diff options
author | Janek Bevendorff <janek@jbev.net> | 2019-10-26 22:34:32 +0300 |
---|---|---|
committer | Janek Bevendorff <janek@jbev.net> | 2019-10-26 22:34:32 +0300 |
commit | 1ab8a9f42c065bd575490ad7f3fa43ce72a59d8a (patch) | |
tree | 06a5119be3a7e3904d26f464a9b3d25e44c818fd /src/keys/drivers/YubiKey.cpp | |
parent | 5d6ef0c47191f1bd9e8ae296920357aeb74e8fd5 (diff) | |
parent | b3d834acb0b90394747bd5e1fb3ba4feeca57a94 (diff) |
Release 2.5.02.5.0
Added
- Add 'Paper Backup' aka 'Export to HTML file' to the 'Database' menu [[#3277](https://github.com/keepassxreboot/keepassxc/pull/3277)]
- Add statistics panel with information about the database (number of entries, number of unique passwords, etc.) to the Database Settings dialog [[#2034](https://github.com/keepassxreboot/keepassxc/issues/2034)]
- Add offline user manual accessible via the 'Help' menu [[#3274](https://github.com/keepassxreboot/keepassxc/issues/3274)]
- Add support for importing 1Password OpVault files [[#2292](https://github.com/keepassxreboot/keepassxc/issues/2292)]
- Implement Freedesktop.org secret storage DBus protocol so that KeePassXC can be used as a vault service by libsecret [[#2726](https://github.com/keepassxreboot/keepassxc/issues/2726)]
- Add support for OnlyKey as an alternative to YubiKeys (requires yubikey-personalization >= 1.20.0) [[#3352](https://github.com/keepassxreboot/keepassxc/issues/3352)]
- Add group sorting feature [[#3282](https://github.com/keepassxreboot/keepassxc/issues/3282)]
- Add feature to download favicons for all entries at once [[#3169](https://github.com/keepassxreboot/keepassxc/issues/3169)]
- Add word case option to passphrase generator [[#3172](https://github.com/keepassxreboot/keepassxc/issues/3172)]
- Add support for RFC6238-compliant TOTP hashes [[#2972](https://github.com/keepassxreboot/keepassxc/issues/2972)]
- Add UNIX man page for main program [[#3665](https://github.com/keepassxreboot/keepassxc/issues/3665)]
- Add 'Monospaced font' option to the notes field [[#3321](https://github.com/keepassxreboot/keepassxc/issues/3321)]
- Add support for key files in auto open [[#3504](https://github.com/keepassxreboot/keepassxc/issues/3504)]
- Add search field for filtering entries in Auto-Type dialog [[#2955](https://github.com/keepassxreboot/keepassxc/issues/2955)]
- Complete usernames based on known usernames from other entries [[#3300](https://github.com/keepassxreboot/keepassxc/issues/3300)]
- Parse hyperlinks in the notes field of the entry preview pane [[#3596](https://github.com/keepassxreboot/keepassxc/issues/3596)]
- Allow abbreviation of field names in entry search [[#3440](https://github.com/keepassxreboot/keepassxc/issues/3440)]
- Allow setting group icons recursively [[#3273](https://github.com/keepassxreboot/keepassxc/issues/3273)]
- Add copy context menu for username and password in Auto-Type dialog [[#3038](https://github.com/keepassxreboot/keepassxc/issues/3038)]
- Drop to background after copying a password to the clipboard [[#3253](https://github.com/keepassxreboot/keepassxc/issues/3253)]
- Add 'Lock databases' entry to tray icon menu [[#2896](https://github.com/keepassxreboot/keepassxc/issues/2896)]
- Add option to minimize window after unlocking [[#3439](https://github.com/keepassxreboot/keepassxc/issues/3439)]
- Add option to minimize window after opening a URL [[#3302](https://github.com/keepassxreboot/keepassxc/issues/3302)]
- Request accessibility permissions for Auto-Type on macOS [[#3624](https://github.com/keepassxreboot/keepassxc/issues/3624)]
- Browser: Add initial support for multiple URLs [[#3558](https://github.com/keepassxreboot/keepassxc/issues/3558)]
- Browser: Add entry-specific browser integration settings [[#3444](https://github.com/keepassxreboot/keepassxc/issues/3444)]
- CLI: Add offline HIBP checker (requires a downloaded HIBP dump) [[#2707](https://github.com/keepassxreboot/keepassxc/issues/2707)]
- CLI: Add 'flatten' option to the 'ls' command [[#3276](https://github.com/keepassxreboot/keepassxc/issues/3276)]
- CLI: Add password generation options to `Add` and `Edit` commands [[#3275](https://github.com/keepassxreboot/keepassxc/issues/3275)]
- CLI: Add XML import [[#3572](https://github.com/keepassxreboot/keepassxc/issues/3572)]
- CLI: Add CSV export to the 'export' command [[#3278](https://github.com/keepassxreboot/keepassxc/issues/3278)]
- CLI: Add `-y --yubikey` option for YubiKey [[#3416](https://github.com/keepassxreboot/keepassxc/issues/3416)]
- CLI: Add `--dry-run` option for merging databases [[#3254](https://github.com/keepassxreboot/keepassxc/issues/3254)]
- CLI: Add group commands (mv, mkdir and rmdir) [[#3313](https://github.com/keepassxreboot/keepassxc/issues/3313)].
