be3afd1291
Add FileEncryptJob and FileDecryptJob
...
This handles encryption and decryption of files.
Just create the job and start off.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 16:54:56 +01:00
c592871f94
[CSE] Do not handle b64 inside of the decrypt function
...
the decrypt function should deal with the raw data always.
2017-12-13 16:37:52 +01:00
9916583ffa
[CSE] More verbose output
2017-12-12 21:50:30 +01:00
25734afd39
First base64 decode
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-12 21:42:37 +01:00
ea3558faf6
[CSE] Fix strings
2017-12-12 21:29:06 +01:00
159c0e138f
[CSE] Add a DecryptAsync method
...
Also, cleanup a bit of the old calls. One particular difference
is that I used to set padding to 1 and it should actually be
PKCS1_OAEP_PADDING
2017-12-12 21:23:02 +01:00
aca298ca64
[CSE] Be explicit that async encryption uses publicKey
2017-12-12 20:14:31 +01:00
2127b2629d
[CSE] Move encryption related network jobs to its own file
...
Move encryption related network jobs to it's own file,
the original file was starting to be just way too big.
2017-12-12 19:36:47 +01:00
f6f078d1ee
[CSE] Rename Variable
2017-12-12 16:15:05 +01:00
ce37235cc4
[CSE] Retrieve the Private Key from the KeyChain
...
This fixes one thing and exposes a bug.
the MetadataKeys are not being correctly unencrypted.
2017-12-12 16:09:49 +01:00
0a58ea76e5
[CSE] Start the work with an existing metadata
2017-12-12 15:35:53 +01:00
0a83d3e743
[CSE] Fix reading the public key for the metadata
...
This broke when we started to use QSslKey and the Qt Keychain
framework.
2017-12-08 11:24:22 +01:00
4878e824e5
[CSE] Fix reading encrypted status of folders.
2017-12-07 19:04:12 +01:00
893ca66af8
[CSE] Fix indentation
...
Parts of the code are indented by spaces, other parts by tabs.
This needs to run in the whole codebase.
2017-12-07 18:12:25 +01:00
19120fde9f
[CSE] Don't query for files on GetFolderEncryptStatusJob
...
The request for folders whas also replying for files.
2017-12-07 18:10:14 +01:00
7fe4dd2163
[CSE] Renane GetFolderEncryptStatus to GetFolderEncryptStatusJob
...
it's a network job after all
2017-12-07 18:06:55 +01:00
863e86138f
[CSE] Pass the folder to the GetEncryptionStatus
...
Sometimes we are only interested in folders.
2017-12-07 17:32:35 +01:00
0f60deb043
Store and retrieve keys in keychain
...
* Store privatekey, certificate and mnemonic in keychain
* Retrieve private + public key from server
- ask for mnemonic to decrypt private key
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-28 12:36:35 +01:00
47b5cd0fbb
[CSE] Shows correctly Encrypt / Decrypt in the menu
2017-11-27 21:19:54 +01:00
dd903d447f
[CSE] Store the encryption status without the webdav url
...
The Folder information on the desktop client doesn't
knows about the webdav layout aparently.
2017-11-27 21:09:13 +01:00
d2d2df4c75
[CSE] Try to find the webdav url of a folder.
2017-11-27 21:06:38 +01:00
ffb9f69cf6
Start with moving data to the keychain
...
* Check for cert + privateKey in keychain
* Work with QSslKey and QSslCertificate
* Abstract reading the BIO's a bit more
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-27 16:21:53 +01:00
e3050f7456
[CSE] Pass by reference, return by value.
...
Also, Do not create variables in the heap to change it's value
via reference, prefer an aggregation value. use a Typedef to
fully specify what you want in return.
2017-11-27 15:21:29 +01:00
9cbe795045
Move more encryption functions to encryption helper
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-25 21:43:15 +01:00
e0fbdfe175
Remove obsolete encryption functions
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-25 15:50:47 +01:00
12adff76e2
Properly decrypt private key and send it to the server
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-24 22:10:28 +01:00
6d145a676b
Added EncryptionHelper
...
This is to move generic encryption methods out of the main code and into
small helper functions. So we don't scatter the encryption code all over
the place.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-24 21:05:21 +01:00
45d9323653
[CSE] Update encryption status when folder is updated
2017-11-23 16:55:12 +01:00
d31aa7836a
[CSE] Add job to find what folders are encrypted.
...
This still needs to be correctly setuped in the call chain.
