work on foward secrecy

This commit is contained in:
Kevin Froman 2018-10-08 00:11:46 -05:00
parent 38913b62ce
commit c823eecfe3
3 changed files with 14 additions and 8 deletions

View File

@ -714,8 +714,6 @@ class Core:
meta['type'] = header meta['type'] = header
meta['type'] = str(meta['type']) meta['type'] = str(meta['type'])
jsonMeta = json.dumps(meta)
if encryptType in ('asym', 'sym', ''): if encryptType in ('asym', 'sym', ''):
metadata['encryptType'] = encryptType metadata['encryptType'] = encryptType
else: else:
@ -729,10 +727,13 @@ class Core:
try: try:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0] data = forwardEncrypted[0]
meta['newFSKey'] = forwardEncrypted[1][0] meta['newFSKey'] = forwardEncrypted[1]
meta['forwardEnc'] = True
except onionrexceptions.InvalidPubkey: except onionrexceptions.InvalidPubkey:
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0] onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0]
meta['newFSKey'] = fsKey[0]
jsonMeta = json.dumps(meta)
if sign: if sign:
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True) signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
signer = self._crypto.pubKey signer = self._crypto.pubKey

View File

@ -96,7 +96,10 @@ class Block:
except (AssertionError, KeyError) as e: except (AssertionError, KeyError) as e:
pass pass
else: else:
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt() try:
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt(self.bcontent)
except onionrexceptions.DecryptionError:
pass
except nacl.exceptions.CryptoError: except nacl.exceptions.CryptoError:
pass pass
#logger.debug('Could not decrypt block. Either invalid key or corrupted data') #logger.debug('Could not decrypt block. Either invalid key or corrupted data')

View File

@ -58,7 +58,7 @@ class OnionrUser:
retData = '' retData = ''
forwardKey = self._getLatestForwardKey() forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey): if self._core._utils.validatePubKey(forwardKey):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True)
else: else:
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user") raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
self.generateForwardKey() self.generateForwardKey()
@ -67,7 +67,8 @@ class OnionrUser:
def forwardDecrypt(self, encrypted): def forwardDecrypt(self, encrypted):
retData = "" retData = ""
for key in self.getGeneratedForwardKeys(): for key in self.getGeneratedForwardKeys():
retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1]) retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1], anonymous=True)
logger('decrypting ' + key + ' got ' + retData)
if retData != False: if retData != False:
break break
else: else:
@ -132,6 +133,7 @@ class OnionrUser:
return keyList return keyList
def addForwardKey(self, newKey, expire=432000): def addForwardKey(self, newKey, expire=432000):
logger.info(newKey)
if not self._core._utils.validatePubKey(newKey): if not self._core._utils.validatePubKey(newKey):
raise onionrexceptions.InvalidPubkey raise onionrexceptions.InvalidPubkey
# Add a forward secrecy key for the peer # Add a forward secrecy key for the peer