- CLI: Add interactive shell mode command `open` [[#3224](https://github.com/keepassxreboot/keepassxc/issues/3224)]
Changed
- Redesign database unlock dialog [ [#3287](https://github.com/keepassxreboot/keepassxc/issues/3287)]
- Rework the entry preview panel [ [#3306](https://github.com/keepassxreboot/keepassxc/issues/3306)]
- Move notes to General tab on Group Preview Panel [[#3336](https://github.com/keepassxreboot/keepassxc/issues/3336)]
- Enable entry actions when editing an entry and cleanup entry context menu [[#3641](https://github.com/keepassxreboot/keepassxc/issues/3641)]
- Improve detection of external database changes [[#2389](https://github.com/keepassxreboot/keepassxc/issues/2389)]
- Warn if user is trying to use a KDBX file as a key file [[#3625](https://github.com/keepassxreboot/keepassxc/issues/3625)]
- Add option to disable KeePassHTTP settings migrations prompt [[#3349](https://github.com/keepassxreboot/keepassxc/issues/3349), [#3344](https://github.com/keepassxreboot/keepassxc/issues/3344)]
- Re-enabled Wayland support (no Auto-Type yet) [[#3520](https://github.com/keepassxreboot/keepassxc/issues/3520), [#3341](https://github.com/keepassxreboot/keepassxc/issues/3341)]
- Add icon to 'Toggle Window' action in tray icon menu [[3244](https://github.com/keepassxreboot/keepassxc/issues/3244)]
- Merge custom data between databases only when necessary [[#3475](https://github.com/keepassxreboot/keepassxc/issues/3475)]
- Improve various file-handling related issues when picking files using the system's file dialog [[#3473](https://github.com/keepassxreboot/keepassxc/issues/3473)]
- Add 'New Entry' context menu when no entries are selected [[#3671](https://github.com/keepassxreboot/keepassxc/issues/3671)]
- Reduce default Argon2 settings from 128 MiB and one thread per CPU core to 64 MiB and two threads to account for lower-spec mobile hardware [ [#3672](https://github.com/keepassxreboot/keepassxc/issues/3672)]
- Browser: Remove unused 'Remember' checkbox for HTTP Basic Auth [[#3371](https://github.com/keepassxreboot/keepassxc/issues/3371)]
- Browser: Show database name when pairing with a new browser [[#3638](https://github.com/keepassxreboot/keepassxc/issues/3638)]
- Browser: Show URL in allow access dialog [[#3639](https://github.com/keepassxreboot/keepassxc/issues/3639)]
- CLI: The password length option `-l` for the CLI commands `Add` and `Edit` is now `-L` [[#3275](https://github.com/keepassxreboot/keepassxc/issues/3275)]
- CLI: The `-u` shorthand for the `--upper` password generation option has been renamed to `-U` [[#3275](https://github.com/keepassxreboot/keepassxc/issues/3275)]
- CLI: Rename command `extract` to `export`. [[#3277](https://github.com/keepassxreboot/keepassxc/issues/3277)]
Fixed
- Improve accessibility for assistive technologies [[#3409](https://github.com/keepassxreboot/keepassxc/issues/3409)]
- Correctly unlock all databases if `--pw-stdin` is provided [[#2916](https://github.com/keepassxreboot/keepassxc/issues/2916)]
- Fix password generator issues with special characters [[#3303](https://github.com/keepassxreboot/keepassxc/issues/3303)]
- Fix KeePassXC interrupting shutdown procedure [[#3666](https://github.com/keepassxreboot/keepassxc/issues/3666)]
- Fix password visibility toggle button state on unlock dialog [[#3312](https://github.com/keepassxreboot/keepassxc/issues/3312)]
- Fix potential data loss if database is reloaded while user is editing an entry [[#3656](https://github.com/keepassxreboot/keepassxc/issues/3656)]
