kev/Onionr
1
0
Fork 0
Code Issues 24 Pull Requests Projects Releases 2 Wiki Activity

work on foward secrecy

Browse Source
This commit is contained in:
Kevin Froman 2018-10-06 13:06:46 -05:00
parent 15877449f8
commit 8de7bd16c6
2 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
onionr/core.py
View File

@ -21,7 +21,7 @@ import sqlite3, os, sys, time, math, base64, tarfile, getpass, simplecrypt, hash
from onionrblockapi import Block from onionrblockapi import Block
import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues
import onionrblacklist, onionrchat import onionrblacklist, onionrchat, onionrusers
import dbcreator import dbcreator
if sys.version_info < (3, 6): if sys.version_info < (3, 6):
try: try:
@ -731,8 +731,16 @@ class Core:
if len(jsonMeta) > 1000: if len(jsonMeta) > 1000:
raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes') raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes')
user = onionrusers.OnionrUser(self, symKey)
# encrypt block metadata/sig/content # encrypt block metadata/sig/content
if encryptType == 'sym': if encryptType == 'sym':
# Encrypt block data with forward secrecy key first, but not meta
forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
data = forwardEncrypted[0]
jsonMeta['newFSKey'] = forwardEncrypted[1]
if len(symKey) < self.requirements.passwordLength: if len(symKey) < self.requirements.passwordLength:
raise onionrexceptions.SecurityError('Weak encryption key') raise onionrexceptions.SecurityError('Weak encryption key')
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode() jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()

17
onionr/onionrusers.py
View File

@ -55,20 +55,23 @@ class OnionrUser:
return decrypted return decrypted
def forwardEncrypt(self, data): def forwardEncrypt(self, data):
self.generateForwardKey()
retData = '' retData = ''
forwardKey = self._getLatestForwardKey() forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey): if self._core._utils.validatePubKey(forwardKey):
encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
else: else:
raise Exception("No valid forward key available for this user") raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
return return (data, forwardKey)
def forwardDecrypt(self, encrypted): def forwardDecrypt(self, encrypted):
retData = '' retData = ''
for key in self
return return
def _getLatestForwardKey(self): def _getLatestForwardKey(self):
# Get the latest forward secrecy key for a peer # Get the latest forward secrecy key for a peer
key = ""
conn = sqlite3.connect(self._core.peerDB, timeout=10) conn = sqlite3.connect(self._core.peerDB, timeout=10)
c = conn.cursor() c = conn.cursor()
@ -111,7 +114,17 @@ class OnionrUser:
conn.commit() conn.commit()
conn.close() conn.close()
return newPub
def getGeneratedForwardKeys(self, peer):
# Fetch the keys we generated for the peer, that are still around
conn = sqlite3.connect(self._core.peerDB, timeout=10)
c = conn.cursor()
command = (peer,)
keyList = [] # list of tuples containing pub, private for peer
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
keyList.append((result[1], result[2]))
return keyList
def addForwardKey(self, newKey): def addForwardKey(self, newKey):
if not self._core._utils.validatePubKey(newKey): if not self._core._utils.validatePubKey(newKey):