mirror of
https://github.com/zadam/trilium.git
synced 2025-10-31 10:26:08 +01:00
cleaned up "CBC" from methods since we don't have CTR
This commit is contained in:
azivner
@@ -22,10 +22,10 @@ module.exports = async () => {
|
||||
for (const note of protectedNotes) {
|
||||
const decryptedTitle = data_encryption.decrypt(dataKey, note.note_title);
|
||||
|
||||
note.note_title = data_encryption.encryptCbc(dataKey, "0" + note.note_id, decryptedTitle);
|
||||
note.note_title = data_encryption.encrypt(dataKey, "0" + note.note_id, decryptedTitle);
|
||||
|
||||
const decryptedText = data_encryption.decrypt(dataKey, note.note_text);
|
||||
note.note_text = data_encryption.encryptCbc(dataKey, "1" + note.note_id, decryptedText);
|
||||
note.note_text = data_encryption.encrypt(dataKey, "1" + note.note_id, decryptedText);
|
||||
|
||||
await sql.execute("UPDATE notes SET note_title = ?, note_text = ? WHERE note_id = ?", [note.note_title, note.note_text, note.note_id]);
|
||||
}
|
||||
@@ -34,10 +34,10 @@ module.exports = async () => {
|
||||
|
||||
for (const noteHistory of protectedNotesHistory) {
|
||||
const decryptedTitle = data_encryption.decrypt(dataKey, noteHistory.note_title);
|
||||
noteHistory.note_title = data_encryption.encryptCbc(dataKey, "0" + noteHistory.note_history_id, decryptedTitle);
|
||||
noteHistory.note_title = data_encryption.encrypt(dataKey, "0" + noteHistory.note_history_id, decryptedTitle);
|
||||
|
||||
const decryptedText = data_encryption.decrypt(dataKey, noteHistory.note_text);
|
||||
noteHistory.note_text = data_encryption.encryptCbc(dataKey, "1" + noteHistory.note_history_id, decryptedText);
|
||||
noteHistory.note_text = data_encryption.encrypt(dataKey, "1" + noteHistory.note_history_id, decryptedText);
|
||||
|
||||
await sql.execute("UPDATE notes SET note_title = ?, note_text = ? WHERE note_id = ?", [noteHistory.note_title, noteHistory.note_text, noteHistory.note_history_id]);
|
||||
}
|
||||
|
||||
@@ -21,5 +21,5 @@ module.exports = async () => {
|
||||
|
||||
console.log("Trimmed data key: ", dataKey);
|
||||
|
||||
await password_encryption.setDataKeyCbc(password, dataKey);
|
||||
await password_encryption.setDataKey(password, dataKey);
|
||||
};
|
||||
@@ -57,7 +57,7 @@ router.post('/protected', auth.checkApiAuth, async (req, res, next) => {
|
||||
return;
|
||||
}
|
||||
|
||||
const decryptedDataKey = await password_encryption.getDecryptedDataKeyCbc(password);
|
||||
const decryptedDataKey = await password_encryption.getDataKey(password);
|
||||
|
||||
const protectedSessionId = protected_session.setDataKey(req, decryptedDataKey);
|
||||
|
||||
|
||||
@@ -16,8 +16,8 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => {
|
||||
|
||||
for (const hist of history) {
|
||||
if (hist.is_protected) {
|
||||
hist.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_title);
|
||||
hist.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(hist.note_history_id), hist.note_text);
|
||||
hist.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(hist.note_history_id), hist.note_title);
|
||||
hist.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(hist.note_history_id), hist.note_text);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -21,8 +21,8 @@ router.get('/:noteId', auth.checkApiAuth, async (req, res, next) => {
|
||||
if (detail.is_protected) {
|
||||
const dataKey = protected_session.getDataKey(req);
|
||||
|
||||
detail.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(noteId), detail.note_title);
|
||||
detail.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(noteId), detail.note_text);
|
||||
detail.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(noteId), detail.note_title);
|
||||
detail.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(noteId), detail.note_text);
|
||||
}
|
||||
|
||||
