From 47d28b4eefc4f362d1ffefc205c85dab442edec1 Mon Sep 17 00:00:00 2001 From: zadam Date: Sat, 4 May 2019 16:05:28 +0200 Subject: [PATCH] fix protecting files/images --- src/services/data_encryption.js | 35 +++++++++++++++++++++---------- src/services/notes.js | 8 +++++++ src/services/protected_session.js | 2 +- 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/src/services/data_encryption.js b/src/services/data_encryption.js index dd899f077..104081910 100644 --- a/src/services/data_encryption.js +++ b/src/services/data_encryption.js @@ -56,25 +56,38 @@ function decrypt(key, cipherText, ivLength = 13) { return "[protected]"; } - const cipherTextBufferWithIv = Buffer.from(cipherText, 'base64'); - const iv = cipherTextBufferWithIv.slice(0, ivLength); + try { + const cipherTextBufferWithIv = Buffer.from(cipherText.toString(), 'base64'); + const iv = cipherTextBufferWithIv.slice(0, ivLength); - const cipherTextBuffer = cipherTextBufferWithIv.slice(ivLength); + const cipherTextBuffer = cipherTextBufferWithIv.slice(ivLength); - const decipher = crypto.createDecipheriv('aes-128-cbc', pad(key), pad(iv)); + const decipher = crypto.createDecipheriv('aes-128-cbc', pad(key), pad(iv)); - const decryptedBytes = Buffer.concat([decipher.update(cipherTextBuffer), decipher.final()]); + const decryptedBytes = Buffer.concat([decipher.update(cipherTextBuffer), decipher.final()]); - const digest = decryptedBytes.slice(0, 4); - const payload = decryptedBytes.slice(4); + const digest = decryptedBytes.slice(0, 4); + const payload = decryptedBytes.slice(4); - const computedDigest = shaArray(payload).slice(0, 4); + const computedDigest = shaArray(payload).slice(0, 4); - if (!arraysIdentical(digest, computedDigest)) { - return false; + if (!arraysIdentical(digest, computedDigest)) { + return false; + } + + return payload; } + catch (e) { + // recovery from https://github.com/zadam/trilium/issues/510 + if (e.message && e.message.includes("WRONG_FINAL_BLOCK_LENGTH")) { + log.info("Caught WRONG_FINAL_BLOCK_LENGTH, returning cipherText instead"); - return payload; + return cipherText; + } + else { + throw e; + } + } } function decryptString(dataKey, cipherText) { diff --git a/src/services/notes.js b/src/services/notes.js index ed9451fb7..0518d8334 100644 --- a/src/services/notes.js +++ b/src/services/notes.js @@ -346,6 +346,11 @@ async function updateNote(noteId, noteUpdates) { await saveNoteRevision(note); + // if protected status changed, then we need to encrypt/decrypt the content anyway + if (['file', 'image'].includes(note.type) && note.isProtected !== noteUpdates.isProtected) { + noteUpdates.content = await note.getContent(); + } + const noteTitleChanged = note.title !== noteUpdates.title; note.title = noteUpdates.title; @@ -357,6 +362,9 @@ async function updateNote(noteId, noteUpdates) { await note.setContent(noteUpdates.content); } + else if (noteUpdates.content) { + await note.setContent(noteUpdates.content); + } if (noteTitleChanged) { await triggerNoteTitleChanged(note); diff --git a/src/services/protected_session.js b/src/services/protected_session.js index 553b1b756..182e20a65 100644 --- a/src/services/protected_session.js +++ b/src/services/protected_session.js @@ -59,7 +59,7 @@ function decryptNote(note) { function decryptNoteContent(note) { try { if (note.content != null) { - note.content = dataEncryptionService.decrypt(getDataKey(), note.content.toString()); + note.content = dataEncryptionService.decrypt(getDataKey(), note.content); } } catch (e) {