gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-06-06 18:08:33 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

cleaned up "CBC" from methods since we don't have CTR

Browse Source
This commit is contained in:
azivner 2017-11-18 12:53:17 -05:00
parent 6b226a319c
commit dec9cad106
11 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
migrations/0031__change_encryption_to_CBC.js
View File

@ -22,10 +22,10 @@ module.exports = async () => {
for (const note of protectedNotes) { for (const note of protectedNotes) {
const decryptedTitle = data_encryption.decrypt(dataKey, note.note_title); const decryptedTitle = data_encryption.decrypt(dataKey, note.note_title);
note.note_title = data_encryption.encryptCbc(dataKey, "0" + note.note_id, decryptedTitle); note.note_title = data_encryption.encrypt(dataKey, "0" + note.note_id, decryptedTitle);
const decryptedText = data_encryption.decrypt(dataKey, note.note_text); const decryptedText = data_encryption.decrypt(dataKey, note.note_text);
note.note_text = data_encryption.encryptCbc(dataKey, "1" + note.note_id, decryptedText); note.note_text = data_encryption.encrypt(dataKey, "1" + note.note_id, decryptedText);
await sql.execute("UPDATE notes SET note_title = ?, note_text = ? WHERE note_id = ?", [note.note_title, note.note_text, note.note_id]); await sql.execute("UPDATE notes SET note_title = ?, note_text = ? WHERE note_id = ?", [note.note_title, note.note_text, note.note_id]);
} }
@ -34,10 +34,10 @@ module.exports = async () => {
for (const noteHistory of protectedNotesHistory) { for (const noteHistory of protectedNotesHistory) {
const decryptedTitle = data_encryption.decrypt(dataKey, noteHistory.note_title); const decryptedTitle = data_encryption.decrypt(dataKey, noteHistory.note_title);
noteHistory.note_title = data_encryption.encryptCbc(dataKey, "0" + noteHistory.note_history_id, decryptedTitle); noteHistory.note_title = data_encryption.encrypt(dataKey, "0" + noteHistory.note_history_id, decryptedTitle);
const decryptedText = data_encryption.decrypt(dataKey, noteHistory.note_text); const decryptedText = data_encryption.decrypt(dataKey, noteHistory.note_text);
noteHistory.note_text = data_encryption.encryptCbc(dataKey, "1" + noteHistory.note_history_id, decryptedText); noteHistory.note_text = data_encryption.encrypt(dataKey, "1" + noteHistory.note_history_id, decryptedText);
await sql.execute("UPDATE notes SET note_title = ?, note_text = ? WHERE note_id = ?", [noteHistory.note_title, noteHistory.note_text, noteHistory.note_history_id]); await sql.execute("UPDATE notes SET note_title = ?, note_text = ? WHERE note_id = ?", [noteHistory.note_title, noteHistory.note_text, noteHistory.note_history_id]);
} }

2
migrations/0033__change_data_key_encryption_to_cbc.js
View File

@ -21,5 +21,5 @@ module.exports = async () => {
console.log("Trimmed data key: ", dataKey); console.log("Trimmed data key: ", dataKey);
await password_encryption.setDataKeyCbc(password, dataKey); await password_encryption.setDataKey(password, dataKey);
}; };

2
routes/api/login.js
View File

@ -57,7 +57,7 @@ router.post('/protected', auth.checkApiAuth, async (req, res, next) => {
return; return;
} }
const decryptedDataKey = await password_encryption.getDecryptedDataKeyCbc(password); const decryptedDataKey = await password_encryption.getDataKey(password);
const protectedSessionId = protected_session.setDataKey(req, decryptedDataKey); const protectedSessionId = protected_session.setDataKey(req, decryptedDataKey);

4
routes/api/note_history.js
View File

@ -16,8 +16,8 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => {
for (const hist of history) { for (const hist of history) {
if (hist.is_protected) { if (hist.is_protected) {
hist.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_title); hist.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_title);
hist.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(hist.note_history_id), hist.note_text); hist.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(hist.note_history_id), hist.note_text);
} }
} }

