Merge pull request #9614 from nextcloud/backport/9514/stable-4.0

[stable-4.0] Bugfix/e2ee fixes for hardware certificate end to end encryption

Author: mgallien

src/libsync/clientsideencryption.cpp

@@ -62,6 +62,7 @@ QDebug operator<<(QDebug out, const std::string& str)
 }
 
 using namespace QKeychain;
+using namespace Qt::StringLiterals;
 
 namespace OCC
 {
@@ -590,9 +591,9 @@ std::optional<QByteArray> encryptStringAsymmetric(const CertificateInformation &
     }
 
     if (encryptionEngine.useTokenBasedEncryption()) {
-        qCDebug(lcCseEncryption()) << "use certificate on hardware token";
+        qCDebug(lcCseDecryption()) << "use certificate on hardware token" << selectedCertificate.sha256Fingerprint();
     } else {
-        qCDebug(lcCseEncryption()) << "use certificate on software storage";
+        qCDebug(lcCseDecryption()) << "use certificate on software storage" << selectedCertificate.sha256Fingerprint();
     }
 
     auto encryptedBase64Result = QByteArray{};
@@ -639,9 +640,9 @@ std::optional<QByteArray> decryptStringAsymmetric(const CertificateInformation &
     }
 
     if (encryptionEngine.useTokenBasedEncryption()) {
-        qCDebug(lcCseDecryption()) << "use certificate on hardware token";
+        qCDebug(lcCseDecryption()) << "use certificate on hardware token" << selectedCertificate.sha256Fingerprint();
     } else {
-        qCDebug(lcCseDecryption()) << "use certificate on software storage";
+        qCDebug(lcCseDecryption()) << "use certificate on software storage" << selectedCertificate.sha256Fingerprint();
     }
 
     auto decryptBase64Result = QByteArray{};
@@ -1034,11 +1035,7 @@ bool ClientSideEncryption::userCertificateNeedsMigration() const
 
 QByteArray ClientSideEncryption::certificateSha256Fingerprint() const
 {
-    if (useTokenBasedEncryption()) {
-        return _encryptionCertificate.sha256Fingerprint();
-    }
-
-    return {};
+    return _encryptionCertificate.sha256Fingerprint();
 }
 
 void ClientSideEncryption::setAccount(const AccountPtr &account)
@@ -1275,32 +1272,34 @@ void ClientSideEncryption::initializeHardwareTokenEncryption(QWidget *settingsDi
                 return;
             }
 
-            qCDebug(lcCse) << "checking the type of the key associated to the certificate";
-            qCDebug(lcCse) << "key type" << Qt::hex << PKCS11_get_key_type(certificateKey);
+            qCDebug(lcCse) << "checking the type of the key associated to the certificate" << sslCertificate.digest(QCryptographicHash::Sha256).toBase64();
+            qCDebug(lcCse) << "key type" << Qt::hex << PKCS11_get_key_type(certificateKey) << certificateKey;
+
+            auto newCertificateInformation = CertificateInformation{currentCertificate, std::move(sslCertificate)};
+
+            if (newCertificateInformation.isSelfSigned()) {
+                qCDebug(lcCse()) << "newly found certificate is self signed: goint to ignore it";
+                continue;
+            }
 
-            _otherCertificates.emplace_back(certificateKey, std::move(sslCertificate));
+            const auto &sslErrors = newCertificateInformation.verify();
+            for (const auto &sslError : sslErrors) {
+                qCInfo(lcCse()) << "certificate validation error" << sslError;
+            }
+
+            _otherCertificates.push_back(std::move(newCertificateInformation));
         }
     }
 
     for (const auto &oneCertificateInformation : _otherCertificates) {
-        if (oneCertificateInformation.isSelfSigned()) {
-            qCDebug(lcCse()) << "newly found certificate is self signed: goint to ignore it";
-            continue;
-        }
-
         if (!_usbTokenInformation.sha256Fingerprint().isEmpty() && oneCertificateInformation.sha256Fingerprint() != _usbTokenInformation.sha256Fingerprint()) {
             qCDebug(lcCse()) << "skipping certificate from" << "with fingerprint" << oneCertificateInformation.sha256Fingerprint() << "different from" << _usbTokenInformation.sha256Fingerprint();
             continue;
         }
 
