Release 2.5.02.5.0

Added - Add 'Paper Backup' aka 'Export to HTML file' to the 'Database' menu [[#3277](https://github.com/keepassxreboot/keepassxc/pull/3277)] - Add statistics panel with information about the database (number of entries, number of unique passwords, etc.) to the Database Settings dialog [[#2034](https://github.com/keepassxreboot/keepassxc/issues/2034)] - Add offline user manual accessible via the 'Help' menu [[#3274](https://github.com/keepassxreboot/keepassxc/issues/3274)] - Add support for importing 1Password OpVault files [[#2292](https://github.com/keepassxreboot/keepassxc/issues/2292)] - Implement Freedesktop.org secret storage DBus protocol so that KeePassXC can be used as a vault service by libsecret [[#2726](https://github.com/keepassxreboot/keepassxc/issues/2726)] - Add support for OnlyKey as an alternative to YubiKeys (requires yubikey-personalization >= 1.20.0) [[#3352](https://github.com/keepassxreboot/keepassxc/issues/3352)] - Add group sorting feature [[#3282](https://github.com/keepassxreboot/keepassxc/issues/3282)] - Add feature to download favicons for all entries at once [[#3169](https://github.com/keepassxreboot/keepassxc/issues/3169)] - Add word case option to passphrase generator [[#3172](https://github.com/keepassxreboot/keepassxc/issues/3172)] - Add support for RFC6238-compliant TOTP hashes [[#2972](https://github.com/keepassxreboot/keepassxc/issues/2972)] - Add UNIX man page for main program [[#3665](https://github.com/keepassxreboot/keepassxc/issues/3665)] - Add 'Monospaced font' option to the notes field [[#3321](https://github.com/keepassxreboot/keepassxc/issues/3321)] - Add support for key files in auto open [[#3504](https://github.com/keepassxreboot/keepassxc/issues/3504)] - Add search field for filtering entries in Auto-Type dialog [[#2955](https://github.com/keepassxreboot/keepassxc/issues/2955)] - Complete usernames based on known usernames from other entries [[#3300](https://github.com/keepassxreboot/keepassxc/issues/3300)] - Parse hyperlinks in the notes field of the entry preview pane [[#3596](https://github.com/keepassxreboot/keepassxc/issues/3596)] - Allow abbreviation of field names in entry search [[#3440](https://github.com/keepassxreboot/keepassxc/issues/3440)] - Allow setting group icons recursively [[#3273](https://github.com/keepassxreboot/keepassxc/issues/3273)] - Add copy context menu for username and password in Auto-Type dialog [[#3038](https://github.com/keepassxreboot/keepassxc/issues/3038)] - Drop to background after copying a password to the clipboard [[#3253](https://github.com/keepassxreboot/keepassxc/issues/3253)] - Add 'Lock databases' entry to tray icon menu [[#2896](https://github.com/keepassxreboot/keepassxc/issues/2896)] - Add option to minimize window after unlocking [[#3439](https://github.com/keepassxreboot/keepassxc/issues/3439)] - Add option to minimize window after opening a URL [[#3302](https://github.com/keepassxreboot/keepassxc/issues/3302)] - Request accessibility permissions for Auto-Type on macOS [[#3624](https://github.com/keepassxreboot/keepassxc/issues/3624)] - Browser: Add initial support for multiple URLs [[#3558](https://github.com/keepassxreboot/keepassxc/issues/3558)] - Browser: Add entry-specific browser integration settings [[#3444](https://github.com/keepassxreboot/keepassxc/issues/3444)] - CLI: Add offline HIBP checker (requires a downloaded HIBP dump) [[#2707](https://github.com/keepassxreboot/keepassxc/issues/2707)] - CLI: Add 'flatten' option to the 'ls' command [[#3276](https://github.com/keepassxreboot/keepassxc/issues/3276)] - CLI: Add password generation options to `Add` and `Edit` commands [[#3275](https://github.com/keepassxreboot/keepassxc/issues/3275)] - CLI: Add XML import [[#3572](https://github.com/keepassxreboot/keepassxc/issues/3572)] - CLI: Add CSV export to the 'export' command [[#3278](https://github.com/keepassxreboot/keepassxc/issues/3278)] - CLI: Add `-y --yubikey` option for YubiKey [[#3416](https://github.com/keepassxreboot/keepassxc/issues/3416)] - CLI: Add `--dry-run` option for merging databases [[#3254](https://github.com/keepassxreboot/keepassxc/issues/3254)] - CLI: Add group commands (mv, mkdir and rmdir) [[#3313](https://github.com/keepassxreboot/keepassxc/issues/3313)]. - CLI: Add interactive shell mode command `open` [[#3224](https://github.com/keepassxreboot/keepassxc/issues/3224)] Changed - Redesign database unlock dialog [ [#3287](https://github.com/keepassxreboot/keepassxc/issues/3287)] - Rework the entry preview panel [ [#3306](https://github.com/keepassxreboot/keepassxc/issues/3306)] - Move notes to General tab on Group Preview Panel [[#3336](https://github.com/keepassxreboot/keepassxc/issues/3336)] - Enable entry actions when editing an entry and cleanup entry context menu [[#3641](https://github.com/keepassxreboot/keepassxc/issues/3641)] - Improve detection of external database changes [[#2389](https://github.com/keepassxreboot/keepassxc/issues/2389)] - Warn if user is trying to use a KDBX file as a key file [[#3625](https://github.com/keepassxreboot/keepassxc/issues/3625)] - Add option to disable KeePassHTTP settings migrations prompt [[#3349](https://github.com/keepassxreboot/keepassxc/issues/3349), [#3344](https://github.com/keepassxreboot/keepassxc/issues/3344)] - Re-enabled Wayland support (no Auto-Type yet) [[#3520](https://github.com/keepassxreboot/keepassxc/issues/3520), [#3341](https://github.com/keepassxreboot/keepassxc/issues/3341)] - Add icon to 'Toggle Window' action in tray icon menu [[3244](https://github.com/keepassxreboot/keepassxc/issues/3244)] - Merge custom data between databases