2014-05-26 09:06:26 +00:00
|
|
|
/*
|
2019-02-21 21:28:45 +00:00
|
|
|
* Copyright (C) 2019 KeePassXC Team <team@keepassxc.org>
|
2018-11-01 03:27:38 +00:00
|
|
|
* Copyright (C) 2014 Kyle Manna <kyle@kylemanna.com>
|
|
|
|
|
*
|
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation, either version 2 or (at your option)
|
|
|
|
|
* version 3 of the License.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
2021-04-23 03:07:49 +00:00
|
|
|
#include "ChallengeResponseKey.h"
|
2014-05-26 09:06:26 +00:00
|
|
|
|
2018-10-30 21:17:52 +00:00
|
|
|
#include "core/AsyncTask.h"
|
2014-05-26 09:06:26 +00:00
|
|
|
|
2021-04-23 03:07:49 +00:00
|
|
|
QUuid ChallengeResponseKey::UUID("e092495c-e77d-498b-84a1-05ae0d955508");
|
2014-05-26 09:06:26 +00:00
|
|
|
|
2021-04-23 03:07:49 +00:00
|
|
|
ChallengeResponseKey::ChallengeResponseKey(YubiKeySlot keySlot)
|
|
|
|
|
: Key(UUID)
|
2020-04-06 12:42:20 +00:00
|
|
|
, m_keySlot(keySlot)
|
2014-05-26 09:06:26 +00:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-23 03:07:49 +00:00
|
|
|
QByteArray ChallengeResponseKey::rawKey() const
|
|
|
|
|
{
|
|
|
|
|
return QByteArray(m_key.data(), m_key.size());
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-18 15:17:21 +00:00
|
|
|
void ChallengeResponseKey::setRawKey(const QByteArray&)
|
|
|
|
|
{
|
|
|
|
|
// Nothing to do here
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
YubiKeySlot ChallengeResponseKey::slotData() const
|
|
|
|
|
{
|
|
|
|
|
return m_keySlot;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-23 03:07:49 +00:00
|
|
|
QString ChallengeResponseKey::error() const
|
|
|
|
|
{
|
|
|
|
|
return m_error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool ChallengeResponseKey::challenge(const QByteArray& challenge)
|
2014-05-26 09:06:26 +00:00
|
|
|
{
|
2020-04-06 12:42:20 +00:00
|
|
|
m_error.clear();
|
|
|
|
|
auto result =
|
2021-04-04 12:56:00 +00:00
|
|
|
AsyncTask::runAndWaitForFuture([&] { return YubiKey::instance()->challenge(m_keySlot, challenge, m_key); });
|
2020-04-06 12:42:20 +00:00
|
|
|
|
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895)
* Support NFC readers for hardware tokens using PC/SC
This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.
* Split hardware key access into multiple classes to handle different methods of communicating with the keys.
* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.
* Add PC/SC interface for YubiKey challenge-response
This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.
Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.
This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.
* Remove PC/SC ATR whitelist, instead scan for AIDs
Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.
This enables the support of currently unknown or unreleased hardware.
Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 14:39:07 +00:00
|
|
|
if (result != YubiKey::ChallengeResult::YCR_SUCCESS) {
|
2020-04-06 12:42:20 +00:00
|
|
|
// Record the error message
|
2021-04-04 12:56:00 +00:00
|
|
|
m_key.clear();
|
2020-04-06 12:42:20 +00:00
|
|
|
m_error = YubiKey::instance()->errorMessage();
|
|
|
|
|
}
|
2014-05-26 09:06:26 +00:00
|
|
|
|
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895)
* Support NFC readers for hardware tokens using PC/SC
This requires a new library dependency: PCSC.
The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used.
* Split hardware key access into multiple classes to handle different methods of communicating with the keys.
* Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more
generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB.
* Add PC/SC interface for YubiKey challenge-response
This new interface uses the PC/SC protocol and API
instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device.
Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader.
This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library.
* Remove PC/SC ATR whitelist, instead scan for AIDs
Before, a whitelist of ATR codes (answer to reset, hardware-specific)
was used to scan for compatible (Yubi)Keys.
Now, every connected smartcard is scanned for AIDs (applet identifier),
which are known to implement the HMAC-SHA1 protocol.
This enables the support of currently unknown or unreleased hardware.
Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 14:39:07 +00:00
|
|
|
return result == YubiKey::ChallengeResult::YCR_SUCCESS;
|
2014-05-26 09:06:26 +00:00
|
|
|
}
|
2022-02-18 15:17:21 +00:00
|
|
|
|
|
|
|
|
QByteArray ChallengeResponseKey::serialize() const
|
|
|
|
|
{
|
|
|
|
|
QByteArray data;
|
|
|
|
|
QDataStream stream(&data, QIODevice::WriteOnly);
|
|
|
|
|
stream << uuid().toRfc4122() << m_keySlot;
|
|
|
|
|
return data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void ChallengeResponseKey::deserialize(const QByteArray& data)
|
|
|
|
|
{
|
|
|
|
|
QDataStream stream(data);
|
|
|
|
|
QByteArray uuidData;
|
|
|
|
|
stream >> uuidData;
|
|
|
|
|
if (uuid().toRfc4122() == uuidData) {
|
|
|
|
|
stream >> m_keySlot;
|
|
|
|
|
}
|
|
|
|
|
}
|