cleaning

iOSClient/Networking/E2EE/NCEndToEndEncryption.h

@@ -48,7 +48,8 @@
 
 // Encrypt/Decrypt asymmetric
 
-- (NSData *)encryptAsymmetricData:(NSData *)plainData certificate:(NSString *)certificate privateKey:(NSString *)privateKey;
+- (NSData *)encryptAsymmetricData:(NSData *)plainData certificate:(NSString *)certificate;
+- (NSData *)encryptAsymmetricData:(NSData *)plainData  privateKey:(NSString *)privateKey;
 - (NSData *)decryptAsymmetricData:(NSData *)cipherData privateKey:(NSString *)privateKey;
 
 // Encrypt / Decrypt file

iOSClient/Networking/E2EE/NCEndToEndEncryption.m

@@ -579,40 +579,76 @@
 #pragma mark - Encrypt/Decrypt asymmetric
 #
 
-- (NSData *)encryptAsymmetricData:(NSData *)plainData certificate:(NSString *)certificate privateKey:(NSString *)privateKey
+- (NSData *)encryptAsymmetricData:(NSData *)plainData certificate:(NSString *)certificate
 {
     EVP_PKEY *key = NULL;
     int status = 0;
+    unsigned char *pKey = (unsigned char *)[certificate UTF8String];
 
-    if (privateKey != nil) {
+    // Extract real publicKey
+    BIO *bio = BIO_new_mem_buf(pKey, -1);
+    if (!bio)
+        return nil;
 
-        unsigned char *pKey = (unsigned char *)[privateKey UTF8String];
+    X509 *x509 = PEM_read_bio_X509(bio, NULL, 0, NULL);
+    if (!x509)
+        return nil;
 
-        BIO *bio = BIO_new_mem_buf(pKey, -1);
-        if (!bio)
-            return nil;
+    key = X509_get_pubkey(x509);
+    if (!key)
+        return nil;
 
-        key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
-        if (!key)
-            return nil;
-        
-    } else if (certificate != nil) {
+    EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key, NULL);
+    if (!ctx)
+        return nil;
+
+    status = EVP_PKEY_encrypt_init(ctx);
+    if (status <= 0)
+        return nil;
 
-        unsigned char *pKey = (unsigned char *)[certificate UTF8String];
+    status = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);
+    if (status <= 0)
+        return nil;
 
-        // Extract real publicKey
-        BIO *bio = BIO_new_mem_buf(pKey, -1);
-        if (!bio)
-            return nil;
+    status = EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha256());
+    if (status <= 0)
+        return nil;
 
-        X509 *x509 = PEM_read_bio_X509(bio, NULL, 0, NULL);
-        if (!x509)
-            return nil;
+    status = EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256());
+    if (status <= 0)
+        return nil;
 
-        key = X509_get_pubkey(x509);
-        if (!key)
-            return nil;
-    }
+    unsigned long outLen = 0;
+    status = EVP_PKEY_encrypt(ctx, NULL, &outLen, [plainData bytes], (int)[plainData length]);
+    if (status <= 0 || outLen == 0)
+        return nil;
+
+    unsigned char *out = (unsigned char *) malloc(outLen);
+    status = EVP_PKEY_encrypt(ctx, out, &outLen, [plainData bytes], (int)[plainData length]);
+    if (status <= 0)
+        return nil;
+
+    NSData *outData = [[NSData alloc] initWithBytes:out length:outLen];
+
+    if (out)
+        free(out);
+
+    return outData;
+}
+
+- (NSData *)encryptAsymmetricData:(NSData *)plainData privateKey:(NSString *)privateKey
+{
+    EVP_PKEY *key = NULL;
+    int status = 0;
+    unsigned char *pKey = (unsigned char *)[privateKey UTF8String];
+
+    BIO *bio = BIO_new_mem_buf(pKey, -1);
+    if (!bio)
+        return nil;
+
+    key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
+    if (!key)
+        return nil;
 
     EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key, NULL);
     if (!ctx)

iOSClient/Networking/E2EE/NCEndToEndMetadataV1.swift

@@ -48,12 +48,12 @@ extension NCEndToEndMetadata {
         if e2eEncryptions.isEmpty, let key = NCEndToEndEncryption.sharedManager()?.generateKey() as? NSData {
 
             if let key = key.base64EncodedString().data(using: .utf8)?.base64EncodedString().data(using: .utf8),
-               let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(key, certificate: nil, privateKey: privateKey) {
+               let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(key, privateKey: privateKey) {
                 metadataKey = metadataKeyEncrypted.base64EncodedString()
             }
 
