diff --git a/migrations/0031__change_encryption_to_CBC.js b/migrations/0031__change_encryption_to_CBC.js index 65696bfa4..ac79e3215 100644 --- a/migrations/0031__change_encryption_to_CBC.js +++ b/migrations/0031__change_encryption_to_CBC.js @@ -22,10 +22,10 @@ module.exports = async () => { for (const note of protectedNotes) { const decryptedTitle = data_encryption.decrypt(dataKey, note.note_title); - note.note_title = data_encryption.encryptCbc(dataKey, "0" + note.note_id, decryptedTitle); + note.note_title = data_encryption.encrypt(dataKey, "0" + note.note_id, decryptedTitle); const decryptedText = data_encryption.decrypt(dataKey, note.note_text); - note.note_text = data_encryption.encryptCbc(dataKey, "1" + note.note_id, decryptedText); + note.note_text = data_encryption.encrypt(dataKey, "1" + note.note_id, decryptedText); await sql.execute("UPDATE notes SET note_title = ?, note_text = ? WHERE note_id = ?", [note.note_title, note.note_text, note.note_id]); } @@ -34,10 +34,10 @@ module.exports = async () => { for (const noteHistory of protectedNotesHistory) { const decryptedTitle = data_encryption.decrypt(dataKey, noteHistory.note_title); - noteHistory.note_title = data_encryption.encryptCbc(dataKey, "0" + noteHistory.note_history_id, decryptedTitle); + noteHistory.note_title = data_encryption.encrypt(dataKey, "0" + noteHistory.note_history_id, decryptedTitle); const decryptedText = data_encryption.decrypt(dataKey, noteHistory.note_text); - noteHistory.note_text = data_encryption.encryptCbc(dataKey, "1" + noteHistory.note_history_id, decryptedText); + noteHistory.note_text = data_encryption.encrypt(dataKey, "1" + noteHistory.note_history_id, decryptedText); await sql.execute("UPDATE notes SET note_title = ?, note_text = ? WHERE note_id = ?", [noteHistory.note_title, noteHistory.note_text, noteHistory.note_history_id]); } diff --git a/migrations/0033__change_data_key_encryption_to_cbc.js b/migrations/0033__change_data_key_encryption_to_cbc.js index bba2f8239..a0117a22a 100644 --- a/migrations/0033__change_data_key_encryption_to_cbc.js +++ b/migrations/0033__change_data_key_encryption_to_cbc.js @@ -21,5 +21,5 @@ module.exports = async () => { console.log("Trimmed data key: ", dataKey); - await password_encryption.setDataKeyCbc(password, dataKey); + await password_encryption.setDataKey(password, dataKey); }; \ No newline at end of file diff --git a/routes/api/login.js b/routes/api/login.js index dd7df2064..ea729254c 100644 --- a/routes/api/login.js +++ b/routes/api/login.js @@ -57,7 +57,7 @@ router.post('/protected', auth.checkApiAuth, async (req, res, next) => { return; } - const decryptedDataKey = await password_encryption.getDecryptedDataKeyCbc(password); + const decryptedDataKey = await password_encryption.getDataKey(password); const protectedSessionId = protected_session.setDataKey(req, decryptedDataKey); diff --git a/routes/api/note_history.js b/routes/api/note_history.js index cb0b0ed67..07db8a8d6 100644 --- a/routes/api/note_history.js +++ b/routes/api/note_history.js @@ -16,8 +16,8 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => { for (const hist of history) { if (hist.is_protected) { - hist.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_title); - hist.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(hist.note_history_id), hist.note_text); + hist.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_title); + hist.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(hist.note_history_id), hist.note_text); } } diff --git a/routes/api/notes.js b/routes/api/notes.js index 19c7ba666..4768669e8 100644 --- a/routes/api/notes.js +++ b/routes/api/notes.js @@ -21,8 +21,8 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => { if (detail.is_protected) { const dataKey = protected_session.getDataKey(req); - detail.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(noteId), detail.note_title); - detail.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(noteId), detail.note_text); + detail.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(noteId), detail.note_title); + detail.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(noteId), detail.note_text); } res.send({ diff --git a/routes/api/tree.js b/routes/api/tree.js index feb3d44aa..2dcd79df0 100644 --- a/routes/api/tree.js +++ b/routes/api/tree.js @@ -28,7 +28,7 @@ router.get('/', auth.checkApiAuth, async (req, res, next) => { for (const note of notes) { if (note.is_protected) { - note.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); + note.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); } if (!parentToNotes[note.note_pid]) { diff --git a/services/change_password.js b/services/change_password.js index c7109df7f..0237872f8 100644 --- a/services/change_password.js +++ b/services/change_password.js @@ -18,7 +18,7 @@ async function changePassword(currentPassword, newPassword, req) { const newPasswordVerificationKey = utils.toBase64(await my_scrypt.getVerificationHash(newPassword)); const newPasswordDerivedKey = await my_scrypt.getPasswordDerivedKey(newPassword); - const decryptedDataKey = await password_encryption.getDecryptedDataKeyCbc(currentPassword); + const decryptedDataKey = await password_encryption.getDataKey(currentPassword); await sql.doInTransaction(async () => { await password_encryption.setDataKey(newPasswordDerivedKey, decryptedDataKey); diff --git a/services/data_encryption.js b/services/data_encryption.js index d2fe161b1..31ebf9044 100644 --- a/services/data_encryption.js +++ b/services/data_encryption.js @@ -29,7 +29,7 @@ function pad(data) { return Buffer.from(padded); } -function encryptCbc(key, iv, plainText) { +function encrypt(key, iv, plainText) { if (!key) { throw new Error("No