mirror of
https://github.com/nextcloud/android.git
synced 2024-11-24 22:25:44 +03:00
check e2e keys
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
This commit is contained in:
tobiasKaminsky
parent
f6d14856a4
commit
df2714ffad
3 changed files with 85 additions and 9 deletions
|
|
@ -52,6 +52,8 @@ import java.util.HashSet;
|
|||
import java.util.Random;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
|
||||
import androidx.test.runner.AndroidJUnit4;
|
||||
|
||||
import static androidx.test.InstrumentationRegistry.getInstrumentation;
|
||||
|
|
@ -144,6 +146,33 @@ public class EncryptionTestIT {
|
|||
assertTrue(Arrays.equals(key1, key2));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encryptStringAsymmetricCorrectPublicKey() throws Exception {
|
||||
KeyPair keyPair = EncryptionUtils.generateKeyPair();
|
||||
|
||||
byte[] key1 = generateKey();
|
||||
String base64encodedKey = encodeBytesToBase64String(key1);
|
||||
|
||||
String encryptedString = EncryptionUtils.encryptStringAsymmetric(base64encodedKey, keyPair.getPublic());
|
||||
String decryptedString = decryptStringAsymmetric(encryptedString, keyPair.getPrivate());
|
||||
|
||||
byte[] key2 = decodeStringToBase64Bytes(decryptedString);
|
||||
|
||||
assertTrue(Arrays.equals(key1, key2));
|
||||
}
|
||||
|
||||
@Test(expected = BadPaddingException.class)
|
||||
public void encryptStringAsymmetricWrongPublicKey() throws Exception {
|
||||
KeyPair keyPair1 = EncryptionUtils.generateKeyPair();
|
||||
KeyPair keyPair2 = EncryptionUtils.generateKeyPair();
|
||||
|
||||
byte[] key1 = generateKey();
|
||||
String base64encodedKey = encodeBytesToBase64String(key1);
|
||||
|
||||
String encryptedString = EncryptionUtils.encryptStringAsymmetric(base64encodedKey, keyPair1.getPublic());
|
||||
decryptStringAsymmetric(encryptedString, keyPair2.getPrivate());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encryptStringSymmetricRandom() throws Exception {
|
||||
int max = 500;
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ import com.owncloud.android.utils.theme.ThemeColorUtils;
|
|||
import java.io.IOException;
|
||||
import java.security.KeyPair;
|
||||
import java.security.PrivateKey;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
|
||||
|
|
@ -61,6 +62,11 @@ import androidx.appcompat.app.AlertDialog;
|
|||
import androidx.core.graphics.drawable.DrawableCompat;
|
||||
import androidx.fragment.app.DialogFragment;
|
||||
|
||||
import static com.owncloud.android.utils.EncryptionUtils.decodeStringToBase64Bytes;
|
||||
import static com.owncloud.android.utils.EncryptionUtils.decryptStringAsymmetric;
|
||||
import static com.owncloud.android.utils.EncryptionUtils.encodeBytesToBase64String;
|
||||
import static com.owncloud.android.utils.EncryptionUtils.generateKey;
|
||||
|
||||
/*
|
||||
* Dialog to setup encryption
|
||||
*/
|
||||
|
|
@ -187,24 +193,43 @@ public class SetupEncryptionDialogFragment extends DialogFragment {
|
|||
String privateKey = task.get();
|
||||
String mnemonicUnchanged = passwordField.getText().toString();
|
||||
String mnemonic = passwordField.getText().toString().replaceAll("\\s", "")
|
||||
.toLowerCase(Locale.ROOT);
|
||||
.toLowerCase(Locale.ROOT);
|
||||
String decryptedPrivateKey = EncryptionUtils.decryptPrivateKey(privateKey,
|
||||
mnemonic);
|
||||
mnemonic);
|
||||
|
||||
arbitraryDataProvider.storeOrUpdateKeyValue(user.getAccountName(),
|
||||
EncryptionUtils.PRIVATE_KEY, decryptedPrivateKey);
|
||||
EncryptionUtils.PRIVATE_KEY, decryptedPrivateKey);
|
||||
|
||||
dialog.dismiss();
|
||||
Log_OC.d(TAG, "Private key successfully decrypted and stored");
|
||||
|
||||
arbitraryDataProvider.storeOrUpdateKeyValue(user.getAccountName(), EncryptionUtils.MNEMONIC,
|
||||
mnemonicUnchanged);
|
||||
arbitraryDataProvider.storeOrUpdateKeyValue(user.getAccountName(),
|
||||
EncryptionUtils.MNEMONIC,
|
||||
mnemonicUnchanged);
|
||||
|
||||
// check if private key and public key match
|
||||
