Skip to content

fix: e2ee key creation #16944

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
alperozturk96 wants to merge 6 commits into
base: master
Choose a base branch
from
Open

fix: e2ee key creation #16944

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
5356755
wip
alperozturk96 Apr 30, 2026
c1a2658
wip
alperozturk96 Apr 30, 2026
c5b6d02
wip
alperozturk96 Apr 30, 2026
ef9ed4d
wip
alperozturk96 Apr 30, 2026
9fe8a61
wip
alperozturk96 Apr 30, 2026
f74a8ac
wip
alperozturk96 Apr 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions app/src/main/java/com/owncloud/android/datamodel/OCFile.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1175,4 +1175,12 @@ public boolean hasValidParentId() {
return getParentId() != 0;
}
}

public static long getFirstE2EECounter(boolean useV2) {
if (useV2) {
return 1L;
} else {
return 0L;
}
}
}
3 changes: 2 additions & 1 deletion app/src/main/java/com/owncloud/android/datamodel/e2e/v2/decrypted/DecryptedMetadata.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@
*/
package com.owncloud.android.datamodel.e2e.v2.decrypted

import com.owncloud.android.datamodel.OCFile
import com.owncloud.android.utils.EncryptionUtils

data class DecryptedMetadata(
val keyChecksums: MutableList<String> = mutableListOf(),
val deleted: Boolean = false,
var counter: Long = 0,
var counter: Long = OCFile.getFirstE2EECounter(true),
val folders: MutableMap<String, String> = mutableMapOf(),
val files: MutableMap<String, DecryptedFile> = mutableMapOf(),
@Transient
Expand Down
4 changes: 2 additions & 2 deletions app/src/main/java/com/owncloud/android/operations/CreateFolderOperation.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ private RemoteOperationResult encryptedCreateV1(OCFile parent, OwnCloudClient cl

try {
// lock folder
token = EncryptionUtils.lockFolder(parent, client);
token = EncryptionUtils.lockFolder(parent, client, OCFile.getFirstE2EECounter(false));

// get metadata
Pair<Boolean, DecryptedFolderMetadataFileV1> metadataPair = EncryptionUtils.retrieveMetadataV1(parent,
Expand Down Expand Up @@ -275,7 +275,7 @@ private RemoteOperationResult encryptedCreateV2(OCFile parent, OwnCloudClient cl

try {
// lock folder
token = EncryptionUtils.lockFolder(parent, client);
token = EncryptionUtils.lockFolder(parent, client, OCFile.getFirstE2EECounter(true));

// get metadata
EncryptionUtilsV2 encryptionUtilsV2 = new EncryptionUtilsV2();
Expand Down
8 changes: 6 additions & 2 deletions app/src/main/java/com/owncloud/android/operations/RemoveRemoteEncryptedFileOperation.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ class RemoveRemoteEncryptedFileOperation internal constructor(
val isE2EVersionAtLeast2 = (E2EVersionHelper.isV2Plus(capability))

try {
token = EncryptionUtils.lockFolder(parentFolder, client)
token = EncryptionUtils.lockFolder(parentFolder, client, parentFolder.e2eCounter + 1)

return if (isE2EVersionAtLeast2) {
val deleteResult = deleteForV2(client, token)
Expand Down Expand Up @@ -176,6 +176,10 @@ class RemoveRemoteEncryptedFileOperation internal constructor(
encryptionUtilsV2.removeFileFromMetadata(fileName, metadata)
}

parentFolder.setE2eCounter(metadata.metadata.counter)
val storageManager = FileDataStorageManager(user, context.contentResolver)
storageManager.saveFile(parentFolder)
Copy link
Copy Markdown
Collaborator Author

