Tomaz Canabrava
461aeca200
Do not crash when failing to decrypt the metadata
2018-03-26 22:02:46 +02:00
Tomaz Canabrava
ec28465e01
Correctly handle systems without client side encryption
2018-03-26 20:51:14 +02:00
Tomaz Canabrava
11684682e6
Return empty metadata in case of error, Display error to the user.
2018-03-25 22:31:49 +02:00
Tomaz Canabrava
7da0764b8d
Don't class what's not a class
2018-02-18 01:23:59 +01:00
Tomaz Canabrava
176a42a062
Return the error reported by openssl
2018-02-18 01:13:23 +01:00
Tomaz Canabrava
5faeca1b82
Move BIO2ByteArray to annonymous namespace
...
This has no use outside of the clientsidenecryption.cpp
2018-02-18 01:04:44 +01:00
Roeland Jago Douma
1eb7ba72f0
Use standardized filename
...
See https://github.com/nextcloud/end_to_end_encryption_rfc/issues/13
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-09 11:40:06 +01:00
Roeland Jago Douma
296f46356e
If the metadata is empty we should store (and not update).
...
Android only creates the metadata file when the first encrypted file is
added. We assumed it would be there.
This hacky code makes us store the metadata if there wasn't any yet.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-29 22:04:50 +01:00
Roeland Jago Douma
21d55c3321
No sharing in metadata yet and PEM as PKCS#8
...
* Don't store the metadata yet this crashes android
- Yes android should be fixed but for now this is quicker ;)
* QSslKey exports PEM as PKCS#1
- This is not handled properly on android so use PKCS#8 helper
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 21:02:52 +01:00
Roeland Jago Douma
a2b8724adf
Hacky way to drop duplicates (we should really use the fileid!)
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 11:58:05 +01:00
Tomaz Canabrava
5d6817e165
[CSE] Save the tag while encrypting.
2018-01-21 21:49:24 +01:00
Tomaz Canabrava
261cedce3f
[CSE] Do not quit if encryption fails
...
It's much more reasonable to return failure and handle it.
2018-01-21 21:40:53 +01:00
Tomaz Canabrava
d5a76ea70d
[CSE] Remove the DecryptionJob
...
Transform it into an Static function - it was blocking anyway
and this way it's easier to transform it into a thread in the
future.
2018-01-21 21:24:02 +01:00
Tomaz Canabrava
4a2d0ab9e9
[CSE] Move code to display minemonic out of the libsync
...
The libsync should not contain Qt Widget related code.
2018-01-21 19:50:40 +01:00
Roeland Jago Douma
6d613fb4d5
Quick and dirty way of showing the mnemonic for now
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-18 22:10:55 +01:00
Roeland Jago Douma
5722d29e42
Double encode the metadatakeys
...
This is required by a misunderstanding of the RFC.
You need to resetup your test user.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 11:26:06 +01:00
Daniel Nicoletti
50916bcda5
Mark ClientSideEncryption::isFolderEncrypted() as const
2017-12-29 17:28:35 +01:00
Daniel Nicoletti
a63d34f870
Prepend "nextcloud" for all logging categories
...
Thus making easier to exclude logging from kio, qt
and only enable "nextcloud.*"
2017-12-28 17:33:10 -02:00
Tomaz Canabrava
124a7253a4
[CSE] Create job to Update Metadata
2017-12-22 22:02:16 +01:00
Roeland Jago Douma
65dfc47ac7
Set public key once certificate is retrieved
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-21 10:20:03 +01:00
Roeland Jago Douma
0dc7831336
Key is already base64 decoded
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-21 09:49:31 +01:00
Tomaz Canabrava
df5fd3fbe6
[CSE] More debug output, fix input file path
2017-12-21 00:00:27 +01:00
Tomaz Canabrava
d87648c99a
[CSE] Use the metadata as pointer.
2017-12-20 23:30:51 +01:00
Tomaz Canabrava
25d58ccd58
Revert "Store metadata keys as keys"
...
This commit broke decryption.
This reverts commit b9f094cd94
.
2017-12-20 23:16:42 +01:00
Tomaz Canabrava
dd0528037d
[CSE] Generate a random name for the temporary file
2017-12-20 23:09:28 +01:00
Tomaz Canabrava
3760b86e07
[CSE] Mobe fileEncryption to a static function
...
and I'll move all of those to a namespace latter.
