e2e dev

iOSClient/Security/NCEndToEndEncryption.h

@@ -34,7 +34,7 @@
 
 - (NSString *)createCSR:(NSString *)userID directoryUser:(NSString *)directoryUser;
 - (NSString *)encryptPrivateKey:(NSString *)userID directoryUser: (NSString *)directoryUser passphrase:(NSString *)passphrase;
-- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase;
+- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey;
 
 - (NSData *)encryptAsymmetricString:(NSString *)plain publicKey:(NSString *)publicKey;
 - (NSString *)decryptAsymmetricData:(NSData *)chiperData privateKey:(NSString *)privateKey;

iOSClient/Security/NCEndToEndEncryption.m

@@ -47,6 +47,7 @@
 #define PBKDF2_SALT                 @"$4$YmBjm3hk$Qb74D5IUYwghUmzsMqeNFx5z0/8$"
 
 #define RSA_CIPHER                  RSA_PKCS1_PADDING
+#define ASYMMETRIC_STRING_TEST      @"Nextcloud a safe home for all your data"
 
 #define fileNameCertificate         @"cert.pem"
 #define fileNameCSR                 @"csr.pem"
@@ -375,7 +376,7 @@ cleanup:
 #pragma mark - No key pair exists on the server
 #
 
-- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase
+- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey
 {
     NSMutableData *privateKeyData = [NSMutableData new];
     
@@ -405,7 +406,17 @@ cleanup:
     if (result && privateKeyData) {
         
         NSString *privateKey = [[NSString alloc] initWithData:privateKeyData encoding:NSUTF8StringEncoding];
-        return privateKey;
+        
+        NSData *encryptData = [self encryptAsymmetricString:ASYMMETRIC_STRING_TEST publicKey:publicKey];
+        if (!encryptData)
+            return nil;
+        
+        NSString *decryptString = [self decryptAsymmetricData:encryptData privateKey:privateKey];
+        
+        if (decryptString && [decryptString isEqualToString:ASYMMETRIC_STRING_TEST])
+            return privateKey;
+        else
+            return nil;
         
     } else {
         
@@ -436,7 +447,7 @@ cleanup:
     if (rsa == NULL)
         return nil;
 
-    unsigned char *output = (unsigned char *) malloc(1000);
+    unsigned char *output = (unsigned char *) malloc(4096);
     
     int encrypted_length = RSA_public_encrypt((int)[plainData length], [plainData bytes], output, rsa, RSA_CIPHER);
     if(encrypted_length == -1) {
@@ -469,7 +480,7 @@ cleanup:
     if (rsa == NULL)
         return nil;
     
-    unsigned char *decrypted = (unsigned char *) malloc([chiperData length]);
+    unsigned char *decrypted = (unsigned char *) malloc(4096);
     
     int decrypted_length = RSA_private_decrypt((int)[chiperData length], [chiperData bytes], decrypted, rsa, RSA_CIPHER);
     if(decrypted_length == -1) {

iOSClient/Security/NCEntoToEndInterface.swift

@@ -27,8 +27,6 @@ class NCEntoToEndInterface : NSObject, OCNetworkingDelegate  {
 
     let appDelegate = UIApplication.shared.delegate as! AppDelegate
     
-    let ASYMMETRIC_STRING_TEST = "Nextcloud a safe home for all your data"
-    
     override init() {
     }
     
@@ -163,7 +161,9 @@ class NCEntoToEndInterface : NSObject, OCNetworkingDelegate  {
                             
             let passphrase = passphraseTextField?.text
             
-            guard let privateKey = (NCEndToEndEncryption.sharedManager().decryptPrivateKey(metadataNet.key, passphrase: passphrase)) else {
+            let publicKey = CCUtility.getEndToEndPublicKey(self.appDelegate.activeAccount)
+
+            guard let privateKey = (NCEndToEndEncryption.sharedManager().decryptPrivateKey(metadataNet.key, passphrase: passphrase, publicKey: publicKey)) else {
                 
                 self.appDelegate.messageNotification("E2E decrypt privateKey", description: "Error to decrypt Private Key", visible: true, delay: TimeInterval(k_dismissAfterSecond), type: TWMessageBarMessageType.error, errorCode: 0)
                 
@@ -172,35 +172,8 @@ class NCEntoToEndInterface : NSObject, OCNetworkingDelegate  {
                 return
             }
             
-            // --------- verify privateKey encrypt/decrypt asymmetric key ---------
-            
-            let publicKey = CCUtility.getEndToEndPublicKey(self.appDelegate.activeAccount)
-            guard let encryptData = NCEndToEndEncryption.sharedManager().encryptAsymmetricString(self.ASYMMETRIC_STRING_TEST, publicKey: publicKey) else {
-                
-                self.appDelegate.messageNotification("E2E Verify privateKey", description: "Error to encrypt asymmetric key", visible: true, delay: TimeInterval(k_dismissAfterSecond), type: TWMessageBarMessageType.error, errorCode: 0)
-                
-                NCManageDatabase.sharedInstance.addActivityClient("", fileID: "", action: k_activityDebugActionEndToEndEncryption, selector: actionGetEndToEndPrivateKeyCipher, note: "E2E Verify privateKey, error to encrypt asymmetric key", type: k_activityTypeFailure, verbose: false, activeUrl: "")
-                
-                return
-            }
-            
-            guard let decryptString = NCEndToEndEncryption.sharedManager().decryptAsymmetricData(encryptData, privateKey: privateKey) else {
-                
-                self.appDelegate.messageNotification("E2E Verify privateKey", description: "Error to decrypt asymmetric key", visible: true, delay: TimeInterval(k_dismissAfterSecond), type: TWMessageBarMessageType.error, errorCode: 0)
-                
-                NCManageDatabase.sharedInstance.addActivityClient("", fileID: "", action: k_activityDebugActionEndToEndEncryption, selector: actionGetEndToEndPrivateKeyCipher, note: "E2E Verify privateKey, error to decrypt asymmetric key", type: k_activityTypeFailure, verbose: false, activeUrl: "")
-                
-                return
-            }
-            
-            if (decryptString != self.ASYMMETRIC_STRING_TEST) {
-                
-                self.appDelegate.messageNotification("E2E Verify privateKey", description: "Error verify data encrypt/decrypt", visible: true, delay: TimeInterval(k_dismissAfterSecond), type: TWMessageBarMessageType.error, errorCode: 0)
-                
-                NCManageDatabase.sharedInstance.addActivityClient("", fileID: "", action: k_activityDebugActionEndToEndEncryption, selector: actionGetEndToEndPrivateKeyCipher, note: "E2E Verify privateKey, error verify data encrypt/decrypt", type: k_activityTypeFailure, verbose: false, activeUrl: "")
-                
-                return
-            }
+            // privateKey
+            print(privateKey)
             
             // Save to keychain
             CCUtility.setEndToEndPrivateKeyCipher(self.appDelegate.activeAccount, privateKeyCipher: metadataNet.key)