- Fix hard-coded background color in search help popup [[#3001](https://github.com/keepassxreboot/keepassxc/issues/3001)]
- Fix font choice for password preview [[#3425](https://github.com/keepassxreboot/keepassxc/issues/3425)]
- Fix handling of read-only files when autosave is enabled [[#3408](https://github.com/keepassxreboot/keepassxc/issues/3408)]
- Handle symlinks correctly when atomic saves are disabled [[#3463](https://github.com/keepassxreboot/keepassxc/issues/3463)]
- Enable HighDPI icon scaling on Linux [[#3332](https://github.com/keepassxreboot/keepassxc/issues/3332)]
- Make Auto-Type on macOS more robust and remove old Carbon API calls [[#3634](https://github.com/keepassxreboot/keepassxc/issues/3634), [[#3347](https://github.com/keepassxreboot/keepassxc/issues/3347))]
- Hide Share tab if KeePassXC is compiled without KeeShare support and other minor KeeShare improvements [[#3654](https://github.com/keepassxreboot/keepassxc/issues/3654), [[#3291](https://github.com/keepassxreboot/keepassxc/issues/3291), [#3029](https://github.com/keepassxreboot/keepassxc/issues/3029), [#3031](https://github.com/keepassxreboot/keepassxc/issues/3031), [#3236](https://github.com/keepassxreboot/keepassxc/issues/3236)]
- Correctly bring window to the front when clicking tray icon on macOS [[#3576](https://github.com/keepassxreboot/keepassxc/issues/3576)]
- Correct application shortcut created by MSI Installer on Windows [[#3296](https://github.com/keepassxreboot/keepassxc/issues/3296)]
- Fix crash when removing custom data [[#3508](https://github.com/keepassxreboot/keepassxc/issues/3508)]
- Fix placeholder resolution in URLs [[#3281](https://github.com/keepassxreboot/keepassxc/issues/3281)]
- Fix various inconsistencies and platform-dependent compilation bugs [[#3664](https://github.com/keepassxreboot/keepassxc/issues/3664), [#3662](https://github.com/keepassxreboot/keepassxc/issues/3662), [#3660](https://github.com/keepassxreboot/keepassxc/issues/3660), [#3655](https://github.com/keepassxreboot/keepassxc/issues/3655), [#3649](https://github.com/keepassxreboot/keepassxc/issues/3649), [#3417](https://github.com/keepassxreboot/keepassxc/issues/3417), [#3357](https://github.com/keepassxreboot/keepassxc/issues/3357), [#3319](https://github.com/keepassxreboot/keepassxc/issues/3319), [#3318](https://github.com/keepassxreboot/keepassxc/issues/3318), [#3304](https://github.com/keepassxreboot/keepassxc/issues/3304)]
- Browser: Fix potential leaking of entries through the browser integration API if multiple databases are opened [[#3480](https://github.com/keepassxreboot/keepassxc/issues/3480)]
- Browser: Fix password entropy calculation [[#3107](https://github.com/keepassxreboot/keepassxc/issues/3107)]
- Browser: Fix Windows registry settings for portable installation [[#3603](https://github.com/keepassxreboot/keepassxc/issues/3603)]
Diffstat (limited to 'src/keys/drivers/YubiKey.cpp')
-rw-r--r-- | src/keys/drivers/YubiKey.cpp | 83 |
1 files changed, 61 insertions, 22 deletions
