From 38913b62ce5a53967b09d1f4c3985ef73079494a Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Sun, 7 Oct 2018 21:25:59 -0500 Subject: [PATCH] work on foward secrecy --- .gitignore | 1 + onionr/core.py | 13 +++++++------ onionr/onionrblockapi.py | 8 +++++++- onionr/onionrusers.py | 2 +- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 26e43b0e..6fcdd586 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ onionr/.onionr-lock core .vscode/* venv/* +onionr/fs* diff --git a/onionr/core.py b/onionr/core.py index d9ce201d..c2cfc85d 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -726,6 +726,13 @@ class Core: except AttributeError: pass + try: + forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) + data = forwardEncrypted[0] + meta['newFSKey'] = forwardEncrypted[1][0] + except onionrexceptions.InvalidPubkey: + meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0] + if sign: signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True) signer = self._crypto.pubKey @@ -747,12 +754,6 @@ class Core: elif encryptType == 'asym': if self._utils.validatePubKey(asymPeer): # Encrypt block data with forward secrecy key first, but not meta - try: - forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) - data = forwardEncrypted[0] - meta['newFSKey'] = forwardEncrypted[1][0] - except onionrexceptions.InvalidPubkey: - meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0] jsonMeta = json.dumps(meta) jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode() data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode() diff --git a/onionr/onionrblockapi.py b/onionr/onionrblockapi.py index c14afc46..b2d41cdf 100644 --- a/onionr/onionrblockapi.py +++ b/onionr/onionrblockapi.py @@ -18,7 +18,7 @@ along with this program. If not, see . ''' -import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions +import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions, onionrusers import json, os, sys, datetime, base64 class Block: @@ -91,6 +91,12 @@ class Block: self.signature = core._crypto.pubKeyDecrypt(self.signature, anonymous=anonymous, encodedData=encodedData) self.signer = core._crypto.pubKeyDecrypt(self.signer, anonymous=anonymous, encodedData=encodedData) self.signedData = json.dumps(self.bmetadata) + self.bcontent.decode() + try: + assert self.bmetadata['forwardEnc'] is True + except (AssertionError, KeyError) as e: + pass + else: + self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt() except nacl.exceptions.CryptoError: pass #logger.debug('Could not decrypt block. Either invalid key or corrupted data') diff --git a/onionr/onionrusers.py b/onionr/onionrusers.py index 57b1808d..20dced6d 100644 --- a/onionr/onionrusers.py +++ b/onionr/onionrusers.py @@ -55,13 +55,13 @@ class OnionrUser: return decrypted def forwardEncrypt(self, data): - self.generateForwardKey() retData = '' forwardKey = self._getLatestForwardKey() if self._core._utils.validatePubKey(forwardKey): retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) else: raise onionrexceptions.InvalidPubkey("No valid forward key available for this user") + self.generateForwardKey() return (retData, forwardKey) def forwardDecrypt(self, encrypted):