Notes/src/services/encryption/data_encryption.ts

"use strict";

import crypto = require('crypto');
import log = require('../log');

function arraysIdentical(a: any[] | Buffer, b: any[] | Buffer) {
    let i = a.length;
    if (i !== b.length) return false;
    while (i--) {
        if (a[i] !== b[i]) return false;
    }
    return true;
}

function shaArray(content: crypto.BinaryLike) {
    // we use this as a simple checksum and don't rely on its security, so SHA-1 is good enough
    return crypto.createHash('sha1').update(content).digest();
}

function pad(data: Buffer): Buffer {
    if (data.length > 16) {
        data = data.slice(0, 16);
    }
    else if (data.length < 16) {
        const zeros = Array(16 - data.length).fill(0);

        data = Buffer.concat([data, Buffer.from(zeros)]);
    }

    return Buffer.from(data);
}

function encrypt(key: Buffer, plainText: Buffer | string) {
    if (!key) {
        throw new Error("No data key!");
    }

    const plainTextBuffer = Buffer.from(plainText);

    const iv = crypto.randomBytes(16);
    const cipher = crypto.createCipheriv('aes-128-cbc', pad(key), pad(iv));

    const digest = shaArray(plainTextBuffer).slice(0, 4);

    const digestWithPayload = Buffer.concat([digest, plainTextBuffer]);

    const encryptedData = Buffer.concat([cipher.update(digestWithPayload), cipher.final()]);

    const encryptedDataWithIv = Buffer.concat([iv, encryptedData]);

    return encryptedDataWithIv.toString('base64');
}

function decrypt(key: Buffer, cipherText: string | Buffer): Buffer | false | null {
    if (cipherText === null) {
        return null;
    }

    if (!key) {
        return Buffer.from("[protected]");
    }

    try {
        const cipherTextBufferWithIv = Buffer.from(cipherText.toString(), 'base64');

        // old encrypted data can have IV of length 13, see some details here: https://github.com/zadam/trilium/issues/3017
        const ivLength = cipherTextBufferWithIv.length % 16 === 0 ? 16 : 13;

        const iv = cipherTextBufferWithIv.slice(0, ivLength);

        const cipherTextBuffer = cipherTextBufferWithIv.slice(ivLength);

        const decipher = crypto.createDecipheriv('aes-128-cbc', pad(key), pad(iv));

        const decryptedBytes = Buffer.concat([decipher.update(cipherTextBuffer), decipher.final()]);

        const digest = decryptedBytes.slice(0, 4);
        const payload = decryptedBytes.slice(4);

        const computedDigest = shaArray(payload).slice(0, 4);

        if (!arraysIdentical(digest, computedDigest)) {
            return false;
        }

        return payload;
    }
    catch (e: any) {
        // recovery from https://github.com/zadam/trilium/issues/510
        if (e.message?.includes("WRONG_FINAL_BLOCK_LENGTH") || e.message?.includes("wrong final block length")) {
            log.info("Caught WRONG_FINAL_BLOCK_LENGTH, returning cipherText instead");

            return Buffer.from(cipherText);
        }
        else {
            throw e;
        }
    }
}

function decryptString(dataKey: Buffer, cipherText: string) {
    const buffer = decrypt(dataKey, cipherText);

    if (buffer === null) {
        return null;
    } else if (buffer === false) {
        log.error(`Could not decrypt string. Buffer: ${buffer}`);

        throw new Error("Could not decrypt string.");
    }

    return buffer.toString('utf-8');
}

export = {
    encrypt,
    decrypt,
    decryptString
};
server side WIP - saving encrypted note now works, changing terminology of "encrypted note" to "protected note" 2017-11-14 21:54:12 -05:00			`"use strict";`

server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`import crypto = require('crypto');`
			`import log = require('../log');`
server side encryption WIP 2017-11-10 22:55:19 -05:00
server-ts: Implement review comments 2024-02-17 18:55:41 +02:00			`function arraysIdentical(a: any[] \| Buffer, b: any[] \| Buffer) {`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00			`let i = a.length;`
			`if (i !== b.length) return false;`
			`while (i--) {`
			`if (a[i] !== b[i]) return false;`
			`}`
			`return true;`
			`}`

server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`function shaArray(content: crypto.BinaryLike) {`
grammar 2023-05-05 23:41:11 +02:00			`// we use this as a simple checksum and don't rely on its security, so SHA-1 is good enough`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00			`return crypto.createHash('sha1').update(content).digest();`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00			`}`

server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`function pad(data: Buffer): Buffer {`
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00			`if (data.length > 16) {`
			`data = data.slice(0, 16);`
			`}`
			`else if (data.length < 16) {`
			`const zeros = Array(16 - data.length).fill(0);`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00			`data = Buffer.concat([data, Buffer.from(zeros)]);`
use native node crypto for sha256 2017-11-15 18:23:19 -05:00			`}`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
delete note through its entity instead of manually with SQL, closes #303 2019-01-13 00:24:51 +01:00			`return Buffer.from(data);`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00			`}`

server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`function encrypt(key: Buffer, plainText: Buffer \| string) {`
fixed encryption of note history 2017-11-16 00:22:00 -05:00			`if (!key) {`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00			`throw new Error("No data key!");`
			`}`

