Skip to content

Commit 2e9b882

Browse files
mgallienmgallien
committed
fixes for software end-to-end encryption issues
Signed-off-by: Matthieu Gallien <[email protected]>
1 parent 943054f commit 2e9b882

File tree

2 files changed

+10
-5
lines changed

2 files changed

+10
-5
lines changed

src/libsync/clientsideencryption.cpp

+8-4
Original file line numberDiff line numberDiff line change
@@ -757,12 +757,12 @@ std::optional<QByteArray> decryptStringAsymmetric(ENGINE *sslEngine,
757757
return {};
758758
}
759759

760-
if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha1()) <= 0) {
760+
if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha256()) <= 0) {
761761
qCInfo(lcCseDecryption()) << "Error setting OAEP SHA 256" << handleErrors();
762762
return {};
763763
}
764764

765-
if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha1()) <= 0) {
765+
if (pad_mode != RSA_PKCS1_PADDING && EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256()) <= 0) {
766766
qCInfo(lcCseDecryption()) << "Error setting MGF1 padding" << handleErrors();
767767
return {};
768768
}
@@ -902,7 +902,11 @@ CertificateInformation ClientSideEncryption::getCertificateInformationByFingerpr
902902

903903
int ClientSideEncryption::paddingMode() const
904904
{
905-
return RSA_PKCS1_PADDING;
905+
if (useTokenBasedEncryption()) {
906+
return RSA_PKCS1_PADDING;
907+
} else {
908+
return RSA_PKCS1_OAEP_PADDING;
909+
}
906910
}
907911

908912
CertificateInformation ClientSideEncryption::getTokenCertificateByFingerprint(const QByteArray &expectedFingerprint) const
@@ -2714,7 +2718,7 @@ bool EncryptionHelper::dataDecryption(const QByteArray &key, const QByteArray &i
27142718
}
27152719

27162720
if (1 != EVP_DecryptFinal_ex(ctx, unsignedData(out), &len)) {
2717-
qCInfo(lcCse()) << "Could finalize decryption";
2721+
qCInfo(lcCse()) << "Could not finalize decryption";
27182722
return false;
27192723
}
27202724
outputBuffer.write(out, len);

src/libsync/foldermetadata.cpp

+2-1
Original file line numberDiff line numberDiff line change
@@ -190,7 +190,7 @@ void FolderMetadata::setupExistingMetadata(const QByteArray &metadata)
190190
if (_folderUsers.contains(_account->davUser())) {
191191
const auto currentFolderUser = _folderUsers.value(_account->davUser());
192192
_e2eCertificateFingerprint = QSslCertificate{currentFolderUser.certificatePem}.digest(QCryptographicHash::Sha256).toBase64();
193-
_metadataKeyForEncryption = QByteArray::fromBase64(decryptDataWithPrivateKey(currentFolderUser.encryptedMetadataKey, _e2eCertificateFingerprint));
193+
_metadataKeyForEncryption = QByteArray::fromBase64(decryptDataWithPrivateKey(currentFolderUser.encryptedMetadataKey.toBase64(), _e2eCertificateFingerprint));
194194
_metadataKeyForDecryption = _metadataKeyForEncryption;
195195
}
196196

@@ -454,6 +454,7 @@ QByteArray FolderMetadata::decryptDataWithPrivateKey(const QByteArray &base64Dat
454454
_account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);
455455
return {};
456456
}
457+
457458
return *decryptBase64Result;
458459
}
459460

0 commit comments

Comments
 (0)