progress in removing core

2019-07-20 10:52:03 -05:00 · 2019-07-20 10:52:03 -05:00 · e7c8c93dab
commit e7c8c93dab
parent 348ec1081f
16 changed files with 68 additions and 229 deletions
--- a/onionr/onionr.py
+++ b/onionr/onionr.py
@ -34,6 +34,8 @@ from utils import detectoptimization
 if detectoptimization.detect_optimization():
    sys.stderr.write('Error, Onionr cannot be run in optimized mode\n')
    sys.exit(1)
 from utils import createdirs
 createdirs.create_dirs()
 import os, base64, random, shutil, time, platform, signal
 from threading import Thread
 import config, logger, onionrplugins as plugins, onionrevents as events
@ -42,7 +44,7 @@ from netcontroller import NetController
 from onionrblockapi import Block
 import onionrproofs, onionrexceptions, communicator, setupconfig
 import onionrcommands as commands # Many command definitions are here
-from utils import identifyhome, createdirs
+from utils import identifyhome
 from coredb import keydb
 import filepaths
@ -75,7 +77,6 @@ class Onionr:
        # Load global configuration data
        data_exists = Onionr.setupConfig(self.dataDir, self)
        createdirs.create_dirs()
        if netcontroller.tor_binary() is None:
            logger.error('Tor is not installed', terminal=True)
--- a/onionr/onionrblacklist.py
+++ b/onionr/onionrblacklist.py
@ -21,7 +21,7 @@ import sqlite3, os
 import logger, onionrcrypto
 from onionrutils import epoch, bytesconverter
 from coredb import dbfiles
-crypto = onionrcrypto.OnionrCrypto()
+
 class OnionrBlackList:
    def __init__(self):
        self.blacklistDB = dbfiles.blacklist_db
@ -31,7 +31,7 @@ class OnionrBlackList:
        return
    def inBlacklist(self, data):
-        hashed = bytesconverter.bytes_to_str(crypto.sha3Hash(data))
+        hashed = bytesconverter.bytes_to_str(onionrcrypto.hashers.sha3_hash(data))
        retData = False
        if not hashed.isalnum():
@ -100,6 +100,7 @@ class OnionrBlackList:
        1=peer
        2=pubkey
        '''
        # we hash the data so we can remove data entirely from our node's disk
        hashed = bytesconverter.bytes_to_str(crypto.sha3Hash(data))
        if len(hashed) > 64:
--- a/onionr/onionrblocks/init.py
+++ b/onionr/onionrblocks/init.py
@ -1 +1,3 @@
-from . import insert
+from . import insert
 insert = insert.insert_block
--- a/onionr/onionrblocks/insert.py
+++ b/onionr/onionrblocks/insert.py
@ -3,15 +3,18 @@ from onionrutils import bytesconverter, epoch
 import storagecounter, filepaths, onionrstorage
 import onionrevents as events
 from etc import powchoice, onionrvalues
-def insert_block(onionr_inst, data, header='txt', sign=False, encryptType='', symKey='', asymPeer='', meta = {}, expire=None, disableForward=False):
+import config, onionrcrypto as crypto, subprocesspow, onionrexceptions
 from onionrusers import onionrusers
 from onionrutils import localcommand, blockmetadata
 import coredb
 def insert_block(data, header='txt', sign=False, encryptType='', symKey='', asymPeer='', meta = {}, expire=None, disableForward=False):
    '''
        Inserts a block into the network
        encryptType must be specified to encrypt a block
    '''
-    use_subprocess = powchoice.use_subprocess(onionr_inst.config)
+    use_subprocess = powchoice.use_subprocess(config)
    requirements = onionrvalues.OnionrValues()
    storage_counter = storagecounter.StorageCounter()
    crypto = onionr_inst.crypto
    allocationReachedMessage = 'Cannot insert block, disk allocation reached.'
