cod

iOSClient/Networking/E2EE/NCEndToEndEncryption.h

@@ -48,7 +48,7 @@
 
 // Encrypt/Decrypt asymmetric
 
-- (NSData *)encryptAsymmetricData:(NSData *)plainData privateKey:(NSString *)privateKey;
+- (NSData *)encryptAsymmetricData:(NSData *)plainData certificate:(NSString *)certificate privateKey:(NSString *)privateKey;
 - (NSData *)decryptAsymmetricData:(NSData *)cipherData privateKey:(NSString *)privateKey;
 
 // Encrypt / Decrypt file

iOSClient/Networking/E2EE/NCEndToEndEncryption.m

@@ -579,21 +579,40 @@
 #pragma mark - Encrypt/Decrypt asymmetric
 #
 
-- (NSData *)encryptAsymmetricData:(NSData *)plainData privateKey:(NSString *)privateKey
+- (NSData *)encryptAsymmetricData:(NSData *)plainData certificate:(NSString *)certificate privateKey:(NSString *)privateKey
 {
     EVP_PKEY *key = NULL;
     int status = 0;
 
-    unsigned char *pKey = (unsigned char *)[privateKey UTF8String];
+    if (privateKey != nil) {
 
-    BIO *bio = BIO_new_mem_buf(pKey, -1);
-    if (!bio)
-        return nil;
+        unsigned char *pKey = (unsigned char *)[privateKey UTF8String];
 
-    key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
-    if (!key)
-        return nil;
+        BIO *bio = BIO_new_mem_buf(pKey, -1);
+        if (!bio)
+            return nil;
+
+        key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
+        if (!key)
+            return nil;
+        
+    } else if (certificate != nil) {
+
+        unsigned char *pKey = (unsigned char *)[certificate UTF8String];
 
+        // Extract real publicKey
+        BIO *bio = BIO_new_mem_buf(pKey, -1);
+        if (!bio)
+            return nil;
+
+        X509 *x509 = PEM_read_bio_X509(bio, NULL, 0, NULL);
+        if (!x509)
+            return nil;
+
+        key = X509_get_pubkey(x509);
+        if (!key)
+            return nil;
+    }
 
     EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key, NULL);
     if (!ctx)
@@ -633,7 +652,6 @@
     return outData;
 }
 
-
 - (NSData *)decryptAsymmetricData:(NSData *)cipherData privateKey:(NSString *)privateKey
 {
     unsigned char *pKey = (unsigned char *)[privateKey UTF8String];

iOSClient/Networking/E2EE/NCEndToEndMetadataV1.swift

@@ -48,12 +48,12 @@ extension NCEndToEndMetadata {
         if e2eEncryptions.isEmpty, let key = NCEndToEndEncryption.sharedManager()?.generateKey() as? NSData {
 
             if let key = key.base64EncodedString().data(using: .utf8)?.base64EncodedString().data(using: .utf8),
-               let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(key, privateKey: privateKey) {
+               let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(key, certificate: nil, privateKey: privateKey) {
                 metadataKey = metadataKeyEncrypted.base64EncodedString()
             }
 
         } else if let metadatakey = (e2eEncryptions.first!.metadataKey.data(using: .utf8)?.base64EncodedString().data(using: .utf8)),
-                  let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(metadatakey, privateKey: privateKey) {
+                  let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(metadatakey, certificate: nil, privateKey: privateKey) {
 
             metadataKey = metadataKeyEncrypted.base64EncodedString()
         }
@@ -90,7 +90,7 @@ extension NCEndToEndMetadata {
                 var encryptedTag: NSString?
 
                 if let metadataKeyFiledrop = (e2eEncryption.metadataKeyFiledrop.data(using: .utf8)?.base64EncodedString().data(using: .utf8)),
-                   let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(metadataKeyFiledrop, privateKey: privateKey) {
+                   let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(metadataKeyFiledrop, certificate: nil, privateKey: privateKey) {
                     encryptedKey = metadataKeyEncrypted.base64EncodedString()
                 }
                 let encrypted = E2eeV12.Encrypted(key: e2eEncryption.key, filename: e2eEncryption.fileName, mimetype: e2eEncryption.mimeType)

iOSClient/Networking/E2EE/NCEndToEndMetadataV20.swift

@@ -33,8 +33,7 @@ extension NCEndToEndMetadata {
 
     func encoderMetadataV20(account: String, serverUrl: String, ocIdServerUrl: String, userId: String, shareUserId: String?, shareUserIdCertificate: String?) -> (metadata: String?, signature: String?) {
 
-        guard let privateKey = CCUtility.getEndToEndPrivateKey(account),
-              let publicKey = CCUtility.getEndToEndPublicKey(account),
+        guard let keyGenerated = NCEndToEndEncryption.sharedManager()?.generateKey() as? Data,
               let directoryTop = NCUtility.shared.getDirectoryE2EETop(serverUrl: serverUrl, account: account) else {
             return (nil, nil)
         }
@@ -48,28 +47,24 @@ extension NCEndToEndMetadata {
         var e2eeJson: String?
         var signature: String?
 
