Commit graph

174 commits

Author SHA1 Message Date
Kevin Ottens
ef3c516598
Add support for BASE64 encoded '|' when decrypting
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-08-10 13:13:19 +02:00
Kevin Ottens
595eb78c8a
Move the private key salt handling in its own function
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-08-10 13:13:19 +02:00
Kevin Ottens
d5339265fb
Ignore the salt part of the key during decryption
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-08-10 13:13:19 +02:00
Kevin Ottens
54a19945fd
Restore the symmetry between *StringSymmetric functions
If we receive data without base64 encoding for encryption, it makes
sense to get it without base64 encoding out of decryption.

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-08-10 13:13:19 +02:00
Kevin Ottens
4ef42e53d3 Change the separator in the private key
It used to be a base64 encoded '|', now it is still a '|' but not
encoded, let's adjust accordingly.

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-07-09 16:22:54 +02:00
Stephan Beyer
ed570d6274 Use default member init for PKeyCtx::_ctx and PKey::_pkey
Signed-off-by: Stephan Beyer <s-beyer@gmx.net>
2020-07-08 14:08:41 +02:00
Kevin Ottens
287a130044 Also deliver the encrypted status via the ClientEncryption signal
This will turn useful for other consumers of that data. The alternative
would be to expose a method breaking all form of encapsulation.

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-07-06 05:27:14 +00:00
Kevin Ottens
3e13919c35 Use QHash instead of QMap
This is not only a question of performances in our case (complexity
being better on look ups). It also provides a few more services.

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-06-30 11:29:08 +02:00
Kevin Ottens
5f611d6e39 Get ClientSideEncryption to notify when folder info fetch is done
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-06-30 11:29:08 +02:00
Kevin Ottens
76fbbfefa5 Fix typo
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-06-30 11:29:08 +02:00
Camila San
3bae570f29 Do not declare local variables without an initial value.
Signed-off-by: Camila San <hello@camila.codes>
2020-06-03 07:50:40 +00:00
Ivan Čukić
c800d9149e Show a broken lock icon for unencrypted subdirectory
The E2E application allows creating unencrypted subdirectories
in an encrypted parent. This is a big privacy problem.

This patch shows a red broken lock icon for these subdirectories
in the NC client UI.

Signed-off-by: Ivan Čukić <ivan.cukic@kde.org>
2020-06-02 15:50:18 +00:00
Ivan Čukić
4fb370275d Introduced RAII classes for other OpenSSL resources 2020-06-02 14:09:06 +00:00
Ivan Čukić
c31b1a750d Fixing memory leaks in the encryption module
Due to usage of early-returns, combined with malloc/free,
several buffers that get allocated are leaked when an error
occurs.

Several functions had potential leaks:

 - `encryptStringSymmetric` leaked `ctext`
 - `EncryptionHelper::fileDecryption` leaked `out`
 - `EncryptionHelper::fileEncryption` leaked `out`

Most of the functions had leaks of the cypher context.

This patch uses `QByteArray` as the handler for the dynamically
allocated buffers for openssl to operate on. This also removes
the need for conversions from malloc'd buffers to `QByteArray`
variables previously present in the code.

It also introduces a `CypherCtx` thin wrapper class to provide
a leak-free handling of `EVP_CIPHER_CTX`.
2020-06-02 14:09:06 +00:00
Michael Schuster
044a4bf6b5
Merge pull request #2021 from nextcloud/use_default_for_trivial_ctor_and_dtor
Use = default for trivial ctors and dtors
2020-05-27 05:17:24 +02:00
Kevin Ottens
a73a1f3927 Use = default for trivial ctors and dtors
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-05-25 21:33:24 +02:00
Kevin Ottens
65e6c445e5 Remove redundant void argument list
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-05-25 20:32:55 +02:00
Kevin Ottens
712869db9a Use auto to avoiding repeating type names
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-05-20 03:54:41 +02:00
Sandro Knauß
6cdae6c19e Fix typos.
Debian has a list of known typos in their checking tools.

Signed-off-by: Sandro Knauß <hefee@debian.org>
2020-05-04 18:11:36 +00:00
Dominique Fuchs
d6af025a46 Numoerous safe conversions implemented. Added additional Utility::convertSizeToDWORD for windows builds.
Signed-off-by: Dominique Fuchs <32204802+DominiqueFuchs@users.noreply.github.com>
2019-09-08 11:33:20 +02:00
Ivan Čukić
7af786fde9 Added a nice UI for the E2E-enabled account first connect
Instead of immediately popping up the mnemonic dialogue,
only show a notification bar on the account setup page.

