|
|
@ -4,6 +4,7 @@ from binascii import hexlify, unhexlify |
|
|
|
from Crypto.Cipher import AES |
|
|
|
from Crypto.Cipher import AES |
|
|
|
from Crypto.Random import random |
|
|
|
from Crypto.Random import random |
|
|
|
from copy import deepcopy |
|
|
|
from copy import deepcopy |
|
|
|
|
|
|
|
import sys |
|
|
|
|
|
|
|
|
|
|
|
class EncryptionHelper: |
|
|
|
class EncryptionHelper: |
|
|
|
def pure_generatePasswordAndKey(self, password, pw_salt, pw_cost): |
|
|
|
def pure_generatePasswordAndKey(self, password, pw_salt, pw_cost): |
|
|
@ -15,6 +16,7 @@ class EncryptionHelper: |
|
|
|
pw = output[0 : split_length] |
|
|
|
pw = output[0 : split_length] |
|
|
|
mk = output[split_length : split_length * 2] |
|
|
|
mk = output[split_length : split_length * 2] |
|
|
|
ak = output[split_length * 2 : split_length * 3] |
|
|
|
ak = output[split_length * 2 : split_length * 3] |
|
|
|
|
|
|
|
|
|
|
|
return dict(pw=pw, mk=mk, ak=ak) |
|
|
|
return dict(pw=pw, mk=mk, ak=ak) |
|
|
|
|
|
|
|
|
|
|
|
def encryptDirtyItems(self, dirty_items, keys): |
|
|
|
def encryptDirtyItems(self, dirty_items, keys): |
|
|
@ -36,6 +38,7 @@ class EncryptionHelper: |
|
|
|
enc_item = deepcopy(item) |
|
|
|
enc_item = deepcopy(item) |
|
|
|
enc_item['content'] = self.pure_encryptString002(content, item_ek, item_ak, uuid) |
|
|
|
enc_item['content'] = self.pure_encryptString002(content, item_ek, item_ak, uuid) |
|
|
|
enc_item['enc_item_key'] = self.pure_encryptString002(item_key, keys['mk'], keys['ak'], uuid) |
|
|
|
enc_item['enc_item_key'] = self.pure_encryptString002(item_key, keys['mk'], keys['ak'], uuid) |
|
|
|
|
|
|
|
|
|
|
|
return enc_item |
|
|
|
return enc_item |
|
|
|
|
|
|
|
|
|
|
|
def pure_decryptItem(self, item, keys): |
|
|
|
def pure_decryptItem(self, item, keys): |
|
|
@ -46,7 +49,13 @@ class EncryptionHelper: |
|
|
|
if not content: |
|
|
|
if not content: |
|
|
|
return item |
|
|
|
return item |
|
|
|
|
|
|
|
|
|
|
|
if content[:3] == '002': |
|
|
|
if content[:3] == '001': |
|
|
|
|
|
|
|
print('Old encryption protocol detected. This version is not ' |
|
|
|
|
|
|
|
'supported by standardnotes-fs. Please resync all of ' |
|
|
|
|
|
|
|
'your notes by following the instructions here:\n' |
|
|
|
|
|
|
|
'https://standardnotes.org/help/resync') |
|
|
|
|
|
|
|
sys.exit(1) |
|
|
|
|
|
|
|
elif content[:3] == '002': |
|
|
|
item_key = self.pure_decryptString002(enc_item_key, keys['mk'], keys['ak'], uuid) |
|
|
|
item_key = self.pure_decryptString002(enc_item_key, keys['mk'], keys['ak'], uuid) |
|
|
|
item_key_length = len(item_key) |
|
|
|
item_key_length = len(item_key) |
|
|
|
item_ek = item_key[:item_key_length//2] |
|
|
|
item_ek = item_key[:item_key_length//2] |
|
|
@ -54,10 +63,13 @@ class EncryptionHelper: |
|
|
|
|
|
|
|
|
|
|
|
dec_content = self.pure_decryptString002(content, item_ek, item_ak, uuid) |
|
|
|
dec_content = self.pure_decryptString002(content, item_ek, item_ak, uuid) |
|
|
|
else: |
|
|
|
else: |
|
|
|
print('Invalid protocol version.') |
|
|
|
print('Invalid protocol version. This could indicate tampering or ' |
|
|
|
|
|
|
|
'that something is wrong with the server. Exiting.') |
|
|
|
|
|
|
|
sys.exit(1) |
|
|
|
|
|
|
|
|
|
|
|
dec_item = deepcopy(item) |
|
|
|
dec_item = deepcopy(item) |
|
|
|
dec_item['content'] = json.loads(dec_content) |
|
|
|
dec_item['content'] = json.loads(dec_content) |
|
|
|
|
|
|
|
|
|
|
|
return dec_item |
|
|
|
return dec_item |
|
|
|
|
|
|
|
|
|
|
|
def pure_encryptString002(self, string_to_encrypt, encryption_key, auth_key, uuid): |
|
|
|
def pure_encryptString002(self, string_to_encrypt, encryption_key, auth_key, uuid): |
|
|
@ -87,19 +99,22 @@ class EncryptionHelper: |
|
|
|
ciphertext = components[4] |
|
|
|
ciphertext = components[4] |
|
|
|
|
|
|
|
|
|
|
|
if local_uuid != uuid: |
|
|
|
if local_uuid != uuid: |
|
|
|
print('UUID does not match.') |
|
|
|
print('UUID does not match. This could indicate tampering or ' |
|
|
|
return |
|
|
|
'that something is wrong with the server. Exiting.') |
|
|
|
|
|
|
|
sys.exit(1) |
|
|
|
|
|
|
|
|
|
|
|
string_to_auth = ':'.join([version, uuid, IV, ciphertext]) |
|
|
|
string_to_auth = ':'.join([version, uuid, IV, ciphertext]) |
|
|
|
local_auth_hash = hmac.new(unhexlify(auth_key), string_to_auth.encode(), 'sha256').digest() |
|
|
|
local_auth_hash = hmac.new(unhexlify(auth_key), string_to_auth.encode(), 'sha256').digest() |
|
|
|
local_auth_hash = hexlify(local_auth_hash).decode() |
|
|
|
local_auth_hash = hexlify(local_auth_hash).decode() |
|
|
|
|
|
|
|
|
|
|
|
if local_auth_hash != auth_hash: |
|
|
|
if local_auth_hash != auth_hash: |
|
|
|
print('Message has been tampered with.') |
|
|
|
print('Auth hash does not match. This could indicate tampering or ' |
|
|
|
return |
|
|
|
'that something is wrong with the server. Exiting.') |
|
|
|
|
|
|
|
sys.exit(1) |
|
|
|
|
|
|
|
|
|
|
|
cipher = AES.new(unhexlify(encryption_key), AES.MODE_CBC, unhexlify(IV)) |
|
|
|
cipher = AES.new(unhexlify(encryption_key), AES.MODE_CBC, unhexlify(IV)) |
|
|
|
result = cipher.decrypt(b64decode(ciphertext)) |
|
|
|
result = cipher.decrypt(b64decode(ciphertext)) |
|
|
|
result = result[:-result[-1]] # remove PKCS#7 padding |
|
|
|
result = result[:-result[-1]] # remove PKCS#7 padding |
|
|
|
|
|
|
|
result = result.decode() |
|
|
|
|
|
|
|
|
|
|
|
return result.decode() |
|
|
|
return result |
|
|
|