-        func addUser(userId: String, certificate: String) -> Bool {
+        func addUser(userId: String, certificate: String, privateKey: String?) -> Bool {
 
-            if NCManageDatabase.shared.getE2EUsersV2(account: account, ocIdServerUrl: ocIdServerUrl, userId: userId) == nil {
+            let decryptedMetadataKey = keyGenerated
+            let metadataKey = keyGenerated.base64EncodedString()
+            guard let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(keyGenerated, certificate: certificate, privateKey: privateKey) else { return false }
+            let encryptedMetadataKey = metadataKeyEncrypted.base64EncodedString()
 
-                guard let keyGenerated = NCEndToEndEncryption.sharedManager()?.generateKey() as? Data else { return false }
-                let decryptedMetadataKey = keyGenerated
-                let metadataKey = keyGenerated.base64EncodedString()
-                guard let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(keyGenerated, privateKey: privateKey) else { return false }
-                let encryptedMetadataKey = metadataKeyEncrypted.base64EncodedString()
-
-                NCManageDatabase.shared.addE2EUsersV2(account: account, serverUrl: serverUrl, ocIdServerUrl: ocIdServerUrl, userId: userId, certificate: certificate, encryptedFiledropKey: nil, encryptedMetadataKey: encryptedMetadataKey, decryptedFiledropKey: nil, decryptedMetadataKey: decryptedMetadataKey, filedropKey: nil, metadataKey: metadataKey)
-            }
+            NCManageDatabase.shared.addE2EUsersV2(account: account, serverUrl: serverUrl, ocIdServerUrl: ocIdServerUrl, userId: userId, certificate: certificate, encryptedFiledropKey: nil, encryptedMetadataKey: encryptedMetadataKey, decryptedFiledropKey: nil, decryptedMetadataKey: decryptedMetadataKey, filedropKey: nil, metadataKey: metadataKey)
 
             return true
         }
 
         if isDirectoryTop {
 
-            if !addUser(userId: userId, certificate: CCUtility.getEndToEndCertificate(account)) {
+            if !addUser(userId: userId, certificate: CCUtility.getEndToEndCertificate(account), privateKey: CCUtility.getEndToEndPrivateKey(account)) {
                 return (nil, nil)
             }
-            if let shareUserId, let shareUserIdCertificate, !addUser(userId: shareUserId, certificate: shareUserIdCertificate) {
+            if let shareUserId, let shareUserIdCertificate, !addUser(userId: shareUserId, certificate: shareUserIdCertificate, privateKey: nil) {
                 return (nil, nil)
             }
         }
@@ -83,7 +78,11 @@ extension NCEndToEndMetadata {
                 if let hash = NCEndToEndEncryption.sharedManager().createSHA256(user.decryptedMetadataKey) {
                     keyChecksums.append(hash)
                 }
-                if user.userId == userId {
+                if let shareUserId {
+                    if user.userId == shareUserId {
+                        metadataKey = user.metadataKey
+                    }
+                } else if user.userId == userId {
                     metadataKey = user.metadataKey
                 }
             }
@@ -141,6 +140,8 @@ extension NCEndToEndMetadata {
 
         if e2eeJson != nil {
             let dataMetadata = Data(base64Encoded: "e2eeJson")
+            let privateKey = CCUtility.getEndToEndPrivateKey(account)
+            let publicKey = CCUtility.getEndToEndPublicKey(account)
             if let signatureData = NCEndToEndEncryption.sharedManager().generateSignatureCMS(dataMetadata, certificate: CCUtility.getEndToEndCertificate(account), privateKey: privateKey, publicKey: publicKey, userId: userId) {
                 signature = signatureData.base64EncodedString()
             }
@@ -160,8 +161,6 @@ extension NCEndToEndMetadata {
             return NKError(errorCode: NCGlobal.shared.errorE2EE, errorDescription: "Error decoding JSON")
         }
 
