Merge pull request #7333 from nextcloud/bugfix/signature

Bugfix/signature

src/libsync/discoveryphase.cpp

@@ -696,6 +696,14 @@ void DiscoverySingleDirectoryJob::metadataReceived(const QJsonDocument &json, in
         }
     }
 
+    if (job->signature().isEmpty()) {
+        qCDebug(lcDiscovery) << "Initial signature is empty.";
+        _account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);
+        emit finished(HttpError{0, tr("Encrypted metadata setup error: initial signature from server is empty.")});
+        deleteLater();
+        return;
+    }
+
     const auto e2EeFolderMetadata = new FolderMetadata(_account,
                                                  _remoteRootFolderPath,
                                                  statusCode == 404 ? QByteArray{} : json.toJson(QJsonDocument::Compact),

src/libsync/foldermetadata.cpp

@@ -181,6 +181,12 @@ void FolderMetadata::setupExistingMetadata(const QByteArray &metadata)
         }
     }
 
+    if (_initialSignature.isEmpty()) {
+        qCDebug(lcCseMetadata()) << "Signature is empty";
+        _account->reportClientStatus(OCC::ClientStatusReportingStatus::E2EeError_GeneralError);
+        return;
+    }
+
     if (!parseFileDropPart(metaDataDoc)) {
         qCDebug(lcCseMetadata()) << "Could not parse filedrop part";
         return;

test/testclientsideencryptionv2.cpp

@@ -192,6 +192,41 @@ private slots:
         QVERIFY(metadataFromJson->isValid());
     }
 
+    void testFolderMetadataWithEmptySignatureDecryptFails()
+    {
+        QScopedPointer<FolderMetadata> metadata(new FolderMetadata(_account, "/", FolderMetadata::FolderType::Root));
+        QSignalSpy metadataSetupCompleteSpy(metadata.data(), &FolderMetadata::setupComplete);
+        metadataSetupCompleteSpy.wait();
+        QCOMPARE(metadataSetupCompleteSpy.count(), 1);
+        QVERIFY(metadata->isValid());
+
+        const auto encryptedMetadata = metadata->encryptedMetadata();
+        QVERIFY(!encryptedMetadata.isEmpty());
+
+        const auto signature = metadata->metadataSignature();
+        QVERIFY(!signature.isEmpty());
+
+        auto encryptedMetadataCopy = encryptedMetadata;
+        encryptedMetadataCopy.replace("\"", "\\\"");
+
+        const QJsonDocument ocsDoc = QJsonDocument::fromJson(QStringLiteral("{\"ocs\": {\"data\": {\"meta-data\": \"%1\"}}}")
+                                                           .arg(QString::fromUtf8(encryptedMetadataCopy)).toUtf8());
+
+        const QByteArray emptySignature = {};
+        QScopedPointer<FolderMetadata> metadataFromJson(new FolderMetadata(_account, "/",
+                                                                           ocsDoc.toJson(),
+                                                                           RootEncryptedFolderInfo::makeDefault(),
+                                                                           emptySignature));
+
+        QSignalSpy metadataSetupExistingCompleteSpy(metadataFromJson.data(), &FolderMetadata::setupComplete);
+        metadataSetupExistingCompleteSpy.wait();
+        QCOMPARE(metadataSetupExistingCompleteSpy.count(), 1);
+
+        QVERIFY(metadataFromJson->metadataSignature().isEmpty());
+        QVERIFY(metadataFromJson->metadataKeyForDecryption().isEmpty());
+        QVERIFY(!metadataFromJson->isValid());
+    }
+
     void testE2EeFolderMetadataSharing()
     {
         // instantiate empty metadata, add a file, and share with a second user "sharee"