From bf87ab17af4d02d30cd09c6f5e3628352f22a883 Mon Sep 17 00:00:00 2001 From: Kevin Date: Sun, 16 Dec 2018 05:36:47 +0000 Subject: [PATCH] Block time handling improvements --- .gitmodules | 0 onionr/communicator2.py | 1 - onionr/core.py | 1 - onionr/onionrcrypto.py | 9 +++----- onionr/onionrutils.py | 29 ++++++-------------------- onionr/static-data/default_config.json | 1 + 6 files changed, 10 insertions(+), 31 deletions(-) create mode 100644 .gitmodules diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..e69de29b diff --git a/onionr/communicator2.py b/onionr/communicator2.py index 0bce1511..bddb21da 100755 --- a/onionr/communicator2.py +++ b/onionr/communicator2.py @@ -82,7 +82,6 @@ class OnionrCommunicatorDaemon: # daemon tools are misc daemon functions, e.g. announce to online peers # intended only for use by OnionrCommunicatorDaemon - #self.daemonTools = onionrdaemontools.DaemonTools(self) self.daemonTools = onionrdaemontools.DaemonTools(self) self._chat = onionrchat.OnionrChat(self) diff --git a/onionr/core.py b/onionr/core.py index dcc95295..59e802a5 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -679,7 +679,6 @@ class Core: ''' retData = False - # check nonce dataNonce = self._utils.bytesToStr(self._crypto.sha3Hash(data)) try: diff --git a/onionr/onionrcrypto.py b/onionr/onionrcrypto.py index 35a8050d..04c821cd 100644 --- a/onionr/onionrcrypto.py +++ b/onionr/onionrcrypto.py @@ -33,9 +33,7 @@ class OnionrCrypto: self._keyFile = self._core.dataDir + 'keys.txt' self.pubKey = None self.privKey = None - self.secrets = secrets - self.deterministicRequirement = 25 # Min deterministic password/phrase length self.HASH_ID_ROUNDS = 2000 self.keyManager = keymanager.KeyManager(self) @@ -99,7 +97,6 @@ class OnionrCrypto: def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False): '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)''' retVal = '' - try: pubkey = pubkey.encode() except AttributeError: @@ -198,7 +195,7 @@ class OnionrCrypto: private_key = nacl.signing.SigningKey.generate() public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder()) return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode()) - + def generateDeterministic(self, passphrase, bypassCheck=False): '''Generate a Ed25519 public key pair from a password''' passStrength = self.deterministicRequirement @@ -212,7 +209,7 @@ class OnionrCrypto: salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE - + key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem) key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder()) publicKey = key.public_key @@ -285,6 +282,6 @@ class OnionrCrypto: logger.debug("Invalid token, bad proof") return retData - + def safeCompare(self, one, two): return hmac.compare_digest(one, two) diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py index dbcf01e6..948563e3 100644 --- a/onionr/onionrutils.py +++ b/onionr/onionrutils.py @@ -23,7 +23,6 @@ import nacl.signing, nacl.encoding from onionrblockapi import Block import onionrexceptions from onionr import API_VERSION -from defusedxml import minidom import onionrevents import pgpwords, onionrusers, storagecounter if sys.version_info < (3, 6): @@ -372,6 +371,7 @@ class OnionrUtils: pass # Validate metadata dict for invalid keys to sizes that are too large + maxAge = config.get("general.max_block_age", 2678400) if type(metadata) is dict: for i in metadata: try: @@ -392,6 +392,11 @@ class OnionrUtils: if not self.isIntegerString(metadata[i]): logger.warn('Block metadata time stamp is not integer string') break + if (metadata[i] - self.getEpoch()) > 30: + logger.warn('Block metadata time stamp is set for the future, which is not allowed.') + break + if (self.getEpoch() - metadata[i]) > maxAge: + logger.warn('Block is older than allowed: %s' % (maxAge,)) elif i == 'expire': try: assert int(metadata[i]) > self.getEpoch() @@ -653,28 +658,6 @@ class OnionrUtils: retData = False return retData - def getNistBeaconSalt(self, torPort=0, rounding=3600): - ''' - Get the token for the current hour from the NIST randomness beacon - ''' - if torPort == 0: - try: - sys.argv[2] - except IndexError: - raise onionrexceptions.MissingPort('Missing Tor socks port') - retData = '' - curTime = self.getRoundedEpoch(rounding) - self.nistSaltTimestamp = curTime - data = self.doGetRequest('https://beacon.nist.gov/rest/record/' + str(curTime), port = torPort) - dataXML = minidom.parseString(data, forbid_dtd = True, forbid_entities = True, forbid_external = True) - try: - retData = dataXML.getElementsByTagName('outputValue')[0].childNodes[0].data - except ValueError: - logger.warn('Failed to get the NIST beacon value.') - else: - self.powSalt = retData - return retData - def strToBytes(self, data): try: data = data.encode() diff --git a/onionr/static-data/default_config.json b/onionr/static-data/default_config.json index 5003d73b..5532797d 100644 --- a/onionr/static-data/default_config.json +++ b/onionr/static-data/default_config.json @@ -6,6 +6,7 @@ "minimum_send_pow": 5, "socket_servers": false, "security_level": 0, + "max_block_age": 2678400, "public_key": "" },