From 8527448293a56ba52f7de0aa9a5e361490280a0d Mon Sep 17 00:00:00 2001 From: Matthieu Gallien Date: Wed, 27 Nov 2024 10:19:15 +0100 Subject: [PATCH] use modern non deprecated hash algorithm and parameters Signed-off-by: Matthieu Gallien --- src/libsync/clientsideencryption.cpp | 67 +++++++++++++++++++--------- 1 file changed, 46 insertions(+), 21 deletions(-) diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp index a5c0364c2b7ab..f5ac68583a0d0 100644 --- a/src/libsync/clientsideencryption.cpp +++ b/src/libsync/clientsideencryption.cpp @@ -224,31 +224,52 @@ QByteArray generateRandom(int size) return result; } -QByteArray generatePassword(const QString& wordlist, const QByteArray& salt) { - qCInfo(lcCse()) << "Start encryption key generation!"; - - const int iterationCount = 1024; - const int keyStrength = 256; - const int keyLength = keyStrength/8; +QByteArray deprecatedGeneratePassword(const QString& wordlist, const QByteArray& salt) +{ + const auto iterationCount = 1024; + const auto keyStrength = 256; + const auto keyLength = keyStrength / 8; QByteArray secretKey(keyLength, '\0'); - int ret = PKCS5_PBKDF2_HMAC_SHA1( - wordlist.toLocal8Bit().constData(), // const char *password, - wordlist.size(), // int password length, - (const unsigned char *)salt.constData(),// const unsigned char *salt, - salt.size(), // int saltlen, - iterationCount, // int iterations, - keyLength, // int keylen, - unsignedData(secretKey) // unsigned char *out - ); + const auto ret = PKCS5_PBKDF2_HMAC(wordlist.toLocal8Bit().constData(), // const char *password, + wordlist.size(), // int password length, + (const unsigned char *)salt.constData(),// const unsigned char *salt, + salt.size(), // int saltlen, + iterationCount, // int iterations, + EVP_sha1(), // digest algorithm + keyLength, // int keylen, + unsignedData(secretKey)); // unsigned char *out if (ret != 1) { - qCInfo(lcCse()) << "Failed to generate encryption key"; + qCWarning(lcCse()) << "Failed to generate encryption key"; // Error out? } - qCInfo(lcCse()) << "Encryption key generated!"; + return secretKey; +} + +QByteArray generatePassword(const QString& wordlist, const QByteArray& salt) +{ + const auto iterationCount = 600000; + const auto keyStrength = 256; + const auto keyLength = keyStrength / 8; + + QByteArray secretKey(keyLength, '\0'); + + const auto ret = PKCS5_PBKDF2_HMAC(wordlist.toLocal8Bit().constData(), // const char *password, + wordlist.size(), // int password length, + (const unsigned char *)salt.constData(),// const unsigned char *salt, + salt.size(), // int saltlen, + iterationCount, // int iterations, + EVP_sha1(), // digest algorithm + keyLength, // int keylen, + unsignedData(secretKey)); // unsigned char *out + + if (ret != 1) { + qCWarning(lcCse()) << "Failed to generate encryption key"; + // Error out? + } return secretKey; } @@ -1639,11 +1660,15 @@ void ClientSideEncryption::decryptPrivateKey(const AccountPtr &account, const QB // split off salt const auto salt = EncryptionHelper::extractPrivateKeySalt(key); - auto pass = EncryptionHelper::generatePassword(mnemonic, salt); + const auto deprecatedPassword = EncryptionHelper::deprecatedGeneratePassword(mnemonic, salt); + const auto password = EncryptionHelper::generatePassword(mnemonic, salt); - QByteArray privateKey = EncryptionHelper::decryptPrivateKey(pass, key); - //_privateKey = QSslKey(privateKey, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); - _privateKey = privateKey; + const auto privateKey = EncryptionHelper::decryptPrivateKey(password, key); + if (!privateKey.isEmpty()) { + _privateKey = privateKey; + } else { + _privateKey = EncryptionHelper::decryptPrivateKey(deprecatedPassword, key); + } if (!_privateKey.isNull() && checkPublicKeyValidity(account)) { writePrivateKey(account);