Add MockChallengeResponseKey and additional composite key component test

2024-09-19 20:02:18 +02:00 · 2018-03-01 20:07:19 +01:00 · 2018-03-01 20:07:19 +01:00 · e6c19fdcb1
commit e6c19fdcb1
parent 6f6a63f5e9
9 changed files with 178 additions and 16 deletions
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -152,6 +152,7 @@ set(keepassx_SOURCES
    gui/group/EditGroupWidget.cpp
    gui/group/GroupModel.cpp
    gui/group/GroupView.cpp
+    keys/ChallengeResponseKey.h
    keys/CompositeKey.cpp
    keys/drivers/YubiKey.h
    keys/FileKey.cpp
--- a/src/keys/YkChallengeResponseKey.cpp
+++ b/src/keys/YkChallengeResponseKey.cpp
@ -83,7 +83,7 @@ bool YkChallengeResponseKey::challenge(const QByteArray& challenge, unsigned ret
        }

        // if challenge failed, retry to detect YubiKeys in the event the YubiKey was un-plugged and re-plugged
-        if (retries > 0 && YubiKey::instance()->init() != true) {
+        if (retries > 0 && !YubiKey::instance()->init()) {
            continue;
        }

--- a/src/keys/YkChallengeResponseKey.h
+++ b/src/keys/YkChallengeResponseKey.h
@ -1,18 +1,18 @@
 /*
-*  Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
-*
-*  This program is free software: you can redistribute it and/or modify
-*  it under the terms of the GNU General Public License as published by
-*  the Free Software Foundation, either version 2 or (at your option)
-*  version 3 of the License.
-*
-*  This program is distributed in the hope that it will be useful,
-*  but WITHOUT ANY WARRANTY; without even the implied warranty of
-*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-*  GNU General Public License for more details.
-*
-*  You should have received a copy of the GNU General Public License
-*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *  Copyright (C) 2017 KeePassXC Team <team@keepassxc.org>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 or (at your option)
+ *  version 3 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

 #ifndef KEEPASSX_YK_CHALLENGERESPONSEKEY_H
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@ -115,7 +115,7 @@ add_unit_test(NAME testkdbx3 SOURCES TestKeePass2Format.cpp FailDevice.cpp TestK
 add_unit_test(NAME testkdbx4 SOURCES TestKeePass2Format.cpp FailDevice.cpp TestKdbx4.cpp
        LIBS ${TEST_LIBRARIES})

-add_unit_test(NAME testkeys SOURCES TestKeys.cpp
+add_unit_test(NAME testkeys SOURCES TestKeys.cpp mock/MockChallengeResponseKey.cpp
        LIBS ${TEST_LIBRARIES})

 add_unit_test(NAME testgroupmodel SOURCES TestGroupModel.cpp
--- a/tests/TestKeys.cpp
+++ b/tests/TestKeys.cpp
@ -32,6 +32,7 @@
 #include "format/KeePass2Writer.h"
 #include "keys/FileKey.h"
 #include "keys/PasswordKey.h"
+#include "mock/MockChallengeResponseKey.h"