2017-12-20 22:28:01 +01:00
Tomaz Canabrava
20198c5c7b
Merge branch 'clientSideEncryptionV3' of github.com:nextcloud/client into clientSideEncryptionV3
2017-12-20 22:11:46 +01:00
Roeland Jago Douma
3c301a8282
Add missing FolderMetadata functions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 22:08:57 +01:00
Roeland Jago Douma
74bc9213c5
Generate encrypted metadata on the fly
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 22:04:26 +01:00
Tomaz Canabrava
679bb1f18e
[CSE] Expose EncryptionHelper
2017-12-20 21:33:25 +01:00
Tomaz Canabrava
14b18b146d
Merge branch 'clientSideEncryptionV3' of github.com:nextcloud/client into clientSideEncryptionV3
2017-12-20 21:29:54 +01:00
Roeland Jago Douma
5e23ca9658
FolderMetaData: store metadataKeys in a QMap
...
* This allows us to pick the right key for files
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 21:25:27 +01:00
Roeland Jago Douma
b9f094cd94
Store metadata keys as keys
...
Don't store them base64 encoded. But store them directly useable
2017-12-20 21:17:41 +01:00
Roeland Jago Douma
c35b57cfba
Parse the files in the metadata
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 20:49:16 +01:00
Tomaz Canabrava
1e899f4172
[CSE] Do not create QPointer from raw pointers
2017-12-20 20:00:59 +01:00
Tomaz Canabrava
0347cf4e9e
[CSE] Store the sharing keys in memory
2017-12-20 19:40:58 +01:00
Roeland Jago Douma
fc73ad7476
Salt should not be hardcoded
...
We append the salt (just like the IV) to the ciphertext of the private
key. This means we also have to split it off properly.
This breaks compartibility with currently stored keys on your server.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 16:07:33 +01:00
Roeland Jago Douma
b924ad7282
Lower mnemonic when generating password
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 15:41:38 +01:00
Roeland Jago Douma
4551bbe0e0
Forget key + cert + mnemonic on account removal
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 15:35:23 +01:00
Roeland Jago Douma
a48a3e0acc
Cleanup old functions
...
Those functions had no use anymore since we store the key and cert in
the keychain. Removed them so we don't use them by accident.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 13:41:13 +01:00
Roeland Jago Douma
ee281963fe
Base64 magic:
...
* metadata keys: bin -> b64 -> enc -> b64
* sharing metadat: string -> b64 -> enc -> b64
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-20 10:22:35 +01:00
Tomaz Canabrava
ab89231ca2
[CSE] Remove unused debug
2017-12-20 00:25:56 +01:00
Tomaz Canabrava
d26ade1870
[CSE] Fix the result of the decryption
...
However the text still looks like encrypted.
2017-12-20 00:25:39 +01:00
Tomaz Canabrava
a1e6901ecc
[CSE] Decrypt correctly the metadata
...
There's a bug that's returning an empty bytearray, need to look
into that.
2017-12-20 00:20:27 +01:00
Tomaz Canabrava
494ae31de9
[CSE] Fix correct json object
2017-12-19 23:09:39 +01:00
Tomaz Canabrava
a02246dc65
[CSE] Fix Metadata bugs p1
...
The RFC was misleading, I took the chance to fix a few
inconsistencies regarding the QJsonDocument.
2017-12-19 22:47:05 +01:00
Tomaz Canabrava
2e516dfc67
Merge branch 'clientSideEncryptionV3' of github.com:nextcloud/client into clientSideEncryptionV3
2017-12-15 15:05:51 +01:00
Tomaz Canabrava
5607e27f20
[CSE] Actually save the http response result
2017-12-15 14:25:57 +01:00
Tomaz Canabrava
43332d3ac7
[CSE] Properly update UI status to encrypted / decrypted
2017-12-15 14:00:42 +01:00
Roeland Jago Douma
99b4381591
Don't try to decrypt twice
...
The DecryptMetaDataKeys already base64 decoded
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 23:11:40 +01:00
Roeland Jago Douma
be3afd1291
Add FileEncryptJob and FileDecryptJob
...
This handles encryption and decryption of files.
