mirror of
https://github.com/nextcloud/desktop.git
synced 2024-10-25 13:55:47 +03:00
check checksum when getting e2ee metadata
Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
This commit is contained in:
parent
1b0a93eabc
commit
1b14c127a4
2 changed files with 36 additions and 13 deletions
|
@ -33,6 +33,7 @@
|
|||
#include <QUuid>
|
||||
#include <QScopeGuard>
|
||||
#include <QRandomGenerator>
|
||||
#include <QCryptographicHash>
|
||||
|
||||
#include <qt5keychain/keychain.h>
|
||||
#include <common/utility.h>
|
||||
|
@ -1555,10 +1556,10 @@ void FolderMetadata::setupExistingMetadata(const QByteArray& metadata)
|
|||
}
|
||||
}
|
||||
|
||||
if (_metadataKey.isEmpty()) {
|
||||
qCDebug(lcCse()) << "Could not setup existing metadata with missing metadataKeys!";
|
||||
return;
|
||||
}
|
||||
const auto sharing = metadataObj["sharing"].toString().toLocal8Bit();
|
||||
const auto files = metaDataDoc.object()["files"].toObject();
|
||||
const auto metadataKey = metaDataDoc.object()["metadata"].toObject()["metadataKey"].toString().toUtf8();
|
||||
const auto metadataKeyChecksum = metaDataDoc.object()["metadata"].toObject()["checksum"].toString().toUtf8();
|
||||
|
||||
QByteArray sharing = metadataObj["sharing"].toString().toLocal8Bit();
|
||||
QJsonObject files = metaDataDoc.object()["files"].toObject();
|
||||
|
@ -1609,12 +1610,10 @@ void FolderMetadata::setupExistingMetadata(const QByteArray& metadata)
|
|||
file.encryptionKey = QByteArray::fromBase64(decryptedFileObj["key"].toString().toLocal8Bit());
|
||||
file.mimetype = decryptedFileObj["mimetype"].toString().toLocal8Bit();
|
||||
|
||||
// In case we wrongly stored "inode/directory" we try to recover from it
|
||||
if (file.mimetype == QByteArrayLiteral("inode/directory")) {
|
||||
file.mimetype = QByteArrayLiteral("httpd/unix-directory");
|
||||
}
|
||||
|
||||
_files.push_back(file);
|
||||
if (!checkMetadataKeyChecksum(metadataKey, metadataKeyChecksum)) {
|
||||
_metadataKey.clear();
|
||||
_files.clear();
|
||||
return;
|
||||
}
|
||||
|
||||
// decryption finished, create new metadata key to be used for encryption
|
||||
|
@ -1663,6 +1662,26 @@ QByteArray FolderMetadata::decryptJsonObject(const QByteArray& encryptedMetadata
|
|||
return EncryptionHelper::decryptStringSymmetric(pass, encryptedMetadata);
|
||||
}
|
||||
|
||||
bool FolderMetadata::checkMetadataKeyChecksum(const QByteArray &metadataKey,
|
||||
const QByteArray &metadataKeyChecksum) const
|
||||
{
|
||||
const auto referenceMetadataKeyValue = computeMetadataKeyChecksum(metadataKey);
|
||||
return referenceMetadataKeyValue == metadataKeyChecksum;
|
||||
}
|
||||
|
||||
QByteArray FolderMetadata::computeMetadataKeyChecksum(const QByteArray &metadataKey) const
|
||||
{
|
||||
auto checksumData = _account->e2e()->_mnemonic.remove(' ');
|
||||
for (const auto &singleFile : _files) {
|
||||
checksumData += singleFile.encryptedFilename;
|
||||
}
|
||||
checksumData += metadataKey;
|
||||
|
||||
auto hashAlgorithm = QCryptographicHash{QCryptographicHash::Sha256};
|
||||
hashAlgorithm.addData(checksumData.toUtf8());
|
||||
return hashAlgorithm.result().toHex();
|
||||
}
|
||||
|
||||
bool FolderMetadata::isMetadataSetup() const
|
||||
{
|
||||
return _isMetadataSetup;
|
||||
|
|
|
@ -213,6 +213,10 @@ private:
|
|||
[[nodiscard]] QByteArray encryptJsonObject(const QByteArray& obj, const QByteArray pass) const;
|
||||
[[nodiscard]] QByteArray decryptJsonObject(const QByteArray& encryptedJsonBlob, const QByteArray& pass) const;
|
||||
|
||||
[[nodiscard]] bool checkMetadataKeyChecksum(const QByteArray &metadataKey, const QByteArray &metadataKeyChecksum) const;
|
||||
|
||||
[[nodiscard]] QByteArray computeMetadataKeyChecksum(const QByteArray &metadataKey) const;
|
||||
|
||||
QByteArray _metadataKey;
|
||||
|
||||
QVector<EncryptedFile> _files;
|
||||
|
|
Loading…
Reference in a new issue