fixes for software end-to-end encryption issues

mgallien · mgallien · commit 0a5ec04175b9 · 2025-02-04T08:55:18.000+01:00
Signed-off-by: Matthieu Gallien &lt;matthieu.gallien@nextcloud.com&gt;
diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
@@ -757,12 +757,12 @@ std::optional<QByteArray> decryptStringAsymmetric(ENGINE *sslEngine,
         return {};
     }
 
-    if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha1()) <= 0) {
+    if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha256()) <= 0) {
         qCInfo(lcCseDecryption()) << "Error setting OAEP SHA 256" << handleErrors();
         return {};
     }
 
-    if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha1()) <= 0) {
+    if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256()) <= 0) {
         qCInfo(lcCseDecryption()) << "Error setting MGF1 padding" << handleErrors();
         return {};
     }
@@ -807,12 +807,12 @@ std::optional<QByteArray> encryptStringAsymmetric(ENGINE *sslEngine,
         return {};
     }
 
-    if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha1()) <= 0) {
+    if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha256()) <= 0) {
         qCInfo(lcCseEncryption()) << "Error setting OAEP SHA 256" << handleErrors();
         return {};
     }
 
-    if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha1()) <= 0) {
+    if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256()) <= 0) {
         qCInfo(lcCseEncryption()) << "Error setting MGF1 padding" << handleErrors();
         return {};
     }
@@ -902,7 +902,11 @@ CertificateInformation ClientSideEncryption::getCertificateInformationByFingerpr
 
 int ClientSideEncryption::paddingMode() const
 {
-    return RSA_PKCS1_PADDING;
+    if (useTokenBasedEncryption()) {
+        return RSA_PKCS1_PADDING;
+    } else {
+        return RSA_PKCS1_OAEP_PADDING;
+    }
 }
 
 CertificateInformation ClientSideEncryption::getTokenCertificateByFingerprint(const QByteArray &expectedFingerprint) const
@@ -2714,7 +2718,7 @@ bool EncryptionHelper::dataDecryption(const QByteArray &key, const QByteArray &i
     }
 
     if (1 != EVP_DecryptFinal_ex(ctx, unsignedData(out), &len)) {
-        qCInfo(lcCse()) << "Could finalize decryption";
+        qCInfo(lcCse()) << "Could not finalize decryption";
         return false;
     }
     outputBuffer.write(out, len);
diff --git a/src/libsync/foldermetadata.cpp b/src/libsync/foldermetadata.cpp
@@ -190,7 +190,7 @@ void FolderMetadata::setupExistingMetadata(const QByteArray &metadata)
     if (_folderUsers.contains(_account->davUser())) {
         const auto currentFolderUser = _folderUsers.value(_account->davUser());
         _e2eCertificateFingerprint = QSslCertificate{currentFolderUser.certificatePem}.digest(QCryptographicHash::Sha256).toBase64();
-        _metadataKeyForEncryption = QByteArray::fromBase64(decryptDataWithPrivateKey(currentFolderUser.encryptedMetadataKey, _e2eCertificateFingerprint));
+        _metadataKeyForEncryption = QByteArray::fromBase64(decryptDataWithPrivateKey(currentFolderUser.encryptedMetadataKey.toBase64(), _e2eCertificateFingerprint));
         _metadataKeyForDecryption = _metadataKeyForEncryption;
     }
 