data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00			`const plainTextBuffer = Buffer.from(plainText);`

use 16 bytes IV for newly encrypted data, closes #3017 2022-07-28 22:42:02 +02:00			`const iv = crypto.randomBytes(16);`
fixed encryption of note history 2017-11-16 00:22:00 -05:00			`const cipher = crypto.createCipheriv('aes-128-cbc', pad(key), pad(iv));`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00			`const digest = shaArray(plainTextBuffer).slice(0, 4);`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00			`const digestWithPayload = Buffer.concat([digest, plainTextBuffer]);`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00			`const encryptedData = Buffer.concat([cipher.update(digestWithPayload), cipher.final()]);`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00			`const encryptedDataWithIv = Buffer.concat([iv, encryptedData]);`

			`return encryptedDataWithIv.toString('base64');`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00			`}`

server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`function decrypt(key: Buffer, cipherText: string \| Buffer): Buffer \| false \| null {`
fixed some encryption issues 2020-12-21 23:19:03 +01:00			`if (cipherText === null) {`
			`return null;`
			`}`

fixed encryption of note history 2017-11-16 00:22:00 -05:00			`if (!key) {`
many small fixes from Intellij analysis 2023-05-05 23:17:23 +02:00			`return Buffer.from("[protected]");`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00			`}`

fix protecting files/images 2019-05-04 16:05:28 +02:00			`try {`
			`const cipherTextBufferWithIv = Buffer.from(cipherText.toString(), 'base64');`
use 16 bytes IV for newly encrypted data, closes #3017 2022-07-28 22:42:02 +02:00
			`// old encrypted data can have IV of length 13, see some details here: https://github.com/zadam/trilium/issues/3017`
			`const ivLength = cipherTextBufferWithIv.length % 16 === 0 ? 16 : 13;`

fix protecting files/images 2019-05-04 16:05:28 +02:00			`const iv = cipherTextBufferWithIv.slice(0, ivLength);`
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00
fix protecting files/images 2019-05-04 16:05:28 +02:00			`const cipherTextBuffer = cipherTextBufferWithIv.slice(ivLength);`
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00
fix protecting files/images 2019-05-04 16:05:28 +02:00			`const decipher = crypto.createDecipheriv('aes-128-cbc', pad(key), pad(iv));`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00
fix protecting files/images 2019-05-04 16:05:28 +02:00			`const decryptedBytes = Buffer.concat([decipher.update(cipherTextBuffer), decipher.final()]);`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00
fix protecting files/images 2019-05-04 16:05:28 +02:00			`const digest = decryptedBytes.slice(0, 4);`
			`const payload = decryptedBytes.slice(4);`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
fix protecting files/images 2019-05-04 16:05:28 +02:00			`const computedDigest = shaArray(payload).slice(0, 4);`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
fix protecting files/images 2019-05-04 16:05:28 +02:00			`if (!arraysIdentical(digest, computedDigest)) {`
			`return false;`
			`}`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00
fix protecting files/images 2019-05-04 16:05:28 +02:00			`return payload;`
			`}`
server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`catch (e: any) {`
fix protecting files/images 2019-05-04 16:05:28 +02:00			`// recovery from https://github.com/zadam/trilium/issues/510`
fix saving new protected note revisions, closes #2951 2022-07-01 22:49:10 +02:00			`if (e.message?.includes("WRONG_FINAL_BLOCK_LENGTH") \|\| e.message?.includes("wrong final block length")) {`
fix protecting files/images 2019-05-04 16:05:28 +02:00			`log.info("Caught WRONG_FINAL_BLOCK_LENGTH, returning cipherText instead");`

server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`return Buffer.from(cipherText);`
fix protecting files/images 2019-05-04 16:05:28 +02:00			`}`
			`else {`
			`throw e;`
			`}`
			`}`
changing from AES-256-CTR to AES-128-CBC for note encryption 2017-11-15 22:13:45 -05:00			`}`

server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`function decryptString(dataKey: Buffer, cipherText: string) {`
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00			`const buffer = decrypt(dataKey, cipherText);`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00
fixed some encryption issues 2020-12-21 23:19:03 +01:00			`if (buffer === null) {`
			`return null;`
many small fixes from Intellij analysis 2023-05-05 23:17:23 +02:00			`} else if (buffer === false) {`
always use template strings instead of string concatenation 2022-12-21 15:19:05 +01:00			log.error(`Could not decrypt string. Buffer: ${buffer}`);
failing early when decryption fails 2017-12-30 20:14:05 -05:00
			`throw new Error("Could not decrypt string.");`
			`}`

fixes for zip export/import in regard to attachments 2023-05-06 22:50:28 +02:00			`return buffer.toString('utf-8');`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00			`}`

server-ts: services/encryption/*.js -> ts 2024-02-16 23:03:19 +02:00			`export = {`
cleaned up "CBC" from methods since we don't have CTR 2017-11-18 12:53:17 -05:00			`encrypt,`
			`decrypt,`
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00			`decryptString`
fixed some encryption issues 2020-12-21 23:19:03 +01:00			`};`