The job returns a QVariantMap with the folder-webdav-url
and the encrypted status.
2017-11-20 21:38:17 +01:00
14aeb6921b
[CSE] Fix invalid memory access
2017-11-13 18:15:08 +01:00
6351c01ee7
[CSE] Remember the token for folders
2017-11-13 17:04:02 +01:00
22a2ab8999
[CSE] Start to send the metadata to the server
2017-11-13 16:46:30 +01:00
4755b8c8a3
[CSE] More warnings
2017-11-12 13:03:52 +01:00
19d64e6308
[CSE] Remove warnings
2017-11-12 12:55:12 +01:00
685ceacace
[CSE] Memleaks
2017-11-11 16:25:38 +01:00
ee4a848d9a
[CSE] Correctly Unlock the Folder
...
Wireshark is love, and life.
2017-11-06 20:58:30 +01:00
7290cf2813
[CSE] Adjust the CN accordingly to the server
2017-11-06 20:57:50 +01:00
131fd4e483
Fix encryptJSON and descryptJSON
...
Now working with tag
Basically we called EVP_*Update to much which resulted in weird output.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-03 18:00:05 +01:00
be9cd358d4
[CSE] Bypass Qt DELETE Bug
...
It appears that Qt implementation of the DELETE http request
does not send bodyData, and we need that for Nextcloud.
Currently I changed the http request on the server side
to accept a POST instead of a DELETE, so I can actually
develop.
Also, I already poked the Qt developers that did this code.
2017-11-03 17:00:28 +01:00
6ad6852045
[CSE] Cleanup - remove commented metadata.
2017-11-03 16:59:39 +01:00
5514f14e88
[CSE] Get and send the lock - token
2017-11-03 15:12:12 +01:00
b53003792f
[CSE] Removed lambdas for Metadata / Lock / Unlock
2017-11-03 12:34:30 +01:00
6facd29663
[CSE] Start to break the lambdas
...
Lambda within a lambda is a terrible idea,
Use default signal / slot connections with a
method instead.
2017-11-03 12:00:25 +01:00
d7e05c9b05
[CSE] Comment out broken code.
...
But why it's broken?
2017-11-03 11:20:44 +01:00
8e3e3a4575
Be java compatible and store the tag at the end of the cipher text
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-02 12:39:42 +01:00
8d537fdd3c
[CSE] Get Metadata from the server
2017-11-01 18:32:33 +01:00
4a66cf11d2
[CSE] Send Metadata to the server
2017-11-01 18:21:30 +01:00
2698759525
[CSE] Implement the Folder Unlock api job
2017-11-01 17:54:17 +01:00
1b1add5ead
[CSE] Add api to lock file
2017-11-01 17:36:54 +01:00
e5fdcd2f38
[CSE] Add TODO:
2017-11-01 16:48:19 +01:00
ef2529ca44
[CSE] Set padding to 0 for the Rsa encryption
...
Also, commented out the finalization of the decrypt operation
because that was messing with the encryption. There's something
wrong here but I need to get this working and I can fix stuff
later.
2017-11-01 16:13:17 +01:00
1a891423e5
[CSE] Call the decryption function to test.
2017-11-01 15:48:40 +01:00
41ebcd0b7e
[CSE] Decryption of the metadata blob
2017-11-01 15:29:14 +01:00
77ec3b086d
[CSE] Remember to finalize encryption
2017-11-01 15:24:19 +01:00
88d87bf0ca
[CSE] Convert encrypted bitearray to Base64
...
also, start the decrypt.
2017-11-01 14:46:32 +01:00
eb43fa1459
[CSE] Internal metadata encryption working
2017-10-31 17:52:01 +01:00
8793fdbc69
[CSE] Remember to actually use the correct variable
2017-10-31 16:06:01 +01:00
4bb7ebb6aa
[CSE] Convert the base64 data to raw, for the decyrption
2017-10-31 13:17:22 +01:00
3628f3739d
[CSE] Start the decryption of the metadata
2017-10-31 13:06:20 +01:00
b28b4705de
[CSE] Correctly store the encrypted metadata
...
Missing the conversion to base64.
2017-10-31 12:07:47 +01:00
c7d9abbea3
[CSE] Rework pubkeyPath to be able to fetch pubKey
2017-10-30 20:02:55 +01:00
a986532442
[CSE] Generate a random password for the metadata.
2017-10-30 19:08:03 +01:00
cf56d58241
[CSE] Start the encryption of the metadataKey
2017-10-30 19:05:55 +01:00
c695c50c33
[CSE] Implement the empty metadata
...