@@ -454,6 +454,7 @@ QByteArray FolderMetadata::decryptDataWithPrivateKey(const QByteArray &base64Dat
         _account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);
         return {};
     }
+
     return *decryptBase64Result;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -757,12 +757,12 @@ std::optional<QByteArray> decryptStringAsymmetric(ENGINE *sslEngine,`
`757`	`757`	`return {};`
`758`	`758`	`}`
`759`	`759`
`760`		`- if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha1()) <= 0) {`
	`760`	`+ if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha256()) <= 0) {`
`761`	`761`	`qCInfo(lcCseDecryption()) << "Error setting OAEP SHA 256" << handleErrors();`
`762`	`762`	`return {};`
`763`	`763`	`}`
`764`	`764`
`765`		`- if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha1()) <= 0) {`
	`765`	`+ if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256()) <= 0) {`
`766`	`766`	`qCInfo(lcCseDecryption()) << "Error setting MGF1 padding" << handleErrors();`
`767`	`767`	`return {};`
`768`	`768`	`}`
`@@ -807,12 +807,12 @@ std::optional<QByteArray> encryptStringAsymmetric(ENGINE *sslEngine,`
`807`	`807`	`return {};`
`808`	`808`	`}`
`809`	`809`
`810`		`- if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha1()) <= 0) {`
	`810`	`+ if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha256()) <= 0) {`
`811`	`811`	`qCInfo(lcCseEncryption()) << "Error setting OAEP SHA 256" << handleErrors();`
`812`	`812`	`return {};`
`813`	`813`	`}`
`814`	`814`
`815`		`- if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha1()) <= 0) {`
	`815`	`+ if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256()) <= 0) {`
`816`	`816`	`qCInfo(lcCseEncryption()) << "Error setting MGF1 padding" << handleErrors();`
`817`	`817`	`return {};`
`818`	`818`	`}`
`@@ -902,7 +902,11 @@ CertificateInformation ClientSideEncryption::getCertificateInformationByFingerpr`
`902`	`902`
`903`	`903`	`int ClientSideEncryption::paddingMode() const`
`904`	`904`	`{`
`905`		`- return RSA_PKCS1_PADDING;`
	`905`	`+ if (useTokenBasedEncryption()) {`
	`906`	`+ return RSA_PKCS1_PADDING;`
	`907`	`+ } else {`
	`908`	`+ return RSA_PKCS1_OAEP_PADDING;`
	`909`	`+ }`
`906`	`910`	`}`
`907`	`911`
`908`	`912`	`CertificateInformation ClientSideEncryption::getTokenCertificateByFingerprint(const QByteArray &expectedFingerprint) const`
`@@ -2714,7 +2718,7 @@ bool EncryptionHelper::dataDecryption(const QByteArray &key, const QByteArray &i`
`2714`	`2718`	`}`
`2715`	`2719`
`2716`	`2720`	`if (1 != EVP_DecryptFinal_ex(ctx, unsignedData(out), &len)) {`
`2717`		`- qCInfo(lcCse()) << "Could finalize decryption";`
	`2721`	`+ qCInfo(lcCse()) << "Could not finalize decryption";`
`2718`	`2722`	`return false;`
`2719`	`2723`	`}`
`2720`	`2724`	`outputBuffer.write(out, len);`
Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,7 @@ void FolderMetadata::setupExistingMetadata(const QByteArray &metadata)`
`190`	`190`	`if (_folderUsers.contains(_account->davUser())) {`
`191`	`191`	`const auto currentFolderUser = _folderUsers.value(_account->davUser());`
`192`	`192`	`_e2eCertificateFingerprint = QSslCertificate{currentFolderUser.certificatePem}.digest(QCryptographicHash::Sha256).toBase64();`
`193`		`- _metadataKeyForEncryption = QByteArray::fromBase64(decryptDataWithPrivateKey(currentFolderUser.encryptedMetadataKey, _e2eCertificateFingerprint));`
	`193`	`+ _metadataKeyForEncryption = QByteArray::fromBase64(decryptDataWithPrivateKey(currentFolderUser.encryptedMetadataKey.toBase64(), _e2eCertificateFingerprint));`
`194`	`194`	`_metadataKeyForDecryption = _metadataKeyForEncryption;`
`195`	`195`	`}`
`196`	`196`
`@@ -454,6 +454,7 @@ QByteArray FolderMetadata::decryptDataWithPrivateKey(const QByteArray &base64Dat`
`454`	`454`	`_account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);`
`455`	`455`	`return {};`
`456`	`456`	`}`
	`457`	`+`
`457`	`458`	`return *decryptBase64Result;`
`458`	`459`	`}`
`459`	`460`