fixed broken deterministic addresses made it so we do not use forward secrecy when sending to self

2019-01-19 23:39:25 -06:00 · 2019-01-19 23:39:25 -06:00 · 6b25a9301c
commit 6b25a9301c
parent 403150300e
2 changed files with 15 additions and 17 deletions
--- a/onionr/core.py
+++ b/onionr/core.py
@ -718,7 +718,7 @@ class Core:

        return True

-    def insertBlock(self, data, header='txt', sign=False, encryptType='', symKey='', asymPeer='', meta = {}, expire=None):
+    def insertBlock(self, data, header='txt', sign=False, encryptType='', symKey='', asymPeer='', meta = {}, expire=None, disableForward=False):
        '''
            Inserts a block into the network
            encryptType must be specified to encrypt a block
@ -765,16 +765,17 @@ class Core:
            pass

        if encryptType == 'asym':
-            try:
-                forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
-                data = forwardEncrypted[0]
-                meta['forwardEnc'] = True
-            except onionrexceptions.InvalidPubkey:
-                pass
-                #onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
-            fsKey = onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
-            #fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys().reverse()
-            meta['newFSKey'] = fsKey
+            if not disableForward and asymPeer != self._crypto.pubKey:
+                try:
+                    forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
+                    data = forwardEncrypted[0]
+                    meta['forwardEnc'] = True
+                except onionrexceptions.InvalidPubkey:
+                    pass
+                    #onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
+                fsKey = onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
+                #fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys().reverse()
+                meta['newFSKey'] = fsKey
        jsonMeta = json.dumps(meta)
        if sign:
            signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
--- a/onionr/onionrcrypto.py
+++ b/onionr/onionrcrypto.py
@ -210,12 +210,9 @@ class OnionrCrypto:
        ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
        mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE

-        key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
-        key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
-        publicKey = key.public_key
-
-        return (publicKey.encode(encoder=nacl.encoding.Base32Encoder()),
-        key.encode(encoder=nacl.encoding.Base32Encoder()))
+        key = kdf(32, passphrase, salt, opslimit=ops, memlimit=mem) # Generate seed for ed25519 key
+        key = nacl.signing.SigningKey(key)
+        return (key.verify_key.encode(nacl.encoding.Base32Encoder).decode(), key.encode(nacl.encoding.Base32Encoder).decode())

    def pubKeyHashID(self, pubkey=''):
        '''Accept a ed25519 public key, return a truncated result of X many sha3_256 hash rounds'''