From 2e99b6b95c651e39e69b0ded241414ccc6adc1ae Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Fri, 15 Feb 2019 22:08:03 -0600 Subject: [PATCH] removed non-anonymous pubkey encryption, fixes, more tests --- onionr/core.py | 8 +-- onionr/onionrcrypto.py | 49 +++++++------------ onionr/onionrproofs.py | 4 +- onionr/onionrusers.py | 2 +- .../default-plugins/encrypt/main.py | 2 +- onionr/storagecounter.py | 4 +- run_tests.sh | 5 +- 7 files changed, 33 insertions(+), 41 deletions(-) diff --git a/onionr/core.py b/onionr/core.py index 0f7692de..1b803395 100755 --- a/onionr/core.py +++ b/onionr/core.py @@ -779,10 +779,10 @@ class Core: if self._utils.validatePubKey(asymPeer): # Encrypt block data with forward secrecy key first, but not meta jsonMeta = json.dumps(meta) - jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode() - data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode() - signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True, anonymous=True).decode() - signer = self._crypto.pubKeyEncrypt(signer, asymPeer, encodedData=True, anonymous=True).decode() + jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True).decode() + data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True).decode() + signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True).decode() + signer = self._crypto.pubKeyEncrypt(signer, asymPeer, encodedData=True).decode() onionrusers.OnionrUser(self, asymPeer, saveUser=True) else: raise onionrexceptions.InvalidPubkey(asymPeer + ' is not a valid base32 encoded ed25519 key') diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py index 883098a3..8f6f8e7a 100755 --- a/onionr/onionrcrypto.py +++ b/onionr/onionrcrypto.py @@ -94,52 +94,41 @@ class OnionrCrypto: retData = key.sign(data).signature return retData - def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False): + def pubKeyEncrypt(self, data, pubkey, encodedData=False): '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)''' retVal = '' - try: - pubkey = pubkey.encode() - except AttributeError: - pass + box = None + data = self._core._utils.strToBytes(data) + + pubkey = nacl.signing.VerifyKey(pubkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_public_key() if encodedData: encoding = nacl.encoding.Base64Encoder else: encoding = nacl.encoding.RawEncoder + + box = nacl.public.SealedBox(pubkey) + retVal = box.encrypt(data, encoder=encoding) - if self.privKey != None and not anonymous: - ownKey = nacl.signing.SigningKey(seed=self.privKey, encoder=nacl.encoding.Base32Encoder).to_curve25519_private_key() - key = nacl.signing.VerifyKey(key=pubkey, encoder=nacl.encoding.Base32Encoder).to_curve25519_public_key() - ourBox = nacl.public.Box(ownKey, key) - retVal = ourBox.encrypt(data.encode(), encoder=encoding) - elif anonymous: - key = nacl.signing.VerifyKey(key=pubkey, encoder=nacl.encoding.Base32Encoder).to_curve25519_public_key() - anonBox = nacl.public.SealedBox(key) - try: - data = data.encode() - except AttributeError: - pass - retVal = anonBox.encrypt(data, encoder=encoding) return retVal - def pubKeyDecrypt(self, data, pubkey='', privkey='', anonymous=False, encodedData=False): + def pubKeyDecrypt(self, data, pubkey='', privkey='', encodedData=False): '''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)''' decrypted = False if encodedData: encoding = nacl.encoding.Base64Encoder else: encoding = nacl.encoding.RawEncoder - ownKey = nacl.signing.SigningKey(seed=self.privKey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key() - if self.privKey != None and not anonymous: - ourBox = nacl.public.Box(ownKey, pubkey) - decrypted = ourBox.decrypt(data, encoder=encoding) - elif anonymous: - if self._core._utils.validatePubKey(privkey): - privkey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key() - anonBox = nacl.public.SealedBox(privkey) - else: - anonBox = nacl.public.SealedBox(ownKey) - decrypted = anonBox.decrypt(data, encoder=encoding) + if privkey == '': + privkey = self.privKey + ownKey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key() + + if self._core._utils.validatePubKey(privkey): + privkey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key() + anonBox = nacl.public.SealedBox(privkey) + else: + anonBox = nacl.public.SealedBox(ownKey) + decrypted = anonBox.decrypt(data, encoder=encoding) return decrypted def symmetricEncrypt(self, data, key, encodedKey=False, returnEncoded=True): diff --git a/onionr/onionrproofs.py b/onionr/onionrproofs.py index 202500f1..12e5615f 100755 --- a/onionr/onionrproofs.py +++ b/onionr/onionrproofs.py @@ -64,9 +64,9 @@ def getDifficultyForNewBlock(data, ourBlock=True): else: raise ValueError('not Block, str, or int') if ourBlock: - minDifficulty = config.get('general.minimum_send_pow') + minDifficulty = config.get('general.minimum_send_pow', 4) else: - minDifficulty = config.get('general.minimum_block_pow') + minDifficulty = config.get('general.minimum_block_pow', 4) retData = max(minDifficulty, math.floor(dataSize / 100000)) + getDifficultyModifier() return retData diff --git a/onionr/onionrusers.py b/onionr/onionrusers.py index 53f89d44..b51e93cf 100755 --- a/onionr/onionrusers.py +++ b/onionr/onionrusers.py @@ -87,7 +87,7 @@ class OnionrUser: retData = '' forwardKey = self._getLatestForwardKey() if self._core._utils.validatePubKey(forwardKey): - retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True) + retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) else: raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user") #self.generateForwardKey() diff --git a/onionr/static-data/default-plugins/encrypt/main.py b/onionr/static-data/default-plugins/encrypt/main.py index 01eabd81..ac60cc69 100755 --- a/onionr/static-data/default-plugins/encrypt/main.py +++ b/onionr/static-data/default-plugins/encrypt/main.py @@ -69,7 +69,7 @@ class PlainEncryption: data['data'] = plaintext data = json.dumps(data) plaintext = data - encrypted = self.api.get_core()._crypto.pubKeyEncrypt(plaintext, pubkey, anonymous=True, encodedData=True) + encrypted = self.api.get_core()._crypto.pubKeyEncrypt(plaintext, pubkey, encodedData=True) encrypted = self.api.get_core()._utils.bytesToStr(encrypted) logger.info('Encrypted Message: \n\nONIONR ENCRYPTED DATA %s END ENCRYPTED DATA' % (encrypted,)) diff --git a/onionr/storagecounter.py b/onionr/storagecounter.py index 4647a084..76ebe16b 100755 --- a/onionr/storagecounter.py +++ b/onionr/storagecounter.py @@ -49,13 +49,13 @@ class StorageCounter: def getPercent(self): '''Return percent (decimal/float) of disk space we're using''' amount = self.getAmount() - return round(amount / self._core.config.get('allocations.disk'), 2) + return round(amount / self._core.config.get('allocations.disk', 2000000000), 2) def addBytes(self, amount): '''Record that we are now using more disk space, unless doing so would exceed configured max''' newAmount = amount + self.getAmount() retData = newAmount - if newAmount > self._core.config.get('allocations.disk'): + if newAmount > self._core.config.get('allocations.disk', 2000000000): retData = False else: self._update(newAmount) diff --git a/run_tests.sh b/run_tests.sh index b650ed95..f32868d3 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -1,7 +1,10 @@ #!/bin/bash cd onionr; mkdir testdata; +ran=0 for f in tests/*.py; do python3 "$f" || break # if needed + let "ran++" done -rm -rf testdata; \ No newline at end of file +rm -rf testdata; +echo "ran $ran test files successfully" \ No newline at end of file