Just create the job and start off.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 16:54:56 +01:00
Tomaz Canabrava
c592871f94
[CSE] Do not handle b64 inside of the decrypt function
...
the decrypt function should deal with the raw data always.
2017-12-13 16:37:52 +01:00
Tomaz Canabrava
9916583ffa
[CSE] More verbose output
2017-12-12 21:50:30 +01:00
Roeland Jago Douma
25734afd39
First base64 decode
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-12 21:42:37 +01:00
Tomaz Canabrava
ea3558faf6
[CSE] Fix strings
2017-12-12 21:29:06 +01:00
Tomaz Canabrava
159c0e138f
[CSE] Add a DecryptAsync method
...
Also, cleanup a bit of the old calls. One particular difference
is that I used to set padding to 1 and it should actually be
PKCS1_OAEP_PADDING
2017-12-12 21:23:02 +01:00
Tomaz Canabrava
aca298ca64
[CSE] Be explicit that async encryption uses publicKey
2017-12-12 20:14:31 +01:00
Tomaz Canabrava
2127b2629d
[CSE] Move encryption related network jobs to its own file
...
Move encryption related network jobs to it's own file,
the original file was starting to be just way too big.
2017-12-12 19:36:47 +01:00
Tomaz Canabrava
f6f078d1ee
[CSE] Rename Variable
2017-12-12 16:15:05 +01:00
Tomaz Canabrava
ce37235cc4
[CSE] Retrieve the Private Key from the KeyChain
...
This fixes one thing and exposes a bug.
the MetadataKeys are not being correctly unencrypted.
2017-12-12 16:09:49 +01:00
Tomaz Canabrava
0a58ea76e5
[CSE] Start the work with an existing metadata
2017-12-12 15:35:53 +01:00
Tomaz Canabrava
0a83d3e743
[CSE] Fix reading the public key for the metadata
...
This broke when we started to use QSslKey and the Qt Keychain
framework.
2017-12-08 11:24:22 +01:00
Tomaz Canabrava
4878e824e5
[CSE] Fix reading encrypted status of folders.
2017-12-07 19:04:12 +01:00
Tomaz Canabrava
893ca66af8
[CSE] Fix indentation
...
Parts of the code are indented by spaces, other parts by tabs.
This needs to run in the whole codebase.
2017-12-07 18:12:25 +01:00
Tomaz Canabrava
19120fde9f
[CSE] Don't query for files on GetFolderEncryptStatusJob
...
The request for folders whas also replying for files.
2017-12-07 18:10:14 +01:00
Tomaz Canabrava
7fe4dd2163
[CSE] Renane GetFolderEncryptStatus to GetFolderEncryptStatusJob
...
it's a network job after all
2017-12-07 18:06:55 +01:00
Tomaz Canabrava
863e86138f
[CSE] Pass the folder to the GetEncryptionStatus
...
Sometimes we are only interested in folders.
2017-12-07 17:32:35 +01:00
Roeland Jago Douma
0f60deb043
Store and retrieve keys in keychain
...
* Store privatekey, certificate and mnemonic in keychain
* Retrieve private + public key from server
- ask for mnemonic to decrypt private key
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-28 12:36:35 +01:00
Tomaz Canabrava
47b5cd0fbb
[CSE] Shows correctly Encrypt / Decrypt in the menu
2017-11-27 21:19:54 +01:00
Tomaz Canabrava
dd903d447f
[CSE] Store the encryption status without the webdav url
...
The Folder information on the desktop client doesn't
knows about the webdav layout aparently.
2017-11-27 21:09:13 +01:00
Tomaz Canabrava
d2d2df4c75
[CSE] Try to find the webdav url of a folder.
2017-11-27 21:06:38 +01:00
Roeland Jago Douma
ffb9f69cf6
Start with moving data to the keychain
...
* Check for cert + privateKey in keychain
* Work with QSslKey and QSslCertificate
* Abstract reading the BIO's a bit more
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-27 16:21:53 +01:00
Tomaz Canabrava
e3050f7456
[CSE] Pass by reference, return by value.
...
Also, Do not create variables in the heap to change it's value
via reference, prefer an aggregation value. use a Typedef to
fully specify what you want in return.