data key!"); } @@ -47,7 +47,7 @@ function encryptCbc(key, iv, plainText) { return encryptedData.toString('base64'); } -function decryptCbc(key, iv, cipherText) { +function decrypt(key, iv, cipherText) { if (!key) { return "[protected]"; } @@ -69,8 +69,8 @@ function decryptCbc(key, iv, cipherText) { return payload; } -function decryptCbcString(dataKey, iv, cipherText) { - const buffer = decryptCbc(dataKey, iv, cipherText); +function decryptString(dataKey, iv, cipherText) { + const buffer = decrypt(dataKey, iv, cipherText); return buffer.toString('utf-8'); } @@ -84,9 +84,9 @@ function noteTextIv(iv) { } module.exports = { - encryptCbc, - decryptCbc, - decryptCbcString, + encrypt, + decrypt, + decryptString, noteTitleIv, noteTextIv }; \ No newline at end of file diff --git a/services/notes.js b/services/notes.js index cc676c852..0d51ef3bb 100644 --- a/services/notes.js +++ b/services/notes.js @@ -62,8 +62,8 @@ async function createNewNote(parentNoteId, note, browserId) { } async function encryptNote(note, ctx) { - note.detail.note_title = data_encryption.encryptCbc(ctx.getDataKey(), data_encryption.noteTitleIv(note.detail.note_id), note.detail.note_title); - note.detail.note_text = data_encryption.encryptCbc(ctx.getDataKey(), data_encryption.noteTextIv(note.detail.note_id), note.detail.note_text); + note.detail.note_title = data_encryption.encrypt(ctx.getDataKey(), data_encryption.noteTitleIv(note.detail.note_id), note.detail.note_title); + note.detail.note_text = data_encryption.encrypt(ctx.getDataKey(), data_encryption.noteTextIv(note.detail.note_id), note.detail.note_text); } async function protectNoteRecursively(noteId, dataKey, protect) { @@ -82,15 +82,15 @@ async function protectNote(note, dataKey, protect) { let changed = false; if (protect && !note.is_protected) { - note.note_title = data_encryption.encryptCbc(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); - note.note_text = data_encryption.encryptCbc(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text); + note.note_title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); + note.note_text = data_encryption.encrypt(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text); note.is_protected = true; changed = true; } else if (!protect && note.is_protected) { - note.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); - note.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text); + note.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); + note.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text); note.is_protected = false; changed = true; @@ -113,13 +113,13 @@ async function protectNoteHistory(noteId, dataKey, protect) { for (const history of historyToChange) { if (protect) { - history.note_title = data_encryption.encryptCbc(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title); - history.note_text = data_encryption.encryptCbc(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text); + history.note_title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title); + history.note_text = data_encryption.encrypt(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text); history.is_protected = true; } else { - history.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title); - history.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text); + history.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title); + history.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text); history.is_protected = false; } diff --git a/services/password_encryption.js b/services/password_encryption.js index bd95ed9fe..bd34c1b60 100644 --- a/services/password_encryption.js +++ b/services/password_encryption.js @@ -11,7 +11,7 @@ async function verifyPassword(password) { return givenPasswordHash === dbPasswordHash; } -async function setDataKeyCbc(password, plainText) { +async function setDataKey(password, plainText) { const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password); const encryptedDataKeyIv = utils.randomSecureToken(16).slice(0, 16); @@ -20,24 +20,24 @@ async function setDataKeyCbc(password, plainText) { const buffer = Buffer.from(plainText); - const newEncryptedDataKey = data_encryption.encryptCbc(passwordDerivedKey, encryptedDataKeyIv, buffer); + const newEncryptedDataKey = data_encryption.encrypt(passwordDerivedKey, encryptedDataKeyIv, buffer); await options.setOption('encrypted_data_key', newEncryptedDataKey); } -async function getDecryptedDataKeyCbc(password) { +async function getDataKey(password) { const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password); const encryptedDataKeyIv = await options.getOption('encrypted_data_key_iv'); const encryptedDataKey = await options.getOption('encrypted_data_key'); - const decryptedDataKey = data_encryption.decryptCbc(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey); + const decryptedDataKey = data_encryption.decrypt(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey); return decryptedDataKey; } module.exports = { verifyPassword, - getDecryptedDataKeyCbc, - setDataKeyCbc + getDataKey, + setDataKey }; \ No newline at end of file diff --git a/test/cbc_encryption.js b/test/cbc_encryption.js index 0ae3c9550..63d8c9cac 100644 --- a/test/cbc_encryption.js +++ b/test/cbc_encryption.js @@ -6,8 +6,8 @@ test('encrypt & decrypt', t => { const iv = [4,5,6]; const plainText = "Hello World!"; - const cipherText = data_encryption.encryptCbc(dataKey, iv, plainText); - const decodedPlainText = data_encryption.decryptCbc(dataKey, iv, cipherText); + const cipherText = data_encryption.encrypt(dataKey, iv, plainText); + const decodedPlainText = data_encryption.decrypt(dataKey, iv, cipherText); t.equal(decodedPlainText, plainText); t.end();