 QTEST_GUILESS_MAIN(TestKeys)
 Q_DECLARE_METATYPE(FileKey::Type);
@ -232,3 +233,85 @@ void TestKeys::benchmarkTransformKey()
        Q_UNUSED(compositeKey.transform(kdf, result));
    };
 }
+
+void TestKeys::testCompositeKeyComponents()
+{
+    PasswordKey passwordKeyEnc("password");
+    FileKey fileKeyEnc;
+    QString error;
+    fileKeyEnc.load(QString("%1/%2").arg(QString(KEEPASSX_TEST_DATA_DIR), "FileKeyHashed.key"), &error);
+    if (!error.isNull()) {
+        QFAIL(qPrintable(error));
+    }
+    auto challengeResponseKeyEnc = QSharedPointer<MockChallengeResponseKey>::create(QByteArray(16, 0x10));
+
+    CompositeKey compositeKeyEnc;
+    compositeKeyEnc.addKey(passwordKeyEnc);
+    compositeKeyEnc.addKey(fileKeyEnc);
+    compositeKeyEnc.addChallengeResponseKey(challengeResponseKeyEnc);
+
+    QScopedPointer<Database> db1(new Database());
+    db1->setKey(compositeKeyEnc);
+
+    KeePass2Writer writer;
+    QBuffer buffer;
+    buffer.open(QBuffer::ReadWrite);
+    QVERIFY(writer.writeDatabase(&buffer, db1.data()));
+
+    buffer.seek(0);
+    QScopedPointer<Database> db2;
+    KeePass2Reader reader;
+    CompositeKey compositeKeyDec1;
+
+    // try decryption and subsequently add key components until decryption is successful
+    db2.reset(reader.readDatabase(&buffer, compositeKeyDec1));
+    QVERIFY(reader.hasError());
+
+    compositeKeyDec1.addKey(passwordKeyEnc);
+    buffer.seek(0);
+    db2.reset(reader.readDatabase(&buffer, compositeKeyDec1));
+    QVERIFY(reader.hasError());
+
+    compositeKeyDec1.addKey(fileKeyEnc);
+    buffer.seek(0);
+    db2.reset(reader.readDatabase(&buffer, compositeKeyDec1));
+    QVERIFY(reader.hasError());
+
+    compositeKeyDec1.addChallengeResponseKey(challengeResponseKeyEnc);
+    buffer.seek(0);
+    db2.reset(reader.readDatabase(&buffer, compositeKeyDec1));
+    // now we should be able to open the database
+    if (reader.hasError()) {
+        QFAIL(qPrintable(reader.errorString()));
+    }
+
+    // try the same again, but this time with one wrong key component each time
+    CompositeKey compositeKeyDec2;
+    compositeKeyDec2.addKey(PasswordKey("wrong password"));
+    compositeKeyDec2.addKey(fileKeyEnc);
+    compositeKeyDec2.addChallengeResponseKey(challengeResponseKeyEnc);
+    buffer.seek(0);
+    db2.reset(reader.readDatabase(&buffer, compositeKeyDec2));
+    QVERIFY(reader.hasError());
+
+    CompositeKey compositeKeyDec3;
+    compositeKeyDec3.addKey(passwordKeyEnc);
+    FileKey fileKeyWrong;
+    fileKeyWrong.load(QString("%1/%2").arg(QString(KEEPASSX_TEST_DATA_DIR), "FileKeyHashed2.key"), &error);
+    if (!error.isNull()) {
+        QFAIL(qPrintable(error));
+    }
+    compositeKeyDec3.addKey(fileKeyWrong);
+    compositeKeyDec3.addChallengeResponseKey(challengeResponseKeyEnc);
+    buffer.seek(0);
+    db2.reset(reader.readDatabase(&buffer, compositeKeyDec3));
+    QVERIFY(reader.hasError());
+
+    CompositeKey compositeKeyDec4;
+    compositeKeyDec4.addKey(passwordKeyEnc);
+    compositeKeyDec4.addKey(fileKeyEnc);
+    compositeKeyDec4.addChallengeResponseKey(QSharedPointer<MockChallengeResponseKey>::create(QByteArray(16, 0x20)));
+    buffer.seek(0);
+    db2.reset(reader.readDatabase(&buffer, compositeKeyDec4));
+    QVERIFY(reader.hasError());
+}
--- a/tests/TestKeys.h
+++ b/tests/TestKeys.h
@ -34,6 +34,7 @@ private slots:
    void testCreateAndOpenFileKey();
    void testFileKeyHash();
    void testFileKeyError();
+    void testCompositeKeyComponents();
    void benchmarkTransformKey();
 };

--- a/tests/data/FileKeyHashed2.key
+++ b/tests/data/FileKeyHashed2.key
--- a/tests/mock/MockChallengeResponseKey.cpp
+++ b/tests/mock/MockChallengeResponseKey.cpp
@ -0,0 +1,39 @@
+/*
+ *  Copyright (C) 2018 KeePassXC Team <team@keepassxc.org>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 or (at your option)
+ *  version 3 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "MockChallengeResponseKey.h"
+
+MockChallengeResponseKey::MockChallengeResponseKey(const QByteArray& response)
+    : m_response(response)
+{
+}
+
+MockChallengeResponseKey::~MockChallengeResponseKey()
+{
+}
+
+QByteArray MockChallengeResponseKey::rawKey() const
+{
+    return m_response;
+}
+
+bool MockChallengeResponseKey::challenge(const QByteArray& challenge)
+{
+    Q_UNUSED(challenge);
+    return true;
+}
+
--- a/tests/mock/MockChallengeResponseKey.h
+++ b/tests/mock/MockChallengeResponseKey.h
@ -0,0 +1,38 @@
+/*
+ *  Copyright (C) 2018 KeePassXC Team <team@keepassxc.org>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 or (at your option)
+ *  version 3 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef KEEPASSXC_MOCKCHALLENGERESPONSEKEY_H
+#define KEEPASSXC_MOCKCHALLENGERESPONSEKEY_H
+
+#include "keys/ChallengeResponseKey.h"
+
+/**
+ * Mock challenge-response key implementation that simply returns the a fixed response.
+ */
+class MockChallengeResponseKey : public ChallengeResponseKey
+{
+public:
+    explicit MockChallengeResponseKey(const QByteArray& response);
+    ~MockChallengeResponseKey() override;
+    QByteArray rawKey() const override;
+    bool challenge(const QByteArray& challenge) override;
+
+private:
+    QByteArray m_response;
+};
+
+#endif //KEEPASSXC_MOCKCHALLENGERESPONSEKEY_H