work on foward secrecy

This commit is contained in:
Kevin Froman 2018-10-06 13:06:46 -05:00
parent 15877449f8
commit 8de7bd16c6
2 changed files with 24 additions and 3 deletions

View File

@ -21,7 +21,7 @@ import sqlite3, os, sys, time, math, base64, tarfile, getpass, simplecrypt, hash
from onionrblockapi import Block
import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues
import onionrblacklist, onionrchat
import onionrblacklist, onionrchat, onionrusers
import dbcreator
if sys.version_info < (3, 6):
try:
@ -731,8 +731,16 @@ class Core:
if len(jsonMeta) > 1000:
raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes')
user = onionrusers.OnionrUser(self, symKey)
# encrypt block metadata/sig/content
if encryptType == 'sym':
# Encrypt block data with forward secrecy key first, but not meta
forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
data = forwardEncrypted[0]
jsonMeta['newFSKey'] = forwardEncrypted[1]
if len(symKey) < self.requirements.passwordLength:
raise onionrexceptions.SecurityError('Weak encryption key')
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()

View File

@ -55,20 +55,23 @@ class OnionrUser:
return decrypted
def forwardEncrypt(self, data):
self.generateForwardKey()
retData = ''
forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey):
encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
else:
raise Exception("No valid forward key available for this user")
return
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
return (data, forwardKey)
def forwardDecrypt(self, encrypted):
retData = ''
for key in self
return
def _getLatestForwardKey(self):
# Get the latest forward secrecy key for a peer
key = ""
conn = sqlite3.connect(self._core.peerDB, timeout=10)
c = conn.cursor()
@ -111,7 +114,17 @@ class OnionrUser:
conn.commit()
conn.close()
return newPub
def getGeneratedForwardKeys(self, peer):
# Fetch the keys we generated for the peer, that are still around
conn = sqlite3.connect(self._core.peerDB, timeout=10)
c = conn.cursor()
command = (peer,)
keyList = [] # list of tuples containing pub, private for peer
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
keyList.append((result[1], result[2]))
return keyList
def addForwardKey(self, newKey):
if not self._core._utils.validatePubKey(newKey):