Skip to content

[stable-4.0] Bugfix/migrate user encryption certificate #9612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mgallien merged 5 commits into from
Mar 12, 2026
+101 −86
Merged

[stable-4.0] Bugfix/migrate user encryption certificate #9612

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
75dd93a
chore(e2ee): modernize casts to use c++ cast style
mgallien Mar 3, 2026
26f7e7a
chore(e2ee): add some debug output related to keys management
mgallien Mar 3, 2026
905f1b0
fix(e2ee): ensure we update the user own certificate when needed
mgallien Mar 3, 2026
cd44f4b
chore(e2ee): add more missing binary suffix for binary byte arrays
mgallien Mar 3, 2026
750e435
fix(e2ee): fix certificate migration
mgallien Mar 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 27 additions & 27 deletions src/libsync/clientsideencryption.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
/*
* SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: GPL-2.0-or-later
Expand Down Expand Up @@ -340,7 +340,7 @@
}

/* Initialise key and IV */
if(!EVP_EncryptInit_ex(ctx, nullptr, nullptr, (unsigned char *)key.constData(), (unsigned char *)iv.constData())) {
if(!EVP_EncryptInit_ex(ctx, nullptr, nullptr, reinterpret_cast<const unsigned char*>(key.constData()), reinterpret_cast<const unsigned char*>(iv.constData()))) {
qCInfo(lcCse()) << "Error initialising key and iv" << handleErrors();
}

Expand All @@ -352,7 +352,7 @@

// Do the actual encryption
int len = 0;
if(!EVP_EncryptUpdate(ctx, unsignedData(ctext), &len, (unsigned char *)privateKeyB64.constData(), privateKeyB64.size())) {
if(!EVP_EncryptUpdate(ctx, unsignedData(ctext), &len, reinterpret_cast<const unsigned char*>(privateKeyB64.constData()), privateKeyB64.size())) {

Check warning on line 355 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3O&open=AZziK8ev0rhq9DXONI3O&pullRequest=9612
qCInfo(lcCse()) << "Error encrypting" << handleErrors();
}

Expand Down Expand Up @@ -430,7 +430,7 @@
}

/* Initialise key and IV */
if(!EVP_DecryptInit_ex(ctx, nullptr, nullptr, (unsigned char *)key.constData(), (unsigned char *)iv.constData())) {
if(!EVP_DecryptInit_ex(ctx, nullptr, nullptr, reinterpret_cast<const unsigned char*>(key.constData()), reinterpret_cast<const unsigned char*>(iv.constData()))) {
qCInfo(lcCse()) << "Error initialising key and iv";
return QByteArray();
}
Expand All @@ -441,13 +441,13 @@
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
if(!EVP_DecryptUpdate(ctx, unsignedData(ptext), &plen, (unsigned char *)cipherTXT.constData(), cipherTXT.size())) {
if(!EVP_DecryptUpdate(ctx, unsignedData(ptext), &plen, reinterpret_cast<const unsigned char*>(cipherTXT.constData()), cipherTXT.size())) {

Check warning on line 444 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3P&open=AZziK8ev0rhq9DXONI3P&pullRequest=9612
qCInfo(lcCse()) << "Could not decrypt";
return QByteArray();
}

/* Set expected e2EeTag value. Works in OpenSSL 1.0.1d and later */
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, e2EeTag.size(), (unsigned char *)e2EeTag.constData())) {
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, e2EeTag.size(), const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>(e2EeTag.constData())))) {

Check warning on line 450 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3Q&open=AZziK8ev0rhq9DXONI3Q&pullRequest=9612

Check failure on line 450 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

const_cast removing const qualification from the type of a pointer may lead to an undefined behaviour. 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3a&open=AZziK8ev0rhq9DXONI3a&pullRequest=9612
qCInfo(lcCse()) << "Could not set e2EeTag";
return QByteArray();
}
Expand Down Expand Up @@ -520,7 +520,7 @@
}

