pgLab/core/PasswordManager.h

#ifndef PASSWORDMANAGER_H
#define PASSWORDMANAGER_H

#include "KeyStrengthener.h"
#include <QSqlDatabase>
#include <botan/secmem.h>
#include <string>
#include <string_view>
#include <tuple>
#include <memory>

#include <botan/pwdhash.h>
#include <map>

namespace Botan {

	class Encrypted_PSK_Database;
	class PasswordHash;

}

class PasswordManagerException: public std::exception {
public:
	using std::exception::exception; //(char const* const _Message);
};

class PasswordManagerLockedException: public PasswordManagerException {
public:
	using PasswordManagerException::PasswordManagerException;

};
class PasswordCryptoEngine;

class PasswordManager {
public:
	enum Result {
		Ok,
		Locked,
		Error
	};

	PasswordManager();
	~PasswordManager();

	/** Check if it has been initialized before.
	 *
	 * If returns false then use createDatabase to set it up
	 * else use openDatabase to get access.
	 */
	bool initialized(QSqlDatabase &db);
	bool createDatabase(QSqlDatabase &db, QString passphrase);
	/// Opens the PSK database
	bool openDatabase(QSqlDatabase &db, QString passphrase);
	void closeDatabase();
	bool locked() const;

	std::string encrypt(const std::string &id, const std::string &passwd);
	std::string decrypt(const std::string &id, const std::string_view &encpwd);
//	void remove(const std::string &id);
private:
	QString m_passwordTableName   = "psk_passwd";
	QString m_secretAlgoTableName = "psk_masterkey_algo";
	QString m_secretHashTableName = "psk_masterkey_hash";
	std::unique_ptr<PasswordCryptoEngine> m_cryptoEngine;

	bool isPskStoreInitialized(QSqlDatabase& db);
	void initializeNewPskStore(QSqlDatabase &db);

	/// Get PasswordHash from parameters in database
	KeyStrengthener getKeyStrengthener(QSqlDatabase &db);
	KeyStrengthener createKeyStrengthener();

	std::tuple<Botan::secure_vector<uint8_t>, Botan::secure_vector<uint8_t>>
	deriveKey(KeyStrengthener &ks, QString passphrase);
};


#endif // PASSWORDMANAGER_H
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
+								#ifndef PASSWORDMANAGER_H
 								#define PASSWORDMANAGER_H
-												Store encrypted passwords with connections.

Closes #22 as encrypted password is now deleted as part of the connection record.

											
										
										
											2019-09-01 14:07:58 +02:00
+								#include "KeyStrengthener.h"
-												Passwords are now saved in a password manager.

The password manager uses strong encryption using a key derived from the passphrase using
scrypt key strengthening algorithm. This ensures encryption is performed using a strong key
and that brute forcing the passphrase is time consuming.

If the user loses his passphrase no recovery is possible.

											
										
										
											2018-11-08 21:50:49 +01:00
+								#include <QSqlDatabase>
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+								#include <botan/secmem.h>
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
+								#include <string>
-												Switched ConnectionConfig to QString from std::string to fit better into Qt framework

											
										
										
											2019-09-16 19:24:39 +02:00
+								#include <string_view>
-												Store encrypted passwords with connections.

Closes #22 as encrypted password is now deleted as part of the connection record.

											
										
										
											2019-09-01 14:07:58 +02:00
+								#include <tuple>
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+								#include <memory>
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+								#include <botan/pwdhash.h>
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
+								#include <map>
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+								namespace Botan {
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Passwords are now saved in a password manager.

The password manager uses strong encryption using a key derived from the passphrase using
scrypt key strengthening algorithm. This ensures encryption is performed using a strong key
and that brute forcing the passphrase is time consuming.

If the user loses his passphrase no recovery is possible.

											
										
										
											2018-11-08 21:50:49 +01:00
+									class Encrypted_PSK_Database;
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+									class PasswordHash;
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+								}
 								class PasswordManagerException: public std::exception {
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
+								public:
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+									using std::exception::exception; //(char const* const _Message);
 								};
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+								class PasswordManagerLockedException: public PasswordManagerException {
 								public:
 									using PasswordManagerException::PasswordManagerException;
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+								};
-												Store encrypted passwords with connections.

Closes #22 as encrypted password is now deleted as part of the connection record.

											
										
										
											2019-09-01 14:07:58 +02:00
+								class PasswordCryptoEngine;
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+								class PasswordManager {
 								public:
 									enum Result {
 										Ok,
 										Locked,
 										Error
 									};
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Passwords are now saved in a password manager.

The password manager uses strong encryption using a key derived from the passphrase using
scrypt key strengthening algorithm. This ensures encryption is performed using a strong key
and that brute forcing the passphrase is time consuming.

