Merge pull request #727 from nextcloud/fix-issue-268

Uses QByteArray to store private key.
nextcloud · Oct 23, 2018 · 206f081 · 206f081
2 parents 2d65091 + 1c8307f
commit 206f081
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 14 deletions.
diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
@@ -390,10 +390,9 @@ QByteArray decryptStringSymmetric(const QByteArray& key, const QByteArray& data)
     return result;
 }
 
-QByteArray privateKeyToPem(const QSslKey key) {
+QByteArray privateKeyToPem(const QByteArray key) {
     BIO *privateKeyBio = BIO_new(BIO_s_mem());
-    QByteArray privateKeyPem = key.toPem();
-    BIO_write(privateKeyBio, privateKeyPem.constData(), privateKeyPem.size());
+    BIO_write(privateKeyBio, key.constData(), key.size());
     EVP_PKEY *pkey = PEM_read_bio_PrivateKey(privateKeyBio, NULL, NULL, NULL);
 
     BIO *pemBio = BIO_new(BIO_s_mem());
@@ -694,7 +693,8 @@ void ClientSideEncryption::privateKeyFetched(Job *incoming) {
         return;
     }
 
-    _privateKey = QSslKey(readJob->binaryData(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
+    //_privateKey = QSslKey(readJob->binaryData(), QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
+    _privateKey = readJob->binaryData();
 
     if (_privateKey.isNull()) {
         getPrivateKeyFromServer();
@@ -723,7 +723,7 @@ void ClientSideEncryption::mnemonicKeyFetched(QKeychain::Job *incoming) {
     if (readJob->error() != NoError || readJob->textData().length() == 0) {
         _certificate = QSslCertificate();
         _publicKey = QSslKey();
-        _privateKey = QSslKey();
+        _privateKey = QByteArray();
         getPublicKeyFromServer();
         return;
     }
@@ -745,7 +745,7 @@ void ClientSideEncryption::writePrivateKey() {
     WritePasswordJob *job = new WritePasswordJob(Theme::instance()->appName());
     job->setInsecureFallback(false);
     job->setKey(kck);
-    job->setBinaryData(_privateKey.toPem());
+    job->setBinaryData(_privateKey);
     connect(job, &WritePasswordJob::finished, [this](Job *incoming) {
         Q_UNUSED(incoming);
         qCInfo(lcCse()) << "Private key stored in keychain";
@@ -791,7 +791,7 @@ void ClientSideEncryption::writeMnemonic() {
 
 void ClientSideEncryption::forgetSensitiveData()
 {
-    _privateKey = QSslKey();
+    _privateKey = QByteArray();
     _certificate = QSslCertificate();
     _publicKey = QSslKey();
     _mnemonic = QString();
@@ -859,7 +859,8 @@ void ClientSideEncryption::generateKeyPair()
         return;
     }
     QByteArray key = BIO2ByteArray(privKey);
-    _privateKey = QSslKey(key, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
+    //_privateKey = QSslKey(key, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
+    _privateKey = key;
 
     qCInfo(lcCse()) << "Keys generated correctly, sending to server.";
     generateCSR(localKeyPair);
@@ -1025,9 +1026,10 @@ void ClientSideEncryption::decryptPrivateKey(const QByteArray &key) {
             qCInfo(lcCse()) << "Generated key:" << pass;
 
             QByteArray privateKey = EncryptionHelper::decryptPrivateKey(pass, key2);
-            _privateKey = QSslKey(privateKey, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
+            //_privateKey = QSslKey(privateKey, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey);
+            _privateKey = privateKey;
 
-            qCInfo(lcCse()) << "Private key: " << _privateKey.toPem();
+            qCInfo(lcCse()) << "Private key: " << _privateKey;
 
             if (!_privateKey.isNull()) {
                 writePrivateKey();
@@ -1037,7 +1039,7 @@ void ClientSideEncryption::decryptPrivateKey(const QByteArray &key) {
             }
         } else {
             _mnemonic = QString();
-            _privateKey = QSslKey();
+            _privateKey = QByteArray();
             qCInfo(lcCse()) << "Cancelled";
             break;
         }
@@ -1226,7 +1228,7 @@ QByteArray FolderMetadata::encryptMetadataKey(const QByteArray& data) const {
 QByteArray FolderMetadata::decryptMetadataKey(const QByteArray& encryptedMetadata) const
 {
     BIO *privateKeyBio = BIO_new(BIO_s_mem());
-    QByteArray privateKeyPem = _account->e2e()->_privateKey.toPem();
+    QByteArray privateKeyPem = _account->e2e()->_privateKey;
     BIO_write(privateKeyBio, privateKeyPem.constData(), privateKeyPem.size());
     EVP_PKEY *key = PEM_read_bio_PrivateKey(privateKeyBio, NULL, NULL, NULL);
 

diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h
@@ -47,7 +47,7 @@ namespace EncryptionHelper {
             const QByteArray& data
     );
 
-    QByteArray privateKeyToPem(const QSslKey key);
+    QByteArray privateKeyToPem(const QByteArray key);
 
     //TODO: change those two EVP_PKEY into QSslKey.
     QByteArray encryptStringAsymmetric(
@@ -122,7 +122,8 @@ private slots:
     QMap<QString, bool> _folder2encryptedStatus;
 
 public:
-    QSslKey _privateKey;
+    //QSslKey _privateKey;
+    QByteArray _privateKey;
     QSslKey _publicKey;
     QSslCertificate _certificate;
     QString _mnemonic;