work on foward secrecy

2018-10-07 15:39:22 -05:00 · 2018-10-07 15:39:22 -05:00 · 980406b699
parent 5606a07757
commit 980406b699
4 changed files with 18 additions and 11 deletions
--- a/onionr/core.py
+++ b/onionr/core.py
@ -738,11 +738,6 @@ class Core:
        # encrypt block metadata/sig/content
        if encryptType == 'sym':

-            # Encrypt block data with forward secrecy key first, but not meta
-            forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
-            data = forwardEncrypted[0]
-            jsonMeta['newFSKey'] = forwardEncrypted[1]
-
            if len(symKey) < self.requirements.passwordLength:
                raise onionrexceptions.SecurityError('Weak encryption key')
            jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
@ -751,6 +746,14 @@ class Core:
            signer = self._crypto.symmetricEncrypt(signer, key=symKey, returnEncoded=True).decode()
        elif encryptType == 'asym':
            if self._utils.validatePubKey(asymPeer):
+                # Encrypt block data with forward secrecy key first, but not meta
+                try:
+                    forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
+                    data = forwardEncrypted[0]
+                    meta['newFSKey'] = forwardEncrypted[1][0]
+                except onionrexceptions.InvalidPubkey:
+                    meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
+                jsonMeta = json.dumps(meta)
                jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
                data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
                signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True, anonymous=True).decode()
--- a/onionr/onionrusers.py
+++ b/onionr/onionrusers.py
@ -115,7 +115,7 @@ class OnionrUser:
        time = self._core._utils.getEpoch()
        command = (self.publicKey, newPub, newPriv, time, expire)

-        c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?);", command)
+        c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?, ?);", command)

        conn.commit()
        conn.close()
@ -123,7 +123,7 @@ class OnionrUser:

    def getGeneratedForwardKeys(self):
        # Fetch the keys we generated for the peer, that are still around
-        conn = sqlite3.connect(self._core.peerDB, timeout=10)
+        conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
        c = conn.cursor()
        command = (self.publicKey,)
        keyList = [] # list of tuples containing pub, private for peer
@ -131,7 +131,7 @@ class OnionrUser:
            keyList.append((result[1], result[2]))
        return keyList

-    def addForwardKey(self, newKey):
+    def addForwardKey(self, newKey, expire=432000):
        if not self._core._utils.validatePubKey(newKey):
            raise onionrexceptions.InvalidPubkey
        # Add a forward secrecy key for the peer
@ -139,9 +139,9 @@ class OnionrUser:
        c = conn.cursor()
        # Prepare the insert
        time = self._core._utils.getEpoch()
-        command = (self.publicKey, newKey, time)
+        command = (self.publicKey, newKey, time, expire)

-        c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?);", command)
+        c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?, ?);", command)

        conn.commit()
        conn.close()
--- a/onionr/onionrutils.py
+++ b/onionr/onionrutils.py
@ -267,6 +267,10 @@ class OnionrUtils:
            blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks
            signer = self.bytesToStr(myBlock.signer)
            valid = myBlock.verifySig()
+
+            if myBlock.getMetadata('newFSKey') is not None:
+                onionrusers.OnionrUser(self._core, signer).addForwardKey(myBlock.getMetadata('newFSKey'))
+        
            try:
                if len(blockType) <= 10:
                    self._core.updateBlockInfo(blockHash, 'dataType', blockType)
--- a/onionr/static-data/index.html
+++ b/onionr/static-data/index.html
@ -2,6 +2,6 @@

 <p>The content on this server is not necessarily created by the server owner, and was not necessarily stored specifically with the owner's knowledge of its contents.</p>

-<p>Onionr is a decentralized, distributed data storage system, that anyone can insert data into.</p>
+<p>Onionr is a decentralized data storage system that anyone can insert data into.</p>

 <p>To learn more about Onionr, see the website at <a href="https://onionr.voidnet.tech/">https://Onionr.VoidNet.tech/</a></p>