@alperozturk96 alperozturk96 Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Save counter after delete


encryptionUtilsV2.serializeAndUploadMetadata(
parentFolder,
metadata,
Expand All @@ -184,7 +188,7 @@ class RemoveRemoteEncryptedFileOperation internal constructor(
metadataExists,
context,
user,
FileDataStorageManager(user, context.contentResolver)
storageManager
)

return Pair(result, delete)
Expand Down
5 changes: 3 additions & 2 deletions app/src/main/java/com/owncloud/android/ui/adapter/OCFileListAdapter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import com.nextcloud.client.jobs.upload.FileUploadHelper;
import com.nextcloud.client.preferences.AppPreferences;
import com.nextcloud.model.OfflineOperationType;
import com.nextcloud.utils.e2ee.E2EVersionHelper;
import com.nextcloud.utils.extensions.ViewExtensionsKt;
import com.nextcloud.utils.mdm.MDMConfig;
import com.owncloud.android.MainApp;
Expand Down Expand Up @@ -296,9 +297,9 @@ public void updateFileEncryptionById(String fileId, boolean encrypted) {
.findFirst()
.ifPresent(file -> {
file.setEncrypted(encrypted);
file.setE2eCounter(0L);
final var isE2EEV2 = E2EVersionHelper.INSTANCE.isV2Plus(capability);
file.setE2eCounter(OCFile.getFirstE2EECounter(isE2EEV2));
mStorageManager.saveFile(file);

int position = getItemPosition(file);
if (position != -1) {
notifyItemChanged(position);
Expand Down
6 changes: 4 additions & 2 deletions app/src/main/java/com/owncloud/android/ui/fragment/OCFileListFragment.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1940,10 +1940,12 @@ private void encryptFolder(OCFile folder,
.execute(client);

if (remoteOperationResult.isSuccess()) {
OCCapability ocCapability = mContainerActivity.getStorageManager().getCapability(user.getAccountName());
final var isE2EEV2 = E2EVersionHelper.INSTANCE.isV2Plus(ocCapability);

// lock folder
String token = EncryptionUtils.lockFolder(folder, client);
String token = EncryptionUtils.lockFolder(folder, client, OCFile.getFirstE2EECounter(isE2EEV2));

OCCapability ocCapability = mContainerActivity.getStorageManager().getCapability(user.getAccountName());
if (E2EVersionHelper.INSTANCE.isV2Plus(ocCapability)) {
// Update metadata
Pair<Boolean, DecryptedFolderMetadataFile> metadataPair = EncryptionUtils.retrieveMetadata(folder,
Expand Down
11 changes: 4 additions & 7 deletions app/src/main/java/com/owncloud/android/utils/EncryptionUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import com.google.gson.GsonBuilder;
import com.google.gson.reflect.TypeToken;
import com.nextcloud.client.account.User;
import com.nextcloud.common.SessionTimeOutKt;
import com.nextcloud.utils.e2ee.E2EVersionHelper;
import com.owncloud.android.R;
import com.owncloud.android.datamodel.ArbitraryDataProvider;
Expand All @@ -42,7 +43,6 @@
import com.owncloud.android.lib.resources.e2ee.StoreMetadataRemoteOperation;
import com.owncloud.android.lib.resources.e2ee.StoreMetadataV2RemoteOperation;
import com.owncloud.android.lib.resources.e2ee.UnlockFileRemoteOperation;
import com.owncloud.android.lib.resources.e2ee.UnlockFileV1RemoteOperation;
import com.owncloud.android.lib.resources.e2ee.UpdateMetadataRemoteOperation;
import com.owncloud.android.lib.resources.e2ee.UpdateMetadataV2RemoteOperation;
import com.owncloud.android.lib.resources.files.model.ServerFileInterface;
Expand Down Expand Up @@ -1159,14 +1159,11 @@ public static boolean verifySHA512(String hashWithSalt, String compareToken) {
return hashWithSalt.equals(newHash);
}

public static String lockFolder(ServerFileInterface parentFile, OwnCloudClient client) throws UploadException {
return lockFolder(parentFile, client, -1);
}

public static String lockFolder(ServerFileInterface parentFile, OwnCloudClient client, long counter) throws UploadException {
// Lock folder
LockFileRemoteOperation lockFileOperation = new LockFileRemoteOperation(parentFile.getLocalId(),
counter);
counter,
SessionTimeOutKt.getDefaultSessionTimeOut());
RemoteOperationResult<String> lockFileOperationResult = lockFileOperation.execute(client);

if (lockFileOperationResult.isSuccess() &&
Expand Down Expand Up @@ -1366,7 +1363,7 @@ public static RemoteOperationResult<Void> unlockFolder(ServerFileInterface paren