Signed-off-by: Tomaz Canabrava <tcanabrava@kde.org>
2017-10-30 15:40:05 +01:00
238f0b3610
Add note
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 15:53:17 +02:00
817baf292d
Use EVP_aes_128_gcm
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 15:51:53 +02:00
ca6fa7b341
Update decryp function
...
* Do not use AAD
* Do not try to decrypt the last 16 bytes as Android adds the tag there
by default
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 15:51:53 +02:00
bacbf337d2
Update encryption function
...
* Do not use padding
* Do not use the ADD data
* Append the tag to the ciphertext to be compatible with Android
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 15:51:53 +02:00
476fe66043
[CSE] Add beginnign of the code to deal with the metadata
2017-10-23 21:06:26 +02:00
23f5bb7ed9
[CSE] Move network jobs out of networkjobs.h
...
Since those networkjobs are all about client side
encryption, mvoe them to clientsideencryption.h
This will help with fewer conflicts with the origin.
2017-10-23 21:06:26 +02:00
1a47052aa3
[CSE] Remove unused function
...
This is already being called from somwhere else.
2017-10-18 21:51:39 +02:00
623eb29845
[CSE] Helper functions for the URL's
2017-10-18 21:51:39 +02:00
0b50afe915
[CSE] Correctly Set's the client as connected
...
If we manage to encrypt and upload the private key
to the server, the client is in it's connected state.
2017-10-18 21:51:39 +02:00
cfb6e3be8c
[CSE] Send the Private Key to the server
2017-10-18 21:51:38 +02:00
78136a10b0
[CSE] Debug statements to help find the encrypt error
2017-10-18 21:51:38 +02:00
08dfe86f37
[CSE] Adjust the calls to ent-to-end encryption
...
We changed the name.
2017-10-18 21:51:38 +02:00
0f1480728e
[cse] Use fake data to verify the encryption
...
beware, this is broken.
2017-10-18 21:51:38 +02:00
ba3d2a61d5
[cse] Call the encrypt and decrypt functions on fake data
2017-10-18 21:51:38 +02:00
e0d368cbb3
[cse] Update the encrypt and decrypt algorithm to GCM
2017-10-18 21:51:38 +02:00
4f7265c04f
[aes] Create the Decrypt function.
2017-10-18 21:51:38 +02:00
6b53b4f257
[cse] Add the crypt method, based on OpenSSL Wiki
2017-10-18 21:51:38 +02:00
77c0309e02
[cse] use PKCS5_PBKDF2_HMAC_SHA1 on the random-word passphrase
2017-10-18 21:51:38 +02:00
5395fc56b1
[cse] Start the encryption algorithm for the Private Key
2017-10-18 21:51:38 +02:00
69c709714d
[cse] Save signed key on disk
2017-10-18 21:51:37 +02:00
090336c928
[cse] Correctly send the CSR
...
finally.
Signed-off-by: Tomaz Canabrava <tcanabrava@kde.org>
2017-10-18 21:51:37 +02:00
307dfd195c
[cse] Call the CSR job.
...
There's something wrong on the CSR job that I need to discover.
2017-10-18 21:51:37 +02:00
ecb05020a9
[cse] Do not save the certificate on disk
...
Store it on memory, and discard it as soon as no longer
needed.
2017-10-18 21:51:37 +02:00
d2992d92ba
[cse] Generate the CSE
...
I still need to send it to the server. It's been a long
learning with the OpenSSL library.
2017-10-18 21:51:37 +02:00
42a3098595
[cse] s/scr/csr
2017-10-18 21:51:37 +02:00
58e2e6b30b
[cse] Generate the public / private keys and store locally
...
Now I need to understand what the hell I need to do
to send this to the server.
2017-10-18 21:51:37 +02:00
8c342cb1dd
[cse] Generate the KeyPair
...
Not stored anywhere yet, but it's correctly running.
2017-10-18 21:51:37 +02:00
17693a75e5
[cse] Request public key from server
...
This is the first step needed to properly communicate.
Next, get private key.
2017-10-18 21:51:37 +02:00
29b64640fa
[cse] Start to fetch the basics to fetch the key from the server
2017-10-18 21:51:37 +02:00
3f4d915a17
[cse] Add files to handle client side encryption
...
This will be the responsible for encryption,
decryption and talking with the server.
2017-10-18 21:51:36 +02:00
Roeland Jago Douma