From d20f7105c34e78d95749e1d18e0b4e19aaa1310b Mon Sep 17 00:00:00 2001 From: Matthieu Gallien Date: Fri, 8 Sep 2023 10:26:15 +0200 Subject: [PATCH] check that our encryption settings are going to work for e2e encryption Signed-off-by: Matthieu Gallien --- src/libsync/clientsideencryption.cpp | 32 ++++++++++++++++++++++++++++ src/libsync/clientsideencryption.h | 2 ++ 2 files changed, 34 insertions(+) diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp index 81030dafcc166..440c33224ca5b 100644 --- a/src/libsync/clientsideencryption.cpp +++ b/src/libsync/clientsideencryption.cpp @@ -1207,6 +1207,13 @@ void ClientSideEncryption::initializeHardwareTokenEncryption(const AccountPtr &a << "label:" << _tokenPublicKey->label << "need login:" << (_tokenPublicKey->needLogin ? "true" : "false"); + if (!checkEncryptionIsWorking(account)) { + qCWarning(lcCse()) << "encryption is not properly setup"; + + failedToInitialize(account); + return; + } + emit initializationFinished(); } @@ -1277,6 +1284,31 @@ bool ClientSideEncryption::checkPublicKeyValidity(const AccountPtr &account) con return true; } +bool ClientSideEncryption::checkEncryptionIsWorking(const AccountPtr &account) const +{ + QByteArray data = EncryptionHelper::generateRandom(64); + + auto encryptedData = EncryptionHelper::encryptStringAsymmetric(*account->e2e(), data); + if (!encryptedData) { + qCWarning(lcCse()) << "encryption error"; + return false; + } + + const auto decryptionResult = EncryptionHelper::decryptStringAsymmetric(*account->e2e(), *encryptedData); + if (!decryptionResult) { + qCWarning(lcCse()) << "encryption error"; + return false; + } + QByteArray decryptResult = QByteArray::fromBase64(*decryptionResult); + + if (data != decryptResult) { + qCInfo(lcCse()) << "invalid private key"; + return false; + } + + return true; +} + bool ClientSideEncryption::checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const { Bio serverPublicKeyBio; diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h index b7f89c4d42fe6..7dbc2b0636657 100644 --- a/src/libsync/clientsideencryption.h +++ b/src/libsync/clientsideencryption.h @@ -238,6 +238,8 @@ private slots: [[nodiscard]] bool checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const; [[nodiscard]] bool sensitiveDataRemaining() const; + [[nodiscard]] bool checkEncryptionIsWorking(const AccountPtr &account) const; + void failedToInitialize(const AccountPtr &account); QByteArray _privateKey;