-        const auto &sslErrors = oneCertificateInformation.verify();
-        for (const auto &sslError : sslErrors) {
-            qCInfo(lcCse()) << "certificate validation error" << sslError;
-        }
-
         setEncryptionCertificate(oneCertificateInformation);
 
-        if (canEncrypt() && !checkEncryptionIsWorking()) {
+        if (oneCertificateInformation.canEncrypt() && !checkEncryptionIsWorking(oneCertificateInformation)) {
             qCWarning(lcCse()) << "encryption is not properly setup";
 
             failedToInitialize();
@@ -1362,26 +1361,26 @@ void ClientSideEncryption::fetchPublicKeyFromKeyChain()
     job->start();
 }
 
-bool ClientSideEncryption::checkEncryptionIsWorking()
+bool ClientSideEncryption::checkEncryptionIsWorking(const CertificateInformation &currentCertificate)
 {
     qCInfo(lcCse) << "check encryption is working before enabling end-to-end encryption feature";
     QByteArray data = EncryptionHelper::generateRandom(64);
 
-    auto encryptedData = EncryptionHelper::encryptStringAsymmetric(getCertificateInformation(), paddingMode(), *this, data);
+    auto encryptedData = EncryptionHelper::encryptStringAsymmetric(currentCertificate, paddingMode(), *this, data);
     if (!encryptedData) {
         qCWarning(lcCse()) << "encryption error";
         return false;
     }
 
-    qCDebug(lcCse) << "encryption is working with" << getCertificateInformation().sha256Fingerprint();
+    qCDebug(lcCse) << "encryption is working with" << currentCertificate.sha256Fingerprint();
 
-    const auto decryptionResult = EncryptionHelper::decryptStringAsymmetric(getCertificateInformation(), paddingMode(), *this, *encryptedData);
+    const auto decryptionResult = EncryptionHelper::decryptStringAsymmetric(currentCertificate, paddingMode(), *this, *encryptedData);
     if (!decryptionResult) {
         qCWarning(lcCse()) << "encryption error";
         return false;
     }
 
-    qCDebug(lcCse) << "decryption is working with" << getCertificateInformation().sha256Fingerprint();
+    qCDebug(lcCse) << "decryption is working with" << currentCertificate.sha256Fingerprint();
 
     QByteArray decryptResult = QByteArray::fromBase64(*decryptionResult);
 
@@ -1390,7 +1389,7 @@ bool ClientSideEncryption::checkEncryptionIsWorking()
         return false;
     }
 
-    qCInfo(lcCse) << "end-to-end encryption is working with" << getCertificateInformation().sha256Fingerprint();
+    qCInfo(lcCse) << "end-to-end encryption is working with" << currentCertificate.sha256Fingerprint();
 
     return true;
 }
@@ -2317,7 +2316,7 @@ void ClientSideEncryption::decryptPrivateKey(const QByteArray &key) {
                 }
             }
 
-            if (!getPrivateKey().isNull() && checkEncryptionIsWorking()) {
+            if (!getPrivateKey().isNull() && checkEncryptionIsWorking(_encryptionCertificate)) {
                 writePrivateKey();
                 writeCertificate();
                 writeMnemonic([] () {});
@@ -3033,9 +3032,9 @@ CertificateInformation::CertificateInformation()
     checkEncryptionCertificate();
 }
 
-CertificateInformation::CertificateInformation(PKCS11_KEY *hardwarePrivateKey,
+CertificateInformation::CertificateInformation(PKCS11_CERT *hardwareCertificate,
                                                QSslCertificate &&certificate)
-    : _hardwarePrivateKey{hardwarePrivateKey}
+    : _hardwareCertificate{hardwareCertificate}
     , _certificate{std::move(certificate)}
     , _certificateType{CertificateType::HardwareCertificate}
 {
@@ -3045,7 +3044,7 @@ CertificateInformation::CertificateInformation(PKCS11_KEY *hardwarePrivateKey,
 CertificateInformation::CertificateInformation(CertificateType certificateType,
                                                const QByteArray &privateKey,
                                                QSslCertificate &&certificate)
-    : _hardwarePrivateKey()
+    : _hardwareCertificate()
     , _privateKeyData()
     , _certificate(std::move(certificate))
     , _certificateType{certificateType}
@@ -3072,7 +3071,7 @@ bool CertificateInformation::operator==(const CertificateInformation &other) con
 
 void CertificateInformation::clear()
 {
-    _hardwarePrivateKey = nullptr;
+    _hardwareCertificate = nullptr;
     _privateKeyData.clear();
     _certificate.clear();
     _certificateExpired = true;
@@ -3140,13 +3139,13 @@ PKey CertificateInformation::getEvpPublicKey() const
 