-        let isDirectoryTop = NCUtility.shared.isDirectoryE2EETop(serverUrl: serverUrl, account: account)
-
         func addE2eEncryption(fileNameIdentifier: String, filename: String, authenticationTag: String, key: String, initializationVector: String, metadataKey: String, mimetype: String) {
 
             if let metadata = NCManageDatabase.shared.getMetadata(predicate: NSPredicate(format: "account == %@ AND fileName == %@", account, fileNameIdentifier)) {

iOSClient/Share/Advanced/NCShareAdvancePermission.swift

@@ -45,10 +45,19 @@ class NCShareAdvancePermission: UITableViewController, NCShareAdvanceFotterDeleg
             self.present(alert, animated: true)
             return
         }
-        if isNewShare {
-            networking?.createShare(option: share)
-        } else {
-            networking?.updateShare(option: share)
+        Task {
+            if metadata.e2eEncrypted {
+                let serverUrl = metadata.serverUrl + "/" + metadata.fileName
+                let error = await NCNetworkingE2EE.shared.uploadMetadata(account: metadata.account, serverUrl: serverUrl, userId: metadata.userId, shareUserId: share.shareWith)
+                if error != .success {
+                    NCContentPresenter.shared.showError(error: error)
+                }
+            }
+            if isNewShare {
+                networking?.createShare(option: share)
+            } else {
+                networking?.updateShare(option: share)
+            }
         }
         navigationController?.popViewController(animated: true)
     }

iOSClient/Share/Advanced/NCShareCells.swift

@@ -90,7 +90,7 @@ enum NCUserPermission: CaseIterable, NCPermission {
 
     case reshare, edit, create, delete, download
     static let forDirectory: [NCUserPermission] = NCUserPermission.allCases
-    static let forDirectoryE2EE: [NCUserPermission] = []
+    static let forDirectoryE2EE: [NCUserPermission] = NCUserPermission.allCases // []
     static let forFile: [NCUserPermission] = [.reshare, .edit]
 
     var title: String {
@@ -180,7 +180,7 @@ enum NCLinkPermission: NCPermission {
     case allowEdit, viewOnly, uploadEdit, fileDrop, secureFileDrop
     static let forDirectory: [NCLinkPermission] = [.viewOnly, .uploadEdit, .fileDrop]
     static let forFile: [NCLinkPermission] = [.allowEdit]
-    static let forDirectoryE2EE: [NCLinkPermission] = [.secureFileDrop]
+    static let forDirectoryE2EE: [NCLinkPermission] = [.viewOnly, .uploadEdit, .fileDrop] // [.secureFileDrop]
 }
 
 enum NCShareDetails: CaseIterable, NCShareCellConfig {

iOSClient/Share/NCShare+Helper.swift

@@ -81,11 +81,11 @@ class NCTableShareOptions: NCTableShareable {
     var attributes: String?
 
     private init(shareType: Int, metadata: tableMetadata, password: String?) {
-        if metadata.e2eEncrypted {
-            self.permissions = NCGlobal.shared.permissionCreateShare
-        } else {
+        // if metadata.e2eEncrypted {
+        //    self.permissions = NCGlobal.shared.permissionCreateShare
+        // } else {
             self.permissions = NCGlobal.shared.capabilityFileSharingDefaultPermission & metadata.sharePermissionsCollaborationServices
-        }
+        // }
         self.shareType = shareType
         if let password = password {
             self.password = password

iOSClient/Share/NCShare.swift

@@ -84,12 +84,12 @@ class NCShare: UIViewController, NCShareNetworkingDelegate, NCSharePagingContent
 
         guard let metadata = metadata else { return }
 
-        if metadata.e2eEncrypted {
-            searchFieldTopConstraint.constant = -50
-            searchField.isHidden = true
-        } else {
+        // if metadata.e2eEncrypted {
+        //    searchFieldTopConstraint.constant = -50
+        //    searchField.isHidden = true
+        // } else {
             checkSharedWithYou()
-        }
+        // }
 
         reloadData()
 
@@ -301,12 +301,12 @@ extension NCShare: UITableViewDataSource {
         guard let metadata = self.metadata else { return 0}
         var numRows = shares.share?.count ?? 0
         if section == 0 {
-            if metadata.e2eEncrypted {
-                numRows = 1
-            } else {
+            // if metadata.e2eEncrypted {
+            //    numRows = 1
+            // } else {
                 // don't allow link creation if reshare is disabled
                 numRows = shares.firstShareLink != nil || canReshare ? 2 : 1
-            }
+            // }
         }
         return numRows
     }
@@ -317,15 +317,15 @@ extension NCShare: UITableViewDataSource {
             guard let cell = tableView.dequeueReusableCell(withIdentifier: "cellLink", for: indexPath) as? NCShareLinkCell, let metadata = self.metadata
             else { return UITableViewCell() }
             cell.delegate = self
-            if metadata.e2eEncrypted {
-                cell.tableShare = shares.firstShareLink
-            } else {
+            // if metadata.e2eEncrypted {
+            //    cell.tableShare = shares.firstShareLink
+            // } else {
                 if indexPath.row == 0 {
                     cell.isInternalLink = true
                 } else if shares.firstShareLink?.isInvalidated != true {
                     cell.tableShare = shares.firstShareLink
                 }
-            }
+            // }
             cell.setupCellUI()
             return cell
         }