461aeca200
Do not crash when failing to decrypt the metadata
2018-03-26 22:02:46 +02:00
ec28465e01
Correctly handle systems without client side encryption
2018-03-26 20:51:14 +02:00
11684682e6
Return empty metadata in case of error, Display error to the user.
2018-03-25 22:31:49 +02:00
7da0764b8d
Don't class what's not a class
2018-02-18 01:23:59 +01:00
176a42a062
Return the error reported by openssl
2018-02-18 01:13:23 +01:00
5faeca1b82
Move BIO2ByteArray to annonymous namespace
...
This has no use outside of the clientsidenecryption.cpp
2018-02-18 01:04:44 +01:00
1eb7ba72f0
Use standardized filename
...
See https://github.com/nextcloud/end_to_end_encryption_rfc/issues/13
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-09 11:40:06 +01:00
296f46356e
If the metadata is empty we should store (and not update).
...
Android only creates the metadata file when the first encrypted file is
added. We assumed it would be there.
This hacky code makes us store the metadata if there wasn't any yet.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-29 22:04:50 +01:00
21d55c3321
No sharing in metadata yet and PEM as PKCS#8
...
* Don't store the metadata yet this crashes android
- Yes android should be fixed but for now this is quicker ;)
* QSslKey exports PEM as PKCS#1
- This is not handled properly on android so use PKCS#8 helper
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 21:02:52 +01:00
a2b8724adf
Hacky way to drop duplicates (we should really use the fileid!)
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 11:58:05 +01:00
5d6817e165
[CSE] Save the tag while encrypting.
2018-01-21 21:49:24 +01:00
261cedce3f
[CSE] Do not quit if encryption fails
...
It's much more reasonable to return failure and handle it.
2018-01-21 21:40:53 +01:00
d5a76ea70d
[CSE] Remove the DecryptionJob
...
Transform it into an Static function - it was blocking anyway
and this way it's easier to transform it into a thread in the
future.
2018-01-21 21:24:02 +01:00
4a2d0ab9e9
[CSE] Move code to display minemonic out of the libsync
...
The libsync should not contain Qt Widget related code.
2018-01-21 19:50:40 +01:00
6d613fb4d5
Quick and dirty way of showing the mnemonic for now
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-18 22:10:55 +01:00
5722d29e42
Double encode the metadatakeys
...
This is required by a misunderstanding of the RFC.
You need to resetup your test user.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 11:26:06 +01:00
50916bcda5
Mark ClientSideEncryption::isFolderEncrypted() as const
2017-12-29 17:28:35 +01:00
a63d34f870
Prepend "nextcloud" for all logging categories
...
Thus making easier to exclude logging from kio, qt
and only enable "nextcloud.*"
2017-12-28 17:33:10 -02:00
124a7253a4
[CSE] Create job to Update Metadata
2017-12-22 22:02:16 +01:00
65dfc47ac7
Set public key once certificate is retrieved
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-21 10:20:03 +01:00
0dc7831336
Key is already base64 decoded
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-21 09:49:31 +01:00
df5fd3fbe6
[CSE] More debug output, fix input file path
2017-12-21 00:00:27 +01:00
d87648c99a
[CSE] Use the metadata as pointer.
2017-12-20 23:30:51 +01:00
25d58ccd58
Revert "Store metadata keys as keys"
...
This commit broke decryption.
This reverts commit b9f094cd94
2017-12-20 23:16:42 +01:00
dd0528037d
[CSE] Generate a random name for the temporary file
2017-12-20 23:09:28 +01:00
3760b86e07
[CSE] Mobe fileEncryption to a static function
...
and I'll move all of those to a namespace latter.
2017-12-20 22:28:01 +01:00
20198c5c7b
Merge branch 'clientSideEncryptionV3' of github.com:nextcloud/client into clientSideEncryptionV3
2017-12-20 22:11:46 +01:00
3c301a8282
Add missing FolderMetadata functions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 22:08:57 +01:00
74bc9213c5
Generate encrypted metadata on the fly
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 22:04:26 +01:00
679bb1f18e
[CSE] Expose EncryptionHelper
2017-12-20 21:33:25 +01:00
14b18b146d
Merge branch 'clientSideEncryptionV3' of github.com:nextcloud/client into clientSideEncryptionV3
2017-12-20 21:29:54 +01:00
5e23ca9658
FolderMetaData: store metadataKeys in a QMap
...
* This allows us to pick the right key for files
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 21:25:27 +01:00
b9f094cd94
Store metadata keys as keys
...
Don't store them base64 encoded. But store them directly useable
2017-12-20 21:17:41 +01:00
c35b57cfba
Parse the files in the metadata
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 20:49:16 +01:00
1e899f4172
[CSE] Do not create QPointer from raw pointers
2017-12-20 20:00:59 +01:00
0347cf4e9e
[CSE] Store the sharing keys in memory
2017-12-20 19:40:58 +01:00
fc73ad7476
Salt should not be hardcoded
...