2017-11-27 15:21:29 +01:00
Roeland Jago Douma
9cbe795045
Move more encryption functions to encryption helper
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-25 21:43:15 +01:00
Roeland Jago Douma
e0fbdfe175
Remove obsolete encryption functions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-25 15:50:47 +01:00
Roeland Jago Douma
12adff76e2
Properly decrypt private key and send it to the server
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-24 22:10:28 +01:00
Roeland Jago Douma
6d145a676b
Added EncryptionHelper
...
This is to move generic encryption methods out of the main code and into
small helper functions. So we don't scatter the encryption code all over
the place.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-24 21:05:21 +01:00
Tomaz Canabrava
45d9323653
[CSE] Update encryption status when folder is updated
2017-11-23 16:55:12 +01:00
Tomaz Canabrava
d31aa7836a
[CSE] Add job to find what folders are encrypted.
...
This still needs to be correctly setuped in the call chain.
The job returns a QVariantMap with the folder-webdav-url
and the encrypted status.
2017-11-20 21:38:17 +01:00
Tomaz Canabrava
14aeb6921b
[CSE] Fix invalid memory access
2017-11-13 18:15:08 +01:00
Tomaz Canabrava
6351c01ee7
[CSE] Remember the token for folders
2017-11-13 17:04:02 +01:00
Tomaz Canabrava
22a2ab8999
[CSE] Start to send the metadata to the server
2017-11-13 16:46:30 +01:00
Tomaz Canabrava
4755b8c8a3
[CSE] More warnings
2017-11-12 13:03:52 +01:00
Tomaz Canabrava
19d64e6308
[CSE] Remove warnings
2017-11-12 12:55:12 +01:00
Tomaz Canabrava
685ceacace
[CSE] Memleaks
2017-11-11 16:25:38 +01:00
Tomaz Canabrava
ee4a848d9a
[CSE] Correctly Unlock the Folder
...
Wireshark is love, and life.
2017-11-06 20:58:30 +01:00
Tomaz Canabrava
7290cf2813
[CSE] Adjust the CN accordingly to the server
2017-11-06 20:57:50 +01:00
Roeland Jago Douma
131fd4e483
Fix encryptJSON and descryptJSON
...
Now working with tag
Basically we called EVP_*Update to much which resulted in weird output.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-03 18:00:05 +01:00
Tomaz Canabrava
be9cd358d4
[CSE] Bypass Qt DELETE Bug
...
It appears that Qt implementation of the DELETE http request
does not send bodyData, and we need that for Nextcloud.
Currently I changed the http request on the server side
to accept a POST instead of a DELETE, so I can actually
develop.
Also, I already poked the Qt developers that did this code.
2017-11-03 17:00:28 +01:00
Tomaz Canabrava
6ad6852045
[CSE] Cleanup - remove commented metadata.
2017-11-03 16:59:39 +01:00
Tomaz Canabrava
5514f14e88
[CSE] Get and send the lock - token
2017-11-03 15:12:12 +01:00
Tomaz Canabrava
b53003792f
[CSE] Removed lambdas for Metadata / Lock / Unlock
2017-11-03 12:34:30 +01:00
Tomaz Canabrava
6facd29663
[CSE] Start to break the lambdas
...
Lambda within a lambda is a terrible idea,
Use default signal / slot connections with a
method instead.
2017-11-03 12:00:25 +01:00
Tomaz Canabrava
d7e05c9b05
[CSE] Comment out broken code.
...
But why it's broken?
2017-11-03 11:20:44 +01:00
Roeland Jago Douma
8e3e3a4575
Be java compatible and store the tag at the end of the cipher text
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-02 12:39:42 +01:00
Tomaz Canabrava
8d537fdd3c
[CSE] Get Metadata from the server
2017-11-01 18:32:33 +01:00
Tomaz Canabrava
4a66cf11d2
[CSE] Send Metadata to the server
2017-11-01 18:21:30 +01:00
Tomaz Canabrava
2698759525
[CSE] Implement the Folder Unlock api job
2017-11-01 17:54:17 +01:00
Tomaz Canabrava
1b1add5ead
[CSE] Add api to lock file
2017-11-01 17:36:54 +01:00
Tomaz Canabrava
e5fdcd2f38
[CSE] Add TODO:
2017-11-01 16:48:19 +01:00