only when necessary [[#3475](https://github.com/keepassxreboot/keepassxc/issues/3475)] - Improve various file-handling related issues when picking files using the system's file dialog [[#3473](https://github.com/keepassxreboot/keepassxc/issues/3473)] - Add 'New Entry' context menu when no entries are selected [[#3671](https://github.com/keepassxreboot/keepassxc/issues/3671)] - Reduce default Argon2 settings from 128 MiB and one thread per CPU core to 64 MiB and two threads to account for lower-spec mobile hardware [ [#3672](https://github.com/keepassxreboot/keepassxc/issues/3672)] - Browser: Remove unused 'Remember' checkbox for HTTP Basic Auth [[#3371](https://github.com/keepassxreboot/keepassxc/issues/3371)] - Browser: Show database name when pairing with a new browser [[#3638](https://github.com/keepassxreboot/keepassxc/issues/3638)] - Browser: Show URL in allow access dialog [[#3639](https://github.com/keepassxreboot/keepassxc/issues/3639)] - CLI: The password length option `-l` for the CLI commands `Add` and `Edit` is now `-L` [[#3275](https://github.com/keepassxreboot/keepassxc/issues/3275)] - CLI: The `-u` shorthand for the `--upper` password generation option has been renamed to `-U` [[#3275](https://github.com/keepassxreboot/keepassxc/issues/3275)] - CLI: Rename command `extract` to `export`. [[#3277](https://github.com/keepassxreboot/keepassxc/issues/3277)] Fixed - Improve accessibility for assistive technologies [[#3409](https://github.com/keepassxreboot/keepassxc/issues/3409)] - Correctly unlock all databases if `--pw-stdin` is provided [[#2916](https://github.com/keepassxreboot/keepassxc/issues/2916)] - Fix password generator issues with special characters [[#3303](https://github.com/keepassxreboot/keepassxc/issues/3303)] - Fix KeePassXC interrupting shutdown procedure [[#3666](https://github.com/keepassxreboot/keepassxc/issues/3666)] - Fix password visibility toggle button state on unlock dialog [[#3312](https://github.com/keepassxreboot/keepassxc/issues/3312)] - Fix potential data loss if database is reloaded while user is editing an entry [[#3656](https://github.com/keepassxreboot/keepassxc/issues/3656)] - Fix hard-coded background color in search help popup [[#3001](https://github.com/keepassxreboot/keepassxc/issues/3001)] - Fix font choice for password preview [[#3425](https://github.com/keepassxreboot/keepassxc/issues/3425)] - Fix handling of read-only files when autosave is enabled [[#3408](https://github.com/keepassxreboot/keepassxc/issues/3408)] - Handle symlinks correctly when atomic saves are disabled [[#3463](https://github.com/keepassxreboot/keepassxc/issues/3463)] - Enable HighDPI icon scaling on Linux [[#3332](https://github.com/keepassxreboot/keepassxc/issues/3332)] - Make Auto-Type on macOS more robust and remove old Carbon API calls [[#3634](https://github.com/keepassxreboot/keepassxc/issues/3634), [[#3347](https://github.com/keepassxreboot/keepassxc/issues/3347))] - Hide Share tab if KeePassXC is compiled without KeeShare support and other minor KeeShare improvements [[#3654](https://github.com/keepassxreboot/keepassxc/issues/3654), [[#3291](https://github.com/keepassxreboot/keepassxc/issues/3291), [#3029](https://github.com/keepassxreboot/keepassxc/issues/3029), [#3031](https://github.com/keepassxreboot/keepassxc/issues/3031), [#3236](https://github.com/keepassxreboot/keepassxc/issues/3236)] - Correctly bring window to the front when clicking tray icon on macOS [[#3576](https://github.com/keepassxreboot/keepassxc/issues/3576)] - Correct application shortcut created by MSI Installer on Windows [[#3296](https://github.com/keepassxreboot/keepassxc/issues/3296)] - Fix crash when removing custom data [[#3508](https://github.com/keepassxreboot/keepassxc/issues/3508)] - Fix placeholder resolution in URLs [[#3281](https://github.com/keepassxreboot/keepassxc/issues/3281)] - Fix various inconsistencies and platform-dependent compilation bugs [[#3664](https://github.com/keepassxreboot/keepassxc/issues/3664), [#3662](https://github.com/keepassxreboot/keepassxc/issues/3662), [#3660](https://github.com/keepassxreboot/keepassxc/issues/3660), [#3655](https://github.com/keepassxreboot/keepassxc/issues/3655), [#3649](https://github.com/keepassxreboot/keepassxc/issues/3649), [#3417](https://github.com/keepassxreboot/keepassxc/issues/3417), [#3357](https://github.com/keepassxreboot/keepassxc/issues/3357), [#3319](https://github.com/keepassxreboot/keepassxc/issues/3319), [#3318](https://github.com/keepassxreboot/keepassxc/issues/3318), [#3304](https://github.com/keepassxreboot/keepassxc/issues/3304)] - Browser: Fix potential leaking of entries through the browser integration API if multiple databases are opened [[#3480](https://github.com/keepassxreboot/keepassxc/issues/3480)] - Browser: Fix password entropy calculation [[#3107](https://github.com/keepassxreboot/keepassxc/issues/3107)] - Browser: Fix Windows registry settings for portable installation [[#3603](https://github.com/keepassxreboot/keepassxc/issues/3603)]
author: Janek Bevendorff <janek@jbev.net> 2019-10-26 22:34:32 +0300
committer: Janek Bevendorff <janek@jbev.net> 2019-10-26 22:34:32 +0300
commit: 1ab8a9f42c065bd575490ad7f3fa43ce72a59d8a (patch)
tree: 06a5119be3a7e3904d26f464a9b3d25e44c818fd /src/keys/drivers/YubiKey.cpp
parent: 5d6ef0c47191f1bd9e8ae296920357aeb74e8fd5 (diff)
parent: b3d834acb0b90394747bd5e1fb3ba4feeca57a94 (diff)
1 files changed, 61 insertions, 22 deletions
diff --git a/src/keys/drivers/YubiKey.cpp b/src/keys/drivers/YubiKey.cpp
index b4aa82205..18cf8323a 100644
--- a/src/keys/drivers/YubiKey.cpp
+++ b/src/keys/drivers/YubiKey.cpp
@@ -20,6 +20,7 @@
 
