work on foward secrecy

This commit is contained in:
Kevin Froman 2018-10-07 15:39:22 -05:00
parent 5606a07757
commit 980406b699
4 changed files with 18 additions and 11 deletions

View File

@ -738,11 +738,6 @@ class Core:
# encrypt block metadata/sig/content
if encryptType == 'sym':
# Encrypt block data with forward secrecy key first, but not meta
forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
data = forwardEncrypted[0]
jsonMeta['newFSKey'] = forwardEncrypted[1]
if len(symKey) < self.requirements.passwordLength:
raise onionrexceptions.SecurityError('Weak encryption key')
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
@ -751,6 +746,14 @@ class Core:
signer = self._crypto.symmetricEncrypt(signer, key=symKey, returnEncoded=True).decode()
elif encryptType == 'asym':
if self._utils.validatePubKey(asymPeer):
# Encrypt block data with forward secrecy key first, but not meta
try:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0]
meta['newFSKey'] = forwardEncrypted[1][0]
except onionrexceptions.InvalidPubkey:
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
jsonMeta = json.dumps(meta)
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True, anonymous=True).decode()

View File

@ -115,7 +115,7 @@ class OnionrUser:
time = self._core._utils.getEpoch()
command = (self.publicKey, newPub, newPriv, time, expire)
c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?);", command)
c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?, ?);", command)
conn.commit()
conn.close()
@ -123,7 +123,7 @@ class OnionrUser:
def getGeneratedForwardKeys(self):
# Fetch the keys we generated for the peer, that are still around
conn = sqlite3.connect(self._core.peerDB, timeout=10)
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
c = conn.cursor()
command = (self.publicKey,)
keyList = [] # list of tuples containing pub, private for peer
@ -131,7 +131,7 @@ class OnionrUser:
keyList.append((result[1], result[2]))
return keyList
def addForwardKey(self, newKey):
def addForwardKey(self, newKey, expire=432000):
if not self._core._utils.validatePubKey(newKey):
raise onionrexceptions.InvalidPubkey
# Add a forward secrecy key for the peer
@ -139,9 +139,9 @@ class OnionrUser:
c = conn.cursor()
# Prepare the insert
time = self._core._utils.getEpoch()
command = (self.publicKey, newKey, time)
command = (self.publicKey, newKey, time, expire)
c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?);", command)
c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?, ?);", command)
conn.commit()
conn.close()

View File

@ -267,6 +267,10 @@ class OnionrUtils:
blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks
signer = self.bytesToStr(myBlock.signer)
valid = myBlock.verifySig()
if myBlock.getMetadata('newFSKey') is not None:
onionrusers.OnionrUser(self._core, signer).addForwardKey(myBlock.getMetadata('newFSKey'))
try:
if len(blockType) <= 10:
self._core.updateBlockInfo(blockHash, 'dataType', blockType)

View File

@ -2,6 +2,6 @@
<p>The content on this server is not necessarily created by the server owner, and was not necessarily stored specifically with the owner's knowledge of its contents.</p>
<p>Onionr is a decentralized, distributed data storage system, that anyone can insert data into.</p>
<p>Onionr is a decentralized data storage system that anyone can insert data into.</p>
<p>To learn more about Onionr, see the website at <a href="https://onionr.voidnet.tech/">https://Onionr.VoidNet.tech/</a></p>