         } else if let metadatakey = (e2eEncryptions.first!.metadataKey.data(using: .utf8)?.base64EncodedString().data(using: .utf8)),
-                  let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(metadatakey, certificate: nil, privateKey: privateKey) {
+                  let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(metadatakey, privateKey: privateKey) {
 
             metadataKey = metadataKeyEncrypted.base64EncodedString()
         }
@@ -90,7 +90,7 @@ extension NCEndToEndMetadata {
                 var encryptedTag: NSString?
 
                 if let metadataKeyFiledrop = (e2eEncryption.metadataKeyFiledrop.data(using: .utf8)?.base64EncodedString().data(using: .utf8)),
-                   let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(metadataKeyFiledrop, certificate: nil, privateKey: privateKey) {
+                   let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(metadataKeyFiledrop, privateKey: privateKey) {
                     encryptedKey = metadataKeyEncrypted.base64EncodedString()
                 }
                 let encrypted = E2eeV12.Encrypted(key: e2eEncryption.key, filename: e2eEncryption.fileName, mimetype: e2eEncryption.mimeType)

iOSClient/Networking/E2EE/NCEndToEndMetadataV20.swift

@@ -34,8 +34,7 @@ extension NCEndToEndMetadata {
     func encoderMetadataV20(account: String, serverUrl: String, ocIdServerUrl: String, userId: String, addUserId: String?, addCertificate: String?) -> (metadata: String?, signature: String?) {
 
         guard let keyGenerated = NCEndToEndEncryption.sharedManager()?.generateKey() as? Data,
-              let directoryTop = NCUtility.shared.getDirectoryE2EETop(serverUrl: serverUrl, account: account),
-              let ownerId = NCManageDatabase.shared.getMetadataFromOcId(ocIdServerUrl)?.ownerId else {
+              let directoryTop = NCUtility.shared.getDirectoryE2EETop(serverUrl: serverUrl, account: account) else {
             return (nil, nil)
         }
 
@@ -50,38 +49,31 @@ extension NCEndToEndMetadata {
 
         // USERS
 
-        func addUser(userId: String, certificate: String, privateKey: String? = nil) {
+        func addUser(userId: String?, certificate: String?) {
 
+            guard let userId, let certificate else { return }
             let decryptedMetadataKey = keyGenerated
             let metadataKey = keyGenerated.base64EncodedString()
 
-            if let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(keyGenerated, certificate: certificate, privateKey: privateKey) {
+            if let metadataKeyEncrypted = NCEndToEndEncryption.sharedManager().encryptAsymmetricData(keyGenerated, certificate: certificate) {
 
                 let encryptedMetadataKey = metadataKeyEncrypted.base64EncodedString()
                 NCManageDatabase.shared.addE2EUsersV2(account: account, serverUrl: serverUrl, ocIdServerUrl: ocIdServerUrl, userId: userId, certificate: certificate, encryptedFiledropKey: nil, encryptedMetadataKey: encryptedMetadataKey, decryptedFiledropKey: nil, decryptedMetadataKey: decryptedMetadataKey, filedropKey: nil, metadataKey: metadataKey)
             }
         }
 
-        if userId == ownerId {
-            addUser(userId: userId, certificate: CCUtility.getEndToEndCertificate(account), privateKey: CCUtility.getEndToEndPrivateKey(account))
-        }
-
         if isDirectoryTop {
 
-            if let addUserId, let addCertificate {
-                addUser(userId: addUserId, certificate: addCertificate)
-            }
+            addUser(userId: userId, certificate: CCUtility.getEndToEndCertificate(account))
+            addUser(userId: addUserId, certificate: addCertificate)
 
             if let users = NCManageDatabase.shared.getE2EUsersV2(account: account, ocIdServerUrl: ocIdServerUrl) {
                 for user in users {
-                    if user.userId != ownerId {
-                        addUser(userId: user.userId, certificate: user.certificate)
-                    }
+                    addUser(userId: user.userId, certificate: user.certificate)
                 }
             }
         }
 
-        // Create E2eeV20.Users
         if let e2eUsers = NCManageDatabase.shared.getE2EUsersV2(account: account, ocIdServerUrl: directoryTop.ocId) {
             for user in e2eUsers {
                 if isDirectoryTop {
@@ -90,10 +82,8 @@ extension NCEndToEndMetadata {
                 if let hash = NCEndToEndEncryption.sharedManager().createSHA256(user.decryptedMetadataKey) {
                     keyChecksums.append(hash)
                 }
-                if let addUserId {
-                    if user.userId == addUserId {
-                        metadataKey = user.metadataKey
-                    }
+                if let addUserId, user.userId == addUserId {
+                    metadataKey = user.metadataKey
                 } else if user.userId == userId {
                     metadataKey = user.metadataKey
                 }