/* Initialise key and IV */
if(!EVP_DecryptInit_ex(ctx, nullptr, nullptr, (unsigned char *)key.constData(), (unsigned char *)iv.constData())) {
if(!EVP_DecryptInit_ex(ctx, nullptr, nullptr, reinterpret_cast<const unsigned char*>(key.constData()), reinterpret_cast<const unsigned char*>(iv.constData()))) {
qCInfo(lcCse()) << "Error initialising key and iv";
return QByteArray();
}
Expand All @@ -531,13 +531,13 @@
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
if(!EVP_DecryptUpdate(ctx, unsignedData(ptext), &plen, (unsigned char *)cipherTXT.constData(), cipherTXT.size())) {
if(!EVP_DecryptUpdate(ctx, unsignedData(ptext), &plen, reinterpret_cast<const unsigned char*>(cipherTXT.constData()), cipherTXT.size())) {

Check warning on line 534 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3R&open=AZziK8ev0rhq9DXONI3R&pullRequest=9612
qCInfo(lcCse()) << "Could not decrypt";
return QByteArray();
}

/* Set expected e2EeTag value. Works in OpenSSL 1.0.1d and later */
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, e2EeTag.size(), (unsigned char *)e2EeTag.constData())) {
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, e2EeTag.size(), const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>(e2EeTag.constData())))) {

Check warning on line 540 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3S&open=AZziK8ev0rhq9DXONI3S&pullRequest=9612

Check failure on line 540 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

const_cast removing const qualification from the type of a pointer may lead to an undefined behaviour. 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3b&open=AZziK8ev0rhq9DXONI3b&pullRequest=9612
qCInfo(lcCse()) << "Could not set e2EeTag";
return QByteArray();
}
Expand Down Expand Up @@ -586,14 +586,14 @@
const QByteArray &binaryData)
{
if (!encryptionEngine.isInitialized()) {
qCWarning(lcCseDecryption()) << "end-to-end encryption is disabled";
qCWarning(lcCseEncryption()) << "end-to-end encryption is disabled";
return {};
}

if (encryptionEngine.useTokenBasedEncryption()) {
qCDebug(lcCseDecryption()) << "use certificate on hardware token" << selectedCertificate.sha256Fingerprint();
qCDebug(lcCseEncryption()) << "use certificate on hardware token" << selectedCertificate.sha256Fingerprint();
} else {
qCDebug(lcCseDecryption()) << "use certificate on software storage" << selectedCertificate.sha256Fingerprint();
qCDebug(lcCseEncryption()) << "use certificate on software storage" << selectedCertificate.sha256Fingerprint();
}

auto encryptedBase64Result = QByteArray{};
Expand All @@ -612,7 +612,7 @@
encryptedBase64Result = *encryptionResult;
break;
} else if (encryptionResult.error() == ClientSideEncryption::EncryptionErrorType::RetryOnError) {
qCInfo(lcCseDecryption()) << "retry encryption after error";
qCInfo(lcCseEncryption()) << "retry encryption after error";
needHardwareTokenEncryptionInit = true;
continue;
} else {
Expand Down Expand Up @@ -706,7 +706,7 @@
}

/* Initialise key and IV */
if(!EVP_EncryptInit_ex(ctx, nullptr, nullptr, (unsigned char *)key.constData(), (unsigned char *)iv.constData())) {
if(!EVP_EncryptInit_ex(ctx, nullptr, nullptr, reinterpret_cast<const unsigned char*>(key.constData()), reinterpret_cast<const unsigned char*>(iv.constData()))) {
qCInfo(lcCse()) << "Error initialising key and iv" << handleErrors();
return {};
}
Expand All @@ -719,7 +719,7 @@

// Do the actual encryption
int len = 0;
if(!EVP_EncryptUpdate(ctx, unsignedData(ctext), &len, (unsigned char *)dataB64.constData(), dataB64.size())) {
if(!EVP_EncryptUpdate(ctx, unsignedData(ctext), &len, reinterpret_cast<const unsigned char*>(dataB64.constData()), dataB64.size())) {

Check warning on line 722 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3T&open=AZziK8ev0rhq9DXONI3T&pullRequest=9612
qCInfo(lcCse()) << "Error encrypting" << handleErrors();
return {};
}
Expand Down Expand Up @@ -792,15 +792,15 @@
}

size_t outlen = 0;
err = EVP_PKEY_decrypt(ctx, nullptr, &outlen, (unsigned char *)binaryData.constData(), binaryData.size());
err = EVP_PKEY_decrypt(ctx, nullptr, &outlen, reinterpret_cast<const unsigned char*>(binaryData.constData()), binaryData.size());
if (err <= 0) {
qCInfo(lcCseDecryption()) << "Could not determine the buffer length" << handleErrors();
return {OCC::ClientSideEncryption::EncryptionErrorType::FatalError};
}

