private static string DecryptContent004(string encContent, string encItemKey, Guid?itemsKeyID, StandardNoteData dat) { StandardNoteAPI.Logger.TraceExt(StandardNotePlugin.Name, "Decrypt content with schema [002]", ("encContent", encContent), ("encItemKey", encItemKey), ("itemsKeyID", itemsKeyID?.ToString() ?? "NULL")); var keyOuter = dat.SessionData.RootKey_MasterKey; if (itemsKeyID != null) { var itemskey = dat.ItemsKeys.FirstOrDefault(p => p.UUID == itemsKeyID); if (itemskey == null) { throw new StandardNoteAPIException($"Could not decrypt item (Key {itemsKeyID} not found)"); } StandardNoteAPI.Logger.TraceExt(StandardNotePlugin.Name, $"Found itemskey: {itemskey.UUID}", ("itemskey.IsDefault", itemskey.IsDefault.ToString()), ("itemskey.Version", itemskey.Version), ("itemskey.Key", EncodingConverter.ByteToHexBitFiddleLowercase(itemskey.Key))); keyOuter = itemskey.Key; } var keyInner = Decrypt004(encItemKey, keyOuter); return(Decrypt004(encContent, EncodingConverter.StringToByteArrayCaseInsensitive(keyInner))); }
private static string DecryptContent002(string encContent, string encItemKey, byte[] masterMK, byte[] masterAK) { var item_key = Decrypt002(encItemKey, masterMK, masterAK); var item_ek = item_key.Substring(0, item_key.Length / 2); var item_ak = item_key.Substring(item_key.Length / 2, item_key.Length / 2); return(Decrypt002(encContent, EncodingConverter.StringToByteArrayCaseInsensitive(item_ek), EncodingConverter.StringToByteArrayCaseInsensitive(item_ak))); }
private static string DecryptContent001(string encContent, string encItemKey, string authHash, StandardNoteData dat) { StandardNoteAPI.Logger.TraceExt(StandardNotePlugin.Name, "Decrypt content with schema [001]", ("encContent", encContent), ("encItemKey", encItemKey), ("authHash", authHash)); byte[] masterkey; if (dat.SessionData.Version == "001" || dat.SessionData.Version == "002" || dat.SessionData.Version == "003") { masterkey = dat.SessionData.RootKey_MasterKey; StandardNoteAPI.Logger.Trace(StandardNotePlugin.Name, "Use masterkey from session"); } else { var itemskey = dat.ItemsKeys.FirstOrDefault(p => p.Version == "001"); if (itemskey == null) { throw new StandardNoteAPIException($"Could not decrypt item (Key for 002 not found)"); } StandardNoteAPI.Logger.TraceExt(StandardNotePlugin.Name, $"Found itemskey: {itemskey.UUID}", ("itemskey.IsDefault", itemskey.IsDefault.ToString()), ("itemskey.Version", itemskey.Version), ("itemskey.Key", EncodingConverter.ByteToHexBitFiddleLowercase(itemskey.Key)), ("itemskey.AuthKey", EncodingConverter.ByteToHexBitFiddleLowercase(itemskey.AuthKey))); masterkey = itemskey.Key; } var itemKey = EncodingConverter.StringToByteArrayCaseInsensitive(Encoding.ASCII.GetString(AESEncryption.DecryptCBC256(Convert.FromBase64String(encItemKey), masterkey, new byte[16]))); var ek = itemKey.Take(itemKey.Length / 2).ToArray(); var ak = itemKey.Skip(itemKey.Length / 2).ToArray(); var realHash = EncodingConverter.ByteToHexBitFiddleLowercase(AuthSHA256(Encoding.UTF8.GetBytes(encContent), ak)); if (authHash == null) { throw new ArgumentNullException(nameof(authHash)); } if (realHash.ToLower() != authHash.ToLower()) { throw new StandardNoteAPIException("Decrypting content failed - hash mismatch"); } var c = AESEncryption.DecryptCBC256(Convert.FromBase64String(encContent.Substring(3)), ek, null); return(Encoding.UTF8.GetString(c)); }
