fixed forward secrecy expiration, key deletion and block expire detection

This commit is contained in:
Kevin Froman 2019-03-13 19:50:45 -05:00
parent 97e0945e12
commit 6568086e24
3 changed files with 12 additions and 7 deletions

View File

@ -737,6 +737,8 @@ class Core:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0] data = forwardEncrypted[0]
meta['forwardEnc'] = True meta['forwardEnc'] = True
expire = forwardEncrypted[2] # Expire time of key. no sense keeping block after that
print(expire, self._utils.getEpoch())
except onionrexceptions.InvalidPubkey: except onionrexceptions.InvalidPubkey:
pass pass
#onionrusers.OnionrUser(self, asymPeer).generateForwardKey() #onionrusers.OnionrUser(self, asymPeer).generateForwardKey()

View File

@ -32,6 +32,8 @@ def deleteExpiredKeys(coreInst):
conn.close() conn.close()
return return
DEFAULT_KEY_EXPIRE = 604800
class OnionrUser: class OnionrUser:
def __init__(self, coreInst, publicKey, saveUser=False): def __init__(self, coreInst, publicKey, saveUser=False):
''' '''
@ -84,14 +86,15 @@ class OnionrUser:
return decrypted return decrypted
def forwardEncrypt(self, data): def forwardEncrypt(self, data):
deleteExpiredKeys(self._core)
retData = '' retData = ''
forwardKey = self._getLatestForwardKey() forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey): if self._core._utils.validatePubKey(forwardKey[0]):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) retData = self._core._crypto.pubKeyEncrypt(data, forwardKey[0], encodedData=True)
else: else:
raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user") raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user")
#self.generateForwardKey() #self.generateForwardKey()
return (retData, forwardKey) return (retData, forwardKey[0], forwardKey[1])
def forwardDecrypt(self, encrypted): def forwardDecrypt(self, encrypted):
retData = "" retData = ""
@ -114,7 +117,7 @@ class OnionrUser:
# TODO: account for keys created at the same time (same epoch) # TODO: account for keys created at the same time (same epoch)
for row in c.execute("SELECT forwardKey, max(DATE) FROM forwardKeys WHERE peerKey = ?", (self.publicKey,)): for row in c.execute("SELECT forwardKey, max(DATE) FROM forwardKeys WHERE peerKey = ?", (self.publicKey,)):
key = row[0] key = (row[0], row[1])
break break
conn.commit() conn.commit()
@ -135,7 +138,7 @@ class OnionrUser:
return list(keyList) return list(keyList)
def generateForwardKey(self, expire=604800): def generateForwardKey(self, expire=DEFAULT_KEY_EXPIRE):
# Generate a forward secrecy key for the peer # Generate a forward secrecy key for the peer
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10) conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
@ -173,7 +176,7 @@ class OnionrUser:
keyList = self.getGeneratedForwardKeys() keyList = self.getGeneratedForwardKeys()
return list(keyList) return list(keyList)
def addForwardKey(self, newKey, expire=604800): def addForwardKey(self, newKey, expire=DEFAULT_KEY_EXPIRE):
if not self._core._utils.validatePubKey(newKey): if not self._core._utils.validatePubKey(newKey):
# Do not add if something went wrong with the key # Do not add if something went wrong with the key
raise onionrexceptions.InvalidPubkey(newKey) raise onionrexceptions.InvalidPubkey(newKey)

View File

@ -281,7 +281,7 @@ class OnionrUtils:
break break
elif i == 'expire': elif i == 'expire':
try: try:
assert int(metadata[i]) > self.getEpoch() assert int(metadata[i]) < self.getEpoch()
except AssertionError: except AssertionError:
logger.warn('Block is expired') logger.warn('Block is expired')
break break