From 6b25a9301cfbc09a9235b7e5a620e4659e728dbc Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Sat, 19 Jan 2019 23:39:25 -0600 Subject: [PATCH] fixed broken deterministic addresses made it so we do not use forward secrecy when sending to self --- onionr/core.py | 23 ++++++++++++----------- onionr/onionrcrypto.py | 9 +++------ 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/onionr/core.py b/onionr/core.py index 5281f4c6..9c57503f 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -718,7 +718,7 @@ class Core: return True - def insertBlock(self, data, header='txt', sign=False, encryptType='', symKey='', asymPeer='', meta = {}, expire=None): + def insertBlock(self, data, header='txt', sign=False, encryptType='', symKey='', asymPeer='', meta = {}, expire=None, disableForward=False): ''' Inserts a block into the network encryptType must be specified to encrypt a block @@ -765,16 +765,17 @@ class Core: pass if encryptType == 'asym': - try: - forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) - data = forwardEncrypted[0] - meta['forwardEnc'] = True - except onionrexceptions.InvalidPubkey: - pass - #onionrusers.OnionrUser(self, asymPeer).generateForwardKey() - fsKey = onionrusers.OnionrUser(self, asymPeer).generateForwardKey() - #fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys().reverse() - meta['newFSKey'] = fsKey + if not disableForward and asymPeer != self._crypto.pubKey: + try: + forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) + data = forwardEncrypted[0] + meta['forwardEnc'] = True + except onionrexceptions.InvalidPubkey: + pass + #onionrusers.OnionrUser(self, asymPeer).generateForwardKey() + fsKey = onionrusers.OnionrUser(self, asymPeer).generateForwardKey() + #fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys().reverse() + meta['newFSKey'] = fsKey jsonMeta = json.dumps(meta) if sign: signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True) diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py index 03da9213..8c15f144 100644 --- a/onionr/onionrcrypto.py +++ b/onionr/onionrcrypto.py @@ -210,12 +210,9 @@ class OnionrCrypto: ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE - key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem) - key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder()) - publicKey = key.public_key - - return (publicKey.encode(encoder=nacl.encoding.Base32Encoder()), - key.encode(encoder=nacl.encoding.Base32Encoder())) + key = kdf(32, passphrase, salt, opslimit=ops, memlimit=mem) # Generate seed for ed25519 key + key = nacl.signing.SigningKey(key) + return (key.verify_key.encode(nacl.encoding.Base32Encoder).decode(), key.encode(nacl.encoding.Base32Encoder).decode()) def pubKeyHashID(self, pubkey=''): '''Accept a ed25519 public key, return a truncated result of X many sha3_256 hash rounds'''