 #include <ykcore.h>
 #include <ykdef.h>
+#include <ykpers-version.h>
 #include <ykstatus.h>
 #include <yubikey.h>
 
@@ -37,6 +38,7 @@
 YubiKey::YubiKey()
     : m_yk_void(nullptr)
     , m_ykds_void(nullptr)
+    , m_onlyKey(false)
     , m_mutex(QMutex::Recursive)
 {
 }
@@ -75,7 +77,17 @@ bool YubiKey::init()
     }
 
     // TODO: handle multiple attached hardware devices
+    m_onlyKey = false;
     m_yk_void = static_cast<void*>(yk_open_first_key());
+#if YKPERS_VERSION_NUMBER >= 0x011400
+    // New fuction available in yubikey-personalization version >= 1.20.0 that allows
+    // selecting device VID/PID (yk_open_key_vid_pid)
+    if (m_yk == nullptr) {
+        static const int device_pids[] = {0x60fc}; // OnlyKey PID
+        m_yk_void = static_cast<void*>(yk_open_key_vid_pid(0x1d50, device_pids, 1, 0));
+        m_onlyKey = true;
+    }
+#endif
     if (m_yk == nullptr) {
         yk_release();
         m_mutex.unlock();
@@ -120,27 +132,17 @@ void YubiKey::detect()
 {
     bool found = false;
 
