Improved E2EE

Nextcloud.xcodeproj/project.pbxproj

@@ -65,8 +65,6 @@
 		F70B868E2642CF5600ED5349 /* UICKeyChainStore.xcframework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = F70B867D2642CF5400ED5349 /* UICKeyChainStore.xcframework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
 		F70B868F2642CF5600ED5349 /* KTVCocoaHTTPServer.xcframework in Frameworks */ = {isa = PBXBuildFile; fileRef = F70B867E2642CF5400ED5349 /* KTVCocoaHTTPServer.xcframework */; };
 		F70B86902642CF5600ED5349 /* KTVCocoaHTTPServer.xcframework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = F70B867E2642CF5400ED5349 /* KTVCocoaHTTPServer.xcframework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
-		F70B86912642CF5700ED5349 /* QuickLayout.xcframework in Frameworks */ = {isa = PBXBuildFile; fileRef = F70B867F2642CF5400ED5349 /* QuickLayout.xcframework */; };
-		F70B86922642CF5700ED5349 /* QuickLayout.xcframework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = F70B867F2642CF5400ED5349 /* QuickLayout.xcframework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
 		F70B86932642CF5700ED5349 /* OpenSSL.xcframework in Frameworks */ = {isa = PBXBuildFile; fileRef = F70B86802642CF5400ED5349 /* OpenSSL.xcframework */; };
 		F70B86942642CF5700ED5349 /* OpenSSL.xcframework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = F70B86802642CF5400ED5349 /* OpenSSL.xcframework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
 		F70B86972642CF5700ED5349 /* TOPasscodeViewController.xcframework in Frameworks */ = {isa = PBXBuildFile; fileRef = F70B86822642CF5500ED5349 /* TOPasscodeViewController.xcframework */; };
@@ -365,7 +363,6 @@
 			files = (
 				F70B869A2642CF5800ED5349 /* FSCalendar.xcframework in Embed Frameworks */,
 				F70B86862642CF5600ED5349 /* KTVHTTPCache.xcframework in Embed Frameworks */,
-				F70B86922642CF5700ED5349 /* QuickLayout.xcframework in Embed Frameworks */,
 				F70B868E2642CF5600ED5349 /* UICKeyChainStore.xcframework in Embed Frameworks */,
 				F70B86982642CF5700ED5349 /* TOPasscodeViewController.xcframework in Embed Frameworks */,
 				F70B86942642CF5700ED5349 /* OpenSSL.xcframework in Embed Frameworks */,
@@ -796,7 +793,6 @@
 				F7ED547C25EEA65400956C55 /* QRCodeReader in Frameworks */,
 				F70B86972642CF5700ED5349 /* TOPasscodeViewController.xcframework in Frameworks */,
 				F788ECC7263AAAFA00ADC67F /* MarkdownKit in Frameworks */,
-				F70B86912642CF5700ED5349 /* QuickLayout.xcframework in Frameworks */,
 				F70B868F2642CF5600ED5349 /* KTVCocoaHTTPServer.xcframework in Frameworks */,
 				F70B869B2642CF5800ED5349 /* DropDown.xcframework in Frameworks */,
 				F70B86892642CF5600ED5349 /* XLForm.xcframework in Frameworks */,

iOSClient/Security/NCEndToEndEncryption.h

@@ -30,6 +30,9 @@
 
 + (instancetype)sharedManager;
 
+@property (nonatomic, strong) NSString *generatedPublicKey;
+@property (nonatomic, strong) NSString *generatedPrivateKey;
+
 - (NSString *)createCSR:(NSString *)userId directory:(NSString *)directory;
 - (NSString *)encryptPrivateKey:(NSString *)userId directory: (NSString *)directory passphrase:(NSString *)passphrase privateKey:(NSString **)privateKey;
 - (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey;
@@ -47,4 +50,6 @@
 - (NSData *)generateKey:(int)length;
 - (NSString *)createSHA512:(NSString *)string;
 
+- (NSString *)extractPublicKeyFromCertificate:(NSString *)pemCertificate;
+
 @end

iOSClient/Security/NCEndToEndEncryption.m

@@ -182,7 +182,8 @@
     
     BIO_read(publicKeyBIO, keyBytes, len);
     _publicKeyData = [NSData dataWithBytes:keyBytes length:len];
-    NSLog(@"[LOG] \n%@", [[NSString alloc] initWithData:_publicKeyData encoding:NSUTF8StringEncoding]);
+    self.generatedPublicKey = [[NSString alloc] initWithData:_publicKeyData encoding:NSUTF8StringEncoding];
+    NSLog(@"[LOG] \n%@", self.generatedPublicKey);
     
