From c663b5d5fcc3ed9f5af8d6e5e7fdf1e99f4a2c58 Mon Sep 17 00:00:00 2001 From: Jonathan White Date: Tue, 7 Jan 2020 22:06:31 -0500 Subject: Add braces around single line statements * Ran clang-tidy with "readability-braces-around-statements" to find missing braces around statements. --- tests/TestYkChallengeResponseKey.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'tests/TestYkChallengeResponseKey.cpp') diff --git a/tests/TestYkChallengeResponseKey.cpp b/tests/TestYkChallengeResponseKey.cpp index 0d6f9b5c3..a4dd76270 100644 --- a/tests/TestYkChallengeResponseKey.cpp +++ b/tests/TestYkChallengeResponseKey.cpp @@ -84,12 +84,14 @@ void TestYubiKeyChalResp::ykDetected(int slot, bool blocking) { Q_UNUSED(blocking); - if (slot > 0) + if (slot > 0) { m_detected++; + } /* Key used for later testing */ - if (!m_key) + if (!m_key) { m_key.reset(new YkChallengeResponseKey(slot, blocking)); + } } void TestYubiKeyChalResp::deinit() -- cgit v1.2.3 From 51429810189cf17501b925712920f9340ec4f4d1 Mon Sep 17 00:00:00 2001 From: Jonathan White Date: Mon, 6 Apr 2020 08:42:20 -0400 Subject: Significantly enhance hardware key robustness * Significantly improve user experience when using hardware keys on databases in both GUI and CLI modes. Prevent locking up the YubiKey USB interface for prolonged periods of time. Allows for other apps to use the key concurrently with KeePassXC. * Improve messages displayed to user when finding keys and when user interaction is required. Output specific error messages when handling hardware keys during database read/write. * Only poll for keys when previously used or upon user request. Prevent continuously polling keys when accessing the UI such as switching tabs and minimize/maximize. * Add support for using multiple hardware keys simultaneously. Keys are identified by their serial number which prevents using the wrong key during open and save operations. * Fixes #4400 * Fixes #4065 * Fixes #1050 * Fixes #1215 * Fixes #3087 * Fixes #1088 * Fixes #1869 --- tests/TestYkChallengeResponseKey.cpp | 106 ++++++++++++++++------------------- 1 file changed, 49 insertions(+), 57 deletions(-) (limited to 'tests/TestYkChallengeResponseKey.cpp') diff --git a/tests/TestYkChallengeResponseKey.cpp b/tests/TestYkChallengeResponseKey.cpp index a4dd76270..05161544b 100644 --- a/tests/TestYkChallengeResponseKey.cpp +++ b/tests/TestYkChallengeResponseKey.cpp @@ -19,82 +19,74 @@ #include "TestYkChallengeResponseKey.h" #include "TestGlobal.h" + +#include "core/Tools.h" #include "crypto/Crypto.h" +#include "keys/YkChallengeResponseKey.h" -#include +#include +#include -QTEST_GUILESS_MAIN(TestYubiKeyChalResp) +QTEST_GUILESS_MAIN(TestYubiKeyChallengeResponse) -void TestYubiKeyChalResp::initTestCase() +void TestYubiKeyChallengeResponse::initTestCase() { // crypto subsystem needs to be initialized for YubiKey testing QVERIFY(Crypto::init()); -} -void TestYubiKeyChalResp::init() -{ - if (!YubiKey::instance()->init()) { - QSKIP("Unable to connect to YubiKey"); + if (!YubiKey::instance()->isInitialized()) { + QSKIP("Unable to initialize YubiKey interface."); } } -void TestYubiKeyChalResp::detectDevices() -{ - connect(YubiKey::instance(), SIGNAL(detected(int, bool)), SLOT(ykDetected(int, bool)), Qt::QueuedConnection); - QtConcurrent::run(YubiKey::instance(), &YubiKey::detect); - - // need to wait for the hardware (that's hopefully plugged in)... - QTest::qWait(2000); - QVERIFY2(m_detected > 0, "Is a YubiKey attached?"); -} - -void TestYubiKeyChalResp::getSerial() -{ - unsigned int serial; - QVERIFY(YubiKey::instance()->getSerial(serial)); -} - -void TestYubiKeyChalResp::keyGetName() -{ - QVERIFY(m_key); - QVERIFY(m_key->getName().length() > 0); -} - -void TestYubiKeyChalResp::keyIssueChallenge() +void TestYubiKeyChallengeResponse::testDetectDevices() { - QVERIFY(m_key); - if (m_key->isBlocking()) { - /* Testing active mode in unit tests is unreasonable */ - QSKIP("YubiKey not in passive mode", SkipSingle); + YubiKey::instance()->findValidKeys(); + + // Wait for the hardware to respond + QSignalSpy detected(YubiKey::instance(), SIGNAL(detectComplete(bool))); + QTRY_VERIFY_WITH_TIMEOUT(detected.count() > 0, 2000); + + // Look at the information retrieved from the key(s) + for (auto key : YubiKey::instance()->foundKeys()) { + auto displayName = YubiKey::instance()->getDisplayName(key); + QVERIFY(displayName.contains("Challenge Response - Slot") || displayName.contains("Configured Slot -")); + QVERIFY(displayName.contains(QString::number(key.first))); + QVERIFY(displayName.contains(QString::number(key.second))); } - - QByteArray ba("UnitTest"); - QVERIFY(m_key->challenge(ba)); - - /* TODO Determine if it's reasonable to provide a fixed secret key for - * verification testing. Obviously simple technically, but annoying - * if devs need to re-program their yubikeys or have a spare test key - * for unit tests to pass. - * - * Might be worth it for integrity verification though. - */ } -void TestYubiKeyChalResp::ykDetected(int slot, bool blocking) +/** + * Secret key for the YubiKey slot used by the unit test is + * 1c e3 0f d7 8d 20 dc fa 40 b5 0c 18 77 9a fb 0f 02 28 8d b7 + * This secret can be on either slot but must be passive. + */ +void TestYubiKeyChallengeResponse::testKeyChallenge() { - Q_UNUSED(blocking); + auto keys = YubiKey::instance()->foundKeys(); + if (keys.isEmpty()) { + QSKIP("No YubiKey devices were detected."); + } - if (slot > 0) { - m_detected++; + // Find a key that is configured in passive mode + bool wouldBlock = false; + YubiKeySlot pKey(0, 0); + for (auto key : keys) { + if (YubiKey::instance()->testChallenge(key, &wouldBlock) && !wouldBlock) { + pKey = key; + break; + } + Tools::wait(100); } - /* Key used for later testing */ - if (!m_key) { - m_key.reset(new YkChallengeResponseKey(slot, blocking)); + if (pKey.first == 0) { + /* Testing active mode in unit tests is unreasonable */ + QSKIP("No YubiKey contains a slot in passive mode."); } -} -void TestYubiKeyChalResp::deinit() -{ - QVERIFY(YubiKey::instance()->deinit()); + QScopedPointer key(new YkChallengeResponseKey(pKey)); + + QByteArray ba("UnitTest"); + QVERIFY(key->challenge(ba)); + QCOMPARE(key->rawKey().size(), 20); } -- cgit v1.2.3