From 8c72242eaf57c3f2b37c5dc527c5eff320724184 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Mon, 7 Jan 2019 16:30:47 -0600 Subject: [PATCH] fixed broken forward secrecy (not sharing new keys) --- onionr/core.py | 11 ++++++----- onionr/onionrusers.py | 4 +++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/onionr/core.py b/onionr/core.py index c41537a5..3a09f758 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -182,7 +182,7 @@ class Core: return True else: - logger.debug('Invalid ID: %s' % address) + #logger.debug('Invalid ID: %s' % address) return False def removeAddress(self, address): @@ -739,10 +739,11 @@ class Core: data = forwardEncrypted[0] meta['forwardEnc'] = True except onionrexceptions.InvalidPubkey: - onionrusers.OnionrUser(self, asymPeer).generateForwardKey() - onionrusers.OnionrUser(self, asymPeer).generateForwardKey() - fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0] - meta['newFSKey'] = fsKey[0] + pass + #onionrusers.OnionrUser(self, asymPeer).generateForwardKey() + fsKey = onionrusers.OnionrUser(self, asymPeer).generateForwardKey() + #fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys().reverse() + meta['newFSKey'] = fsKey jsonMeta = json.dumps(meta) if sign: signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True) diff --git a/onionr/onionrusers.py b/onionr/onionrusers.py index 5267112e..9671c5db 100644 --- a/onionr/onionrusers.py +++ b/onionr/onionrusers.py @@ -169,7 +169,9 @@ class OnionrUser: def addForwardKey(self, newKey, expire=604800): if not self._core._utils.validatePubKey(newKey): - raise onionrexceptions.InvalidPubkey + raise onionrexceptions.InvalidPubkey(newKey) + if newKey in self._getForwardKeys(): + return False # Add a forward secrecy key for the peer conn = sqlite3.connect(self._core.peerDB, timeout=10) c = conn.cursor()