    if storage_counter.isFull():
        logger.error(allocationReachedMessage)
@ -23,7 +26,7 @@ def insert_block(onionr_inst, data, header='txt', sign=False, encryptType='', sy
    createTime = epoch.get_epoch()
-    dataNonce = bytesconverter.bytes_to_str(hashers.sha3_hash(data))
+    dataNonce = bytesconverter.bytes_to_str(crypto.hashers.sha3_hash(data))
    try:
        with open(filepaths.data_nonce_file, 'r') as nonces:
            if dataNonce in nonces:
@ -78,31 +81,23 @@ def insert_block(onionr_inst, data, header='txt', sign=False, encryptType='', sy
    jsonMeta = json.dumps(meta)
    plaintextMeta = jsonMeta
    if sign:
-        signature = crypto.edSign(jsonMeta.encode() + data, key=crypto.privKey, encodeResult=True)
+        signature = crypto.signing.ed_sign(jsonMeta.encode() + data, key=crypto.priv_key, encodeResult=True)
        signer = crypto.pubKey
    if len(jsonMeta) > 1000:
        raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes')
    user = onionrusers.OnionrUser(symKey)
    # encrypt block metadata/sig/content
    if encryptType == 'sym':
-
+        raise NotImplementedError("not yet implemented")
        if len(symKey) < requirements.passwordLength:
            raise onionrexceptions.SecurityError('Weak encryption key')
        jsonMeta = crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
        data = crypto.symmetricEncrypt(data, key=symKey, returnEncoded=True).decode()
        signature = crypto.symmetricEncrypt(signature, key=symKey, returnEncoded=True).decode()
        signer = crypto.symmetricEncrypt(signer, key=symKey, returnEncoded=True).decode()
    elif encryptType == 'asym':
        if stringvalidators.validate_pub_key(asymPeer):
            # Encrypt block data with forward secrecy key first, but not meta
            jsonMeta = json.dumps(meta)
-            jsonMeta = crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True).decode()
+            jsonMeta = crypto.encryption.pub_key_encrypt(jsonMeta, asymPeer, encodedData=True).decode()
-            data = crypto.pubKeyEncrypt(data, asymPeer, encodedData=True).decode()
+            data = crypto.encryption.pub_key_encrypt(data, asymPeer, encodedData=True).decode()
-            signature = crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True).decode()
+            signature = crypto.pub_key_encrypt(signature, asymPeer, encodedData=True).decode()
-            signer = crypto.pubKeyEncrypt(signer, asymPeer, encodedData=True).decode()
+            signer = crypto.pub_key_encrypt(signer, asymPeer, encodedData=True).decode()
            try:
                onionrusers.OnionrUser(asymPeer, saveUser=True)
            except ValueError:
@ -141,8 +136,8 @@ def insert_block(onionr_inst, data, header='txt', sign=False, encryptType='', sy
                coredb.daemonqueue.daemon_queue_add('uploadBlock', retData)
            else:
                pass
-            coredb.blockmetadb.add_to_block_DB(retData, selfInsert=True, dataSaved=True)
+            coredb.blockmetadb.add.add_to_block_DB(retData, selfInsert=True, dataSaved=True)
-            coredb.blockmetadata.process_block_metadata(retData)
+            blockmetadata.process_block_metadata(retData)
    '''
    if retData != False:
        if plaintextPeer == onionrvalues.DENIABLE_PEER_ADDRESS:
--- a/onionr/onionrcommands/onionrstatistics.py
+++ b/onionr/onionrcommands/onionrstatistics.py
@ -25,7 +25,6 @@ from onionrutils import checkcommunicator, mnemonickeys
 from utils import sizeutils
 from coredb import blockmetadb, daemonqueue, keydb
 import onionrcrypto
 crypto = onionrcrypto.OnionrCrypto()
 def show_stats(o_inst):
    try:
        # define stats messages here
@ -89,7 +88,7 @@ def show_details(o_inst):
    details = {
        'Node Address' : o_inst.get_hostname(),
        'Web Password' : o_inst.getWebPassword(),
-        'Public Key' : crypto.pubKey,
+        'Public Key' : onionrcrypto.pub_key,
        'Human-readable Public Key' : mnemonickeys.get_human_readable_ID()
    }
--- a/onionr/onionrcrypto/init.py
+++ b/onionr/onionrcrypto/init.py
@ -17,178 +17,10 @@
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 '''
 import os, binascii, base64, hashlib, time, sys, hmac, secrets
 import nacl.signing, nacl.encoding, nacl.public, nacl.hash, nacl.pwhash, nacl.utils, nacl.secret
 import unpaddedbase32
 import logger, onionrproofs
 from onionrutils import stringvalidators, epoch, bytesconverter
 import filepaths
 import onionrexceptions, keymanager, onionrutils
 import config
 from . import generate, hashers
 config.reload()
-class OnionrCrypto:
+from . import generate, hashers, getourkeypair, signing, encryption
    def __init__(self):
        self._keyFile = filepaths.keys_file
        self.pubKey = None