private static string Decrypt004(string encContent, byte[] key) { var split = encContent.Split(':'); var version = split[0]; var nonce = EncodingConverter.StringToByteArrayCaseInsensitive(split[1]); var ciphertext = Convert.FromBase64String(split[2]); var authenticated_data = Encoding.UTF8.GetBytes(split[3]); if (version != "004") { throw new StandardNoteAPIException($"Version must be 004 to decrypt 004 encrypted item (duh.)"); } var plain = ANCrypt.XChaCha20Decrypt(ciphertext, nonce, key, authenticated_data); return(Encoding.UTF8.GetString(plain)); }
public static StandardFileItemsKey Deserialize(XElement e) { var id = XHelper.GetAttributeGuid(e, "ID"); var version = XHelper.GetAttributeString(e, "Version"); var defKey = XHelper.GetAttributeBool(e, "Default"); var cdate = XHelper.GetAttributeDateTimeOffsetOrDefault(e, "CreationDate", DateTimeOffset.MinValue); var mdate = XHelper.GetAttributeDateTimeOffsetOrDefault(e, "ModificationDate", DateTimeOffset.Now); var appdata = XHelper.GetAttributeString(e, "AppData"); var key = EncodingConverter.StringToByteArrayCaseInsensitive(e.Value); var authkey = EncodingConverter.StringToByteArrayCaseInsensitive(XHelper.GetAttributeStringOrDefault(e, "AuthKey", "")); if (authkey.Length == 0) { authkey = null; } return(new StandardFileItemsKey(id, version, cdate, mdate, key, authkey, defKey, appdata)); }
private static string DecryptContent001(string encContent, string encItemKey, string authHash, byte[] masterkey) { var itemKey = EncodingConverter.StringToByteArrayCaseInsensitive(Encoding.ASCII.GetString(AESEncryption.DecryptCBC256(Convert.FromBase64String(encItemKey), masterkey, new byte[16]))); var ek = itemKey.Take(itemKey.Length / 2).ToArray(); var ak = itemKey.Skip(itemKey.Length / 2).ToArray(); var realHash = EncodingConverter.ByteToHexBitFiddleLowercase(AuthSHA256(Encoding.UTF8.GetBytes(encContent), ak)); if (realHash.ToLower() != authHash.ToLower()) { throw new StandardNoteAPIException("Decrypting content failed - hash mismatch"); } var c = AESEncryption.DecryptCBC256(Convert.FromBase64String(encContent.Substring(3)), ek, null); return(Encoding.UTF8.GetString(c)); }
private static EncryptResult EncryptContent004(string rawContent, Guid uuid, StandardNoteData dat) { var item_key = RandomSeed(32); var authenticated_data = $"{{\"u\":\"{uuid:D}\",\"v\":\"004\"}}"; var encrypted_content = Encrypt004(rawContent, EncodingConverter.StringToByteArrayCaseInsensitive(item_key), authenticated_data); var default_items_key = GetDefaultItemsKey(dat, "004"); var enc_item_key = Encrypt004(item_key, default_items_key.Key, authenticated_data); return(new EncryptResult { enc_item_key = enc_item_key, enc_content = encrypted_content, auth_hash = null, items_key_id = default_items_key.UUID, }); }
private static string DecryptContent003(string encContent, string encItemKey, StandardNoteData dat) { StandardNoteAPI.Logger.TraceExt(StandardNotePlugin.Name, "Decrypt content with schema [002]", ("encContent", encContent), ("encItemKey", encItemKey)); byte[] masterMK; byte[] masterAK; if (dat.SessionData.Version == "001" || dat.SessionData.Version == "002" || dat.SessionData.Version == "003") { masterMK = dat.SessionData.RootKey_MasterKey; masterAK = dat.SessionData.RootKey_MasterAuthKey; StandardNoteAPI.Logger.Trace(StandardNotePlugin.Name, "Use key/authkey from session"); } else { var itemskey = dat.ItemsKeys.FirstOrDefault(p => p.Version == "003"); if (itemskey == null) { throw new StandardNoteAPIException($"Could not decrypt item (Key