diff --git a/src/keys/drivers/YubiKey.cpp b/src/keys/drivers/YubiKey.cpp index b4aa82205..18cf8323a 100644 --- a/src/keys/drivers/YubiKey.cpp +++ b/src/keys/drivers/YubiKey.cpp @@ -20,6 +20,7 @@ #include <ykcore.h> #include <ykdef.h> +#include <ykpers-version.h> #include <ykstatus.h> #include <yubikey.h> @@ -37,6 +38,7 @@ YubiKey::YubiKey() : m_yk_void(nullptr) , m_ykds_void(nullptr) + , m_onlyKey(false) , m_mutex(QMutex::Recursive) { } @@ -75,7 +77,17 @@ bool YubiKey::init() } // TODO: handle multiple attached hardware devices + m_onlyKey = false; m_yk_void = static_cast<void*>(yk_open_first_key()); +#if YKPERS_VERSION_NUMBER >= 0x011400 + // New fuction available in yubikey-personalization version >= 1.20.0 that allows + // selecting device VID/PID (yk_open_key_vid_pid) + if (m_yk == nullptr) { + static const int device_pids[] = {0x60fc}; // OnlyKey PID + m_yk_void = static_cast<void*>(yk_open_key_vid_pid(0x1d50, device_pids, 1, 0)); + m_onlyKey = true; + } +#endif if (m_yk == nullptr) { yk_release(); m_mutex.unlock(); @@ -120,27 +132,17 @@ void YubiKey::detect() { bool found = false; - if (init()) { - YubiKey::ChallengeResult result; - QByteArray rand = randomGen()->randomArray(1); - QByteArray resp; - - // Check slot 1 and 2 for Challenge-Response HMAC capability - for (int i = 1; i <= 2; ++i) { - result = challenge(i, false, rand, resp); - if (result == ALREADY_RUNNING) { - // Try this slot again after waiting - Tools::sleep(300); - result = challenge(i, false, rand, resp); - } - - if (result != ALREADY_RUNNING && result != ERROR) { - emit detected(i, result == WOULDBLOCK); - found = true; - } - // Wait between slots to let the yubikey settle - Tools::sleep(150); + // Check slot 1 and 2 for Challenge-Response HMAC capability + for (int i = 1; i <= 2; ++i) { + QString errorMsg; + bool isBlocking = checkSlotIsBlocking(i, errorMsg); + if (errorMsg.isEmpty()) { + found = true; + emit detected(i, isBlocking); } + + // Wait between slots to let the yubikey settle. + Tools::sleep(150); } if (!found) { @@ -150,6 +152,38 @@ void YubiKey::detect() } } +bool YubiKey::checkSlotIsBlocking(int slot, QString& errorMessage) +{ + if (!init()) { + errorMessage = QString("Could not initialize YubiKey."); + return false; + } + + YubiKey::ChallengeResult result; + QByteArray rand = randomGen()->randomArray(1); + QByteArray resp; + + result = challenge(slot, false, rand, resp); + if (result == ALREADY_RUNNING) { + // Try this slot again after waiting + Tools::sleep(300); + result = challenge(slot, false, rand, resp); + } + + if (result == SUCCESS || result == WOULDBLOCK) { + return result == WOULDBLOCK; + } else if (result == ALREADY_RUNNING) { + errorMessage = QString("YubiKey busy"); + return false; + } else if (result == ERROR) { + errorMessage = QString("YubiKey error"); + return false; + } + + errorMessage = QString("Error while polling YubiKey"); + return false; +} + bool YubiKey::getSerial(unsigned int& serial) { m_mutex.lock(); @@ -163,6 +197,11 @@ bool YubiKey::getSerial(unsigned int& serial) return true; } +QString YubiKey::getVendorName() +{ + return m_onlyKey ? "OnlyKey" : "YubiKey"; +} + YubiKey::ChallengeResult YubiKey::challenge(int slot, bool mayBlock, const QByteArray& challenge, QByteArray& response) { // ensure that YubiKey::init() succeeded @@ -173,14 +212,14 @@ YubiKey::ChallengeResult YubiKey::challenge(int slot, bool mayBlock, const QByte int yk_cmd = (slot == 1) ? SLOT_CHAL_HMAC1 : SLOT_CHAL_HMAC2; QByteArray paddedChallenge = challenge; - // yk_challenge_response() insists on 64 byte response buffer */ + // yk_challenge_response() insists on 64 bytes response buffer */ response.clear(); response.resize(64); /* The challenge sent to the yubikey should always be 64 bytes for * compatibility with all configurations. Follow PKCS7 padding. * - * There is some question whether or not 64 byte fixed length + * There is some question whether or not 64 bytes fixed length * configurations even work, some docs say avoid it. */ const int padLen = 64 - paddedChallenge.size(); |