res.send({
|
||||
|
||||
@@ -28,7 +28,7 @@ router.get('/', auth.checkApiAuth, async (req, res, next) => {
|
||||
|
||||
for (const note of notes) {
|
||||
if (note.is_protected) {
|
||||
note.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
|
||||
note.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
|
||||
}
|
||||
|
||||
if (!parentToNotes[note.note_pid]) {
|
||||
|
||||
@@ -18,7 +18,7 @@ async function changePassword(currentPassword, newPassword, req) {
|
||||
const newPasswordVerificationKey = utils.toBase64(await my_scrypt.getVerificationHash(newPassword));
|
||||
const newPasswordDerivedKey = await my_scrypt.getPasswordDerivedKey(newPassword);
|
||||
|
||||
const decryptedDataKey = await password_encryption.getDecryptedDataKeyCbc(currentPassword);
|
||||
const decryptedDataKey = await password_encryption.getDataKey(currentPassword);
|
||||
|
||||
await sql.doInTransaction(async () => {
|
||||
await password_encryption.setDataKey(newPasswordDerivedKey, decryptedDataKey);
|
||||
|
||||
@@ -29,7 +29,7 @@ function pad(data) {
|
||||
return Buffer.from(padded);
|
||||
}
|
||||
|
||||
function encryptCbc(key, iv, plainText) {
|
||||
function encrypt(key, iv, plainText) {
|
||||
if (!key) {
|
||||
throw new Error("No data key!");
|
||||
}
|
||||
@@ -47,7 +47,7 @@ function encryptCbc(key, iv, plainText) {
|
||||
return encryptedData.toString('base64');
|
||||
}
|
||||
|
||||
function decryptCbc(key, iv, cipherText) {
|
||||
function decrypt(key, iv, cipherText) {
|
||||
if (!key) {
|
||||
return "[protected]";
|
||||
}
|
||||
@@ -69,8 +69,8 @@ function decryptCbc(key, iv, cipherText) {
|
||||
return payload;
|
||||
}
|
||||
|
||||
function decryptCbcString(dataKey, iv, cipherText) {
|
||||
const buffer = decryptCbc(dataKey, iv, cipherText);
|
||||
function decryptString(dataKey, iv, cipherText) {
|
||||
const buffer = decrypt(dataKey, iv, cipherText);
|
||||
|
||||
return buffer.toString('utf-8');
|
||||
}
|
||||
@@ -84,9 +84,9 @@ function noteTextIv(iv) {
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
encryptCbc,
|
||||
decryptCbc,
|
||||
decryptCbcString,
|
||||
encrypt,
|
||||
decrypt,
|
||||
decryptString,
|
||||
noteTitleIv,
|
||||
noteTextIv
|
||||
};
|
||||
@@ -62,8 +62,8 @@ async function createNewNote(parentNoteId, note, browserId) {
|
||||
}
|
||||
|
||||
async function encryptNote(note, ctx) {
|
||||
note.detail.note_title = data_encryption.encryptCbc(ctx.getDataKey(), data_encryption.noteTitleIv(note.detail.note_id), note.detail.note_title);
|
||||
note.detail.note_text = data_encryption.encryptCbc(ctx.getDataKey(), data_encryption.noteTextIv(note.detail.note_id), note.detail.note_text);
|
||||
note.detail.note_title = data_encryption.encrypt(ctx.getDataKey(), data_encryption.noteTitleIv(note.detail.note_id), note.detail.note_title);
|
||||
note.detail.note_text = data_encryption.encrypt(ctx.getDataKey(), data_encryption.noteTextIv(note.detail.note_id), note.detail.note_text);
|
||||
}
|
||||
|
||||
async function protectNoteRecursively(noteId, dataKey, protect) {
|
||||
@@ -82,15 +82,15 @@ async function protectNote(note, dataKey, protect) {
|
||||
let changed = false;
|
||||
|
||||
if (protect && !note.is_protected) {
|
||||
note.note_title = data_encryption.encryptCbc(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
|
||||
note.note_text = data_encryption.encryptCbc(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text);
|
||||
note.note_title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
|
||||
note.note_text = data_encryption.encrypt(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text);
|
||||
note.is_protected = true;
|
||||
|
||||
changed = true;
|
||||
}
|
||||
else if (!protect && note.is_protected) {
|
||||
note.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
|
||||
