kev
/
Onionr
1
0
Fork 0
Code Issues 24 Pull Requests Projects Releases 2 Wiki Activity

fixed padding issue (hopefully), can now decrypt PMs, other improvements

This commit is contained in:
Kevin Froman 2018-04-17 22:43:33 -05:00
parent d3554008fd
commit 0cf4c97597
No known key found for this signature in database
GPG Key ID: 0D414D0FE405B63B
5 changed files with 67 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
onionr/api.py
View File

@ -32,11 +32,13 @@ class API:
''' '''
Validate that the client token (hmac) matches the given token Validate that the client token (hmac) matches the given token
''' '''
try:
if not hmac.compare_digest(self.clientToken.strip(), token.strip()): if not hmac.compare_digest(self.clientToken, token):
return False
else:
return True
except TypeError:
return False return False
else:
return True
def __init__(self, debug): def __init__(self, debug):
''' '''
@ -70,7 +72,7 @@ class API:
bypass.write(self.timeBypassToken) bypass.write(self.timeBypassToken)
if not os.environ.get("WERKZEUG_RUN_MAIN") == "true": if not os.environ.get("WERKZEUG_RUN_MAIN") == "true":
logger.debug('Your HMAC token: ' + logger.colors.underline + self.clientToken) logger.debug('Your web password (KEEP SECRET): ' + logger.colors.underline + self.clientToken)
if not debug and not self._developmentMode: if not debug and not self._developmentMode:
hostNums = [random.randint(1, 255), random.randint(1, 255), random.randint(1, 255)] hostNums = [random.randint(1, 255), random.randint(1, 255), random.randint(1, 255)]

14
onionr/core.py
View File

@ -87,6 +87,20 @@ class Core:
if self._utils.validateID(address): if self._utils.validateID(address):
conn = sqlite3.connect(self.addressDB) conn = sqlite3.connect(self.addressDB)
c = conn.cursor() c = conn.cursor()
# check if address is in database
# this is safe to do because the address is validated above, but we strip some chars here too just in case
address = address.replace('\'', '').replace(';', '').replace('"', '').replace('\\', '')
for i in c.execute("SELECT * FROM adders where address = '" + address + "';"):
try:
if i[0] == address:
logger.warn('Not adding existing address')
conn.close()
return False
except ValueError:
pass
except IndexError:
pass
t = (address, 1) t = (address, 1)
c.execute('INSERT INTO adders (address, type) VALUES(?, ?);', t) c.execute('INSERT INTO adders (address, type) VALUES(?, ?);', t)
conn.commit() conn.commit()

24
onionr/onionr.py
View File

@ -135,8 +135,8 @@ class Onionr:
'reload-plugins': self.reloadPlugin, 'reload-plugins': self.reloadPlugin,
'reloadplugins': self.reloadPlugin, 'reloadplugins': self.reloadPlugin,
'listpeers': self.listPeers, 'listkeys': self.listKeys,
'list-peers': self.listPeers, 'list-keys': self.listKeys,
'addmsg': self.addMessage, 'addmsg': self.addMessage,
'addmessage': self.addMessage, 'addmessage': self.addMessage,
@ -144,6 +144,9 @@ class Onionr:
'add-message': self.addMessage, 'add-message': self.addMessage,
'pm': self.sendEncrypt, 'pm': self.sendEncrypt,
'getpms': self.getPMs,
'get-pms': self.getPMs,
'gui': self.openGUI, 'gui': self.openGUI,
'addpeer': self.addPeer, 'addpeer': self.addPeer,
@ -168,7 +171,8 @@ class Onionr:
'add-peer': 'Adds a peer (?)', 'add-peer': 'Adds a peer (?)',
'add-msg': 'Broadcasts a message to the Onionr network', 'add-msg': 'Broadcasts a message to the Onionr network',
'pm': 'Adds a private message to block', 'pm': 'Adds a private message to block',
'gui': 'Opens a graphical interface for Onionr' 'gui': 'Opens a graphical interface for Onionr',
'getpms': 'Shows private messages sent to you'
} }
command = '' command = ''
@ -277,12 +281,12 @@ class Onionr:
gui.OnionrGUI(self.onionrCore) gui.OnionrGUI(self.onionrCore)
def listPeers(self): def listKeys(self):
''' '''
Displays a list of peers (?) Displays a list of keys (used to be called peers) (?)
''' '''
logger.info('Peer list:\n') logger.info('Public keys in database:\n')
for i in self.onionrCore.listPeers(): for i in self.onionrCore.listPeers():
logger.info(i) logger.info(i)
@ -290,7 +294,7 @@ class Onionr:
''' '''
Adds a peer (?) Adds a peer (?)
''' '''
try: try:
newPeer = sys.argv[2] newPeer = sys.argv[2]
except: except:
@ -332,6 +336,12 @@ class Onionr:
self.onionrCore.setBlockType(addedHash, 'txt') self.onionrCore.setBlockType(addedHash, 'txt')
return return
def getPMs(self):
'''
display PMs sent to us
'''
self.onionrUtils.loadPMs()
def enablePlugin(self): def enablePlugin(self):
''' '''

