From a81c8d8b6493868d9565891b3bf000121555ba45 Mon Sep 17 00:00:00 2001
From: Matthieu Gallien <matthieu.gallien@nextcloud.com>
Date: Fri, 8 Sep 2023 10:26:15 +0200
Subject: [PATCH] check that our encryption settings are going to work for e2e
 encryption

Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
---
 src/libsync/clientsideencryption.cpp | 32 ++++++++++++++++++++++++++++
 src/libsync/clientsideencryption.h   |  2 ++
 2 files changed, 34 insertions(+)

diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
index 81030dafcc166..440c33224ca5b 100644
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@@ -1207,6 +1207,13 @@ void ClientSideEncryption::initializeHardwareTokenEncryption(const AccountPtr &a
                     << "label:" << _tokenPublicKey->label
                     << "need login:" << (_tokenPublicKey->needLogin ? "true" : "false");
 
+    if (!checkEncryptionIsWorking(account)) {
+        qCWarning(lcCse()) << "encryption is not properly setup";
+
+        failedToInitialize(account);
+        return;
+    }
+
     emit initializationFinished();
 }
 
@@ -1277,6 +1284,31 @@ bool ClientSideEncryption::checkPublicKeyValidity(const AccountPtr &account) con
     return true;
 }
 
+bool ClientSideEncryption::checkEncryptionIsWorking(const AccountPtr &account) const
+{
+    QByteArray data = EncryptionHelper::generateRandom(64);
+
+    auto encryptedData = EncryptionHelper::encryptStringAsymmetric(*account->e2e(), data);
+    if (!encryptedData) {
+        qCWarning(lcCse()) << "encryption error";
+        return false;
+    }
+
+    const auto decryptionResult = EncryptionHelper::decryptStringAsymmetric(*account->e2e(), *encryptedData);
+    if (!decryptionResult) {
+        qCWarning(lcCse()) << "encryption error";
+        return false;
+    }
+    QByteArray decryptResult = QByteArray::fromBase64(*decryptionResult);
+
+    if (data != decryptResult) {
+        qCInfo(lcCse()) << "invalid private key";
+        return false;
+    }
+
+    return true;
+}
+
 bool ClientSideEncryption::checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const
 {
     Bio serverPublicKeyBio;
diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h
index b7f89c4d42fe6..7dbc2b0636657 100644
--- a/src/libsync/clientsideencryption.h
+++ b/src/libsync/clientsideencryption.h
@@ -238,6 +238,8 @@ private slots:
     [[nodiscard]] bool checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const;
     [[nodiscard]] bool sensitiveDataRemaining() const;
 
+    [[nodiscard]] bool checkEncryptionIsWorking(const AccountPtr &account) const;
+
     void failedToInitialize(const AccountPtr &account);
 
     QByteArray _privateKey;