Disallow old encryption protocol and format logging

crypt.py

@@ -4,6 +4,7 @@ from binascii import hexlify, unhexlify
 from Crypto.Cipher import AES
 from Crypto.Random import random
 from copy import deepcopy
+import sys
 
 class EncryptionHelper:
     def pure_generatePasswordAndKey(self, password, pw_salt, pw_cost):
@@ -15,6 +16,7 @@ class EncryptionHelper:
         pw = output[0 : split_length]
         mk = output[split_length : split_length * 2]
         ak = output[split_length * 2 : split_length * 3]
+
         return dict(pw=pw, mk=mk, ak=ak)
 
     def encryptDirtyItems(self, dirty_items, keys):
@@ -36,6 +38,7 @@ class EncryptionHelper:
         enc_item = deepcopy(item)
         enc_item['content'] = self.pure_encryptString002(content, item_ek, item_ak, uuid)
         enc_item['enc_item_key'] = self.pure_encryptString002(item_key, keys['mk'], keys['ak'], uuid)
+
         return enc_item
 
     def pure_decryptItem(self, item, keys):
@@ -46,7 +49,13 @@ class EncryptionHelper:
         if not content:
             return item
 
-        if content[:3] == '002':
+        if content[:3] == '001':
+            print('Old encryption protocol detected. This version is not '
+                  'supported by standardnotes-fs. Please resync all of '
+                  'your notes by following the instructions here:\n'
+                  'https://standardnotes.org/help/resync')
+            sys.exit(1)
+        elif content[:3] == '002':
             item_key = self.pure_decryptString002(enc_item_key, keys['mk'], keys['ak'], uuid)
             item_key_length = len(item_key)
             item_ek = item_key[:item_key_length//2]
@@ -54,10 +63,13 @@ class EncryptionHelper:
 
             dec_content = self.pure_decryptString002(content, item_ek, item_ak, uuid)
         else:
-            print('Invalid protocol version.')
+            print('Invalid protocol version. This could indicate tampering or '
+                  'that something is wrong with the server. Exiting.')
+            sys.exit(1)
 
         dec_item = deepcopy(item)
         dec_item['content'] = json.loads(dec_content)
+
         return dec_item
 
     def pure_encryptString002(self, string_to_encrypt, encryption_key, auth_key, uuid):
@@ -87,19 +99,22 @@ class EncryptionHelper:
         ciphertext = components[4]
 
         if local_uuid != uuid:
-            print('UUID does not match.')
-            return
+            print('UUID does not match. This could indicate tampering or '
+                  'that something is wrong with the server. Exiting.')
+            sys.exit(1)
 
         string_to_auth = ':'.join([version, uuid, IV, ciphertext])
         local_auth_hash = hmac.new(unhexlify(auth_key), string_to_auth.encode(), 'sha256').digest()
         local_auth_hash = hexlify(local_auth_hash).decode()
 
         if local_auth_hash != auth_hash:
-            print('Message has been tampered with.')
-            return
+            print('Auth hash does not match. This could indicate tampering or '
+                  'that something is wrong with the server. Exiting.')
+            sys.exit(1)
 
         cipher = AES.new(unhexlify(encryption_key), AES.MODE_CBC, unhexlify(IV))
         result = cipher.decrypt(b64decode(ciphertext))
         result = result[:-result[-1]] # remove PKCS#7 padding
+        result = result.decode()
 
-        return result.decode()
+        return result