10
onionr/onionrcrypto.py
View File

@ -80,20 +80,20 @@ class OnionrCrypto:
retVal = anonBox.encrypt(data.encode(), encoder=encoding) retVal = anonBox.encrypt(data.encode(), encoder=encoding)
return retVal return retVal
def pubKeyDecrypt(self, data, pubkey, anonymous=False, encodedData=False): def pubKeyDecrypt(self, data, pubkey='', anonymous=False, encodedData=False):
'''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)''' '''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)'''
retVal = '' retVal = False
if encodedData: if encodedData:
encoding = nacl.encoding.Base64Encoder encoding = nacl.encoding.Base64Encoder
else: else:
encoding = nacl.encoding.RawEncoder encoding = nacl.encoding.RawEncoder
ownKey = nacl.signing.SigningKey(seed=self.privKey, encoder=nacl.encoding.Base32Encoder()) ownKey = nacl.signing.SigningKey(seed=self.privKey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key()
if self.privKey != None and not anoymous: if self.privKey != None and not anonymous:
ourBox = nacl.public.Box(ownKey, pubkey) ourBox = nacl.public.Box(ownKey, pubkey)
decrypted = ourBox.decrypt(data, encoder=encoding) decrypted = ourBox.decrypt(data, encoder=encoding)
elif anonymous: elif anonymous:
anonBox = nacl.public.SealedBox(ownKey) anonBox = nacl.public.SealedBox(ownKey)
decrypted = anonBox.decrypt(data.encode(), encoder=encoding) decrypted = anonBox.decrypt(data, encoder=encoding)
return decrypted return decrypted
def symmetricPeerEncrypt(self, data, peer): def symmetricPeerEncrypt(self, data, peer):

25
onionr/onionrutils.py
View File

@ -224,7 +224,7 @@ class OnionrUtils:
nacl.signing.SigningKey(seed=key, encoder=nacl.encoding.Base32Encoder) nacl.signing.SigningKey(seed=key, encoder=nacl.encoding.Base32Encoder)
except nacl.exceptions.ValueError: except nacl.exceptions.ValueError:
pass pass
except binascii.Error: except base64.binascii.Error as err:
pass pass
else: else:
retVal = True retVal = True
@ -274,3 +274,26 @@ class OnionrUtils:
retVal = False retVal = False
return retVal return retVal
def loadPMs(self):
'''
Find, decrypt, and return array of PMs (array of dictionary, {from, text})
'''
blocks = self._core.getBlockList().split('\n')
message = ''
sender = ''
for i in blocks:
if len (i) == 0:
continue
with open('data/blocks/' + i + '.dat', 'r') as potentialMessage:
message = potentialMessage.read()
if message.startswith('-pm-'):
try:
message = self._core._crypto.pubKeyDecrypt(message.replace('-pm-', ''), encodedData=True, anonymous=True)
except nacl.exceptions.CryptoError as e:
#logger.debug('Unable to decrypt ' + i)
#logger.debug(str(e))
pass
else:
logger.info('Recieved message: ' + message.decode())
return