Block time handling improvements

2018-12-16 05:36:47 +00:00 · 2018-12-16 05:36:47 +00:00 · bf87ab17af
parent 8363b75335
commit bf87ab17af
6 changed files with 10 additions and 31 deletions
--- a/.gitmodules
+++ b/.gitmodules
--- a/onionr/communicator2.py
+++ b/onionr/communicator2.py
@ -82,7 +82,6 @@ class OnionrCommunicatorDaemon:

        # daemon tools are misc daemon functions, e.g. announce to online peers
        # intended only for use by OnionrCommunicatorDaemon
-        #self.daemonTools = onionrdaemontools.DaemonTools(self)
        self.daemonTools = onionrdaemontools.DaemonTools(self)

        self._chat = onionrchat.OnionrChat(self)
--- a/onionr/core.py
+++ b/onionr/core.py
@ -679,7 +679,6 @@ class Core:
        '''

        retData = False
-
        # check nonce
        dataNonce = self._utils.bytesToStr(self._crypto.sha3Hash(data))
        try:
--- a/onionr/onionrcrypto.py
+++ b/onionr/onionrcrypto.py
@ -33,9 +33,7 @@ class OnionrCrypto:
        self._keyFile = self._core.dataDir + 'keys.txt'
        self.pubKey = None
        self.privKey = None
-
        self.secrets = secrets
-        
        self.deterministicRequirement = 25 # Min deterministic password/phrase length
        self.HASH_ID_ROUNDS = 2000
        self.keyManager = keymanager.KeyManager(self)
@ -99,7 +97,6 @@ class OnionrCrypto:
    def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False):
        '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
        retVal = ''
-
        try:
            pubkey = pubkey.encode()
        except AttributeError:
@ -198,7 +195,7 @@ class OnionrCrypto:
        private_key = nacl.signing.SigningKey.generate()
        public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder())
        return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode())
-    
+
    def generateDeterministic(self, passphrase, bypassCheck=False):
        '''Generate a Ed25519 public key pair from a password'''
        passStrength = self.deterministicRequirement
@ -212,7 +209,7 @@ class OnionrCrypto:
        salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
        ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
        mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
-        
+
        key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
        key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
        publicKey = key.public_key
@ -285,6 +282,6 @@ class OnionrCrypto:
            logger.debug("Invalid token, bad proof")

        return retData
-    
+
    def safeCompare(self, one, two):
        return hmac.compare_digest(one, two)
--- a/onionr/onionrutils.py
+++ b/onionr/onionrutils.py
@ -23,7 +23,6 @@ import nacl.signing, nacl.encoding
 from onionrblockapi import Block
 import onionrexceptions
 from onionr import API_VERSION
-from defusedxml import minidom
 import onionrevents
 import pgpwords, onionrusers, storagecounter
 if sys.version_info < (3, 6):
@ -372,6 +371,7 @@ class OnionrUtils:
                pass

        # Validate metadata dict for invalid keys to sizes that are too large
+        maxAge = config.get("general.max_block_age", 2678400)
        if type(metadata) is dict:
            for i in metadata:
                try:
@ -392,6 +392,11 @@ class OnionrUtils:
                    if not self.isIntegerString(metadata[i]):
                        logger.warn('Block metadata time stamp is not integer string')
                        break
+                    if (metadata[i] - self.getEpoch()) > 30:
+                        logger.warn('Block metadata time stamp is set for the future, which is not allowed.')
+                        break
+                    if (self.getEpoch() - metadata[i]) > maxAge:
+                        logger.warn('Block is older than allowed: %s' % (maxAge,))
                elif i == 'expire':
                    try:
                        assert int(metadata[i]) > self.getEpoch()
@ -653,28 +658,6 @@ class OnionrUtils:
            retData = False
        return retData

-    def getNistBeaconSalt(self, torPort=0, rounding=3600):
-        '''
-            Get the token for the current hour from the NIST randomness beacon
-        '''
-        if torPort == 0:
-            try:
-                sys.argv[2]
-            except IndexError:
-                raise onionrexceptions.MissingPort('Missing Tor socks port')
-        retData = ''
-        curTime = self.getRoundedEpoch(rounding)
-        self.nistSaltTimestamp = curTime
-        data = self.doGetRequest('https://beacon.nist.gov/rest/record/' + str(curTime), port = torPort)
-        dataXML = minidom.parseString(data, forbid_dtd = True, forbid_entities = True, forbid_external = True)
-        try:
-            retData = dataXML.getElementsByTagName('outputValue')[0].childNodes[0].data
-        except ValueError:
-            logger.warn('Failed to get the NIST beacon value.')
-        else:
-            self.powSalt = retData
-        return retData
-
    def strToBytes(self, data):
        try:
            data = data.encode()
--- a/onionr/static-data/default_config.json
+++ b/onionr/static-data/default_config.json
@ -6,6 +6,7 @@
        "minimum_send_pow": 5,
        "socket_servers": false,
        "security_level": 0,
+        "max_block_age": 2678400,
        "public_key": ""
    },