce6..9e2f44a6d 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -152,6 +152,7 @@ set(keepassx_SOURCES gui/group/EditGroupWidget.cpp gui/group/GroupModel.cpp gui/group/GroupView.cpp + keys/ChallengeResponseKey.h keys/CompositeKey.cpp keys/drivers/YubiKey.h keys/FileKey.cpp diff --git a/src/keys/YkChallengeResponseKey.cpp b/src/keys/YkChallengeResponseKey.cpp index 4c77e7670..ac50a5bba 100644 --- a/src/keys/YkChallengeResponseKey.cpp +++ b/src/keys/YkChallengeResponseKey.cpp @@ -83,7 +83,7 @@ bool YkChallengeResponseKey::challenge(const QByteArray& challenge, unsigned ret } // if challenge failed, retry to detect YubiKeys in the event the YubiKey was un-plugged and re-plugged - if (retries > 0 && YubiKey::instance()->init() != true) { + if (retries > 0 && !YubiKey::instance()->init()) { continue; } diff --git a/src/keys/YkChallengeResponseKey.h b/src/keys/YkChallengeResponseKey.h index 66d821a69..2816602a4 100644 --- a/src/keys/YkChallengeResponseKey.h +++ b/src/keys/YkChallengeResponseKey.h @@ -1,18 +1,18 @@ /* -* Copyright (C) 2017 KeePassXC Team -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation, either version 2 or (at your option) -* version 3 of the License. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program. If not, see . + * Copyright (C) 2017 KeePassXC Team + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 or (at your option) + * version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ #ifndef KEEPASSX_YK_CHALLENGERESPONSEKEY_H diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 3b8ada32d..be4cc6b5b 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -115,7 +115,7 @@ add_unit_test(NAME testkdbx3 SOURCES TestKeePass2Format.cpp FailDevice.cpp TestK add_unit_test(NAME testkdbx4 SOURCES TestKeePass2Format.cpp FailDevice.cpp TestKdbx4.cpp LIBS ${TEST_LIBRARIES}) -add_unit_test(NAME testkeys SOURCES TestKeys.cpp +add_unit_test(NAME testkeys SOURCES TestKeys.cpp mock/MockChallengeResponseKey.cpp LIBS ${TEST_LIBRARIES}) add_unit_test(NAME testgroupmodel SOURCES TestGroupModel.cpp diff --git a/tests/TestKeys.cpp b/tests/TestKeys.cpp index 094a397d7..f39d3aa74 100644 --- a/tests/TestKeys.cpp +++ b/tests/TestKeys.cpp @@ -32,6 +32,7 @@ #include "format/KeePass2Writer.h" #include "keys/FileKey.h" #include "keys/PasswordKey.h" +#include "mock/MockChallengeResponseKey.h" QTEST_GUILESS_MAIN(TestKeys) Q_DECLARE_METATYPE(FileKey::Type); @@ -232,3 +233,85 @@ void TestKeys::benchmarkTransformKey() Q_UNUSED(compositeKey.transform(kdf, result)); }; } + +void TestKeys::testCompositeKeyComponents() +{ + PasswordKey passwordKeyEnc("password"); + FileKey fileKeyEnc; + QString error; + fileKeyEnc.load(QString("%1/%2").arg(QString(KEEPASSX_TEST_DATA_DIR), "FileKeyHashed.key"), &error); + if (!error.isNull()) { + QFAIL(qPrintable(error)); + } + auto challengeResponseKeyEnc = QSharedPointer::create(QByteArray(16, 0x10)); + + CompositeKey compositeKeyEnc; + compositeKeyEnc.addKey(passwordKeyEnc); + compositeKeyEnc.addKey(fileKeyEnc); + compositeKeyEnc.addChallengeResponseKey(challengeResponseKeyEnc); + + QScopedPointer db1(new Database()); + db1->setKey(compositeKeyEnc); + + KeePass2Writer writer; + QBuffer buffer; + buffer.open(QBuffer::ReadWrite); + QVERIFY(writer.writeDatabase(&buffer, db1.data())); + + buffer.seek(0); + QScopedPointer db2; + KeePass2Reader reader; + CompositeKey compositeKeyDec1; + + // try decryption and subsequently add key components until decryption is successful + db2.reset(reader.readDatabase(&buffer, compositeKeyDec1)); + QVERIFY(reader.hasError()); + + compositeKeyDec1.addKey(passwordKeyEnc); + buffer.seek(0); + db2.reset(reader.readDatabase(&buffer, compositeKeyDec1)); + QVERIFY(reader.hasError()); + + compositeKeyDec1.addKey(fileKeyEnc); + buffer.seek(0); + db2.reset(reader.readDatabase(&buffer, compositeKeyDec1)); + QVERIFY(reader.hasError()); + + compositeKeyDec1.addChallengeResponseKey(challengeResponseKeyEnc); + buffer.seek(0); + db2.reset(reader.readDatabase(&buffer, compositeKeyDec1)); + // now