4
routes/api/notes.js
View File

@ -21,8 +21,8 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => {
if (detail.is_protected) { if (detail.is_protected) {
const dataKey = protected_session.getDataKey(req); const dataKey = protected_session.getDataKey(req);
detail.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(noteId), detail.note_title); detail.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(noteId), detail.note_title);
detail.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(noteId), detail.note_text); detail.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(noteId), detail.note_text);
} }
res.send({ res.send({

2
routes/api/tree.js
View File

@ -28,7 +28,7 @@ router.get('/', auth.checkApiAuth, async (req, res, next) => {
for (const note of notes) { for (const note of notes) {
if (note.is_protected) { if (note.is_protected) {
note.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); note.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
} }
if (!parentToNotes[note.note_pid]) { if (!parentToNotes[note.note_pid]) {

2
services/change_password.js
View File

@ -18,7 +18,7 @@ async function changePassword(currentPassword, newPassword, req) {
const newPasswordVerificationKey = utils.toBase64(await my_scrypt.getVerificationHash(newPassword)); const newPasswordVerificationKey = utils.toBase64(await my_scrypt.getVerificationHash(newPassword));
const newPasswordDerivedKey = await my_scrypt.getPasswordDerivedKey(newPassword); const newPasswordDerivedKey = await my_scrypt.getPasswordDerivedKey(newPassword);
const decryptedDataKey = await password_encryption.getDecryptedDataKeyCbc(currentPassword); const decryptedDataKey = await password_encryption.getDataKey(currentPassword);
await sql.doInTransaction(async () => { await sql.doInTransaction(async () => {
await password_encryption.setDataKey(newPasswordDerivedKey, decryptedDataKey); await password_encryption.setDataKey(newPasswordDerivedKey, decryptedDataKey);

14
services/data_encryption.js
View File

@ -29,7 +29,7 @@ function pad(data) {
return Buffer.from(padded); return Buffer.from(padded);
} }
function encryptCbc(key, iv, plainText) { function encrypt(key, iv, plainText) {
if (!key) { if (!key) {
throw new Error("No data key!"); throw new Error("No data key!");
} }
@ -47,7 +47,7 @@ function encryptCbc(key, iv, plainText) {
return encryptedData.toString('base64'); return encryptedData.toString('base64');
} }
function decryptCbc(key, iv, cipherText) { function decrypt(key, iv, cipherText) {
if (!key) { if (!key) {
return "[protected]"; return "[protected]";
} }
@ -69,8 +69,8 @@ function decryptCbc(key, iv, cipherText) {
return payload; return payload;
} }
function decryptCbcString(dataKey, iv, cipherText) { function decryptString(dataKey, iv, cipherText) {
const buffer = decryptCbc(dataKey, iv, cipherText); const buffer = decrypt(dataKey, iv, cipherText);
return buffer.toString('utf-8'); return buffer.toString('utf-8');
} }
@ -84,9 +84,9 @@ function noteTextIv(iv) {
} }
module.exports = { module.exports = {
encryptCbc, encrypt,
decryptCbc, decrypt,
decryptCbcString, decryptString,
noteTitleIv, noteTitleIv,
noteTextIv noteTextIv
}; };

