work on foward secrecy

2018-10-08 00:11:46 -05:00 · 2018-10-08 00:11:46 -05:00 · c823eecfe3
commit c823eecfe3
parent 38913b62ce
3 changed files with 14 additions and 8 deletions
--- a/onionr/core.py
+++ b/onionr/core.py
@ -714,8 +714,6 @@ class Core:
            meta['type'] = header
        meta['type'] = str(meta['type'])

-        jsonMeta = json.dumps(meta)
-
        if encryptType in ('asym', 'sym', ''):
            metadata['encryptType'] = encryptType
        else:
@ -729,10 +727,13 @@ class Core:
        try:
            forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
            data = forwardEncrypted[0]
-            meta['newFSKey'] = forwardEncrypted[1][0]
+            meta['newFSKey'] = forwardEncrypted[1]
+            meta['forwardEnc'] = True
        except onionrexceptions.InvalidPubkey:
-            meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
-            
+            onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
+            fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0]
+            meta['newFSKey'] = fsKey[0]
+        jsonMeta = json.dumps(meta)
        if sign:
            signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
            signer = self._crypto.pubKey
--- a/onionr/onionrblockapi.py
+++ b/onionr/onionrblockapi.py
@ -96,7 +96,10 @@ class Block:
                except (AssertionError, KeyError) as e:
                    pass
                else:
-                    self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt()
+                    try:
+                        self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt(self.bcontent)
+                    except onionrexceptions.DecryptionError:
+                        pass
            except nacl.exceptions.CryptoError:
                pass
                #logger.debug('Could not decrypt block. Either invalid key or corrupted data')
--- a/onionr/onionrusers.py
+++ b/onionr/onionrusers.py
@ -58,7 +58,7 @@ class OnionrUser:
        retData = ''
        forwardKey = self._getLatestForwardKey()
        if self._core._utils.validatePubKey(forwardKey):
-            retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
+            retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True)
        else:
            raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
        self.generateForwardKey()
@ -67,7 +67,8 @@ class OnionrUser:
    def forwardDecrypt(self, encrypted):
        retData = ""
        for key in self.getGeneratedForwardKeys():
-            retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1])
+            retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1], anonymous=True)
+            logger('decrypting ' + key + ' got ' + retData)
            if retData != False:
                break
        else:
@ -132,6 +133,7 @@ class OnionrUser:
        return keyList

    def addForwardKey(self, newKey, expire=432000):
+        logger.info(newKey)
        if not self._core._utils.validatePubKey(newKey):
            raise onionrexceptions.InvalidPubkey
        # Add a forward secrecy key for the peer