 PKCS11_KEY *CertificateInformation::getPkcs11PrivateKey() const
 {
-    return canDecrypt() ? _hardwarePrivateKey : nullptr;
+    return canDecrypt() && _hardwareCertificate ? PKCS11_find_key(_hardwareCertificate) : nullptr;
 }
 
 PKey CertificateInformation::getEvpPrivateKey() const
 {
-    if (_hardwarePrivateKey) {
-        return PKey::readHardwarePrivateKey(_hardwarePrivateKey);
+    if (_hardwareCertificate) {
+        return PKey::readHardwarePrivateKey(PKCS11_find_key(_hardwareCertificate));
     } else {
         const auto privateKeyPem = _privateKeyData;
         Q_ASSERT(!privateKeyPem.isEmpty());
@@ -3167,23 +3166,23 @@ const QSslCertificate &CertificateInformation::getCertificate() const
 
 bool CertificateInformation::canEncrypt() const
 {
-    return (_hardwarePrivateKey || !_certificate.isNull()) && !_certificateExpired && !_certificateNotYetValid && !_certificateRevoked && !_certificateInvalid;
+    return (_hardwareCertificate || !_certificate.isNull()) && !_certificateExpired && !_certificateNotYetValid && !_certificateRevoked && !_certificateInvalid;
 }
 
 bool CertificateInformation::canDecrypt() const
 {
-    return _hardwarePrivateKey || !_privateKeyData.isEmpty();
+    return _hardwareCertificate || !_privateKeyData.isEmpty();
 }
 
 bool CertificateInformation::userCertificateNeedsMigration() const
 {
-    return _hardwarePrivateKey &&
+    return _hardwareCertificate &&
         (_certificateExpired || _certificateNotYetValid || _certificateRevoked || _certificateInvalid);
 }
 
 bool CertificateInformation::sensitiveDataRemaining() const
 {
-    return _hardwarePrivateKey && !_privateKeyData.isEmpty() && !_certificate.isNull();
+    return _hardwareCertificate && !_privateKeyData.isEmpty() && !_certificate.isNull();
 }
 
 QByteArray CertificateInformation::sha256Fingerprint() const

src/libsync/clientsideencryption.h

@@ -55,7 +55,7 @@ class CertificateInformation {
 
     CertificateInformation();
 
-    explicit CertificateInformation(PKCS11_KEY *hardwarePrivateKey,
+    explicit CertificateInformation(PKCS11_CERT *hardwareCertificate,
                                     QSslCertificate &&certificate);
 
     explicit CertificateInformation(CertificateType certificateType,
@@ -99,7 +99,7 @@ class CertificateInformation {
 
     void doNotCheckEncryptionCertificate();
 
-    PKCS11_KEY* _hardwarePrivateKey = nullptr;
+    PKCS11_CERT* _hardwareCertificate = nullptr;
 
     QByteArray _privateKeyData;
 
@@ -391,7 +391,7 @@ private slots:
     [[nodiscard]] bool checkServerPublicKeyValidity(const QByteArray &serverPublicKeyString) const;
     [[nodiscard]] bool sensitiveDataRemaining() const;
 
-    [[nodiscard]] bool checkEncryptionIsWorking();
+    [[nodiscard]] bool checkEncryptionIsWorking(const CertificateInformation &currentCertificate);
 
     void failedToInitialize();
 

src/libsync/foldermetadata.cpp

@@ -181,7 +181,8 @@ void FolderMetadata::setupExistingMetadata(const QByteArray &metadata)
 
     if (_folderUsers.contains(_account->davUser())) {
         const auto currentFolderUser = _folderUsers.value(_account->davUser());
-        _metadataKeyForEncryption = QByteArray::fromBase64(decryptDataWithPrivateKey(currentFolderUser.encryptedMetadataKey));
+        const auto currentUserCertificate = QSslCertificate{currentFolderUser.certificatePem};
+        _metadataKeyForEncryption = QByteArray::fromBase64(decryptDataWithPrivateKey(currentFolderUser.encryptedMetadataKey, currentUserCertificate.digest(QCryptographicHash::Sha256).toBase64()));
         _metadataKeyForDecryption = _metadataKeyForEncryption;
     }
 
