From 980406b699f888c5dda716321953de1dba6be9e2 Mon Sep 17 00:00:00 2001
From: Kevin Froman <beardog@firemail.cc>
Date: Sun, 7 Oct 2018 15:39:22 -0500
Subject: [PATCH] work on foward secrecy

---
 onionr/core.py                | 13 ++++++++-----
 onionr/onionrusers.py         | 10 +++++-----
 onionr/onionrutils.py         |  4 ++++
 onionr/static-data/index.html |  2 +-
 4 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/onionr/core.py b/onionr/core.py
index 442ad901..d9ce201d 100644
--- a/onionr/core.py
+++ b/onionr/core.py
@@ -738,11 +738,6 @@ class Core:
         # encrypt block metadata/sig/content
         if encryptType == 'sym':
 
-            # Encrypt block data with forward secrecy key first, but not meta
-            forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
-            data = forwardEncrypted[0]
-            jsonMeta['newFSKey'] = forwardEncrypted[1]
-
             if len(symKey) < self.requirements.passwordLength:
                 raise onionrexceptions.SecurityError('Weak encryption key')
             jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
@@ -751,6 +746,14 @@ class Core:
             signer = self._crypto.symmetricEncrypt(signer, key=symKey, returnEncoded=True).decode()
         elif encryptType == 'asym':
             if self._utils.validatePubKey(asymPeer):
+                # Encrypt block data with forward secrecy key first, but not meta
+                try:
+                    forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
+                    data = forwardEncrypted[0]
+                    meta['newFSKey'] = forwardEncrypted[1][0]
+                except onionrexceptions.InvalidPubkey:
+                    meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
+                jsonMeta = json.dumps(meta)
                 jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
                 data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
                 signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True, anonymous=True).decode()
diff --git a/onionr/onionrusers.py b/onionr/onionrusers.py
index 5594a66c..57b1808d 100644
--- a/onionr/onionrusers.py
+++ b/onionr/onionrusers.py
@@ -115,7 +115,7 @@ class OnionrUser:
         time = self._core._utils.getEpoch()
         command = (self.publicKey, newPub, newPriv, time, expire)
 
-        c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?);", command)
+        c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?, ?);", command)
 
         conn.commit()
         conn.close()
@@ -123,7 +123,7 @@ class OnionrUser:
 
     def getGeneratedForwardKeys(self):
         # Fetch the keys we generated for the peer, that are still around
-        conn = sqlite3.connect(self._core.peerDB, timeout=10)
+        conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
         c = conn.cursor()
         command = (self.publicKey,)
         keyList = [] # list of tuples containing pub, private for peer
@@ -131,7 +131,7 @@ class OnionrUser:
             keyList.append((result[1], result[2]))
         return keyList
 
-    def addForwardKey(self, newKey):
+    def addForwardKey(self, newKey, expire=432000):
         if not self._core._utils.validatePubKey(newKey):
             raise onionrexceptions.InvalidPubkey
         # Add a forward secrecy key for the peer
@@ -139,9 +139,9 @@ class OnionrUser:
         c = conn.cursor()
         # Prepare the insert
         time = self._core._utils.getEpoch()
-        command = (self.publicKey, newKey, time)
+        command = (self.publicKey, newKey, time, expire)
 
-        c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?);", command)
+        c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?, ?);", command)
 
         conn.commit()
         conn.close()
diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py
index c9eea940..f4a06776 100644
--- a/onionr/onionrutils.py
+++ b/onionr/onionrutils.py
@@ -267,6 +267,10 @@ class OnionrUtils:
             blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks
             signer = self.bytesToStr(myBlock.signer)
             valid = myBlock.verifySig()
+
+            if myBlock.getMetadata('newFSKey') is not None:
+                onionrusers.OnionrUser(self._core, signer).addForwardKey(myBlock.getMetadata('newFSKey'))
+        
             try:
                 if len(blockType) <= 10:
                     self._core.updateBlockInfo(blockHash, 'dataType', blockType)
diff --git a/onionr/static-data/index.html b/onionr/static-data/index.html
index a48dad37..157f1586 100644
--- a/onionr/static-data/index.html
+++ b/onionr/static-data/index.html
@@ -2,6 +2,6 @@
 
 <p>The content on this server is not necessarily created by the server owner, and was not necessarily stored specifically with the owner's knowledge of its contents.</p>
 
-<p>Onionr is a decentralized, distributed data storage system, that anyone can insert data into.</p>
+<p>Onionr is a decentralized data storage system that anyone can insert data into.</p>
 
 <p>To learn more about Onionr, see the website at <a href="https://onionr.voidnet.tech/">https://Onionr.VoidNet.tech/</a></p>