We append the salt (just like the IV) to the ciphertext of the private
key. This means we also have to split it off properly.
This breaks compartibility with currently stored keys on your server.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 16:07:33 +01:00
b924ad7282
Lower mnemonic when generating password
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 15:41:38 +01:00
4551bbe0e0
Forget key + cert + mnemonic on account removal
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 15:35:23 +01:00
a48a3e0acc
Cleanup old functions
...
Those functions had no use anymore since we store the key and cert in
the keychain. Removed them so we don't use them by accident.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 13:41:13 +01:00
ee281963fe
Base64 magic:
...
* metadata keys: bin -> b64 -> enc -> b64
* sharing metadat: string -> b64 -> enc -> b64
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 10:22:35 +01:00
ab89231ca2
[CSE] Remove unused debug
2017-12-20 00:25:56 +01:00
d26ade1870
[CSE] Fix the result of the decryption
...
However the text still looks like encrypted.
2017-12-20 00:25:39 +01:00
a1e6901ecc
[CSE] Decrypt correctly the metadata
...
There's a bug that's returning an empty bytearray, need to look
into that.
2017-12-20 00:20:27 +01:00
494ae31de9
[CSE] Fix correct json object
2017-12-19 23:09:39 +01:00
a02246dc65
[CSE] Fix Metadata bugs p1
...
The RFC was misleading, I took the chance to fix a few
inconsistencies regarding the QJsonDocument.
2017-12-19 22:47:05 +01:00
2e516dfc67
Merge branch 'clientSideEncryptionV3' of github.com:nextcloud/client into clientSideEncryptionV3
2017-12-15 15:05:51 +01:00
5607e27f20
[CSE] Actually save the http response result
2017-12-15 14:25:57 +01:00
43332d3ac7
[CSE] Properly update UI status to encrypted / decrypted
2017-12-15 14:00:42 +01:00
99b4381591
Don't try to decrypt twice
...
The DecryptMetaDataKeys already base64 decoded
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 23:11:40 +01:00
be3afd1291
Add FileEncryptJob and FileDecryptJob
...
This handles encryption and decryption of files.
Just create the job and start off.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 16:54:56 +01:00
c592871f94
[CSE] Do not handle b64 inside of the decrypt function
...
the decrypt function should deal with the raw data always.
2017-12-13 16:37:52 +01:00
9916583ffa
[CSE] More verbose output
2017-12-12 21:50:30 +01:00
25734afd39
First base64 decode
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-12 21:42:37 +01:00
ea3558faf6
[CSE] Fix strings
2017-12-12 21:29:06 +01:00
159c0e138f
[CSE] Add a DecryptAsync method
...
Also, cleanup a bit of the old calls. One particular difference
is that I used to set padding to 1 and it should actually be
PKCS1_OAEP_PADDING
2017-12-12 21:23:02 +01:00
aca298ca64
[CSE] Be explicit that async encryption uses publicKey
2017-12-12 20:14:31 +01:00
2127b2629d
[CSE] Move encryption related network jobs to its own file
...
Move encryption related network jobs to it's own file,
the original file was starting to be just way too big.
2017-12-12 19:36:47 +01:00
f6f078d1ee
[CSE] Rename Variable
2017-12-12 16:15:05 +01:00
ce37235cc4
[CSE] Retrieve the Private Key from the KeyChain
...
This fixes one thing and exposes a bug.
the MetadataKeys are not being correctly unencrypted.
2017-12-12 16:09:49 +01:00
0a58ea76e5
[CSE] Start the work with an existing metadata
2017-12-12 15:35:53 +01:00
0a83d3e743
[CSE] Fix reading the public key for the metadata
...
This broke when we started to use QSslKey and the Qt Keychain
framework.
2017-12-08 11:24:22 +01:00
4878e824e5
[CSE] Fix reading encrypted status of folders.
2017-12-07 19:04:12 +01:00
893ca66af8
[CSE] Fix indentation
...
Parts of the code are indented by spaces, other parts by tabs.
This needs to run in the whole codebase.
2017-12-07 18:12:25 +01:00
19120fde9f
[CSE] Don't query for files on GetFolderEncryptStatusJob
...
The request for folders whas also replying for files.
2017-12-07 18:10:14 +01:00
7fe4dd2163
[CSE] Renane GetFolderEncryptStatus to GetFolderEncryptStatusJob
...
it's a network job after all
2017-12-07 18:06:55 +01:00
863e86138f
[CSE] Pass the folder to the GetEncryptionStatus
...
Sometimes we are only interested in folders.