@@ -279,7 +280,7 @@ void FolderMetadata::setupExistingMetadataLegacy(const QByteArray &metadata)
     const auto metadataKeyFromJson = fullMetaDataObj[metadataKeyKey].toString().toLocal8Bit();
     if (!metadataKeyFromJson.isEmpty()) {
         // parse version 1.1 and 1.2 (both must have a single "metadataKey"), not "metadataKeys" as 1.0
-        const auto decryptedMetadataKeyBase64 = decryptDataWithPrivateKey(metadataKeyFromJson);
+        const auto decryptedMetadataKeyBase64 = decryptDataWithPrivateKey(metadataKeyFromJson, _account->e2e()->certificateSha256Fingerprint());
         if (!decryptedMetadataKeyBase64.isEmpty()) {
             // fromBase64() multiple times just to stick with the old wrong way
             _metadataKeyForDecryption = QByteArray::fromBase64(QByteArray::fromBase64(decryptedMetadataKeyBase64));
@@ -302,7 +303,7 @@ void FolderMetadata::setupExistingMetadataLegacy(const QByteArray &metadata)
         if (!lastMetadataKeyFromJson.isEmpty()) {
             const auto lastMetadataKeyValueFromJson = metadataKeys.value(lastMetadataKeyFromJson).toString().toLocal8Bit();
             if (!lastMetadataKeyValueFromJson.isEmpty()) {
-                const auto lastMetadataKeyValueFromJsonBase64 = decryptDataWithPrivateKey(lastMetadataKeyValueFromJson);
+                const auto lastMetadataKeyValueFromJsonBase64 = decryptDataWithPrivateKey(lastMetadataKeyValueFromJson, _account->e2e()->certificateSha256Fingerprint());
                 if (!lastMetadataKeyValueFromJsonBase64.isEmpty()) {
                     _metadataKeyForDecryption = QByteArray::fromBase64(QByteArray::fromBase64(lastMetadataKeyValueFromJsonBase64));
                 }
@@ -442,9 +443,10 @@ QByteArray FolderMetadata::encryptDataWithPublicKey(const QByteArray &binaryData
     return {};
 }
 
-QByteArray FolderMetadata::decryptDataWithPrivateKey(const QByteArray &base64Data) const
+QByteArray FolderMetadata::decryptDataWithPrivateKey(const QByteArray &base64Data,
+                                                     const QByteArray &base64CertificateSha256Hash) const
 {
-    const auto decryptBase64Result = EncryptionHelper::decryptStringAsymmetric(_account->e2e()->getCertificateInformation(), _account->e2e()->paddingMode(), *_account->e2e(), base64Data);
+    const auto decryptBase64Result = EncryptionHelper::decryptStringAsymmetric(_account->e2e()->getCertificateInformationByFingerprint(base64CertificateSha256Hash), _account->e2e()->paddingMode(), *_account->e2e(), base64Data);
     if (!decryptBase64Result) {
         qCWarning(lcCseMetadata()) << "ERROR. Could not decrypt the metadata key";
         _account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);
@@ -654,7 +656,12 @@ QByteArray FolderMetadata::encryptedMetadata()
     QJsonArray folderUsers;
     if (_isRootEncryptedFolder) {
         for (auto it = _folderUsers.constBegin(), end = _folderUsers.constEnd(); it != end; ++it) {
-            const auto folderUser = it.value();
+            auto folderUser = it.value();
+
+            if (folderUser.userId == _account->davUser()) {
+                folderUser.certificatePem = _account->e2e()->getCertificate().toPem();
+                updateUsersEncryptedMetadataKey();
+            }
 
