Skip to content

Commit

Permalink
Merge pull request #7643 from nextcloud/backport/7642/stable-3.15
Browse files Browse the repository at this point in the history 
Backport/7642/stable 3.15
  • Loading branch information
@mgallien
mgallien authored Dec 12, 2024
2 parents 63245e4 + 8527448 commit fb63645
Showing 1 changed file with 46 additions and 21 deletions.
67 changes: 46 additions & 21 deletions src/libsync/clientsideencryption.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,31 +224,52 @@ QByteArray generateRandom(int size)
return result;
}

QByteArray generatePassword(const QString& wordlist, const QByteArray& salt) {
qCInfo(lcCse()) << "Start encryption key generation!";

const int iterationCount = 1024;
const int keyStrength = 256;
const int keyLength = keyStrength/8;
QByteArray deprecatedGeneratePassword(const QString& wordlist, const QByteArray& salt)
{
const auto iterationCount = 1024;
const auto keyStrength = 256;
const auto keyLength = keyStrength / 8;

QByteArray secretKey(keyLength, '\0');

int ret = PKCS5_PBKDF2_HMAC_SHA1(
wordlist.toLocal8Bit().constData(), // const char *password,
wordlist.size(), // int password length,
(const unsigned char *)salt.constData(),// const unsigned char *salt,
salt.size(), // int saltlen,
iterationCount, // int iterations,
keyLength, // int keylen,
unsignedData(secretKey) // unsigned char *out
);
const auto ret = PKCS5_PBKDF2_HMAC(wordlist.toLocal8Bit().constData(), // const char *password,
wordlist.size(), // int password length,
(const unsigned char *)salt.constData(),// const unsigned char *salt,
salt.size(), // int saltlen,
iterationCount, // int iterations,
EVP_sha1(), // digest algorithm
keyLength, // int keylen,
unsignedData(secretKey)); // unsigned char *out

if (ret != 1) {
qCInfo(lcCse()) << "Failed to generate encryption key";
qCWarning(lcCse()) << "Failed to generate encryption key";
// Error out?
}

qCInfo(lcCse()) << "Encryption key generated!";
return secretKey;
}

QByteArray generatePassword(const QString& wordlist, const QByteArray& salt)
{
const auto iterationCount = 600000;
const auto keyStrength = 256;
const auto keyLength = keyStrength / 8;

QByteArray secretKey(keyLength, '\0');

const auto ret = PKCS5_PBKDF2_HMAC(wordlist.toLocal8Bit().constData(), // const char *password,
wordlist.size(), // int password length,
(const unsigned char *)salt.constData(),// const unsigned char *salt,
salt.size(), // int saltlen,
iterationCount, // int iterations,
EVP_sha1(), // digest algorithm
keyLength, // int keylen,
unsignedData(secretKey)); // unsigned char *out

if (ret != 1) {
qCWarning(lcCse()) << "Failed to generate encryption key";
// Error out?
}

return secretKey;
}
Expand Down Expand Up @@ -1639,11 +1660,15 @@ void ClientSideEncryption::decryptPrivateKey(const AccountPtr &account, const QB
// split off salt
const auto salt = EncryptionHelper::extractPrivateKeySalt(key);

auto pass = EncryptionHelper::generatePassword(mnemonic, salt);
const auto deprecatedPassword = EncryptionHelper::deprecatedGeneratePassword(mnemonic, salt);
const auto password = EncryptionHelper::generatePassword(mnemonic, salt);

QByteArray privateKey = EncryptionHelper::decryptPrivateKey(pass, key);
//_privateKey = QSslKey(privateKey, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
_privateKey = privateKey;
const auto privateKey = EncryptionHelper::decryptPrivateKey(password, key);
if (!privateKey.isEmpty()) {
_privateKey = privateKey;
} else {
_privateKey = EncryptionHelper::decryptPrivateKey(deprecatedPassword, key);
}

if (!_privateKey.isNull() && checkPublicKeyValidity(account)) {
writePrivateKey(account);
Expand Down

0 comments on commit fb63645

Please sign in to comment.