     // PrivateKey
     BIO *privateKeyBIO = BIO_new(BIO_s_mem());
@@ -193,7 +194,8 @@
     
     BIO_read(privateKeyBIO, keyBytes, len);
     _privateKeyData = [NSData dataWithBytes:keyBytes length:len];
-    NSLog(@"[LOG] \n%@", [[NSString alloc] initWithData:_privateKeyData encoding:NSUTF8StringEncoding]);
+    self.generatedPrivateKey = [[NSString alloc] initWithData:_privateKeyData encoding:NSUTF8StringEncoding];
+    NSLog(@"[LOG] \n%@", self.generatedPrivateKey);
     
     if(keyBytes)
         free(keyBytes);
@@ -206,6 +208,31 @@
     return YES;
 }
 
+- (NSString *)extractPublicKeyFromCertificate:(NSString *)pemCertificate
+{
+    const char *ptrCert = [pemCertificate cStringUsingEncoding:NSUTF8StringEncoding];
+    
+    BIO *certBio = BIO_new(BIO_s_mem());
+    BIO_write(certBio, ptrCert,(unsigned int)strlen(ptrCert));
+    
+    X509 *certX509 = PEM_read_bio_X509(certBio, NULL, NULL, NULL);
+    if (!certX509) {
+        fprintf(stderr, "unable to parse certificate in memory\n");
+        return nil;
+    }
+    
+    EVP_PKEY *pkey;
+    pkey = X509_get_pubkey(certX509);
+    NSString *publicKey = [self pubKeyToString:pkey];
+    
+    EVP_PKEY_free(pkey);
+    BIO_free(certBio);
+    X509_free(certX509);
+    
+    NSLog(@"[LOG] \n%@", publicKey);
+    return publicKey;
+}
+
 - (BOOL)saveToDiskPEMWithCert:(X509 *)x509 key:(EVP_PKEY *)pkey directory:(NSString *)directory
 {
     FILE *f;
@@ -1025,4 +1052,20 @@
     return result;
 }
 
+- (NSString *)pubKeyToString:(EVP_PKEY *)pubkey
+{
+    char *buf[256];
+    FILE *pFile;
+    NSString *pkey_string;
+    
+    pFile = fmemopen(buf, sizeof(buf), "w");
+    PEM_write_PUBKEY(pFile,pubkey);
+    fputc('\0', pFile);
+    fclose(pFile);
+    
+    pkey_string = [NSString stringWithUTF8String:(char *)buf];
+    
+    return pkey_string;
+}
+
 @end

iOSClient/Settings/NCEndToEndInitialize.swift

@@ -34,6 +34,7 @@ class NCEndToEndInitialize : NSObject  {
     @objc weak var delegate: NCEndToEndInitializeDelegate?
 
     let appDelegate = UIApplication.shared.delegate as! AppDelegate
+    var extractedPublicKey: String?
     
     override init() {
     }
@@ -58,6 +59,8 @@ class NCEndToEndInitialize : NSObject  {
                 
                 CCUtility.setEndToEndPublicKey(account, publicKey: publicKey)
                 
+                self.extractedPublicKey = NCEndToEndEncryption.sharedManager().extractPublicKey(fromCertificate: publicKey)
+                
                 // Request PrivateKey chiper to Server
                 self.getPrivateKeyCipher()
                 
@@ -80,10 +83,19 @@ class NCEndToEndInitialize : NSObject  {
                         
                         if (errorCode == 0 && account == self.appDelegate.account) {
                             
-                            CCUtility.setEndToEndPublicKey(account, publicKey: publicKey)
+                            // TEST publicKey
+                            let extractedPublicKey = NCEndToEndEncryption.sharedManager().extractPublicKey(fromCertificate: publicKey)
+                            if extractedPublicKey != NCEndToEndEncryption.sharedManager().generatedPublicKey {
+                                
+                                NCContentPresenter.shared.messageNotification("E2E sign publicKey", description: "error: the public key is incorrect", delay: NCGlobal.shared.dismissAfterSecond, type: NCContentPresenter.messageType.error, errorCode: errorCode)
+                                
+                            } else {
                             
-                            // Request PrivateKey chiper to Server
-                            self.getPrivateKeyCipher()
+                                CCUtility.setEndToEndPublicKey(account, publicKey: publicKey)
+                            
+                                // Request PrivateKey chiper to Server
+                                self.getPrivateKeyCipher()
+                            }
                             
                         } else if errorCode != 0 {