fix: enhance encryption handling in SecureQSettings

* Updated encryptText to return std::optional<QByteArray> for better error handling. * Added fallback to plaintext storage if encryption fails in setValue method. * Improved logging for encryption errors and empty key scenarios.
2026-05-08 14:33:23 +00:00 · 2026-01-20 14:48:17 +04:00
parent b591dd7445
commit 238d149593
2 changed files with 20 additions and 10 deletions
--- a/client/secure_qsettings.cpp
+++ b/client/secure_qsettings.cpp
@@ -95,13 +95,17 @@ void SecureQSettings::setValue(const QString &key, const QVariant &value)
                ds << value;
            }

-            QByteArray encryptedValue = encryptText(decryptedValue);
-            m_settings.setValue(key, magicString + encryptedValue);
+            const auto encryptedValue = encryptText(decryptedValue);
+            if (encryptedValue.has_value()) {
+                m_settings.setValue(key, magicString + *encryptedValue);
+            } else {
+                qCritical() << "SecureQSettings::setValue encryption failed, plaintext fallback";
+                m_settings.setValue(key, value);
+            }
        } else {
-            qCritical() << "SecureQSettings::setValue Encryption required, but key is empty";
-            return;
+            qCritical() << "SecureQSettings::setValue Encryption required, but key is empty. plaintext fallback";
+            m_settings.setValue(key, value);
        }
-
    } else {
        m_settings.setValue(key, value);
    }
@@ -177,16 +181,21 @@ bool SecureQSettings::restoreAppConfig(const QByteArray &json)
    return true;
 }

-QByteArray SecureQSettings::encryptText(const QByteArray &value) const
+std::optional<QByteArray> SecureQSettings::encryptText(const QByteArray &value) const
 {
    QSimpleCrypto::QBlockCipher cipher;
-    QByteArray result;
+    QByteArray encrypted;
    try {
-        result = cipher.encryptAesBlockCipher(value, getEncKey(), getEncIv());
+        encrypted = cipher.encryptAesBlockCipher(value, getEncKey(), getEncIv());
    } catch (...) { // todo change error handling in QSimpleCrypto?
        qCritical() << "error when encrypting the settings value";
+        return std::nullopt;
    }
-    return result;
+    if (encrypted.isEmpty() && !value.isEmpty()) {
+        qCritical() << "error when encrypting the settings value: empty result";
+        return std::nullopt;
+    }
+    return encrypted;
 }

 QByteArray SecureQSettings::decryptText(const QByteArray &ba) const
--- a/client/secure_qsettings.h
+++ b/client/secure_qsettings.h
@@ -5,6 +5,7 @@
 #include <QMutexLocker>
 #include <QObject>
 #include <QSettings>
+#include <optional>

 #include "../client/3rd/qtkeychain/qtkeychain/keychain.h"

@@ -24,7 +25,7 @@ public:
    QByteArray backupAppConfig() const;
    bool restoreAppConfig(const QByteArray &json);

-    QByteArray encryptText(const QByteArray &value) const;
+    std::optional<QByteArray> encryptText(const QByteArray &value) const;
    QByteArray decryptText(const QByteArray &ba) const;

    bool encryptionRequired() const;