andrei/amnezia-client
1
0
Fork 0
mirror of https://github.com/amnezia-vpn/amnezia-client.git synced 2026-06-20 02:00:55 +07:00
Code Issues Packages Projects Releases 10 Wiki Activity

update: files encrypt on export and files data decrypt on import

Browse Source
This commit is contained in:
MrMirDan
2025-12-19 12:24:37 +02:00
parent ba580891cd
commit 4ae3bac65a
7 changed files with 129 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files
client/ui/controllers/api/subscriptionUiController.cpp
+2
View File
@@ -117,6 +117,8 @@ bool SubscriptionUiController::exportNativeConfig(const QString &serverId, const
}
const bool saved = SystemController::saveFile(fileName, nativeConfig);
if (m_settingsController->isFileEncryptionEnabled())
SystemController::encryptFile(fileName, m_settingsController->getPassword(), m_settingsController->getHint());
getAccountInfo(serverId, true);
return saved;
}
client/ui/controllers/selfhosted/exportUiController.cpp
+2
View File
@@ -73,6 +73,8 @@ void ExportUiController::exportConfig(const QString &fileName)
if (!SystemController::saveFile(fileName, m_config)) {
qInfo() << "ExportUiController::exportConfig: save or share was cancelled or failed";
}
if (m_settingsController->isFileEncryptionEnabled())
SystemController::encryptFile(fileName, m_settingsController->getPassword(), m_settingsController->getHint());
}
void ExportUiController::updateClientManagementModel(const QString &serverId, int containerIndex)
client/ui/controllers/systemController.cpp
+70 -87
View File
@@ -128,7 +128,7 @@ static QString opensslErrString()
return QString::fromUtf8(buf);
}
static bool deriveKey(const QByteArray &password, const QByteArray &salt, QByteArray &outKey, QString *err)
static bool deriveKey(const QByteArray &password, const QByteArray &salt, QByteArray &outKey)
{
outKey.resize(KEY_LEN);
const unsigned char *pw = reinterpret_cast<const unsigned char *>(password.constData());
@@ -136,27 +136,23 @@ static bool deriveKey(const QByteArray &password, const QByteArray &salt, QByteA
int ok = PKCS5_PBKDF2_HMAC(reinterpret_cast<const char *>(pw), password.size(), s, salt.size(), PBKDF2_ITER,
EVP_sha256(), KEY_LEN, reinterpret_cast<unsigned char *>(outKey.data()));
if (!ok) {
if (err)
*err = opensslErrString();
qDebug() << opensslErrString();
}
return ok == 1;
}
static bool aesCrypt(const QByteArray &in, const QByteArray &key, const QByteArray &iv, QByteArray &out, bool encrypt,
QString *err)
static bool aesCrypt(const QByteArray &in, const QByteArray &key, const QByteArray &iv, QByteArray &out, bool encrypt)
{
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
if (!ctx) {
if (err)
*err = "EVP_CIPHER_CTX_new failed";
qDebug() << "EVP_CIPHER_CTX_new failed";
return false;
}
const EVP_CIPHER *cipher = EVP_aes_256_cbc();
if (1
!= EVP_CipherInit_ex(ctx, cipher, nullptr, reinterpret_cast<const unsigned char *>(key.constData()),
reinterpret_cast<const unsigned char *>(iv.constData()), encrypt ? 1 : 0)) {
if (err)
*err = opensslErrString();
qDebug() << opensslErrString();
EVP_CIPHER_CTX_free(ctx);
return false;
}
@@ -167,15 +163,13 @@ static bool aesCrypt(const QByteArray &in, const QByteArray &key, const QByteArr
if (1
!= EVP_CipherUpdate(ctx, reinterpret_cast<unsigned char *>(out.data()), &outlen1,
reinterpret_cast<const unsigned char *>(in.constData()), in.size())) {
if (err)
*err = opensslErrString();
qDebug() << opensslErrString();
EVP_CIPHER_CTX_free(ctx);
return false;
}
int outlen2 = 0;
if (1 != EVP_CipherFinal_ex(ctx, reinterpret_cast<unsigned char *>(out.data()) + outlen1, &outlen2)) {
if (err)
*err = opensslErrString();
qDebug() << opensslErrString();
EVP_CIPHER_CTX_free(ctx);
return false;
}
@@ -184,20 +178,18 @@ static bool aesCrypt(const QByteArray &in, const QByteArray &key, const QByteArr
return true;
}
bool SystemController::encryptFile(const QString &filePath, const QString &password, const QString &hint, QString *error)
bool SystemController::encryptFile(const QString &filePath, const QString &password, const QString &hint)
{
QFile f(filePath);
if (!f.open(QIODevice::ReadOnly)) {
if (error)
*error = QStringLiteral("Cannot open file for read: %1").arg(f.errorString());
qDebug() << QStringLiteral("Cannot open file for read: %1").arg(f.errorString());
return false;
}
QByteArray content = f.readAll();
f.close();
if (content.startsWith(magicString)) {
if (error)
*error = QStringLiteral("File already encrypted (magic found)");
qDebug() << QStringLiteral("File already encrypted (magic found)");
return false;
}
@@ -211,15 +203,14 @@ bool SystemController::encryptFile(const QString &filePath, const QString &passw
if (1 != RAND_bytes(reinterpret_cast<unsigned char *>(salt.data()), SALT_LEN)
|| 1 != RAND_bytes(reinterpret_cast<unsigned char *>(iv.data()), IV_LEN)) {
if (error)
*error = opensslErrString();
qDebug() << opensslErrString();
return false;
}
if (!deriveKey(password.toUtf8(), salt, key, error))
if (!deriveKey(password.toUtf8(), salt, key))
return false;
if (!aesCrypt(content, key, iv, cipher, true, error))
if (!aesCrypt(content, key, iv, cipher, true))
return false;
out.reserve(magicString.size() + SALT_LEN + IV_LEN + cipher.size());
@@ -231,78 +222,43 @@ bool SystemController::encryptFile(const QString &filePath, const QString &passw
out += cipher;
if (!f.open(QIODevice::WriteOnly | QIODevice::Truncate)) {
if (error)
*error = QStringLiteral("Cannot open file for write: %1").arg(f.errorString());
qDebug() << QStringLiteral("Cannot open file for write: %1").arg(f.errorString());
return false;
}
qint64 written = f.write(out);
f.close();
if (written != out.size()) {
if (error)
*error = QStringLiteral("Write failed or incomplete");
qDebug() << QStringLiteral("Write failed or incomplete");
return false;
}
return true;
}
bool SystemController::decryptFile(const QString &filePath, const QString &password, QString *error)
QByteArray SystemController::getDecryptedData(const QString &filePath, const QString &password)
{
QFile f(filePath);
if (!f.open(QIODevice::ReadOnly)) {
if (error)
*error = QStringLiteral("Cannot open file for read: %1").arg(f.errorString());
return false;
}
QByteArray content = f.readAll();
f.close();
if (!content.startsWith(magicString)) {
if (error)
*error = QStringLiteral("File is not recognized as encrypted (magic missing)");
return false;
}
QByteArray encData;
readFile(filePath, encData);
int pos = magicString.size();
quint32 hintLen = 0;
memcpy(&hintLen, content.constData() + pos, sizeof(quint32));
memcpy(&hintLen, encData.constData() + pos, sizeof(quint32));
pos += sizeof(quint32);
pos += hintLen;
if (content.size() < pos + SALT_LEN + IV_LEN) {
if (error)
*error = QStringLiteral("Encrypted file too small / corrupted");
return false;
}
QByteArray salt = encData.mid(pos, 16);
pos += 16;
QByteArray iv = encData.mid(pos, 16);
pos += 16;
QByteArray cipher = encData.mid(pos);
QByteArray salt = content.mid(pos, SALT_LEN);
pos += SALT_LEN;
QByteArray iv = content.mid(pos, IV_LEN);
pos += IV_LEN;
QByteArray cipher = content.mid(pos);
QByteArray key;
QByteArray plain;
deriveKey(password.toUtf8(), salt, key);
if (!deriveKey(password.toUtf8(), salt, key, error))
return false;
QByteArray data;
!aesCrypt(cipher, key, iv, data, false);
if (!aesCrypt(cipher, key, iv, plain, false, error))
return false;
if (!f.open(QIODevice::WriteOnly | QIODevice::Truncate)) {
if (error)
*error = QStringLiteral("Cannot open file for write: %1").arg(f.errorString());
return false;
}
qint64 written = f.write(plain);
f.close();
if (written != plain.size()) {
if (error)
*error = QStringLiteral("Write failed or incomplete");
return false;
}
return true;
return data;
}
bool SystemController::isFileEncrypted(const QString &filePath)
@@ -312,11 +268,49 @@ bool SystemController::isFileEncrypted(const QString &filePath)
qDebug() << "Cannot open file for read: %1", f.errorString();
return false;
}
QByteArray data = f.readAll();
f.close();
if (!data.startsWith(magicString)) {
qDebug() << "File is not recognized as encrypted (magic missing)";
return false;
}
return true;
}
bool SystemController::isPasswordValid(const QString &filePath, const QString &password)
{
QFile f(filePath);
if (!f.open(QIODevice::ReadOnly)) {
qDebug() << f.errorString();
return false;
}
QByteArray content = f.readAll();
f.close();
if (!content.startsWith(magicString)) {
qDebug() << "File is not recognized as encrypted (magic missing)";
int pos = magicString.size();
quint32 hintLen = 0;
memcpy(&hintLen, content.constData() + pos, sizeof(quint32));
pos += sizeof(quint32);
pos += hintLen;
QByteArray salt = content.mid(pos, 16);
pos += 16;
QByteArray iv = content.mid(pos, 16);
pos += 16;
QByteArray cipher = content.mid(pos);
QByteArray key;
if (!deriveKey(password.toUtf8(), salt, key))
return false;
QByteArray plain;
bool ok = aesCrypt(cipher, key, iv, plain, false);
if (!ok) {
qDebug() << "Wrong password";
return false;
}
@@ -325,19 +319,8 @@ bool SystemController::isFileEncrypted(const QString &filePath)
QString SystemController::readHint(const QString &filePath)
{
QFile f(filePath);
if (!f.open(QIODevice::ReadOnly)) {
qDebug() << f.errorString();
return {};
}
QByteArray data = f.readAll();
f.close();
if (!data.startsWith(magicString)) {
qDebug() << "File is not encrypted";
return {};
}
QByteArray data;
readFile(filePath, data);
int pos = magicString.size();
client/ui/controllers/systemController.h
+3 -2
View File
@@ -15,15 +15,16 @@ public:
static bool readFile(const QString &fileName, QByteArray &data);
static bool readFile(const QString &fileName, QString &data);
static bool encryptFile(const QString &filePath, const QString &password, const QString &hint, QString *error = nullptr);
static bool encryptFile(const QString &filePath, const QString &password, const QString &hint);
public slots:
QString getFileName(const QString &acceptLabel, const QString &nameFilter, const QString &selectedFile = "",
const bool isSaveMode = false, const QString &defaultSuffix = "");
bool decryptFile(const QString &filePath, const QString &password, QString *error = nullptr);
QByteArray getDecryptedData(const QString &filePath, const QString &password);
bool isFileEncrypted(const QString &filePath);
bool isPasswordValid(const QString &filePath, const QString &password);
QString readHint(const QString &filePath);
void setQmlRoot(QObject *qmlRoot);
client/ui/qml/Components/PasswordDrawer.qml
+27 -2
View File
@@ -2,6 +2,7 @@ import QtQuick
import QtQuick.Controls
import QtQuick.Layouts
import PageEnum 1.0
import Style 1.0
import "../Controls2"
@@ -17,6 +18,9 @@ DrawerType2 {
property string fileName
property var securedFunc
signal restoreSecuredBackup
signal importSecuredFile
expandedStateContent: ColumnLayout {
anchors.top: parent.top
anchors.left: parent.left
@@ -25,6 +29,27 @@ DrawerType2 {
anchors.leftMargin: 16
anchors.rightMargin: 16
Connections {
target: root
function onRestoreSecuredBackup() {
root.securedFunc = function() {
SettingsController.restoreAppConfigFromData(SystemController.getDecryptedData(fileName, passwordField.textField.text))
}
passwordDrawer.openTriggered()
}
function onImportSecuredFile() {
// TODO: file name not showing on import
root.securedFunc = function() {
if (ImportController.extractConfigFromData(SystemController.getDecryptedData(fileName, passwordField.textField.text))) {
PageController.goToPage(PageEnum.PageSetupWizardViewConfig)
}
}
passwordDrawer.openTriggered()
}
}
Header2TextType {
Layout.fillWidth: true
Layout.bottomMargin: 8
@@ -49,7 +74,7 @@ DrawerType2 {
headerText: qsTr("Password")
textField.echoMode: hideContent ? TextInput.Password : TextInput.Normal
textField.text: ""
textField.text: textField.text
rightButtonClickedOnEnter: true
@@ -84,7 +109,7 @@ DrawerType2 {
clickedFunc: function() {
if (fromOutside) {
if (!SystemController.decryptFile(fileName, passwordField.textField.text)) {
if (!SystemController.isPasswordValid(fileName, passwordField.textField.text)) {
passwordField.errorText = qsTr("Incorrect password")
return
}
client/ui/qml/Pages2/PageSettingsBackup.qml
+2 -2
View File
@@ -141,7 +141,7 @@ PageType {
qsTr("Backup files (*.backup)"))
if (filePath !== "") {
passwordDrawer.fileName = filePath
SystemController.isFileEncrypted(filePath) ? passwordDrawer.openTriggered() : passwordDrawer.securedFunc()
SystemController.isFileEncrypted(filePath) ? passwordDrawer.openTriggered() : restoreBackup(filePath)
}
}
}
@@ -155,7 +155,7 @@ PageType {
expandedHeight: root.height * 0.45
securedFunc: function() {
restoreBackup(fileName)
passwordDrawer.restoreSecuredBackup()
}
}
}
client/ui/qml/Pages2/PageSetupWizardConfigSource.qml
+23 -3
View File
@@ -12,6 +12,7 @@ import "./"
import "../Controls2"
import "../Controls2/TextTypes"
import "../Config"
import "../Components"
PageType {
id: root
@@ -264,6 +265,15 @@ PageType {
}
}
PasswordDrawer {
id: passwordDrawer
parent: root
anchors.fill: parent
expandedHeight: root.height * 0.45
}
property list<QtObject> variants: [
amneziaVpn,
selfHostVpn,
@@ -318,7 +328,12 @@ PageType {
qsTr("Backup files (*.backup)"))
if (filePath !== "") {
PageController.showBusyIndicator(true)
SettingsController.restoreAppConfig(filePath)
if (SystemController.isFileEncrypted(filePath)) {
passwordDrawer.fileName = filePath
passwordDrawer.restoreSecuredBackup()
} else {
SettingsController.restoreAppConfig(filePath)
}
PageController.showBusyIndicator(false)
}
}
@@ -336,8 +351,13 @@ PageType {
var nameFilter = "Config files (*.vpn *.ovpn *.conf *.json)"
var fileName = SystemController.getFileName(qsTr("Open config file"), nameFilter)
if (fileName !== "") {
if (ImportController.extractConfigFromFile(fileName)) {
PageController.goToPage(PageEnum.PageSetupWizardViewConfig)
if (SystemController.isFileEncrypted(fileName)) {
passwordDrawer.fileName = fileName
passwordDrawer.importSecuredFile()
} else {
if (ImportController.extractConfigFromFile(fileName)) {
PageController.goToPage(PageEnum.PageSetupWizardViewConfig)
}
}
}
}