пре 7 година · c40ea7d8cc
--- a/iOSClient/Security/NCEndToEndEncryption.h
+++ b/iOSClient/Security/NCEndToEndEncryption.h
@@ -34,7 +34,7 @@
 
				 
			
 
				 - (NSString *)createCSR:(NSString *)userID directoryUser:(NSString *)directoryUser;
			
 
				 - (NSString *)encryptPrivateKey:(NSString *)userID directoryUser: (NSString *)directoryUser passphrase:(NSString *)passphrase;
			
 
				-- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase;
			
 
				+- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey;
			
 
				 
			
 
				 - (NSData *)encryptAsymmetricString:(NSString *)plain publicKey:(NSString *)publicKey;
			
 
				 - (NSString *)decryptAsymmetricData:(NSData *)chiperData privateKey:(NSString *)privateKey;
			
--- a/iOSClient/Security/NCEndToEndEncryption.m
+++ b/iOSClient/Security/NCEndToEndEncryption.m
@@ -47,6 +47,7 @@
 
				 #define PBKDF2_SALT                 @"$4$YmBjm3hk$Qb74D5IUYwghUmzsMqeNFx5z0/8$"
			
 
				 
			
 
				 #define RSA_CIPHER                  RSA_PKCS1_PADDING
			
 
				+#define ASYMMETRIC_STRING_TEST      @"Nextcloud a safe home for all your data"
			
 
				 
			
 
				 #define fileNameCertificate         @"cert.pem"
			
 
				 #define fileNameCSR                 @"csr.pem"
			
@@ -375,7 +376,7 @@ cleanup:
 
				 #pragma mark - No key pair exists on the server
			
 
				 #
			
 
				 
			
 
				-- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase
			
 
				+- (NSString *)decryptPrivateKey:(NSString *)privateKeyCipher passphrase:(NSString *)passphrase publicKey:(NSString *)publicKey
			
 
				 {
			
 
				     NSMutableData *privateKeyData = [NSMutableData new];
			
 
				     
			
@@ -405,7 +406,17 @@ cleanup:
 
				     if (result && privateKeyData) {
			
 
				         
			
 
				         NSString *privateKey = [[NSString alloc] initWithData:privateKeyData encoding:NSUTF8StringEncoding];
			
 
				-        return privateKey;
			
 
				+        
			
 
				+        NSData *encryptData = [self encryptAsymmetricString:ASYMMETRIC_STRING_TEST publicKey:publicKey];
			
 
				+        if (!encryptData)
			
 
				+            return nil;
			
 
				+        
			
 
				+        NSString *decryptString = [self decryptAsymmetricData:encryptData privateKey:privateKey];
			
 
				+        
			
 
				+        if (decryptString && [decryptString isEqualToString:ASYMMETRIC_STRING_TEST])
			
 
				+            return privateKey;
			
 
				+        else
			
 
				+            return nil;
			
 
				         
			
 
				     } else {
			
 
				         
			
@@ -436,7 +447,7 @@ cleanup:
 
				     if (rsa == NULL)
			
 
				         return nil;
			
 
				 
			
 
				-    unsigned char *output = (unsigned char *) malloc(1000);
			
 
				+    unsigned char *output = (unsigned char *) malloc(4096);
			
 
				     
			
 
				     int encrypted_length = RSA_public_encrypt((int)[plainData length], [plainData bytes], output, rsa, RSA_CIPHER);
			
 
				     if(encrypted_length == -1) {
			
@@ -469,7 +480,7 @@ cleanup:
 
				     if (rsa == NULL)
			
 
				         return nil;
			
 
				     
			
 
				-    unsigned char *decrypted = (unsigned char *) malloc([chiperData length]);
			
 
				+    unsigned char *decrypted = (unsigned char *) malloc(4096);
			
 
				     
			
 
				     int decrypted_length = RSA_private_decrypt((int)[chiperData length], [chiperData bytes], decrypted, rsa, RSA_CIPHER);
			
 
				     if(decrypted_length == -1) {
			
--- a/iOSClient/Security/NCEntoToEndInterface.swift
+++ b/iOSClient/Security/NCEntoToEndInterface.swift
@@ -27,8 +27,6 @@ class NCEntoToEndInterface : NSObject, OCNetworkingDelegate  {
 
				 
			
 
				     let appDelegate = UIApplication.shared.delegate as! AppDelegate
			
 
				     
			
 
				-    let ASYMMETRIC_STRING_TEST = "Nextcloud a safe home for all your data"
			
 
				-    
			
 
				     override init() {
			
 
				     }
			
 
				     
			
@@ -163,7 +161,9 @@ class NCEntoToEndInterface : NSObject, OCNetworkingDelegate  {
 
				                             
			
 
				             let passphrase = passphraseTextField?.text
			
 
				             
			
 
				-            guard let privateKey = (NCEndToEndEncryption.sharedManager().decryptPrivateKey(metadataNet.key, passphrase: passphrase)) else {
			
 
				+            let publicKey = CCUtility.getEndToEndPublicKey(self.appDelegate.activeAccount)
			
 
				+
			
 
				+            guard let privateKey = (NCEndToEndEncryption.sharedManager().decryptPrivateKey(metadataNet.key, passphrase: passphrase, publicKey: publicKey)) else {
			
 
				                 
			
 
				                 self.appDelegate.messageNotification("E2E decrypt privateKey", description: "Error to decrypt Private Key", visible: true, delay: TimeInterval(k_dismissAfterSecond), type: TWMessageBarMessageType.error, errorCode: 0)
			
 
				                 
			
@@ -172,35 +172,8 @@ class NCEntoToEndInterface : NSObject, OCNetworkingDelegate  {
 
				                 return
			
 
				             }
			
 
				             
			
 
				-            // --------- verify privateKey encrypt/decrypt asymmetric key ---------
			
 
				-            
			
 
				-            let publicKey = CCUtility.getEndToEndPublicKey(self.appDelegate.activeAccount)
			
 
				-            guard let encryptData = NCEndToEndEncryption.sharedManager().encryptAsymmetricString(self.ASYMMETRIC_STRING_TEST, publicKey: publicKey) else {
			
 
				-                
			
 
				-                self.appDelegate.messageNotification("E2E Verify privateKey", description: "Error to encrypt asymmetric key", visible: true, delay: TimeInterval(k_dismissAfterSecond), type: TWMessageBarMessageType.error, errorCode: 0)
			
 
				-                
			
 
				-                NCManageDatabase.sharedInstance.addActivityClient("", fileID: "", action: k_activityDebugActionEndToEndEncryption, selector: actionGetEndToEndPrivateKeyCipher, note: "E2E Verify privateKey, error to encrypt asymmetric key", type: k_activityTypeFailure, verbose: false, activeUrl: "")
			
 
				-                
			
 
				-                return
			
 
				-            }
			
 
				-            
			
 
				-            guard let decryptString = NCEndToEndEncryption.sharedManager().decryptAsymmetricData(encryptData, privateKey: privateKey) else {
			
 
				-                
			
 
				-                self.appDelegate.messageNotification("E2E Verify privateKey", description: "Error to decrypt asymmetric key", visible: true, delay: TimeInterval(k_dismissAfterSecond), type: TWMessageBarMessageType.error, errorCode: 0)
			
 
				-                
			
 
				-                NCManageDatabase.sharedInstance.addActivityClient("", fileID: "", action: k_activityDebugActionEndToEndEncryption, selector: actionGetEndToEndPrivateKeyCipher, note: "E2E Verify privateKey, error to decrypt asymmetric key", type: k_activityTypeFailure, verbose: false, activeUrl: "")
			
 
				-                
			
 
				-                return
			
 
				-            }
			
 
				-            
			
 
				-            if (decryptString != self.ASYMMETRIC_STRING_TEST) {
			
 
				-                
			
 
				-                self.appDelegate.messageNotification("E2E Verify privateKey", description: "Error verify data encrypt/decrypt", visible: true, delay: TimeInterval(k_dismissAfterSecond), type: TWMessageBarMessageType.error, errorCode: 0)
			
 
				-                
			
 
				-                NCManageDatabase.sharedInstance.addActivityClient("", fileID: "", action: k_activityDebugActionEndToEndEncryption, selector: actionGetEndToEndPrivateKeyCipher, note: "E2E Verify privateKey, error verify data encrypt/decrypt", type: k_activityTypeFailure, verbose: false, activeUrl: "")
			
 
				-                
			
 
				-                return
			
 
				-            }
			
 
				+            // privateKey
			
 
				+            print(privateKey)
			
 
				             
			
 
				             // Save to keychain
			
 
				             CCUtility.setEndToEndPrivateKeyCipher(self.appDelegate.activeAccount, privateKeyCipher: metadataNet.key)