             const QJsonObject folderUserJson{{usersUserIdKey, folderUser.userId},
                                              {usersCertificateKey, QJsonValue::fromVariant(folderUser.certificatePem)},
@@ -794,7 +801,7 @@ bool FolderMetadata::parseFileDropPart(const QJsonDocument &doc)
             if (userParsedId == _account->davUser()) {
                 const auto fileDropEntryUser = UserWithFileDropEntryAccess{
                     userParsedId,
-                    QByteArray::fromBase64(decryptDataWithPrivateKey(userParsed.value(usersEncryptedFiledropKey).toByteArray()))
+                    QByteArray::fromBase64(decryptDataWithPrivateKey(userParsed.value(usersEncryptedFiledropKey).toByteArray(), _account->e2e()->certificateSha256Fingerprint()))
                 };
                 if (!fileDropEntryUser.isValid()) {
                     qCWarning(lcCseMetadata()) << "Could not parse filedrop data. encryptedFiledropKey decryption failed";

src/libsync/foldermetadata.h

@@ -122,6 +122,8 @@ class OWNCLOUDSYNC_EXPORT FolderMetadata : public QObject
     // removes a user from this folder and removes and generates a new metadata key
     [[nodiscard]] bool removeUser(const QString &userId);
 
+    [[nodiscard]] bool updateUser(const QString &userId, const QSslCertificate &certificate, CertificateType certificateType);
+
     [[nodiscard]] const QByteArray metadataKeyForEncryption() const;
     [[nodiscard]] const QByteArray metadataKeyForDecryption() const;
     [[nodiscard]] const QSet<QByteArray> &keyChecksums() const;
@@ -151,7 +153,8 @@ public slots:
 
     [[nodiscard]] QByteArray encryptDataWithPublicKey(const QByteArray &data,
                                                       const CertificateInformation &shareUserCertificate) const;
-    [[nodiscard]] QByteArray decryptDataWithPrivateKey(const QByteArray &data) const;
+    [[nodiscard]] QByteArray decryptDataWithPrivateKey(const QByteArray &data,
+                                                       const QByteArray &base64CertificateSha256Hash) const;
 
     [[nodiscard]] QByteArray encryptJsonObject(const QByteArray& obj, const QByteArray pass) const;
     [[nodiscard]] QByteArray decryptJsonObject(const QByteArray& encryptedJsonBlob, const QByteArray& pass) const;

test/testclientsideencryptionv2.cpp

@@ -130,7 +130,7 @@ private slots:
             const auto encryptedMetadataKey = QByteArray::fromBase64(folderUserObject.value("encryptedMetadataKey").toString().toUtf8());
 
             if (!encryptedMetadataKey.isEmpty()) {
-                const auto decryptedMetadataKey = metadata->decryptDataWithPrivateKey(encryptedMetadataKey);
+                const auto decryptedMetadataKey = metadata->decryptDataWithPrivateKey(encryptedMetadataKey, _account->e2e()->certificateSha256Fingerprint());
                 if (decryptedMetadataKey.isEmpty()) {
                     break;
                 }
@@ -269,7 +269,7 @@ private slots:
             const auto encryptedMetadataKey = QByteArray::fromBase64(folderUserObject.value("encryptedMetadataKey").toString().toUtf8());
 
             if (!encryptedMetadataKey.isEmpty()) {
-                const auto decryptedMetadataKey = metadata->decryptDataWithPrivateKey(encryptedMetadataKey);
+                const auto decryptedMetadataKey = metadata->decryptDataWithPrivateKey(encryptedMetadataKey, _account->e2e()->certificateSha256Fingerprint());
                 if (decryptedMetadataKey.isEmpty()) {
                     break;
                 }
@@ -370,7 +370,7 @@ private slots:
             const auto encryptedMetadataKey = QByteArray::fromBase64(folderUserObject.value("encryptedMetadataKey").toString().toUtf8());
 
             if (!encryptedMetadataKey.isEmpty()) {
-                const auto decryptedMetadataKey = metadata->decryptDataWithPrivateKey(encryptedMetadataKey);
+                const auto decryptedMetadataKey = metadata->decryptDataWithPrivateKey(encryptedMetadataKey, _account->e2e()->certificateSha256Fingerprint());
                 if (decryptedMetadataKey.isEmpty()) {
                     break;
                 }