note.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text);
|
||||
note.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(note.note_id), note.note_title);
|
||||
note.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(note.note_id), note.note_text);
|
||||
note.is_protected = false;
|
||||
|
||||
changed = true;
|
||||
@@ -113,13 +113,13 @@ async function protectNoteHistory(noteId, dataKey, protect) {
|
||||
|
||||
for (const history of historyToChange) {
|
||||
if (protect) {
|
||||
history.note_title = data_encryption.encryptCbc(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title);
|
||||
history.note_text = data_encryption.encryptCbc(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text);
|
||||
history.note_title = data_encryption.encrypt(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title);
|
||||
history.note_text = data_encryption.encrypt(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text);
|
||||
history.is_protected = true;
|
||||
}
|
||||
else {
|
||||
history.note_title = data_encryption.decryptCbcString(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title);
|
||||
history.note_text = data_encryption.decryptCbcString(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text);
|
||||
history.note_title = data_encryption.decryptString(dataKey, data_encryption.noteTitleIv(history.note_history_id), history.note_title);
|
||||
history.note_text = data_encryption.decryptString(dataKey, data_encryption.noteTextIv(history.note_history_id), history.note_text);
|
||||
history.is_protected = false;
|
||||
}
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ async function verifyPassword(password) {
|
||||
return givenPasswordHash === dbPasswordHash;
|
||||
}
|
||||
|
||||
async function setDataKeyCbc(password, plainText) {
|
||||
async function setDataKey(password, plainText) {
|
||||
const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password);
|
||||
|
||||
const encryptedDataKeyIv = utils.randomSecureToken(16).slice(0, 16);
|
||||
@@ -20,24 +20,24 @@ async function setDataKeyCbc(password, plainText) {
|
||||
|
||||
const buffer = Buffer.from(plainText);
|
||||
|
||||
const newEncryptedDataKey = data_encryption.encryptCbc(passwordDerivedKey, encryptedDataKeyIv, buffer);
|
||||
const newEncryptedDataKey = data_encryption.encrypt(passwordDerivedKey, encryptedDataKeyIv, buffer);
|
||||
|
||||
await options.setOption('encrypted_data_key', newEncryptedDataKey);
|
||||
}
|
||||
|
||||
async function getDecryptedDataKeyCbc(password) {
|
||||
async function getDataKey(password) {
|
||||
const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password);
|
||||
|
||||
const encryptedDataKeyIv = await options.getOption('encrypted_data_key_iv');
|
||||
const encryptedDataKey = await options.getOption('encrypted_data_key');
|
||||
|
||||
const decryptedDataKey = data_encryption.decryptCbc(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey);
|
||||
const decryptedDataKey = data_encryption.decrypt(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey);
|
||||
|
||||
return decryptedDataKey;
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
verifyPassword,
|
||||
getDecryptedDataKeyCbc,
|
||||
setDataKeyCbc
|
||||
getDataKey,
|
||||
setDataKey
|
||||
};
|
||||
@@ -6,8 +6,8 @@ test('encrypt & decrypt', t => {
|
||||
const iv = [4,5,6];
|
||||
const plainText = "Hello World!";
|
||||
|
||||
const cipherText = data_encryption.encryptCbc(dataKey, iv, plainText);
|
||||
const decodedPlainText = data_encryption.decryptCbc(dataKey, iv, cipherText);
|
||||
const cipherText = data_encryption.encrypt(dataKey, iv, plainText);
|
||||
const decodedPlainText = data_encryption.decrypt(dataKey, iv, cipherText);
|
||||
|
||||
t.equal(decodedPlainText, plainText);
|
||||
t.end();
|
||||
|
||||
Reference in New Issue
Block a user