QByteArray out(static_cast<int>(outlen), '\0');

if (EVP_PKEY_decrypt(ctx, unsignedData(out), &outlen, (unsigned char *)binaryData.constData(), binaryData.size()) <= 0) {
if (EVP_PKEY_decrypt(ctx, unsignedData(out), &outlen, reinterpret_cast<const unsigned char*>(binaryData.constData()), binaryData.size()) <= 0) {
const auto error = handleErrors();
if (ClientSideEncryption::checkEncryptionErrorForHardwareTokenResetState(error)) {
return {OCC::ClientSideEncryption::EncryptionErrorType::RetryOnError};
Expand Down Expand Up @@ -846,7 +846,7 @@
}

size_t outLen = 0;
if (EVP_PKEY_encrypt(ctx, nullptr, &outLen, (unsigned char *)binaryData.constData(), binaryData.size()) != 1) {
if (EVP_PKEY_encrypt(ctx, nullptr, &outLen, reinterpret_cast<const unsigned char*>(binaryData.constData()), binaryData.size()) != 1) {
const auto error = handleErrors();
if (ClientSideEncryption::checkEncryptionErrorForHardwareTokenResetState(error)) {
encryptionEngine.initializeHardwareTokenEncryption(nullptr);
Expand All @@ -857,7 +857,7 @@
}

QByteArray out(static_cast<int>(outLen), '\0');
if (EVP_PKEY_encrypt(ctx, unsignedData(out), &outLen, (unsigned char *)binaryData.constData(), binaryData.size()) != 1) {
if (EVP_PKEY_encrypt(ctx, unsignedData(out), &outLen, reinterpret_cast<const unsigned char*>(binaryData.constData()), binaryData.size()) != 1) {
const auto error = handleErrors();
if (ClientSideEncryption::checkEncryptionErrorForHardwareTokenResetState(error)) {
encryptionEngine.initializeHardwareTokenEncryption(nullptr);
Expand Down Expand Up @@ -1364,9 +1364,9 @@
bool ClientSideEncryption::checkEncryptionIsWorking(const CertificateInformation &currentCertificate)
{
qCInfo(lcCse) << "check encryption is working before enabling end-to-end encryption feature";
QByteArray data = EncryptionHelper::generateRandom(64);
const auto binaryData = EncryptionHelper::generateRandom(64);

auto encryptedData = EncryptionHelper::encryptStringAsymmetric(currentCertificate, paddingMode(), *this, data);
auto encryptedData = EncryptionHelper::encryptStringAsymmetric(currentCertificate, paddingMode(), *this, binaryData);
if (!encryptedData) {
qCWarning(lcCse()) << "encryption error";
return false;
Expand All @@ -1384,7 +1384,7 @@

QByteArray decryptResult = QByteArray::fromBase64(*decryptionResult);

if (data != decryptResult) {
if (binaryData != decryptResult) {

Check warning on line 1387 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Use the init-statement to declare "decryptResult" inside the if statement. 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3c&open=AZziK8ev0rhq9DXONI3c&pullRequest=9612
qCInfo(lcCse()) << "recovered data does not match the initial data after encryption and decryption of it";
return false;
}
Expand Down Expand Up @@ -2455,7 +2455,7 @@
return false;
}

if(!EVP_EncryptUpdate(ctx, unsignedData(out), &len, (unsigned char *)data.constData(), data.size())) {
if(!EVP_EncryptUpdate(ctx, unsignedData(out), &len, reinterpret_cast<const unsigned char*>(data.constData()), data.size())) {

Check warning on line 2458 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3U&open=AZziK8ev0rhq9DXONI3U&pullRequest=9612
qCInfo(lcCse()) << "Could not encrypt";
return false;
}
Expand Down Expand Up @@ -2539,7 +2539,7 @@
return false;
}

if(!EVP_DecryptUpdate(ctx, unsignedData(out), &len, (unsigned char *)data.constData(), data.size())) {
if(!EVP_DecryptUpdate(ctx, unsignedData(out), &len, reinterpret_cast<const unsigned char*>(data.constData()), data.size())) {

