From: Kevin Ottens <kevin.ottens@nextcloud.com>
Date: Mon, 10 Aug 2020 09:19:20 +0000 (+0200)
Subject: Ignore the salt part of the key during decryption
X-Git-Tag: archive/raspbian/3.16.7-1_deb13u1+rpi1~1^2~12^2~22^2~242^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d5339265fb08d820c6c18fb6835c765c3e4f57c2;p=nextcloud-desktop.git

Ignore the salt part of the key during decryption

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
---

diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
index f78c264d4..bf0a30506 100644
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@@ -371,11 +371,16 @@ QByteArray decryptPrivateKey(const QByteArray& key, const QByteArray& data) {
     qCInfo(lcCse()) << "decryptStringSymmetric key: " << key;
     qCInfo(lcCse()) << "decryptStringSymmetric data: " << data;
 
-    int sep = data.indexOf('|');
-    qCInfo(lcCse()) << "sep at" << sep;
+    const auto parts = data.split('|');
+    qCInfo(lcCse()) << "found parts:" << parts;
 
-    QByteArray cipherTXT64 = data.left(sep);
-    QByteArray ivB64 = data.right(data.size() - sep - 1);
+    if (parts.size() < 2) {
+        qCInfo(lcCse()) << "Not enough parts found";
+        return QByteArray();
+    }
+
+    QByteArray cipherTXT64 = parts.at(0);
+    QByteArray ivB64 = parts.at(1);
 
     qCInfo(lcCse()) << "decryptStringSymmetric cipherTXT: " << cipherTXT64;
     qCInfo(lcCse()) << "decryptStringSymmetric IV: " << ivB64;
@@ -1133,12 +1138,11 @@ void ClientSideEncryption::decryptPrivateKey(const QByteArray &key) {
             // Todo better place?
             auto pos = key.lastIndexOf('|');
             QByteArray salt = QByteArray::fromBase64(key.mid(pos + 1));
-            auto key2 = key.left(pos);
 
             auto pass = EncryptionHelper::generatePassword(mnemonic, salt);
             qCInfo(lcCse()) << "Generated key:" << pass;
 
-            QByteArray privateKey = EncryptionHelper::decryptPrivateKey(pass, key2);
+            QByteArray privateKey = EncryptionHelper::decryptPrivateKey(pass, key);
             //_privateKey = QSslKey(privateKey, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
             _privateKey = privateKey;
 
diff --git a/test/testclientsideencryption.cpp b/test/testclientsideencryption.cpp
index b439c17ac..b7916c42e 100644
--- a/test/testclientsideencryption.cpp
+++ b/test/testclientsideencryption.cpp
@@ -50,8 +50,8 @@ private slots:
         const auto originalSalt = QByteArrayLiteral("baz");
         const auto cipher = EncryptionHelper::encryptPrivateKey(encryptionKey, originalPrivateKey, originalSalt);
 
-        // WHEN (note the salt is not passed, so had to extract by hand)
-        const auto privateKey = EncryptionHelper::decryptPrivateKey(encryptionKey, cipher.left(cipher.lastIndexOf('|')));
+        // WHEN
+        const auto privateKey = EncryptionHelper::decryptPrivateKey(encryptionKey, cipher);
 
         // THEN
         QCOMPARE(privateKey, originalPrivateKey);