work on foward secrecy

2018-10-07 21:25:59 -05:00 · 2018-10-07 21:25:59 -05:00 · 38913b62ce
parent 980406b699
commit 38913b62ce
4 changed files with 16 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -14,3 +14,4 @@ onionr/.onionr-lock
 core
 .vscode/*
 venv/*
+onionr/fs*
--- a/onionr/core.py
+++ b/onionr/core.py
@ -726,6 +726,13 @@ class Core:
        except AttributeError:
            pass

+        try:
+            forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
+            data = forwardEncrypted[0]
+            meta['newFSKey'] = forwardEncrypted[1][0]
+        except onionrexceptions.InvalidPubkey:
+            meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
+            
        if sign:
            signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
            signer = self._crypto.pubKey
@ -747,12 +754,6 @@ class Core:
        elif encryptType == 'asym':
            if self._utils.validatePubKey(asymPeer):
                # Encrypt block data with forward secrecy key first, but not meta
-                try:
-                    forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
-                    data = forwardEncrypted[0]
-                    meta['newFSKey'] = forwardEncrypted[1][0]
-                except onionrexceptions.InvalidPubkey:
-                    meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
                jsonMeta = json.dumps(meta)
                jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
                data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
--- a/onionr/onionrblockapi.py
+++ b/onionr/onionrblockapi.py
@ -18,7 +18,7 @@
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 '''

-import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions
+import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions, onionrusers
 import json, os, sys, datetime, base64

 class Block:
@ -91,6 +91,12 @@ class Block:
                self.signature = core._crypto.pubKeyDecrypt(self.signature, anonymous=anonymous, encodedData=encodedData)
                self.signer = core._crypto.pubKeyDecrypt(self.signer, anonymous=anonymous, encodedData=encodedData)
                self.signedData =  json.dumps(self.bmetadata) + self.bcontent.decode()
+                try:
+                    assert self.bmetadata['forwardEnc'] is True
+                except (AssertionError, KeyError) as e:
+                    pass
+                else:
+                    self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt()
            except nacl.exceptions.CryptoError:
                pass
                #logger.debug('Could not decrypt block. Either invalid key or corrupted data')
--- a/onionr/onionrusers.py
+++ b/onionr/onionrusers.py
@ -55,13 +55,13 @@ class OnionrUser:
        return decrypted
    
    def forwardEncrypt(self, data):
-        self.generateForwardKey()
        retData = ''
        forwardKey = self._getLatestForwardKey()
        if self._core._utils.validatePubKey(forwardKey):
            retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
        else:
            raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
+        self.generateForwardKey()
        return (retData, forwardKey)
    
    def forwardDecrypt(self, encrypted):