New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client side encryption v2 #1

Closed
wants to merge 69 commits into
base: master
from

Conversation

Projects
None yet
@rullzer
Member

rullzer commented Sep 27, 2017

Work in progress by @tcanabrava

tcanabrava and others added some commits Aug 24, 2017

[CSE] Check the server for client side encryption
Call the apps api and check if the response has
the client_side_encryption key.

Signed-off-by: Tomaz Canabrava <tcanabrava@kde.org>
[CSE] Display menu for encrytp / decryot folders
If the server supports client syde encryption, display
a menu on right click that should display encrypt and decrypt.
ideally it would show the encrypt if the folder is decrypted, and
decrypt if the folder is encrypted but currently there's no way
for the client to know that.
[CSE] Fetch file-id for subfolders
File id is a must if we want to call any API.

Signed-off-by: Tomaz Canabrava <tcanabrava@kde.org>
[CSE] Add FileIdRole for the FolderStatusModel
This way we can actually request the id from outside of the model.
[CSE] New Network Job: DeleteApiJob
This network job does a DELETE http request on a URL. It's the
second class that does basically the same, but this one returns
the http return code, and it's set to do a api call.
[CSE] Call encrypt and unencrypt from the GUI
If the server allows client side encryption, show
the user the menu with the encrypt and unencrupt options
Point to NC doc repo
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Add drone test for Qt-5.6
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Add qt5.7 and qt5.8 CI tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Add Qt5.9 to drone
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Windows: Use the application icon for the sidebar
By setting the icon in Desktop.ini of the root folder, this adds the icon
both when browsing the folder directly and to the sidebar shortcut.

To avoid overwriting any user setting that could exist in Desktop.ini,
only do this if the file doesn't exist. Editing .ini files on Windows
isn't trivial and isn't worth it given that this file won't exist most
of the time.

Fixes #2446
Hardcode Desktop.ini in the exclude list
This prevents it from being removed from the exclude list, which
would be an issue since the client itself creates this file in a way
that wouldn't match on machines with different installation paths.
Use .cpp for existing csync .cc files
Make this consistent with the rest of the client code.
Compile almost all of csync as C++
This will allow us to unify data structures between csync and libsync.

Utility functions like csync_time and c_std are still compiled as C
since we won't need to be coupled with Qt in the short term.
Move Utility to a new common static library
Now that csync builds as C++, this will avoid having to implement
functionalities needed by csync mandatorily in csync itself.

This library is built as part of libocsync and symbols exported
through it.
This requires a relicense of Utility as LGPL. All classes moved into
this library from src/libsync will need to be relicensed as well.
Make csync_file_stat_t public and partly convert to C++
This is the first commit trying to unify csync_file_stat_s,
csync_vio_file_stat_s and csync_tree_walk_file_s. Use QByteArray
and unique_ptr already since I'm not used to track memory allocations
and this will make the transition easier.

Issue #1817
Replace TREE_WALK_FILE with csync_file_stat_t
Just expose csync_file_stat_t since we don't need an abstraction layer
anymore. Also pass the nodes of both trees directly to the visitor
function.

Issue #1817
Enable csync logs in unit tests
Go through the Logger to enable the csync-QDebug bridge.
Fix cmocka deprecation warnings
Just use cmocka_run_group_tests like we already use in
some of those tests.
StatusTracker: Fix different case paths not matching (#5981)
Use a custom std::map comparator functor to do all comparisons
on contained QStrings using Qt::CaseInsensitive on macOS and Windows.

Issue #5257

tcanabrava added some commits Sep 12, 2017

[cse] Request public key from server
This is the first step needed to properly communicate.
Next, get private key.
[cse] Generate the KeyPair
Not stored anywhere yet, but it's correctly running.
[cse] Generate the public / private keys and store locally
Now I need to understand what the hell I need to do
to send this to the server.
[cse] Link Against OpenSSL
For some reason, this was working untill I added a call
to X509_REQ_get_subject_name, then the linking suddenly
stopped working (even tougth I'm using a ton of other
OpenSSL calls)

Force to link against 1.0
[cse] Generate the CSE
I still need to send it to the server. It's been a long
learning with the OpenSSL library.
[cse] Do not save the certificate on disk
Store it on memory, and discard it as soon as no longer
needed.
[cse] Call the CSR job.
There's something wrong on the CSR job that I need to discover.
[cse] Correctly send the CSR
finally.

Signed-off-by: Tomaz Canabrava <tcanabrava@kde.org>
[cse] new method, getUnifiedString
Enter a string list, return a string.

@rullzer rullzer added the enhancement label Sep 27, 2017

QStringList randomWords;
while(randomWords.size() != nr) {
QString currWord = wordList.at(rand() % wordList.size());

This comment has been minimized.

@leonklingele

leonklingele Sep 27, 2017

Member

rand() is a pseudorandom number generator, use a proper CSRNG instead.

@leonklingele

leonklingele Sep 27, 2017

Member

rand() is a pseudorandom number generator, use a proper CSRNG instead.

This comment has been minimized.

@leonklingele

leonklingele Sep 27, 2017

Member

rand() % X is modulo biased

@leonklingele

This comment has been minimized.

@tcanabrava

tcanabrava Sep 28, 2017

Collaborator

I could use arc4random but then that's not avaliable in windows platforms. what should I use in windows?

@tcanabrava

tcanabrava Sep 28, 2017

Collaborator

I could use arc4random but then that's not avaliable in windows platforms. what should I use in windows?

This comment has been minimized.

@treba123

treba123 Oct 5, 2017

rand_s() is the cryptographically save variant on windows I think.
https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/rand-s

@treba123

treba123 Oct 5, 2017

rand_s() is the cryptographically save variant on windows I think.
https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/rand-s

// I have no idea what I'm doing.
using ucharp = unsigned char *;
const char *salt = "$4$YmBjm3hk$Qb74D5IUYwghUmzsMqeNFx5z0/8$";

This comment has been minimized.

@leonklingele

leonklingele Sep 27, 2017

Member

Where does this magic string come from?

@leonklingele

leonklingele Sep 27, 2017

Member

Where does this magic string come from?

This comment has been minimized.

@tcanabrava

tcanabrava Sep 28, 2017

Collaborator

// I have no idea what I'm doing.
The salt used the same string as the android client.

@tcanabrava

tcanabrava Sep 28, 2017

Collaborator

// I have no idea what I'm doing.
The salt used the same string as the android client.

}
/* Set IV length if default 12 bytes (96 bits) is not appropriate */
if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL)) {

This comment has been minimized.

@leonklingele

leonklingele Sep 27, 2017

Member

Why use a non-standard nonce size?

@leonklingele

leonklingele Sep 27, 2017

Member

Why use a non-standard nonce size?

This comment has been minimized.

@tcanabrava

tcanabrava Sep 28, 2017

Collaborator

Code exerpt taken from the openssl examples, What should be an standard nonce size?

@tcanabrava

tcanabrava Sep 28, 2017

Collaborator

Code exerpt taken from the openssl examples, What should be an standard nonce size?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment