gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-03-01 14:22:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed encryption of note history

Browse Source
This commit is contained in:
azivner 2017-11-16 00:22:00 -05:00
parent c190c738a2
commit 379431eefd
5 changed files with 22 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
migrations/0031__change_encryption_to_CBC.js
View File

@ -20,12 +20,8 @@ module.exports = async () => {
const protectedNotes = await sql.getResults("SELECT * FROM notes WHERE is_protected = 1"); const protectedNotes = await sql.getResults("SELECT * FROM notes WHERE is_protected = 1");
for (const note of protectedNotes) { for (const note of protectedNotes) {
console.log("Encrypted: ", note.note_title);
const decryptedTitle = data_encryption.decrypt(dataKey, note.note_title); const decryptedTitle = data_encryption.decrypt(dataKey, note.note_title);
console.log("Decrypted title: ", decryptedTitle);
note.note_title = data_encryption.encryptCbc(dataKey, "0" + note.note_id, decryptedTitle); note.note_title = data_encryption.encryptCbc(dataKey, "0" + note.note_id, decryptedTitle);
const decryptedText = data_encryption.decrypt(dataKey, note.note_text); const decryptedText = data_encryption.decrypt(dataKey, note.note_text);

2
routes/api/note_history.js
View File

@ -16,7 +16,7 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => {
for (const hist of history) { for (const hist of history) {
if (hist.is_protected) { if (hist.is_protected) {
hist.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_title); hist.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_title);
hist.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_text); hist.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(hist.note_history_id), hist.note_text);
} }
} }

33
services/data_encryption.js
View File

@ -4,10 +4,6 @@ const utils = require('./utils');
const aesjs = require('./aes'); const aesjs = require('./aes');
const crypto = require('crypto'); const crypto = require('crypto');
function getProtectedSessionId(req) {
return req.headers['x-protected-session-id'];
}
function getDataAes(dataKey) { function getDataAes(dataKey) {
return new aesjs.ModeOfOperation.ctr(dataKey, new aesjs.Counter(5)); return new aesjs.ModeOfOperation.ctr(dataKey, new aesjs.Counter(5));
} }
@ -73,12 +69,8 @@ function sha256Array(content) {
} }
function pad(data) { function pad(data) {
console.log("Before padding: ", data);
let padded = Array.from(data); let padded = Array.from(data);
console.log("After arraying: ", padded);
if (data.length >= 16) { if (data.length >= 16) {
padded = padded.slice(0, 16); padded = padded.slice(0, 16);
} }
@ -86,19 +78,17 @@ function pad(data) {
padded = padded.concat(Array(16 - padded.length).fill(0)); padded = padded.concat(Array(16 - padded.length).fill(0));
} }
console.log("Before buffering: ", padded);
return Buffer.from(padded); return Buffer.from(padded);
} }
function encryptCbc(dataKey, iv, plainText) { function encryptCbc(key, iv, plainText) {
if (!dataKey) { if (!key) {
throw new Error("No data key!"); throw new Error("No data key!");
} }
const plainTextBuffer = Buffer.from(plainText); const plainTextBuffer = Buffer.from(plainText);
const cipher = crypto.createCipheriv('aes-128-cbc', pad(dataKey), pad(iv)); const cipher = crypto.createCipheriv('aes-128-cbc', pad(key), pad(iv));
const digest = shaArray(plainTextBuffer).slice(0, 4); const digest = shaArray(plainTextBuffer).slice(0, 4);
@ -109,29 +99,25 @@ function encryptCbc(dataKey, iv, plainText) {
return encryptedData.toString('base64'); return encryptedData.toString('base64');
} }
function decryptCbc(dataKey, iv, cipherText) { function decryptCbc(key, iv, cipherText) {
if (!dataKey) { if (!key) {
return "[protected]"; return "[protected]";
} }
console.log("Key: ", pad(dataKey)); console.log("key:", key);
console.log("iv:", iv);
console.log("cipherText:", cipherText);
const decipher = crypto.createDecipheriv('aes-128-cbc', pad(dataKey), pad(iv)); const decipher = crypto.createDecipheriv('aes-128-cbc', pad(key), pad(iv));
const cipherTextBuffer = Buffer.from(cipherText, 'base64'); const cipherTextBuffer = Buffer.from(cipherText, 'base64');
const decryptedBytes = Buffer.concat([decipher.update(cipherTextBuffer), decipher.final()]); const decryptedBytes = Buffer.concat([decipher.update(cipherTextBuffer), decipher.final()]);
console.log("decrypted: ", decryptedBytes);
const digest = decryptedBytes.slice(0, 4); const digest = decryptedBytes.slice(0, 4);
const payload = decryptedBytes.slice(4); const payload = decryptedBytes.slice(4);
console.log("payload: ", payload);
const computedDigest = shaArray(payload).slice(0, 4); const computedDigest = shaArray(payload).slice(0, 4);
console.log("Hash arr: ", computedDigest);
if (!arraysIdentical(digest, computedDigest)) { if (!arraysIdentical(digest, computedDigest)) {
return false; return false;
} }
@ -154,7 +140,6 @@ function noteTextIv(iv) {
} }
module.exports = { module.exports = {
getProtectedSessionId,
decrypt, decrypt,
encrypt, encrypt,
encryptCbc, encryptCbc,

29
services/notes.js
View File

@ -134,6 +134,9 @@ async function protectNoteHistory(noteId, dataKey, protect) {
} }
async function updateNote(noteId, newNote, ctx) { async function updateNote(noteId, newNote, ctx) {
let noteTitleForHistory = newNote.detail.note_title;
let noteTextForHistory = newNote.detail.note_text;
if (newNote.detail.is_protected) { if (newNote.detail.is_protected) {
await encryptNote(newNote, ctx); await encryptNote(newNote, ctx);
} }
@ -146,36 +149,28 @@ async function updateNote(noteId, newNote, ctx) {
const historyCutoff = now - historySnapshotTimeInterval; const historyCutoff = now - historySnapshotTimeInterval;
let noteHistoryId = await sql.getSingleValue("select note_history_id from notes_history where note_id = ? and date_modified_from >= ?", [noteId, historyCutoff]); const existingNoteHistoryId = await sql.getSingleValue("select note_history_id from notes_history where note_id = ? and date_modified_from >= ?", [noteId, historyCutoff]);
await sql.doInTransaction(async () => { await sql.doInTransaction(async () => {
if (noteHistoryId) { if (!existingNoteHistoryId) {
await sql.execute("update notes_history set note_title = ?, note_text = ?, is_protected = ?, date_modified_to = ? where note_history_id = ?", [ const newNoteHistoryId = utils.randomString(16);
newNote.detail.note_title,
newNote.detail.note_text,
newNote.detail.is_protected,
now,
noteHistoryId
]);
}
else {
noteHistoryId = utils.randomString(16);
await sql.execute("insert into notes_history (note_history_id, note_id, note_title, note_text, is_protected, date_modified_from, date_modified_to) " + await sql.execute("insert into notes_history (note_history_id, note_id, note_title, note_text, is_protected, date_modified_from, date_modified_to) " +
"values (?, ?, ?, ?, ?, ?, ?)", [ "values (?, ?, ?, ?, ?, ?, ?)", [
noteHistoryId, newNoteHistoryId,
noteId, noteId,
newNote.detail.note_title, noteTitleForHistory,
newNote.detail.note_text, noteTextForHistory,
newNote.detail.is_protected, false, // we don't care about encryption - this will be handled in protectNoteHistory()
now, now,
now now
]); ]);
await sql.addNoteHistorySync(newNoteHistoryId);
} }
await protectNoteHistory(noteId, ctx.getDataKey(), newNote.detail.is_protected); await protectNoteHistory(noteId, ctx.getDataKey(), newNote.detail.is_protected);
await sql.addNoteHistorySync(noteHistoryId);
await addNoteAudits(origNoteDetail, newNote.detail, ctx.browserId); await addNoteAudits(origNoteDetail, newNote.detail, ctx.browserId);
await sql.execute("update notes set note_title = ?, note_text = ?, is_protected = ?, date_modified = ? where note_id = ?", [ await sql.execute("update notes set note_title = ?, note_text = ?, is_protected = ?, date_modified = ? where note_id = ?", [

2
services/password_encryption.js
View File

@ -70,8 +70,6 @@ async function getDecryptedDataKeyCbc(password) {
const decryptedDataKey = data_encryption.decryptCbc(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey); const decryptedDataKey = data_encryption.decryptCbc(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey);
console.log("Decrypted data key: ", decryptedDataKey);
return decryptedDataKey; return decryptedDataKey;
} }