From a9762c5139e924135c1da89fa5626ee6a5d8071c Mon Sep 17 00:00:00 2001 From: zadam Date: Sat, 4 May 2019 14:46:17 +0200 Subject: [PATCH 1/3] fix incorrect switch between protected/unprotected states causing content not being encrypted, fixes #510 --- package-lock.json | 2 +- src/services/notes.js | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index aefb16d33..e0d150f90 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "trilium", - "version": "0.31.3", + "version": "0.31.4", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/src/services/notes.js b/src/services/notes.js index 0d5ee7cfa..ed9451fb7 100644 --- a/src/services/notes.js +++ b/src/services/notes.js @@ -186,8 +186,13 @@ async function protectNoteRecursively(note, protect) { async function protectNote(note, protect) { if (protect !== note.isProtected) { + const content = await note.getContent(); + note.isProtected = protect; + // this will force de/encryption + await note.setContent(content); + await note.save(); } From 47d28b4eefc4f362d1ffefc205c85dab442edec1 Mon Sep 17 00:00:00 2001 From: zadam Date: Sat, 4 May 2019 16:05:28 +0200 Subject: [PATCH 2/3] fix protecting files/images --- src/services/data_encryption.js | 35 +++++++++++++++++++++---------- src/services/notes.js | 8 +++++++ src/services/protected_session.js | 2 +- 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/src/services/data_encryption.js b/src/services/data_encryption.js index dd899f077..104081910 100644 --- a/src/services/data_encryption.js +++ b/src/services/data_encryption.js @@ -56,25 +56,38 @@ function decrypt(key, cipherText, ivLength = 13) { return "[protected]"; } - const cipherTextBufferWithIv = Buffer.from(cipherText, 'base64'); - const iv = cipherTextBufferWithIv.slice(0, ivLength); + try { + const cipherTextBufferWithIv = Buffer.from(cipherText.toString(), 'base64'); + const iv = cipherTextBufferWithIv.slice(0, ivLength); - const cipherTextBuffer = cipherTextBufferWithIv.slice(ivLength); + const cipherTextBuffer = cipherTextBufferWithIv.slice(ivLength); - const decipher = crypto.createDecipheriv('aes-128-cbc', pad(key), pad(iv)); + const decipher = crypto.createDecipheriv('aes-128-cbc', pad(key), pad(iv)); - const decryptedBytes = Buffer.concat([decipher.update(cipherTextBuffer), decipher.final()]); + const decryptedBytes = Buffer.concat([decipher.update(cipherTextBuffer), decipher.final()]); - const digest = decryptedBytes.slice(0, 4); - const payload = decryptedBytes.slice(4); + const digest = decryptedBytes.slice(0, 4); + const payload = decryptedBytes.slice(4); - const computedDigest = shaArray(payload).slice(0, 4); + const computedDigest = shaArray(payload).slice(0, 4); - if (!arraysIdentical(digest, computedDigest)) { - return false; + if (!arraysIdentical(digest, computedDigest)) { + return false; + } + + return payload; } + catch (e) { + // recovery from https://github.com/zadam/trilium/issues/510 + if (e.message && e.message.includes("WRONG_FINAL_BLOCK_LENGTH")) { + log.info("Caught WRONG_FINAL_BLOCK_LENGTH, returning cipherText instead"); - return payload; + return cipherText; + } + else { + throw e; + } + } } function decryptString(dataKey, cipherText) { diff --git a/src/services/notes.js b/src/services/notes.js index ed9451fb7..0518d8334 100644 --- a/src/services/notes.js +++ b/src/services/notes.js @@ -346,6 +346,11 @@ async function updateNote(noteId, noteUpdates) { await saveNoteRevision(note); + // if protected status changed, then we need to encrypt/decrypt the content anyway + if (['file', 'image'].includes(note.type) && note.isProtected !== noteUpdates.isProtected) { + noteUpdates.content = await note.getContent(); + } + const noteTitleChanged = note.title !== noteUpdates.title; note.title = noteUpdates.title; @@ -357,6 +362,9 @@ async function updateNote(noteId, noteUpdates) { await note.setContent(noteUpdates.content); } + else if (noteUpdates.content) { + await note.setContent(noteUpdates.content); + } if (noteTitleChanged) { await triggerNoteTitleChanged(note); diff --git a/src/services/protected_session.js b/src/services/protected_session.js index 553b1b756..182e20a65 100644 --- a/src/services/protected_session.js +++ b/src/services/protected_session.js @@ -59,7 +59,7 @@ function decryptNote(note) { function decryptNoteContent(note) { try { if (note.content != null) { - note.content = dataEncryptionService.decrypt(getDataKey(), note.content.toString()); + note.content = dataEncryptionService.decrypt(getDataKey(), note.content); } } catch (e) { From 80fb89b79457e26dbef325f88405e518daf10715 Mon Sep 17 00:00:00 2001 From: zadam Date: Sat, 4 May 2019 20:25:14 +0200 Subject: [PATCH 3/3] release 0.31.5 --- package.json | 2 +- src/services/build.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 9ac251468..0a46502da 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "trilium", "productName": "Trilium Notes", "description": "Trilium Notes", - "version": "0.31.4", + "version": "0.31.5", "license": "AGPL-3.0-only", "main": "electron.js", "bin": { diff --git a/src/services/build.js b/src/services/build.js index f4f4e1f8a..fc303854c 100644 --- a/src/services/build.js +++ b/src/services/build.js @@ -1 +1 @@ -module.exports = { buildDate:"2019-05-02T22:25:48+02:00", buildRevision: "6d2eb7b187a5764b07e5bbf87b522d4141bed7e6" }; +module.exports = { buildDate:"2019-05-04T20:25:14+02:00", buildRevision: "47d28b4eefc4f362d1ffefc205c85dab442edec1" };