@@ -237,7 +237,32 @@ QByteArray deprecatedGeneratePassword(const QString& wordlist, const QByteArray&
237237 (const unsigned char *)salt.constData (),// const unsigned char *salt,
238238 salt.size (), // int saltlen,
239239 iterationCount, // int iterations,
240- EVP_sha1 (), // digest algorithm
240+ EVP_sha1 (), // deprecated digest algorithm
241+ keyLength, // int keylen,
242+ unsignedData (secretKey)); // unsigned char *out
243+
244+ if (ret != 1 ) {
245+ qCWarning (lcCse ()) << " Failed to generate encryption key"
246+ // Error out?
247+ }
248+
249+ return secretKey;
250+ }
251+
252+ QByteArray deprecatedSha1GeneratePassword (const QString& wordlist, const QByteArray& salt)
253+ {
254+ const auto iterationCount = 600000 ;
255+ const auto keyStrength = 256 ;
256+ const auto keyLength = keyStrength / 8 ;
257+
258+ QByteArray secretKey (keyLength, ' \0 '
259+
260+ const auto ret = PKCS5_PBKDF2_HMAC (wordlist.toLocal8Bit ().constData (), // const char *password,
261+ wordlist.size (), // int password length,
262+ (const unsigned char *)salt.constData (),// const unsigned char *salt,
263+ salt.size (), // int saltlen,
264+ iterationCount, // int iterations,
265+ EVP_sha1 (), // deprecated digest algorithm
241266 keyLength, // int keylen,
242267 unsignedData (secretKey)); // unsigned char *out
243268
@@ -262,7 +287,7 @@ QByteArray generatePassword(const QString& wordlist, const QByteArray& salt)
262287 (const unsigned char *)salt.constData (),// const unsigned char *salt,
263288 salt.size (), // int saltlen,
264289 iterationCount, // int iterations,
265- EVP_sha1 (), // digest algorithm
290+ EVP_sha256 (), // digest algorithm
266291 keyLength, // int keylen,
267292 unsignedData (secretKey)); // unsigned char *out
268293
@@ -1419,7 +1444,7 @@ std::pair<QByteArray, PKey> ClientSideEncryption::generateCSR(const AccountPtr &
14191444 return {result, std::move (keyPair)};
14201445 }
14211446
1422- ret = X509_REQ_sign (x509_req, privateKey, EVP_sha1 ()); // return x509_req->signature->length
1447+ ret = X509_REQ_sign (x509_req, privateKey, EVP_sha256 ()); // return x509_req->signature->length
14231448 if (ret <= 0 ){
14241449 qCWarning (lcCse ()) << " Error signing the csr with the private key"
14251450 return {result, std::move (keyPair)};
@@ -1661,13 +1686,19 @@ void ClientSideEncryption::decryptPrivateKey(const AccountPtr &account, const QB
16611686 const auto salt = EncryptionHelper::extractPrivateKeySalt (key);
16621687
16631688 const auto deprecatedPassword = EncryptionHelper::deprecatedGeneratePassword (mnemonic, salt);
1689+ const auto deprecatedSha1Password = EncryptionHelper::deprecatedSha1GeneratePassword (mnemonic, salt);
16641690 const auto password = EncryptionHelper::generatePassword (mnemonic, salt);
16651691
16661692 const auto privateKey = EncryptionHelper::decryptPrivateKey (password, key);
16671693 if (!privateKey.isEmpty ()) {
16681694 _privateKey = privateKey;
16691695 } else {
1670- _privateKey = EncryptionHelper::decryptPrivateKey (deprecatedPassword, key);
1696+ const auto deprecatedSha1PrivateKey = EncryptionHelper::decryptPrivateKey (deprecatedSha1Password, key);
1697+ if (!privateKey.isEmpty ()) {
1698+ _privateKey = deprecatedSha1PrivateKey;
1699+ } else {
1700+ _privateKey = EncryptionHelper::decryptPrivateKey (deprecatedPassword, key);
1701+ }
16711702 }
16721703
16731704 if (!_privateKey.isNull () && checkPublicKeyValidity (account)) {
0 commit comments