2017-12-07 17:32:35 +01:00
0f60deb043
Store and retrieve keys in keychain
...
* Store privatekey, certificate and mnemonic in keychain
* Retrieve private + public key from server
- ask for mnemonic to decrypt private key
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-28 12:36:35 +01:00
47b5cd0fbb
[CSE] Shows correctly Encrypt / Decrypt in the menu
2017-11-27 21:19:54 +01:00
dd903d447f
[CSE] Store the encryption status without the webdav url
...
The Folder information on the desktop client doesn't
knows about the webdav layout aparently.
2017-11-27 21:09:13 +01:00
d2d2df4c75
[CSE] Try to find the webdav url of a folder.
2017-11-27 21:06:38 +01:00
ffb9f69cf6
Start with moving data to the keychain
...
* Check for cert + privateKey in keychain
* Work with QSslKey and QSslCertificate
* Abstract reading the BIO's a bit more
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-27 16:21:53 +01:00
e3050f7456
[CSE] Pass by reference, return by value.
...
Also, Do not create variables in the heap to change it's value
via reference, prefer an aggregation value. use a Typedef to
fully specify what you want in return.
2017-11-27 15:21:29 +01:00
9cbe795045
Move more encryption functions to encryption helper
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-25 21:43:15 +01:00
e0fbdfe175
Remove obsolete encryption functions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-25 15:50:47 +01:00
12adff76e2
Properly decrypt private key and send it to the server
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-24 22:10:28 +01:00
6d145a676b
Added EncryptionHelper
...
This is to move generic encryption methods out of the main code and into
small helper functions. So we don't scatter the encryption code all over
the place.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-24 21:05:21 +01:00
45d9323653
[CSE] Update encryption status when folder is updated
2017-11-23 16:55:12 +01:00
d31aa7836a
[CSE] Add job to find what folders are encrypted.
...
This still needs to be correctly setuped in the call chain.
The job returns a QVariantMap with the folder-webdav-url
and the encrypted status.
2017-11-20 21:38:17 +01:00
14aeb6921b
[CSE] Fix invalid memory access
2017-11-13 18:15:08 +01:00
6351c01ee7
[CSE] Remember the token for folders
2017-11-13 17:04:02 +01:00
22a2ab8999
[CSE] Start to send the metadata to the server
2017-11-13 16:46:30 +01:00
4755b8c8a3
[CSE] More warnings
2017-11-12 13:03:52 +01:00
19d64e6308
[CSE] Remove warnings
2017-11-12 12:55:12 +01:00
685ceacace
[CSE] Memleaks
2017-11-11 16:25:38 +01:00
ee4a848d9a
[CSE] Correctly Unlock the Folder
...
Wireshark is love, and life.
2017-11-06 20:58:30 +01:00
7290cf2813
[CSE] Adjust the CN accordingly to the server
2017-11-06 20:57:50 +01:00
131fd4e483
Fix encryptJSON and descryptJSON
...
Now working with tag
Basically we called EVP_*Update to much which resulted in weird output.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-03 18:00:05 +01:00
be9cd358d4
[CSE] Bypass Qt DELETE Bug
...
It appears that Qt implementation of the DELETE http request
does not send bodyData, and we need that for Nextcloud.
Currently I changed the http request on the server side
to accept a POST instead of a DELETE, so I can actually
develop.
Also, I already poked the Qt developers that did this code.
2017-11-03 17:00:28 +01:00
6ad6852045
[CSE] Cleanup - remove commented metadata.
2017-11-03 16:59:39 +01:00
5514f14e88
[CSE] Get and send the lock - token
2017-11-03 15:12:12 +01:00
b53003792f
[CSE] Removed lambdas for Metadata / Lock / Unlock
2017-11-03 12:34:30 +01:00
6facd29663
[CSE] Start to break the lambdas
...
Lambda within a lambda is a terrible idea,
Use default signal / slot connections with a
method instead.
2017-11-03 12:00:25 +01:00
d7e05c9b05
[CSE] Comment out broken code.
...
But why it's broken?
2017-11-03 11:20:44 +01:00
8e3e3a4575
Be java compatible and store the tag at the end of the cipher text
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-02 12:39:42 +01:00
8d537fdd3c
[CSE] Get Metadata from the server
2017-11-01 18:32:33 +01:00
4a66cf11d2
[CSE] Send Metadata to the server
2017-11-01 18:21:30 +01:00
2698759525
[CSE] Implement the Folder Unlock api job
2017-11-01 17:54:17 +01:00
1b1add5ead
[CSE] Add api to lock file
2017-11-01 17:36:54 +01:00
e5fdcd2f38
[CSE] Add TODO:
2017-11-01 16:48:19 +01:00
Tomaz Canabrava