20
services/notes.js
View File

@ -62,8 +62,8 @@ async function createNewNote(parentNoteId, note, browserId) {
} }
async function encryptNote(note, ctx) { async function encryptNote(note, ctx) {
note.detail.note_title = data_encryption.encryptCbc(ctx.getDataKey(), data_encryption.noteTitleIv(note.detail.note_id), note.detail.note_title); note.detail.note_title = data_encryption.encrypt(ctx.getDataKey(), data_encryption.noteTitleIv(note.detail.note_id), note.detail.note_title);
note.detail.note_text = data_encryption.encryptCbc(ctx.getDataKey(), data_encryption.noteTextIv(note.detail.note_id), note.detail.note_text); note.detail.note_text = data_encryption.encrypt(ctx.getDataKey(), data_encryption.noteTextIv(note.detail.note_id), note.detail.note_text);
} }
async function protectNoteRecursively(noteId, dataKey, protect) { async function protectNoteRecursively(noteId, dataKey, protect) {
@ -82,15 +82,15 @@ async function protectNote(note, dataKey, protect) {
let changed = false; let changed = false;
if (protect && !note.is_protected) { if (protect && !note.is_protected) {
note.note_title = data_encryption.encryptCbc(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); note.note_title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
note.note_text = data_encryption.encryptCbc(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text); note.note_text = data_encryption.encrypt(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text);
note.is_protected = true; note.is_protected = true;
changed = true; changed = true;
} }
else if (!protect && note.is_protected) { else if (!protect && note.is_protected) {
note.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title); note.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
note.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text); note.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text);
note.is_protected = false; note.is_protected = false;
changed = true; changed = true;
@ -113,13 +113,13 @@ async function protectNoteHistory(noteId, dataKey, protect) {
for (const history of historyToChange) { for (const history of historyToChange) {
if (protect) { if (protect) {
history.note_title = data_encryption.encryptCbc(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title); history.note_title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title);
history.note_text = data_encryption.encryptCbc(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text); history.note_text = data_encryption.encrypt(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text);
history.is_protected = true; history.is_protected = true;
} }
else { else {
history.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title); history.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title);
history.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text); history.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text);
history.is_protected = false; history.is_protected = false;
} }

12
services/password_encryption.js
View File

@ -11,7 +11,7 @@ async function verifyPassword(password) {
return givenPasswordHash === dbPasswordHash; return givenPasswordHash === dbPasswordHash;
} }
async function setDataKeyCbc(password, plainText) { async function setDataKey(password, plainText) {
const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password); const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password);
const encryptedDataKeyIv = utils.randomSecureToken(16).slice(0, 16); const encryptedDataKeyIv = utils.randomSecureToken(16).slice(0, 16);
@ -20,24 +20,24 @@ async function setDataKeyCbc(password, plainText) {
const buffer = Buffer.from(plainText); const buffer = Buffer.from(plainText);
const newEncryptedDataKey = data_encryption.encryptCbc(passwordDerivedKey, encryptedDataKeyIv, buffer); const newEncryptedDataKey = data_encryption.encrypt(passwordDerivedKey, encryptedDataKeyIv, buffer);
await options.setOption('encrypted_data_key', newEncryptedDataKey); await options.setOption('encrypted_data_key', newEncryptedDataKey);
} }
async function getDecryptedDataKeyCbc(password) { async function getDataKey(password) {
const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password); const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password);
const encryptedDataKeyIv = await options.getOption('encrypted_data_key_iv'); const encryptedDataKeyIv = await options.getOption('encrypted_data_key_iv');
const encryptedDataKey = await options.getOption('encrypted_data_key'); const encryptedDataKey = await options.getOption('encrypted_data_key');
const decryptedDataKey = data_encryption.decryptCbc(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey); const decryptedDataKey = data_encryption.decrypt(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey);
return decryptedDataKey; return decryptedDataKey;
} }
module.exports = { module.exports = {
verifyPassword, verifyPassword,
getDecryptedDataKeyCbc, getDataKey,
setDataKeyCbc setDataKey
}; };

4
test/cbc_encryption.js
View File

@ -6,8 +6,8 @@ test('encrypt & decrypt', t => {
const iv = [4,5,6]; const iv = [4,5,6];
const plainText = "Hello World!"; const plainText = "Hello World!";
const cipherText = data_encryption.encryptCbc(dataKey, iv, plainText); const cipherText = data_encryption.encrypt(dataKey, iv, plainText);
const decodedPlainText = data_encryption.decryptCbc(dataKey, iv, cipherText); const decodedPlainText = data_encryption.decrypt(dataKey, iv, cipherText);
t.equal(decodedPlainText, plainText); t.equal(decodedPlainText, plainText);
t.end(); t.end();