Merge branch 'expiry' into 'master'
Block time handling improvements See merge request beardog/Onionr!16
This commit is contained in:
commit
66da0b87cf
0
.gitmodules
vendored
Normal file
0
.gitmodules
vendored
Normal file
@ -82,7 +82,6 @@ class OnionrCommunicatorDaemon:
|
|||||||
|
|
||||||
# daemon tools are misc daemon functions, e.g. announce to online peers
|
# daemon tools are misc daemon functions, e.g. announce to online peers
|
||||||
# intended only for use by OnionrCommunicatorDaemon
|
# intended only for use by OnionrCommunicatorDaemon
|
||||||
#self.daemonTools = onionrdaemontools.DaemonTools(self)
|
|
||||||
self.daemonTools = onionrdaemontools.DaemonTools(self)
|
self.daemonTools = onionrdaemontools.DaemonTools(self)
|
||||||
|
|
||||||
self._chat = onionrchat.OnionrChat(self)
|
self._chat = onionrchat.OnionrChat(self)
|
||||||
|
@ -679,7 +679,6 @@ class Core:
|
|||||||
'''
|
'''
|
||||||
|
|
||||||
retData = False
|
retData = False
|
||||||
|
|
||||||
# check nonce
|
# check nonce
|
||||||
dataNonce = self._utils.bytesToStr(self._crypto.sha3Hash(data))
|
dataNonce = self._utils.bytesToStr(self._crypto.sha3Hash(data))
|
||||||
try:
|
try:
|
||||||
|
@ -33,9 +33,7 @@ class OnionrCrypto:
|
|||||||
self._keyFile = self._core.dataDir + 'keys.txt'
|
self._keyFile = self._core.dataDir + 'keys.txt'
|
||||||
self.pubKey = None
|
self.pubKey = None
|
||||||
self.privKey = None
|
self.privKey = None
|
||||||
|
|
||||||
self.secrets = secrets
|
self.secrets = secrets
|
||||||
|
|
||||||
self.deterministicRequirement = 25 # Min deterministic password/phrase length
|
self.deterministicRequirement = 25 # Min deterministic password/phrase length
|
||||||
self.HASH_ID_ROUNDS = 2000
|
self.HASH_ID_ROUNDS = 2000
|
||||||
self.keyManager = keymanager.KeyManager(self)
|
self.keyManager = keymanager.KeyManager(self)
|
||||||
@ -99,7 +97,6 @@ class OnionrCrypto:
|
|||||||
def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False):
|
def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False):
|
||||||
'''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
|
'''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
|
||||||
retVal = ''
|
retVal = ''
|
||||||
|
|
||||||
try:
|
try:
|
||||||
pubkey = pubkey.encode()
|
pubkey = pubkey.encode()
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
@ -198,7 +195,7 @@ class OnionrCrypto:
|
|||||||
private_key = nacl.signing.SigningKey.generate()
|
private_key = nacl.signing.SigningKey.generate()
|
||||||
public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder())
|
public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder())
|
||||||
return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode())
|
return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode())
|
||||||
|
|
||||||
def generateDeterministic(self, passphrase, bypassCheck=False):
|
def generateDeterministic(self, passphrase, bypassCheck=False):
|
||||||
'''Generate a Ed25519 public key pair from a password'''
|
'''Generate a Ed25519 public key pair from a password'''
|
||||||
passStrength = self.deterministicRequirement
|
passStrength = self.deterministicRequirement
|
||||||
@ -212,7 +209,7 @@ class OnionrCrypto:
|
|||||||
salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
|
salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
|
||||||
ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
|
ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
|
||||||
mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
|
mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
|
||||||
|
|
||||||
key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
|
key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
|
||||||
key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
|
key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