String publicKey = arbitraryDataProvider.getValue(user.getAccountName(),
|
||||
EncryptionUtils.PUBLIC_KEY);
|
||||
|
||||
byte[] key1 = generateKey();
|
||||
String base64encodedKey = encodeBytesToBase64String(key1);
|
||||
|
||||
String encryptedString = EncryptionUtils.encryptStringAsymmetric(base64encodedKey,
|
||||
publicKey);
|
||||
String decryptedString = decryptStringAsymmetric(encryptedString,
|
||||
decryptedPrivateKey);
|
||||
|
||||
byte[] key2 = decodeStringToBase64Bytes(decryptedString);
|
||||
|
||||
if (!Arrays.equals(key1, key2)) {
|
||||
throw new Exception("Keys do not match");
|
||||
}
|
||||
|
||||
Intent intentExisting = new Intent();
|
||||
intentExisting.putExtra(SUCCESS, true);
|
||||
intentExisting.putExtra(ARG_POSITION, getArguments().getInt(ARG_POSITION));
|
||||
getTargetFragment().onActivityResult(getTargetRequestCode(),
|
||||
SETUP_ENCRYPTION_RESULT_CODE, intentExisting);
|
||||
SETUP_ENCRYPTION_RESULT_CODE, intentExisting);
|
||||
|
||||
} catch (Exception e) {
|
||||
textView.setText(R.string.end_to_end_encryption_wrong_password);
|
||||
|
|
@ -257,7 +282,8 @@ public class SetupEncryptionDialogFragment extends DialogFragment {
|
|||
Log_OC.d(TAG, "public key successful downloaded for " + user.getAccountName());
|
||||
|
||||
String publicKeyFromServer = (String) publicKeyResult.getData().get(0);
|
||||
arbitraryDataProvider.storeOrUpdateKeyValue(user.getAccountName(), EncryptionUtils.PUBLIC_KEY,
|
||||
arbitraryDataProvider.storeOrUpdateKeyValue(user.getAccountName(),
|
||||
EncryptionUtils.PUBLIC_KEY,
|
||||
publicKeyFromServer);
|
||||
} else {
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -384,7 +384,7 @@ public final class EncryptionUtils {
|
|||
Cipher cipher = Cipher.getInstance(RSA_CIPHER);
|
||||
|
||||
String trimmedCert = cert.replace("-----BEGIN CERTIFICATE-----\n", "")
|
||||
.replace("-----END CERTIFICATE-----\n", "");
|
||||
.replace("-----END CERTIFICATE-----\n", "");
|
||||
byte[] encodedCert = trimmedCert.getBytes(StandardCharsets.UTF_8);
|
||||
byte[] decodedCert = org.apache.commons.codec.binary.Base64.decodeBase64(encodedCert);
|
||||
|
||||
|
|
@ -401,6 +401,17 @@ public final class EncryptionUtils {
|
|||
return encodeBytesToBase64String(cryptedBytes);
|
||||
}
|
||||
|
||||
public static String encryptStringAsymmetric(String string, PublicKey publicKey) throws NoSuchPaddingException,
|
||||
NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
|
||||
Cipher cipher = Cipher.getInstance(RSA_CIPHER);
|
||||
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
|
||||
|
||||
byte[] bytes = encodeStringToBase64Bytes(string);
|
||||
byte[] cryptedBytes = cipher.doFinal(bytes);
|
||||
|
||||
return encodeBytesToBase64String(cryptedBytes);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Decrypt string with RSA algorithm, ECB mode, OAEPWithSHA-256AndMGF1 padding
|
||||
|
|
@ -414,7 +425,7 @@ public final class EncryptionUtils {
|
|||
throws NoSuchAlgorithmException,
|
||||
NoSuchPaddingException, InvalidKeyException,
|
||||
BadPaddingException, IllegalBlockSizeException,
|
||||
InvalidKeySpecException {
|
||||
InvalidKeySpecException {
|
||||
|
||||
Cipher cipher = Cipher.getInstance(RSA_CIPHER);
|
||||
|
||||
|
|
@ -431,6 +442,16 @@ public final class EncryptionUtils {
|
|||
return decodeBase64BytesToString(encodedBytes);
|
||||
}
|
||||
|
||||
public static String decryptStringAsymmetric(String string, PrivateKey privateKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
|
||||
Cipher cipher = Cipher.getInstance(RSA_CIPHER);
|
||||
cipher.init(Cipher.DECRYPT_MODE, privateKey);
|
||||
|
||||
byte[] bytes = decodeStringToBase64Bytes(string);
|
||||
byte[] encodedBytes = cipher.doFinal(bytes);
|
||||
|
||||
return decodeBase64BytesToString(encodedBytes);
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypt string with RSA algorithm, ECB mode, OAEPWithSHA-256AndMGF1 padding Asymmetric encryption, with private
|
||||
* and public key
|
||||
|
|
|
|||
Loading…
Reference in a new issue