public static RemoteOperationResult<Void> unlockFolderV1(ServerFileInterface parentFolder, OwnCloudClient client, String token) {
if (token != null) {
return new UnlockFileV1RemoteOperation(parentFolder.getLocalId(), token).execute(client);
return new UnlockFileRemoteOperation(parentFolder.getLocalId(), token, SessionTimeOutKt.getDefaultSessionTimeOut(), false).execute(client);
} else {
return new RemoteOperationResult<>(new Exception("No token available"));
}
Expand Down
6 changes: 4 additions & 2 deletions app/src/main/java/com/owncloud/android/utils/EncryptionUtilsV2.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ class EncryptionUtilsV2 {

if (transferredFiledrop) {
// lock folder
val token = EncryptionUtils.lockFolder(ocFile, client)
val token = EncryptionUtils.lockFolder(ocFile, client, ocFile.e2eCounter)

serializeAndUploadMetadata(
ocFile,
Expand Down Expand Up @@ -527,6 +527,7 @@ class EncryptionUtilsV2 {
metadataFile: DecryptedFolderMetadataFile
): DecryptedFolderMetadataFile {
metadataFile.metadata.folders.remove(encryptedFileName)
metadataFile.metadata.counter++

return metadataFile
}
Expand All @@ -535,6 +536,7 @@ class EncryptionUtilsV2 {
fun removeFileFromMetadata(fileName: String, metadata: DecryptedFolderMetadataFile) {
metadata.metadata.files.remove(fileName)
?: throw IllegalStateException("File $fileName not found in metadata!")
metadata.metadata.counter++
}

@Throws(IllegalStateException::class)
Expand Down Expand Up @@ -781,7 +783,7 @@ class EncryptionUtilsV2 {
storageManager
)
// lock
val token = EncryptionUtils.lockFolder(folder, client)
val token = EncryptionUtils.lockFolder(folder, client, folder.e2eCounter)

// upload
serializeAndUploadMetadata(
Expand Down
2 changes: 1 addition & 1 deletion app/src/main/java/com/owncloud/android/utils/crypto/CryptoHelper.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ object CryptoHelper {

private const val TRANSFORMATION = "AES/GCM/NoPadding"
private const val GCM_TAG_LENGTH = 16
private const val IV_LENGTH = 16
private const val IV_LENGTH = 12
private const val SALT_LENGTH = 40
private const val GCM_TLEN = GCM_TAG_LENGTH * 8
private val charset = StandardCharsets.UTF_8
Expand Down
2 changes: 1 addition & 1 deletion gradle/libs.versions.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
androidCommonLibraryVersion = "0.33.2"
androidGifDrawableVersion = "1.2.31"
androidImageCropperVersion = "4.7.0"
androidLibraryVersion ="20e8cd17191f337d34b2ed97e0ac61e84a0bfc39"
androidLibraryVersion ="9ec469f0cd"
androidPluginVersion = "9.2.0"
androidsvgVersion = "1.4"
androidxMediaVersion = "1.5.1"
Expand Down
8 changes: 8 additions & 0 deletions gradle/verification-metadata.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21526,6 +21526,14 @@
<sha256 value="b4494fe2a8ed059abec25448f98a65e0d1850876a0091e6645607423fb68d9c5" origin="Generated by Gradle" reason="Artifact is not signed"/>
</artifact>
</component>
<component group="com.github.nextcloud" name="android-library" version="9ec469f0cd">
<artifact name="android-library-9ec469f0cd.aar">
<sha256 value="deb6208d5664330a940cb6058c9160f4ae810a7385824b954555fed5e15be292" origin="Generated by Gradle" reason="Artifact is not signed"/>
</artifact>
<artifact name="android-library-9ec469f0cd.module">
<sha256 value="40b856a550a4d26cf9bfda6e9ac9a5f117388de5cd7519329e7b5ff64eda8d0c" origin="Generated by Gradle" reason="Artifact is not signed"/>
</artifact>
</component>
<component group="com.github.nextcloud" name="android-library" version="9fdcd0af0ff910086281f32e3b8ef74490671149">
<artifact name="android-library-9fdcd0af0ff910086281f32e3b8ef74490671149.aar">
<sha256 value="57ab4fd7c922875a7e0b5feac20aa27ab5df0fd3b4e042f92ed727c0b6316e81" origin="Generated by Gradle" reason="Artifact is not signed"/>
Expand Down
Loading