for 002 not found)"); } StandardNoteAPI.Logger.TraceExt(StandardNotePlugin.Name, $"Found itemskey: {itemskey.UUID}", ("itemskey.IsDefault", itemskey.IsDefault.ToString()), ("itemskey.Version", itemskey.Version), ("itemskey.Key", EncodingConverter.ByteToHexBitFiddleLowercase(itemskey.Key)), ("itemskey.AuthKey", EncodingConverter.ByteToHexBitFiddleLowercase(itemskey.AuthKey))); masterMK = itemskey.Key; masterAK = itemskey.AuthKey; } var item_key = Decrypt003(encItemKey, masterMK, masterAK); StandardNoteAPI.Logger.Trace(StandardNotePlugin.Name, "item_key decrypted", $"item_key := '{item_key}'"); var item_ek = item_key.Substring(0, item_key.Length / 2); var item_ak = item_key.Substring(item_key.Length / 2, item_key.Length / 2); return(Decrypt003(encContent, EncodingConverter.StringToByteArrayCaseInsensitive(item_ek), EncodingConverter.StringToByteArrayCaseInsensitive(item_ak))); }
private static string Encrypt004(string content, byte[] key, string assocData) { var nonce = RandomSeed(24); var authenticated_data = Convert.ToBase64String(Encoding.UTF8.GetBytes(assocData)); var ciphertext = ANCrypt.XChaCha20Encrypt(Encoding.UTF8.GetBytes(content), EncodingConverter.StringToByteArrayCaseInsensitive(nonce), key, Encoding.UTF8.GetBytes(authenticated_data)); return(string.Join(":", "004", nonce, Convert.ToBase64String(ciphertext), authenticated_data)); }
private static string Decrypt003(string string_to_decrypt, byte[] encryption_key, byte[] auth_key) { var components = string_to_decrypt.Split(':'); var version = components[0]; var auth_hash = components[1]; var uuid = components[2]; var IV = components[3]; var ciphertext = components[4]; if (auth_key != null && auth_key.Length > 0) { var string_to_auth = $"{version}:{uuid}:{IV}:{ciphertext}"; var local_auth_hash = EncodingConverter.ByteToHexBitFiddleLowercase(AuthSHA256(Encoding.UTF8.GetBytes(string_to_auth), auth_key)); if (local_auth_hash.ToUpper() != auth_hash.ToUpper()) { StandardNoteAPI.Logger.Warn(StandardNotePlugin.Name, "AuthHash verification failed", $"local_auth_hash := '{local_auth_hash}'\nauth_hash := '{auth_hash}'"); throw new Exception("Item auth-hash mismatch"); } else { StandardNoteAPI.Logger.TraceExt(StandardNotePlugin.Name, "AuthHash verified", ("local_auth_hash", local_auth_hash), ("auth_hash", auth_hash)); } } else { StandardNoteAPI.Logger.Warn(StandardNotePlugin.Name, "AuthHash verification skipped (no auth_key)"); } var result = AESEncryption.DecryptCBC256(Convert.FromBase64String(ciphertext), encryption_key, EncodingConverter.StringToByteArrayCaseInsensitive(IV)); return(Encoding.UTF8.GetString(result)); }
private static string Decrypt003(string string_to_decrypt, byte[] encryption_key, byte[] auth_key) { var components = string_to_decrypt.Split(':'); var version = components[0]; var auth_hash = components[1]; var uuid = components[2]; var IV = components[3]; var ciphertext = components[4]; if (auth_key != null && auth_key.Length > 0) { var string_to_auth = $"{version}:{uuid}:{IV}:{ciphertext}"; var local_auth_hash = EncodingConverter.ByteToHexBitFiddleLowercase(AuthSHA256(Encoding.UTF8.GetBytes(string_to_auth), auth_key)); if (local_auth_hash.ToUpper() != auth_hash.ToUpper()) { throw new Exception("Item auth-hash mismatch"); } } var result = AESEncryption.DecryptCBC256(Convert.FromBase64String(ciphertext), encryption_key, EncodingConverter.StringToByteArrayCaseInsensitive(IV)); return(Encoding.UTF8.GetString(result)); }