Check warning on line 2542 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3V&open=AZziK8ev0rhq9DXONI3V&pullRequest=9612
qCInfo(lcCse()) << "Could not decrypt";
return false;
}
Expand All @@ -2550,7 +2550,7 @@
const QByteArray e2EeTag = input->read(OCC::Constants::e2EeTagSize);

/* Set expected e2EeTag value. Works in OpenSSL 1.0.1d and later */
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, e2EeTag.size(), (unsigned char *)e2EeTag.constData())) {
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, e2EeTag.size(), const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>(e2EeTag.constData())))) {

Check warning on line 2553 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3W&open=AZziK8ev0rhq9DXONI3W&pullRequest=9612

Check warning on line 2553 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Use the init-statement to declare "e2EeTag" inside the if statement. 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3d&open=AZziK8ev0rhq9DXONI3d&pullRequest=9612

Check failure on line 2553 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

const_cast removing const qualification from the type of a pointer may lead to an undefined behaviour. 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3e&open=AZziK8ev0rhq9DXONI3e&pullRequest=9612
qCInfo(lcCse()) << "Could not set expected e2EeTag";
return false;
}
Expand Down Expand Up @@ -2626,7 +2626,7 @@
return false;
}

if (!EVP_EncryptUpdate(ctx, unsignedData(out), &len, (unsigned char *)data.constData(), data.size())) {
if (!EVP_EncryptUpdate(ctx, unsignedData(out), &len, reinterpret_cast<const unsigned char*>(data.constData()), data.size())) {

Check warning on line 2629 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3X&open=AZziK8ev0rhq9DXONI3X&pullRequest=9612
qCInfo(lcCse()) << "Could not encrypt";
return false;
}
Expand Down Expand Up @@ -2721,7 +2721,7 @@
return false;
}

if (!EVP_DecryptUpdate(ctx, unsignedData(out), &len, (unsigned char *)data.constData(), data.size())) {
if (!EVP_DecryptUpdate(ctx, unsignedData(out), &len, reinterpret_cast<const unsigned char*>(data.constData()), data.size())) {

Check warning on line 2724 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3Y&open=AZziK8ev0rhq9DXONI3Y&pullRequest=9612
qCWarning(lcCse()) << "Could not decrypt";
return false;
}
Expand All @@ -2732,7 +2732,7 @@
const QByteArray e2EeTag = inputBuffer.read(OCC::Constants::e2EeTagSize);

/* Set expected e2EeTag value. Works in OpenSSL 1.0.1d and later */
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, e2EeTag.size(), (unsigned char *)e2EeTag.constData())) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, e2EeTag.size(), const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>(e2EeTag.constData())))) {

Check warning on line 2735 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Use the init-statement to declare "e2EeTag" inside the if statement. 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3f&open=AZziK8ev0rhq9DXONI3f&pullRequest=9612

Check warning on line 2735 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

implicit conversion loses integer precision: 'qsizetype' (aka 'long long') to 'int' 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3Z&open=AZziK8ev0rhq9DXONI3Z&pullRequest=9612

Check failure on line 2735 in src/libsync/clientsideencryption.cpp

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

const_cast removing const qualification from the type of a pointer may lead to an undefined behaviour. 


See more on https://sonarcloud.io/project/issues?id=nextcloud_desktop&issues=AZziK8ev0rhq9DXONI3g&open=AZziK8ev0rhq9DXONI3g&pullRequest=9612
qCWarning(lcCse()) << "Could not set expected e2EeTag";
return false;
}
Expand Down
1 change: 1 addition & 0 deletions src/libsync/encryptedfoldermetadatahandler.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,7 @@ void EncryptedFolderMetadataHandler::startUploadMetadata()
return;
}

folderMetadata()->updateSelfCertificate();
const auto encryptedMetadata = folderMetadata()->encryptedMetadata();
if (_isNewMetadataCreated) {
const auto job = new StoreMetaDataApiJob(_account, _folderId, _folderToken, encryptedMetadata, folderMetadata()->metadataSignature());
Expand Down
Loading
Loading