From 8de7bd16c6170a373496783831b1444a141d2119 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Sat, 6 Oct 2018 13:06:46 -0500 Subject: [PATCH] work on foward secrecy --- onionr/core.py | 10 +++++++++- onionr/onionrusers.py | 17 +++++++++++++++-- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/onionr/core.py b/onionr/core.py index 8a6f5b15..691f1739 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -21,7 +21,7 @@ import sqlite3, os, sys, time, math, base64, tarfile, getpass, simplecrypt, hash from onionrblockapi import Block import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues -import onionrblacklist, onionrchat +import onionrblacklist, onionrchat, onionrusers import dbcreator if sys.version_info < (3, 6): try: @@ -731,8 +731,16 @@ class Core: if len(jsonMeta) > 1000: raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes') + user = onionrusers.OnionrUser(self, symKey) + # encrypt block metadata/sig/content if encryptType == 'sym': + + # Encrypt block data with forward secrecy key first, but not meta + forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data) + data = forwardEncrypted[0] + jsonMeta['newFSKey'] = forwardEncrypted[1] + if len(symKey) < self.requirements.passwordLength: raise onionrexceptions.SecurityError('Weak encryption key') jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode() diff --git a/onionr/onionrusers.py b/onionr/onionrusers.py index d950ec33..ea664839 100644 --- a/onionr/onionrusers.py +++ b/onionr/onionrusers.py @@ -55,20 +55,23 @@ class OnionrUser: return decrypted def forwardEncrypt(self, data): + self.generateForwardKey() retData = '' forwardKey = self._getLatestForwardKey() if self._core._utils.validatePubKey(forwardKey): encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) else: - raise Exception("No valid forward key available for this user") - return + raise onionrexceptions.InvalidPubkey("No valid forward key available for this user") + return (data, forwardKey) def forwardDecrypt(self, encrypted): retData = '' + for key in self return def _getLatestForwardKey(self): # Get the latest forward secrecy key for a peer + key = "" conn = sqlite3.connect(self._core.peerDB, timeout=10) c = conn.cursor() @@ -111,7 +114,17 @@ class OnionrUser: conn.commit() conn.close() + return newPub + def getGeneratedForwardKeys(self, peer): + # Fetch the keys we generated for the peer, that are still around + conn = sqlite3.connect(self._core.peerDB, timeout=10) + c = conn.cursor() + command = (peer,) + keyList = [] # list of tuples containing pub, private for peer + for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command): + keyList.append((result[1], result[2])) + return keyList def addForwardKey(self, newKey): if not self._core._utils.validatePubKey(newKey):