Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport/7642/stable 3.15 #7643

Merged
merged 1 commit into from
Dec 12, 2024
Merged

Backport/7642/stable 3.15 #7643

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 46 additions & 21 deletions src/libsync/clientsideencryption.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,31 +224,52 @@ QByteArray generateRandom(int size)
return result;
}

QByteArray generatePassword(const QString& wordlist, const QByteArray& salt) {
qCInfo(lcCse()) << "Start encryption key generation!";

const int iterationCount = 1024;
const int keyStrength = 256;
const int keyLength = keyStrength/8;
QByteArray deprecatedGeneratePassword(const QString& wordlist, const QByteArray& salt)
{
const auto iterationCount = 1024;
const auto keyStrength = 256;
const auto keyLength = keyStrength / 8;

QByteArray secretKey(keyLength, '\0');

int ret = PKCS5_PBKDF2_HMAC_SHA1(
wordlist.toLocal8Bit().constData(), // const char *password,
wordlist.size(), // int password length,
(const unsigned char *)salt.constData(),// const unsigned char *salt,
salt.size(), // int saltlen,
iterationCount, // int iterations,
keyLength, // int keylen,
unsignedData(secretKey) // unsigned char *out
);
const auto ret = PKCS5_PBKDF2_HMAC(wordlist.toLocal8Bit().constData(), // const char *password,
wordlist.size(), // int password length,
(const unsigned char *)salt.constData(),// const unsigned char *salt,
salt.size(), // int saltlen,
iterationCount, // int iterations,
EVP_sha1(), // digest algorithm
keyLength, // int keylen,
unsignedData(secretKey)); // unsigned char *out

if (ret != 1) {
qCInfo(lcCse()) << "Failed to generate encryption key";
qCWarning(lcCse()) << "Failed to generate encryption key";
// Error out?
}

qCInfo(lcCse()) << "Encryption key generated!";
return secretKey;
}

QByteArray generatePassword(const QString& wordlist, const QByteArray& salt)
{
const auto iterationCount = 600000;
const auto keyStrength = 256;
const auto keyLength = keyStrength / 8;

QByteArray secretKey(keyLength, '\0');

const auto ret = PKCS5_PBKDF2_HMAC(wordlist.toLocal8Bit().constData(), // const char *password,
wordlist.size(), // int password length,
(const unsigned char *)salt.constData(),// const unsigned char *salt,
salt.size(), // int saltlen,
iterationCount, // int iterations,
EVP_sha1(), // digest algorithm
keyLength, // int keylen,
unsignedData(secretKey)); // unsigned char *out

if (ret != 1) {
qCWarning(lcCse()) << "Failed to generate encryption key";
// Error out?
}

return secretKey;
}
Expand Down Expand Up @@ -1639,11 +1660,15 @@ void ClientSideEncryption::decryptPrivateKey(const AccountPtr &account, const QB
// split off salt
const auto salt = EncryptionHelper::extractPrivateKeySalt(key);

auto pass = EncryptionHelper::generatePassword(mnemonic, salt);
const auto deprecatedPassword = EncryptionHelper::deprecatedGeneratePassword(mnemonic, salt);
const auto password = EncryptionHelper::generatePassword(mnemonic, salt);

QByteArray privateKey = EncryptionHelper::decryptPrivateKey(pass, key);
//_privateKey = QSslKey(privateKey, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
_privateKey = privateKey;
const auto privateKey = EncryptionHelper::decryptPrivateKey(password, key);
if (!privateKey.isEmpty()) {
_privateKey = privateKey;
} else {
_privateKey = EncryptionHelper::decryptPrivateKey(deprecatedPassword, key);
}

if (!_privateKey.isNull() && checkPublicKeyValidity(account)) {
writePrivateKey(account);
Expand Down