we should be able to open the database + if (reader.hasError()) { + QFAIL(qPrintable(reader.errorString())); + } + + // try the same again, but this time with one wrong key component each time + CompositeKey compositeKeyDec2; + compositeKeyDec2.addKey(PasswordKey("wrong password")); + compositeKeyDec2.addKey(fileKeyEnc); + compositeKeyDec2.addChallengeResponseKey(challengeResponseKeyEnc); + buffer.seek(0); + db2.reset(reader.readDatabase(&buffer, compositeKeyDec2)); + QVERIFY(reader.hasError()); + + CompositeKey compositeKeyDec3; + compositeKeyDec3.addKey(passwordKeyEnc); + FileKey fileKeyWrong; + fileKeyWrong.load(QString("%1/%2").arg(QString(KEEPASSX_TEST_DATA_DIR), "FileKeyHashed2.key"), &error); + if (!error.isNull()) { + QFAIL(qPrintable(error)); + } + compositeKeyDec3.addKey(fileKeyWrong); + compositeKeyDec3.addChallengeResponseKey(challengeResponseKeyEnc); + buffer.seek(0); + db2.reset(reader.readDatabase(&buffer, compositeKeyDec3)); + QVERIFY(reader.hasError()); + + CompositeKey compositeKeyDec4; + compositeKeyDec4.addKey(passwordKeyEnc); + compositeKeyDec4.addKey(fileKeyEnc); + compositeKeyDec4.addChallengeResponseKey(QSharedPointer::create(QByteArray(16, 0x20))); + buffer.seek(0); + db2.reset(reader.readDatabase(&buffer, compositeKeyDec4)); + QVERIFY(reader.hasError()); +} diff --git a/tests/TestKeys.h b/tests/TestKeys.h index 237225f8f..1ea53b090 100644 --- a/tests/TestKeys.h +++ b/tests/TestKeys.h @@ -34,6 +34,7 @@ private slots: void testCreateAndOpenFileKey(); void testFileKeyHash(); void testFileKeyError(); + void testCompositeKeyComponents(); void benchmarkTransformKey(); }; diff --git a/tests/data/FileKeyHashed2.key b/tests/data/FileKeyHashed2.key new file mode 100644 index 000000000..46e2ea632 Binary files /dev/null and b/tests/data/FileKeyHashed2.key differ diff --git a/tests/mock/MockChallengeResponseKey.cpp b/tests/mock/MockChallengeResponseKey.cpp new file mode 100644 index 000000000..c88b07fcc --- /dev/null +++ b/tests/mock/MockChallengeResponseKey.cpp @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2018 KeePassXC Team + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 or (at your option) + * version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . +*/ + +#include "MockChallengeResponseKey.h" + +MockChallengeResponseKey::MockChallengeResponseKey(const QByteArray& response) + : m_response(response) +{ +} + +MockChallengeResponseKey::~MockChallengeResponseKey() +{ +} + +QByteArray MockChallengeResponseKey::rawKey() const +{ + return m_response; +} + +bool MockChallengeResponseKey::challenge(const QByteArray& challenge) +{ + Q_UNUSED(challenge); + return true; +} + diff --git a/tests/mock/MockChallengeResponseKey.h b/tests/mock/MockChallengeResponseKey.h new file mode 100644 index 000000000..49963c93c --- /dev/null +++ b/tests/mock/MockChallengeResponseKey.h @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2018 KeePassXC Team + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 or (at your option) + * version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . +*/ + +#ifndef KEEPASSXC_MOCKCHALLENGERESPONSEKEY_H +#define KEEPASSXC_MOCKCHALLENGERESPONSEKEY_H + +#include "keys/ChallengeResponseKey.h" + +/** + * Mock challenge-response key implementation that simply returns the a fixed response. + */ +class MockChallengeResponseKey : public ChallengeResponseKey +{ +public: + explicit MockChallengeResponseKey(const QByteArray& response); + ~MockChallengeResponseKey() override; + QByteArray rawKey() const override; + bool challenge(const QByteArray& challenge) override; + +private: + QByteArray m_response; +}; + +#endif //KEEPASSXC_MOCKCHALLENGERESPONSEKEY_H