check that our encryption settings are going to work for e2e encryption

mgallien · mgallien · commit 81d494a0bbb6 · 2023-09-08T10:34:24.000+02:00
Signed-off-by: Matthieu Gallien &lt;matthieu.gallien@nextcloud.com&gt;
diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
@@ -1207,6 +1207,13 @@ void ClientSideEncryption::initializeHardwareTokenEncryption(const AccountPtr &a
                     << "label:" << _tokenPublicKey->label
                     << "need login:" << (_tokenPublicKey->needLogin ? "true" : "false");
 
+    if (!checkEncryptionIsWorking(account)) {
+        qCWarning(lcCse()) << "encryption is not properly setup";
+
+        failedToInitialize(account);
+        return;
+    }
+
     emit initializationFinished();
 }
 
@@ -1277,6 +1284,31 @@ bool ClientSideEncryption::checkPublicKeyValidity(const AccountPtr &account) con
     return true;
 }
 
+bool ClientSideEncryption::checkEncryptionIsWorking(const AccountPtr &account) const
+{
+    QByteArray data = EncryptionHelper::generateRandom(64);
+
+    auto encryptedData = EncryptionHelper::encryptStringAsymmetric(*account->e2e(), data);
+    if (!encryptedData) {
+        qCWarning(lcCse()) << "encryption error";
+        return false;
+    }
+
+    const auto decryptionResult = EncryptionHelper::decryptStringAsymmetric(*account->e2e(), *encryptedData);
+    if (!decryptionResult) {
+        qCWarning(lcCse()) << "encryption error";
+        return false;
+    }
+    QByteArray decryptResult = QByteArray::fromBase64(*decryptionResult);
+
+    if (data != decryptResult) {
+        qCInfo(lcCse()) << "invalid private key";
+        return false;
+    }
+
+    return true;
+}
+
 bool ClientSideEncryption::checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const
 {
     Bio serverPublicKeyBio;
diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h
@@ -238,6 +238,8 @@ private slots:
     [[nodiscard]] bool checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const;
     [[nodiscard]] bool sensitiveDataRemaining() const;
 
+    [[nodiscard]] bool checkEncryptionIsWorking(const AccountPtr &account) const;
+
     void failedToInitialize(const AccountPtr &account);
 
     QByteArray _privateKey;