-    if (init()) {
-        YubiKey::ChallengeResult result;
-        QByteArray rand = randomGen()->randomArray(1);
-        QByteArray resp;
-
-        // Check slot 1 and 2 for Challenge-Response HMAC capability
-        for (int i = 1; i <= 2; ++i) {
-            result = challenge(i, false, rand, resp);
-            if (result == ALREADY_RUNNING) {
-                // Try this slot again after waiting
-                Tools::sleep(300);
-                result = challenge(i, false, rand, resp);
-            }
-
-            if (result != ALREADY_RUNNING && result != ERROR) {
-                emit detected(i, result == WOULDBLOCK);
-                found = true;
-            }
-            // Wait between slots to let the yubikey settle
-            Tools::sleep(150);
+    // Check slot 1 and 2 for Challenge-Response HMAC capability
+    for (int i = 1; i <= 2; ++i) {
+        QString errorMsg;
+        bool isBlocking = checkSlotIsBlocking(i, errorMsg);
+        if (errorMsg.isEmpty()) {
+            found = true;
+            emit detected(i, isBlocking);
         }
+
+        // Wait between slots to let the yubikey settle.
+        Tools::sleep(150);
     }
 
     if (!found) {
@@ -150,6 +152,38 @@ void YubiKey::detect()
     }
 }
 
+bool YubiKey::checkSlotIsBlocking(int slot, QString& errorMessage)
+{
+    if (!init()) {
+        errorMessage = QString("Could not initialize YubiKey.");
+        return false;
+    }
+
+    YubiKey::ChallengeResult result;
+    QByteArray rand = randomGen()->randomArray(1);
+    QByteArray resp;
+
+    result = challenge(slot, false, rand, resp);
+    if (result == ALREADY_RUNNING) {
+        // Try this slot again after waiting
+        Tools::sleep(300);
+        result = challenge(slot, false, rand, resp);
+    }
+
+    if (result == SUCCESS || result == WOULDBLOCK) {
+        return result == WOULDBLOCK;
+    } else if (result == ALREADY_RUNNING) {
+        errorMessage = QString("YubiKey busy");
+        return false;
+    } else if (result == ERROR) {
+        errorMessage = QString("YubiKey error");
+        return false;
+    }
+
+    errorMessage = QString("Error while polling YubiKey");
+    return false;
+}
+
 bool YubiKey::getSerial(unsigned int& serial)
 {
     m_mutex.lock();
@@ -163,6 +197,11 @@ bool YubiKey::getSerial(unsigned int& serial)
     return true;
 }
 
+QString YubiKey::getVendorName()
+{
+    return m_onlyKey ? "OnlyKey" : "YubiKey";
+}
+
 YubiKey::ChallengeResult YubiKey::challenge(int slot, bool mayBlock, const QByteArray& challenge, QByteArray& response)
 {
     // ensure that YubiKey::init() succeeded
@@ -173,14 +212,14 @@ YubiKey::ChallengeResult YubiKey::challenge(int slot, bool mayBlock, const QByte
     int yk_cmd = (slot == 1) ? SLOT_CHAL_HMAC1 : SLOT_CHAL_HMAC2;
     QByteArray paddedChallenge = challenge;
 
-    // yk_challenge_response() insists on 64 byte response buffer */
+    // yk_challenge_response() insists on 64 bytes response buffer */
     response.clear();
     response.resize(64);
 
     /* The challenge sent to the yubikey should always be 64 bytes for
      * compatibility with all configurations.  Follow PKCS7 padding.
      *
-     * There is some question whether or not 64 byte fixed length
+     * There is some question whether or not 64 bytes fixed length
      * configurations even work, some docs say avoid it.
      */
     const int padLen = 64 - paddedChallenge.size();
author	Janek Bevendorff <janek@jbev.net>	2019-10-26 22:34:32 +0300
committer	Janek Bevendorff <janek@jbev.net>	2019-10-26 22:34:32 +0300
commit	1ab8a9f42c065bd575490ad7f3fa43ce72a59d8a (patch)
tree	06a5119be3a7e3904d26f464a9b3d25e44c818fd /src/keys/drivers/YubiKey.cpp
parent	5d6ef0c47191f1bd9e8ae296920357aeb74e8fd5 (diff)
parent	b3d834acb0b90394747bd5e1fb3ba4feeca57a94 (diff)