work on foward secrecy
This commit is contained in:
parent
38913b62ce
commit
c823eecfe3
@ -714,8 +714,6 @@ class Core:
|
|||||||
meta['type'] = header
|
meta['type'] = header
|
||||||
meta['type'] = str(meta['type'])
|
meta['type'] = str(meta['type'])
|
||||||
|
|
||||||
jsonMeta = json.dumps(meta)
|
|
||||||
|
|
||||||
if encryptType in ('asym', 'sym', ''):
|
if encryptType in ('asym', 'sym', ''):
|
||||||
metadata['encryptType'] = encryptType
|
metadata['encryptType'] = encryptType
|
||||||
else:
|
else:
|
||||||
@ -729,10 +727,13 @@ class Core:
|
|||||||
try:
|
try:
|
||||||
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
||||||
data = forwardEncrypted[0]
|
data = forwardEncrypted[0]
|
||||||
meta['newFSKey'] = forwardEncrypted[1][0]
|
meta['newFSKey'] = forwardEncrypted[1]
|
||||||
|
meta['forwardEnc'] = True
|
||||||
except onionrexceptions.InvalidPubkey:
|
except onionrexceptions.InvalidPubkey:
|
||||||
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
|
onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
|
||||||
|
fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0]
|
||||||
|
meta['newFSKey'] = fsKey[0]
|
||||||
|
jsonMeta = json.dumps(meta)
|
||||||
if sign:
|
if sign:
|
||||||
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
|
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
|
||||||
signer = self._crypto.pubKey
|
signer = self._crypto.pubKey
|
||||||
|
@ -96,7 +96,10 @@ class Block:
|
|||||||
except (AssertionError, KeyError) as e:
|
except (AssertionError, KeyError) as e:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt()
|
try:
|
||||||
|
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt(self.bcontent)
|
||||||
|
except onionrexceptions.DecryptionError:
|
||||||
|
pass
|
||||||
except nacl.exceptions.CryptoError:
|
except nacl.exceptions.CryptoError:
|
||||||
pass
|
pass
|
||||||
#logger.debug('Could not decrypt block. Either invalid key or corrupted data')
|
#logger.debug('Could not decrypt block. Either invalid key or corrupted data')
|
||||||
|
@ -58,7 +58,7 @@ class OnionrUser:
|
|||||||
retData = ''
|
retData = ''
|
||||||
forwardKey = self._getLatestForwardKey()
|
forwardKey = self._getLatestForwardKey()
|
||||||
if self._core._utils.validatePubKey(forwardKey):
|
if self._core._utils.validatePubKey(forwardKey):
|
||||||
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True)
|
||||||
else:
|
else:
|
||||||
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
||||||
self.generateForwardKey()
|
self.generateForwardKey()
|
||||||
@ -67,7 +67,8 @@ class OnionrUser:
|
|||||||
def forwardDecrypt(self, encrypted):
|
def forwardDecrypt(self, encrypted):
|
||||||
retData = ""
|
retData = ""
|
||||||
for key in self.getGeneratedForwardKeys():
|
for key in self.getGeneratedForwardKeys():
|
||||||
retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1])
|
retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1], anonymous=True)
|
||||||
|
logger('decrypting ' + key + ' got ' + retData)
|
||||||
if retData != False:
|
if retData != False:
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
@ -132,6 +133,7 @@ class OnionrUser:
|
|||||||
return keyList
|
return keyList
|
||||||
|
|
||||||
def addForwardKey(self, newKey, expire=432000):
|
def addForwardKey(self, newKey, expire=432000):
|
||||||
|
logger.info(newKey)
|
||||||
if not self._core._utils.validatePubKey(newKey):
|
if not self._core._utils.validatePubKey(newKey):
|
||||||
raise onionrexceptions.InvalidPubkey
|
raise onionrexceptions.InvalidPubkey
|
||||||
# Add a forward secrecy key for the peer
|
# Add a forward secrecy key for the peer
|
||||||
|
Loading…
Reference in New Issue
Block a user