From 6568086e24a0739d8c74676b2cdcd90e34d77e23 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Wed, 13 Mar 2019 19:50:45 -0500 Subject: [PATCH] fixed forward secrecy expiration, key deletion and block expire detection --- onionr/core.py | 2 ++ onionr/onionrusers/onionrusers.py | 15 +++++++++------ onionr/onionrutils.py | 2 +- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/onionr/core.py b/onionr/core.py index 2794aba4..d7960ebd 100755 --- a/onionr/core.py +++ b/onionr/core.py @@ -737,6 +737,8 @@ class Core: forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) data = forwardEncrypted[0] meta['forwardEnc'] = True + expire = forwardEncrypted[2] # Expire time of key. no sense keeping block after that + print(expire, self._utils.getEpoch()) except onionrexceptions.InvalidPubkey: pass #onionrusers.OnionrUser(self, asymPeer).generateForwardKey() diff --git a/onionr/onionrusers/onionrusers.py b/onionr/onionrusers/onionrusers.py index b680acd7..9aa9d8d8 100755 --- a/onionr/onionrusers/onionrusers.py +++ b/onionr/onionrusers/onionrusers.py @@ -32,6 +32,8 @@ def deleteExpiredKeys(coreInst): conn.close() return +DEFAULT_KEY_EXPIRE = 604800 + class OnionrUser: def __init__(self, coreInst, publicKey, saveUser=False): ''' @@ -84,14 +86,15 @@ class OnionrUser: return decrypted def forwardEncrypt(self, data): + deleteExpiredKeys(self._core) retData = '' forwardKey = self._getLatestForwardKey() - if self._core._utils.validatePubKey(forwardKey): - retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) + if self._core._utils.validatePubKey(forwardKey[0]): + retData = self._core._crypto.pubKeyEncrypt(data, forwardKey[0], encodedData=True) else: raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user") #self.generateForwardKey() - return (retData, forwardKey) + return (retData, forwardKey[0], forwardKey[1]) def forwardDecrypt(self, encrypted): retData = "" @@ -114,7 +117,7 @@ class OnionrUser: # TODO: account for keys created at the same time (same epoch) for row in c.execute("SELECT forwardKey, max(DATE) FROM forwardKeys WHERE peerKey = ?", (self.publicKey,)): - key = row[0] + key = (row[0], row[1]) break conn.commit() @@ -135,7 +138,7 @@ class OnionrUser: return list(keyList) - def generateForwardKey(self, expire=604800): + def generateForwardKey(self, expire=DEFAULT_KEY_EXPIRE): # Generate a forward secrecy key for the peer conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10) @@ -173,7 +176,7 @@ class OnionrUser: keyList = self.getGeneratedForwardKeys() return list(keyList) - def addForwardKey(self, newKey, expire=604800): + def addForwardKey(self, newKey, expire=DEFAULT_KEY_EXPIRE): if not self._core._utils.validatePubKey(newKey): # Do not add if something went wrong with the key raise onionrexceptions.InvalidPubkey(newKey) diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py index e76ebc37..0641c37c 100755 --- a/onionr/onionrutils.py +++ b/onionr/onionrutils.py @@ -281,7 +281,7 @@ class OnionrUtils: break elif i == 'expire': try: - assert int(metadata[i]) > self.getEpoch() + assert int(metadata[i]) < self.getEpoch() except AssertionError: logger.warn('Block is expired') break