From 6568086e24a0739d8c74676b2cdcd90e34d77e23 Mon Sep 17 00:00:00 2001
From: Kevin Froman <beardog@firemail.cc>
Date: Wed, 13 Mar 2019 19:50:45 -0500
Subject: [PATCH] fixed forward secrecy expiration, key deletion and block
 expire detection

---
 onionr/core.py                    |  2 ++
 onionr/onionrusers/onionrusers.py | 15 +++++++++------
 onionr/onionrutils.py             |  2 +-
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/onionr/core.py b/onionr/core.py
index 2794aba4..d7960ebd 100755
--- a/onionr/core.py
+++ b/onionr/core.py
@@ -737,6 +737,8 @@ class Core:
                     forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
                     data = forwardEncrypted[0]
                     meta['forwardEnc'] = True
+                    expire = forwardEncrypted[2] # Expire time of key. no sense keeping block after that
+                    print(expire, self._utils.getEpoch())
                 except onionrexceptions.InvalidPubkey:
                     pass
                     #onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
diff --git a/onionr/onionrusers/onionrusers.py b/onionr/onionrusers/onionrusers.py
index b680acd7..9aa9d8d8 100755
--- a/onionr/onionrusers/onionrusers.py
+++ b/onionr/onionrusers/onionrusers.py
@@ -32,6 +32,8 @@ def deleteExpiredKeys(coreInst):
     conn.close()
     return
 
+DEFAULT_KEY_EXPIRE = 604800
+
 class OnionrUser:
     def __init__(self, coreInst, publicKey, saveUser=False):
         '''
@@ -84,14 +86,15 @@ class OnionrUser:
         return decrypted
 
     def forwardEncrypt(self, data):
+        deleteExpiredKeys(self._core)
         retData = ''
         forwardKey = self._getLatestForwardKey()
-        if self._core._utils.validatePubKey(forwardKey):
-            retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
+        if self._core._utils.validatePubKey(forwardKey[0]):
+            retData = self._core._crypto.pubKeyEncrypt(data, forwardKey[0], encodedData=True)
         else:
             raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user")
         #self.generateForwardKey()
-        return (retData, forwardKey)
+        return (retData, forwardKey[0], forwardKey[1])
 
     def forwardDecrypt(self, encrypted):
         retData = ""
@@ -114,7 +117,7 @@ class OnionrUser:
 
         # TODO: account for keys created at the same time (same epoch)
         for row in c.execute("SELECT forwardKey, max(DATE) FROM forwardKeys WHERE peerKey = ?", (self.publicKey,)):
-            key = row[0]
+            key = (row[0], row[1])
             break
 
         conn.commit()
@@ -135,7 +138,7 @@ class OnionrUser:
 
         return list(keyList)
 
-    def generateForwardKey(self, expire=604800):
+    def generateForwardKey(self, expire=DEFAULT_KEY_EXPIRE):
 
         # Generate a forward secrecy key for the peer
         conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
@@ -173,7 +176,7 @@ class OnionrUser:
                 keyList = self.getGeneratedForwardKeys()
         return list(keyList)
 
-    def addForwardKey(self, newKey, expire=604800):
+    def addForwardKey(self, newKey, expire=DEFAULT_KEY_EXPIRE):
         if not self._core._utils.validatePubKey(newKey):
             # Do not add if something went wrong with the key
             raise onionrexceptions.InvalidPubkey(newKey)
diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py
index e76ebc37..0641c37c 100755
--- a/onionr/onionrutils.py
+++ b/onionr/onionrutils.py
@@ -281,7 +281,7 @@ class OnionrUtils:
                         break
                 elif i == 'expire':
                     try:
-                        assert int(metadata[i]) > self.getEpoch()
+                        assert int(metadata[i]) < self.getEpoch()
                     except AssertionError:
                         logger.warn('Block is expired')
                         break