|
||||||
publicKey = key.public_key
|
publicKey = key.public_key
|
||||||
@ -285,6 +282,6 @@ class OnionrCrypto:
|
|||||||
logger.debug("Invalid token, bad proof")
|
logger.debug("Invalid token, bad proof")
|
||||||
|
|
||||||
return retData
|
return retData
|
||||||
|
|
||||||
def safeCompare(self, one, two):
|
def safeCompare(self, one, two):
|
||||||
return hmac.compare_digest(one, two)
|
return hmac.compare_digest(one, two)
|
||||||
|
@ -23,7 +23,6 @@ import nacl.signing, nacl.encoding
|
|||||||
from onionrblockapi import Block
|
from onionrblockapi import Block
|
||||||
import onionrexceptions
|
import onionrexceptions
|
||||||
from onionr import API_VERSION
|
from onionr import API_VERSION
|
||||||
from defusedxml import minidom
|
|
||||||
import onionrevents
|
import onionrevents
|
||||||
import pgpwords, onionrusers, storagecounter
|
import pgpwords, onionrusers, storagecounter
|
||||||
if sys.version_info < (3, 6):
|
if sys.version_info < (3, 6):
|
||||||
@ -372,6 +371,7 @@ class OnionrUtils:
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
# Validate metadata dict for invalid keys to sizes that are too large
|
# Validate metadata dict for invalid keys to sizes that are too large
|
||||||
|
maxAge = config.get("general.max_block_age", 2678400)
|
||||||
if type(metadata) is dict:
|
if type(metadata) is dict:
|
||||||
for i in metadata:
|
for i in metadata:
|
||||||
try:
|
try:
|
||||||
@ -392,6 +392,11 @@ class OnionrUtils:
|
|||||||
if not self.isIntegerString(metadata[i]):
|
if not self.isIntegerString(metadata[i]):
|
||||||
logger.warn('Block metadata time stamp is not integer string')
|
logger.warn('Block metadata time stamp is not integer string')
|
||||||
break
|
break
|
||||||
|
if (metadata[i] - self.getEpoch()) > 30:
|
||||||
|
logger.warn('Block metadata time stamp is set for the future, which is not allowed.')
|
||||||
|
break
|
||||||
|
if (self.getEpoch() - metadata[i]) > maxAge:
|
||||||
|
logger.warn('Block is older than allowed: %s' % (maxAge,))
|
||||||
elif i == 'expire':
|
elif i == 'expire':
|
||||||
try:
|
try:
|
||||||
assert int(metadata[i]) > self.getEpoch()
|
assert int(metadata[i]) > self.getEpoch()
|
||||||
@ -653,28 +658,6 @@ class OnionrUtils:
|
|||||||
retData = False
|
retData = False
|
||||||
return retData
|
return retData
|
||||||
|
|
||||||
def getNistBeaconSalt(self, torPort=0, rounding=3600):
|
|
||||||
'''
|
|
||||||
Get the token for the current hour from the NIST randomness beacon
|
|
||||||
'''
|
|
||||||
if torPort == 0:
|
|
||||||
try:
|
|
||||||
sys.argv[2]
|
|
||||||
except IndexError:
|
|
||||||
raise onionrexceptions.MissingPort('Missing Tor socks port')
|
|
||||||
retData = ''
|
|
||||||
curTime = self.getRoundedEpoch(rounding)
|
|
||||||
self.nistSaltTimestamp = curTime
|
|
||||||
data = self.doGetRequest('https://beacon.nist.gov/rest/record/' + str(curTime), port = torPort)
|
|
||||||
dataXML = minidom.parseString(data, forbid_dtd = True, forbid_entities = True, forbid_external = True)
|
|
||||||
try:
|
|
||||||
retData = dataXML.getElementsByTagName('outputValue')[0].childNodes[0].data
|
|
||||||
except ValueError:
|
|
||||||
logger.warn('Failed to get the NIST beacon value.')
|
|
||||||
else:
|
|
||||||
self.powSalt = retData
|
|
||||||
return retData
|
|
||||||
|
|
||||||
def strToBytes(self, data):
|
def strToBytes(self, data):
|
||||||
try:
|
try:
|
||||||
data = data.encode()
|
data = data.encode()
|
||||||
|
@ -6,6 +6,7 @@
|
|||||||
"minimum_send_pow": 5,
|
"minimum_send_pow": 5,
|
||||||
"socket_servers": false,
|
"socket_servers": false,
|
||||||
"security_level": 0,
|
"security_level": 0,
|
||||||
|
"max_block_age": 2678400,
|
||||||
"public_key": ""
|
"public_key": ""
|
||||||
},
|
},
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user