For the cases where the user does not want to use E2E,
this is significantly less intrusive than the old approach.
2019-05-09 00:37:24 +02:00
J-P Nurmi
1af9bf8abc libsync: run clang-tidy modernize-use-nullptr 2018-11-12 18:46:39 +01:00
Aleksandr Borisenko
bb2d31a2bd Removed explicit initialization; Fixed RAND_bytes not found 2018-11-08 11:24:39 +03:00
Camila San
45ff3385c7
Uses QByteArray to store private key.
Removes QSslkey. See #268

Signed-off-by: Camila San <hello@camila.codes>
2018-10-15 00:21:08 +02:00
Roeland Jago Douma
48a6ef37b2
Add a button to E2E accounts to show the mnemonic
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-21 19:52:27 +02:00
Roeland Jago Douma
dc41f8a16e Fix windows build
* Reorder openssl header import
* not => !

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-08 16:53:56 +02:00
Daniel Nicoletti
b12066f1aa Properly remove encryption data from JSON of deleted file 2018-04-09 13:23:52 +02:00
Daniel Nicoletti
d3b6aacf3f Fix merging remote and local trees when e2e files are involved
When populating the tree from the filesystem we need to fill
the e2eMangledName from DB and we when trying to find another
match on the oposite tree we need to take in account that names
don't match and search with the mangled name information
2018-04-09 13:23:52 +02:00
Daniel Nicoletti
c0ef36b8fa Use QUuid to generate random names 2018-04-09 13:23:52 +02:00
Tomaz Canabrava
b4b3e422de Handle gracefully failures in file decryption 2018-03-27 09:18:54 +02:00
Tomaz Canabrava
461aeca200 Do not crash when failing to decrypt the metadata 2018-03-26 22:02:46 +02:00
Tomaz Canabrava
ec28465e01 Correctly handle systems without client side encryption 2018-03-26 20:51:14 +02:00
Tomaz Canabrava
11684682e6 Return empty metadata in case of error, Display error to the user. 2018-03-25 22:31:49 +02:00
Tomaz Canabrava
7da0764b8d Don't class what's not a class 2018-02-18 01:23:59 +01:00
Tomaz Canabrava
176a42a062 Return the error reported by openssl 2018-02-18 01:13:23 +01:00
Tomaz Canabrava
5faeca1b82 Move BIO2ByteArray to annonymous namespace
This has no use outside of the clientsidenecryption.cpp
2018-02-18 01:04:44 +01:00
Roeland Jago Douma
1eb7ba72f0
Use standardized filename
See https://github.com/nextcloud/end_to_end_encryption_rfc/issues/13

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-09 11:40:06 +01:00
Roeland Jago Douma
296f46356e
If the metadata is empty we should store (and not update).
Android only creates the metadata file when the first encrypted file is
added. We assumed it would be there.

This hacky code makes us store the metadata if there wasn't any yet.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-29 22:04:50 +01:00
Roeland Jago Douma
21d55c3321
No sharing in metadata yet and PEM as PKCS#8
* Don't store the metadata yet this crashes android
  - Yes android should be fixed but for now this is quicker ;)
* QSslKey exports PEM as PKCS#1
  - This is not handled properly on android so use PKCS#8 helper

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 21:02:52 +01:00
Roeland Jago Douma
a2b8724adf
Hacky way to drop duplicates (we should really use the fileid!)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 11:58:05 +01:00
Tomaz Canabrava
5d6817e165 [CSE] Save the tag while encrypting. 2018-01-21 21:49:24 +01:00
Tomaz Canabrava
261cedce3f [CSE] Do not quit if encryption fails
It's much more reasonable to return failure and handle it.
2018-01-21 21:40:53 +01:00
Tomaz Canabrava
d5a76ea70d [CSE] Remove the DecryptionJob
Transform it into an Static function - it was blocking anyway
and this way it's easier to transform it into a thread in the
future.
2018-01-21 21:24:02 +01:00
Tomaz Canabrava
4a2d0ab9e9 [CSE] Move code to display minemonic out of the libsync
The libsync should not contain Qt Widget related code.
2018-01-21 19:50:40 +01:00
Roeland Jago Douma
6d613fb4d5
Quick and dirty way of showing the mnemonic for now
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-18 22:10:55 +01:00
Roeland Jago Douma
5722d29e42
Double encode the metadatakeys
This is required by a misunderstanding of the RFC.
You need to resetup your test user.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 11:26:06 +01:00
Daniel Nicoletti
50916bcda5 Mark ClientSideEncryption::isFolderEncrypted() as const 2017-12-29 17:28:35 +01:00
Daniel Nicoletti
a63d34f870 Prepend "nextcloud" for all logging categories
Thus making easier to exclude logging from kio, qt
and only enable "nextcloud.*"
2017-12-28 17:33:10 -02:00
Tomaz Canabrava
124a7253a4 [CSE] Create job to Update Metadata 2017-12-22 22:02:16 +01:00
Roeland Jago Douma
65dfc47ac7
Set public key once certificate is retrieved
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-21 10:20:03 +01:00