cod

iOSClient/Networking/E2EE/NCEndToEndEncryption.h

@@ -60,8 +60,8 @@
 // Signature CMS
 
 - (NSData *)generateSignatureCMS:(NSData *)data certificate:(NSString *)certificate privateKey:(NSString *)privateKey userId:(NSString *)userId;
-- (BOOL)verifySignatureCMS:(NSData *)cmsContent data:(NSData *)data publicKey:(NSString *)publicKey userId:(NSString *)userId;
-- (BOOL)verifySignatureCMS2:(NSData *)cmsContent data:(NSData *)data certificates:(NSArray*)certificates;
+// - (BOOL)verifySignatureCMS:(NSData *)cmsContent data:(NSData *)data publicKey:(NSString *)publicKey userId:(NSString *)userId;
+- (BOOL)verifySignatureCMS:(NSData *)cmsContent data:(NSData *)data certificates:(NSArray*)certificates;
 
 // Utility
 

iOSClient/Networking/E2EE/NCEndToEndEncryption.m

@@ -1192,6 +1192,7 @@
     return i2dCmsData;
 }
 
+/*
 - (BOOL)verifySignatureCMS:(NSData *)cmsContent data:(NSData *)data publicKey:(NSString *)publicKey userId:(NSString *)userId
 {
     BIO *dataBIO = BIO_new_mem_buf((void*)data.bytes, (int)data.length);
@@ -1248,8 +1249,9 @@
 
     return verifyResult;
 }
+*/
 
-- (BOOL)verifySignatureCMS2:(NSData *)cmsContent data:(NSData *)data certificates:(NSArray*)certificates
+- (BOOL)verifySignatureCMS:(NSData *)cmsContent data:(NSData *)data certificates:(NSArray*)certificates
 {
     BIO *dataBIO = BIO_new_mem_buf((void*)data.bytes, (int)data.length);
     BIO *printBIO = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ -1259,46 +1261,35 @@
     CMS_ContentInfo_print_ctx(printBIO, contentInfo, 0, NULL);
     BOOL verifyResult = CMS_verify(contentInfo, NULL, NULL, dataBIO, NULL, CMS_DETACHED | CMS_NO_SIGNER_CERT_VERIFY);
 
+    struct stack_st_CMS_SignerInfo* signerInfos = CMS_get0_SignerInfos(contentInfo);
+
     if (verifyResult) {
 
-        /*
         STACK_OF(X509) *signers = CMS_get0_signers(contentInfo);
         int numSigners = sk_X509_num(signers);
 
+        for (NSString *certificate in certificates) {
 
-        for (int i = 0; i < numSigners; ++i) {
-
-            X509 *signer = sk_X509_value(signers, i);
-            int result = X509_verify(signer, pkey);
-            if (result <= 0) {
-                verifyResult = false;
-                break;
+            const char *ptrCertificate = [certificate cStringUsingEncoding:NSUTF8StringEncoding];
+            BIO *certBio = BIO_new(BIO_s_mem());
+            BIO_write(certBio, ptrCertificate,(unsigned int)strlen(ptrCertificate));
+            X509 *certX509 = PEM_read_bio_X509(certBio, NULL, NULL, NULL);
+            if (!certX509) {
+                continue;
             }
 
-            int cnDataLength = X509_NAME_get_text_by_NID(X509_get_subject_name(signer), NID_commonName, 0, 0);
-            cnDataLength += 1;
-            NSMutableData* cnData = [NSMutableData dataWithLength:cnDataLength];
-            X509_NAME_get_text_by_NID(X509_get_subject_name(signer), NID_commonName, [cnData mutableBytes], cnDataLength);
-            NSString *cn = [[NSString alloc] initWithCString:[cnData mutableBytes] encoding:NSUTF8StringEncoding];
-            if ([userId isEqualToString:cn]) {
-                verifyResult = true;
-                break;
-            } else {
-                verifyResult = false;
+            for (int i = 0; i < numSigners; ++i) {
+                struct CMS_SignerInfo_st *signerInfo = sk_CMS_SignerInfo_value(signerInfos, i);
+                if (CMS_SignerInfo_cert_cmp(signerInfo, certX509) == 0) {
+                    return true;
+                }
             }
         }
-
-        if (signers) {
-            sk_X509_free(signers);
-        }
-        signers = NULL;
-        */
     }
 
     BIO_free(dataBIO);
     BIO_free(printBIO);
     BIO_free(cmsBIO);
-    // BIO_free(publicKeyBIO);
 
     return verifyResult;
 }

iOSClient/Networking/E2EE/NCEndToEndMetadataV20.swift

@@ -59,7 +59,6 @@ extension NCEndToEndMetadata {
 
         let isDirectoryTop = NCUtility.shared.isDirectoryE2EETop(account: account, serverUrl: serverUrl)
         var metadataKey: String?
-        var userCertificate: String = ""
         var keyChecksums: [String] = []
         var usersCodable: [E2eeV20.Users] = []
         var filedropCodable: [String: E2eeV20.Filedrop] = [:]
@@ -106,10 +105,8 @@ extension NCEndToEndMetadata {
                 }
                 if let addUserId, user.userId == addUserId {
                     metadataKey = user.metadataKey
-                    userCertificate = user.certificate
                 } else if user.userId == userId {
                     metadataKey = user.metadataKey
-                    userCertificate = user.certificate
                 }
             }
         }
@@ -153,7 +150,7 @@ extension NCEndToEndMetadata {
             e2eeData.printJson()
 
             let e2eeJson = String(data: e2eeData, encoding: .utf8)
-            let signature = createSignature(account: account, userId: userId, metadata: metadataCodable, users: usersCodable, version: NCGlobal.shared.e2eeVersionV20, certificate: userCertificate)
+            let signature = createSignature(account: account, userId: userId, metadata: metadataCodable, users: usersCodable, version: NCGlobal.shared.e2eeVersionV20, certificate: CCUtility.getEndToEndCertificate(account))
             return (e2eeJson, signature)
 
         } catch let error {
@@ -364,8 +361,7 @@ extension NCEndToEndMetadata {
             if let base64Data = base64.data(using: .utf8),
                let signatureData = Data(base64Encoded: signature) {
                 let certificates = users.map { $0.certificate }
-                NCEndToEndEncryption.sharedManager().verifySignatureCMS2(signatureData, data: base64Data, certificates: certificates)
-                //return NCEndToEndEncryption.sharedManager().verifySignatureCMS(signatureData, data: base64Data, publicKey: CCUtility.getEndToEndPublicKey(account), userId: userId)
+                return NCEndToEndEncryption.sharedManager().verifySignatureCMS(signatureData, data: base64Data, certificates: certificates)
             }
 
         } catch {