From 98bc3b3271ccb527f02d42be58ffa7a120731b67 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Sat, 15 Dec 2018 23:35:06 -0600 Subject: [PATCH] actually handle future-set blocks properly --- onionr/onionrcrypto.py | 9 +++------ onionr/onionrutils.py | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py index 35a8050d..04c821cd 100644 --- a/onionr/onionrcrypto.py +++ b/onionr/onionrcrypto.py @@ -33,9 +33,7 @@ class OnionrCrypto: self._keyFile = self._core.dataDir + 'keys.txt' self.pubKey = None self.privKey = None - self.secrets = secrets - self.deterministicRequirement = 25 # Min deterministic password/phrase length self.HASH_ID_ROUNDS = 2000 self.keyManager = keymanager.KeyManager(self) @@ -99,7 +97,6 @@ class OnionrCrypto: def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False): '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)''' retVal = '' - try: pubkey = pubkey.encode() except AttributeError: @@ -198,7 +195,7 @@ class OnionrCrypto: private_key = nacl.signing.SigningKey.generate() public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder()) return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode()) - + def generateDeterministic(self, passphrase, bypassCheck=False): '''Generate a Ed25519 public key pair from a password''' passStrength = self.deterministicRequirement @@ -212,7 +209,7 @@ class OnionrCrypto: salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE - + key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem) key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder()) publicKey = key.public_key @@ -285,6 +282,6 @@ class OnionrCrypto: logger.debug("Invalid token, bad proof") return retData - + def safeCompare(self, one, two): return hmac.compare_digest(one, two) diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py index f94116f0..948563e3 100644 --- a/onionr/onionrutils.py +++ b/onionr/onionrutils.py @@ -392,7 +392,7 @@ class OnionrUtils: if not self.isIntegerString(metadata[i]): logger.warn('Block metadata time stamp is not integer string') break - if metadata[i] > self.getEpoch(): + if (metadata[i] - self.getEpoch()) > 30: logger.warn('Block metadata time stamp is set for the future, which is not allowed.') break if (self.getEpoch() - metadata[i]) > maxAge: