Skip to content

Commit

Permalink
check that our encryption settings are going to work for e2e encryption
Browse files Browse the repository at this point in the history 
Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
  • Loading branch information
@mgallien
mgallien committed Sep 8, 2023
1 parent 32ca06d commit 81d494a
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 0 deletions.
32 changes: 32 additions & 0 deletions src/libsync/clientsideencryption.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1207,6 +1207,13 @@ void ClientSideEncryption::initializeHardwareTokenEncryption(const AccountPtr &a
<< "label:" << _tokenPublicKey->label
<< "need login:" << (_tokenPublicKey->needLogin ? "true" : "false");

if (!checkEncryptionIsWorking(account)) {
qCWarning(lcCse()) << "encryption is not properly setup";

failedToInitialize(account);
return;
}

emit initializationFinished();
}

Expand Down Expand Up @@ -1277,6 +1284,31 @@ bool ClientSideEncryption::checkPublicKeyValidity(const AccountPtr &account) con
return true;
}

bool ClientSideEncryption::checkEncryptionIsWorking(const AccountPtr &account) const
{
QByteArray data = EncryptionHelper::generateRandom(64);

auto encryptedData = EncryptionHelper::encryptStringAsymmetric(*account->e2e(), data);
if (!encryptedData) {
qCWarning(lcCse()) << "encryption error";
return false;
}

const auto decryptionResult = EncryptionHelper::decryptStringAsymmetric(*account->e2e(), *encryptedData);
if (!decryptionResult) {
qCWarning(lcCse()) << "encryption error";
return false;
}
QByteArray decryptResult = QByteArray::fromBase64(*decryptionResult);

if (data != decryptResult) {
qCInfo(lcCse()) << "invalid private key";
return false;
}

return true;
}

bool ClientSideEncryption::checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const
{
Bio serverPublicKeyBio;
Expand Down
2 changes: 2 additions & 0 deletions src/libsync/clientsideencryption.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,8 @@ private slots:
[[nodiscard]] bool checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const;
[[nodiscard]] bool sensitiveDataRemaining() const;

[[nodiscard]] bool checkEncryptionIsWorking(const AccountPtr &account) const;

void failedToInitialize(const AccountPtr &account);

QByteArray _privateKey;
Expand Down

0 comments on commit 81d494a

Please sign in to comment.