If the user loses his passphrase no recovery is possible.

											
										
										
											2018-11-08 21:50:49 +01:00
+									PasswordManager();
 									~PasswordManager();
 									/** Check if it has been initialized before.
 									 *
 									 * If returns false then use createDatabase to set it up
 									 * else use openDatabase to get access.
 									 */
 									bool initialized(QSqlDatabase &db);
 									bool createDatabase(QSqlDatabase &db, QString passphrase);
-												Added remember option to password dialog.

Made to remember password of password manager for given time but not completely sure
how to implement that yet.

											
										
										
											2018-11-15 19:24:29 +01:00
+									/// Opens the PSK database
-												Passwords are now saved in a password manager.

The password manager uses strong encryption using a key derived from the passphrase using
scrypt key strengthening algorithm. This ensures encryption is performed using a strong key
and that brute forcing the passphrase is time consuming.

If the user loses his passphrase no recovery is possible.

											
										
										
											2018-11-08 21:50:49 +01:00
+									bool openDatabase(QSqlDatabase &db, QString passphrase);
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+									void closeDatabase();
-												Passwords are now saved in a password manager.

The password manager uses strong encryption using a key derived from the passphrase using
scrypt key strengthening algorithm. This ensures encryption is performed using a strong key
and that brute forcing the passphrase is time consuming.

If the user loses his passphrase no recovery is possible.

											
										
										
											2018-11-08 21:50:49 +01:00
+									bool locked() const;
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Store encrypted passwords with connections.

Closes #22 as encrypted password is now deleted as part of the connection record.

											
										
										
											2019-09-01 14:07:58 +02:00
+									std::string encrypt(const std::string &id, const std::string &passwd);
-												Switched ConnectionConfig to QString from std::string to fit better into Qt framework

											
										
										
											2019-09-16 19:24:39 +02:00
+									std::string decrypt(const std::string &id, const std::string_view &encpwd);
-												Store encrypted passwords with connections.

Closes #22 as encrypted password is now deleted as part of the connection record.

											
										
										
											2019-09-01 14:07:58 +02:00
+								//	void remove(const std::string &id);
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
+								private:
-												Passwords are now saved in a password manager.

The password manager uses strong encryption using a key derived from the passphrase using
scrypt key strengthening algorithm. This ensures encryption is performed using a strong key
and that brute forcing the passphrase is time consuming.

If the user loses his passphrase no recovery is possible.

											
										
										
											2018-11-08 21:50:49 +01:00
+									QString m_passwordTableName   = "psk_passwd";
 									QString m_secretAlgoTableName = "psk_masterkey_algo";
 									QString m_secretHashTableName = "psk_masterkey_hash";
-												Store encrypted passwords with connections.

Closes #22 as encrypted password is now deleted as part of the connection record.

											
										
										
											2019-09-01 14:07:58 +02:00
+									std::unique_ptr<PasswordCryptoEngine> m_cryptoEngine;
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
-												Passwords are now saved in a password manager.

The password manager uses strong encryption using a key derived from the passphrase using
scrypt key strengthening algorithm. This ensures encryption is performed using a strong key
and that brute forcing the passphrase is time consuming.

If the user loses his passphrase no recovery is possible.

											
										
										
											2018-11-08 21:50:49 +01:00
+									bool isPskStoreInitialized(QSqlDatabase& db);
 									void initializeNewPskStore(QSqlDatabase &db);
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
 									/// Get PasswordHash from parameters in database
-												Passwords are now saved in a password manager.

The password manager uses strong encryption using a key derived from the passphrase using
scrypt key strengthening algorithm. This ensures encryption is performed using a strong key
and that brute forcing the passphrase is time consuming.

If the user loses his passphrase no recovery is possible.

											
										
										
											2018-11-08 21:50:49 +01:00
+									KeyStrengthener getKeyStrengthener(QSqlDatabase &db);
-												Replaced old PasswordManager code with code using Botan's new PSK_Database

This greatly reduces the amount of encryption related code required. Thought
we still have todo our own key strenthening but this also is easier with Botan::PasswordHash.

											
										
										
											2018-11-04 11:24:13 +01:00
+									KeyStrengthener createKeyStrengthener();
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
-												Store encrypted passwords with connections.

Closes #22 as encrypted password is now deleted as part of the connection record.

											
										
										
											2019-09-01 14:07:58 +02:00
+									std::tuple<Botan::secure_vector<uint8_t>, Botan::secure_vector<uint8_t>>
 									deriveKey(KeyStrengthener &ks, QString passphrase);
-												Moved some parts to a static lib so both the executable and the tests can link to it.

Written additional tests.

											
										
										
											2017-02-26 19:29:50 +01:00
+								};
 								#endif // PASSWORDMANAGER_H