        self.privKey = None
        self.secrets = secrets
        self.deterministicRequirement = 25 # Min deterministic password/phrase length
        self.HASH_ID_ROUNDS = 2000
        self.keyManager = keymanager.KeyManager()
        # Load our own pub/priv Ed25519 keys, gen & save them if they don't exist
        if os.path.exists(self._keyFile):
            if len(config.get('general.public_key', '')) > 0:
                self.pubKey = config.get('general.public_key')
            else:
                self.pubKey = self.keyManager.getPubkeyList()[0]
            self.privKey = self.keyManager.getPrivkey(self.pubKey)
        else:
            keys = self.generatePubKey()
            self.pubKey = keys[0]
            self.privKey = keys[1]
            self.keyManager.addKey(self.pubKey, self.privKey)
        return
-    def pubKeyEncrypt(self, data, pubkey, encodedData=False):
+keypair = getourkeypair.get_keypair()
-        '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
+pub_key = keypair[0]
-        pubkey = unpaddedbase32.repad(bytesconverter.str_to_bytes(pubkey))
+priv_key = keypair[1]
        retVal = ''
        box = None
        data = bytesconverter.str_to_bytes(data)
        pubkey = nacl.signing.VerifyKey(pubkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_public_key()
        if encodedData:
            encoding = nacl.encoding.Base64Encoder
        else:
            encoding = nacl.encoding.RawEncoder
        box = nacl.public.SealedBox(pubkey)
        retVal = box.encrypt(data, encoder=encoding)
        return retVal
    def symmetricEncrypt(self, data, key, encodedKey=False, returnEncoded=True):
        '''Encrypt data with a 32-byte key (Salsa20-Poly1305 MAC)'''
        if encodedKey:
            encoding = nacl.encoding.Base64Encoder
        else:
            encoding = nacl.encoding.RawEncoder
        # Make sure data is bytes
        if type(data) != bytes:
            data = data.encode()
        box = nacl.secret.SecretBox(key, encoder=encoding)
        if returnEncoded:
            encoding = nacl.encoding.Base64Encoder
        else:
            encoding = nacl.encoding.RawEncoder
        encrypted = box.encrypt(data, encoder=encoding)
        return encrypted
    def symmetricDecrypt(self, data, key, encodedKey=False, encodedMessage=False, returnEncoded=False):
        '''Decrypt data to a 32-byte key (Salsa20-Poly1305 MAC)'''
        if encodedKey:
            encoding = nacl.encoding.Base64Encoder
        else:
            encoding = nacl.encoding.RawEncoder
        box = nacl.secret.SecretBox(key, encoder=encoding)
        if encodedMessage:
            encoding = nacl.encoding.Base64Encoder
        else:
            encoding = nacl.encoding.RawEncoder
        decrypted = box.decrypt(data, encoder=encoding)
        if returnEncoded:
            decrypted = base64.b64encode(decrypted)
        return decrypted
    def generateSymmetric(self):
        '''Generate a symmetric key (bytes) and return it'''
        return binascii.hexlify(nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE))
    def generatePubKey(self):
        '''Generate a Ed25519 public key pair, return tuple of base32encoded pubkey, privkey'''
        return generate.generate_pub_key()
    def generateDeterministic(self, passphrase, bypassCheck=False):
        '''Generate a Ed25519 public key pair from a password'''
        passStrength = self.deterministicRequirement
        passphrase = bytesconverter.str_to_bytes(passphrase) # Convert to bytes if not already
        # Validate passphrase length
        if not bypassCheck:
            if len(passphrase) < passStrength:
                raise onionrexceptions.PasswordStrengthError("Passphase must be at least %s characters" % (passStrength,))
        # KDF values
        kdf = nacl.pwhash.argon2id.kdf
        salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
        ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
        mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
        key = kdf(32, passphrase, salt, opslimit=ops, memlimit=mem) # Generate seed for ed25519 key
        key = nacl.signing.SigningKey(key)
        return (key.verify_key.encode(nacl.encoding.Base32Encoder).decode(), key.encode(nacl.encoding.Base32Encoder).decode())
    def pubKeyHashID(self, pubkey=''):
        '''Accept a ed25519 public key, return a truncated result of X many sha3_256 hash rounds'''
        if pubkey == '':
            pubkey = self.pubKey
        prev = ''
        pubkey = bytesconverter.str_to_bytes(pubkey)
        for i in range(self.HASH_ID_ROUNDS):
            try:
                prev = prev.encode()
            except AttributeError:
                pass
            hasher = hashlib.sha3_256()
            hasher.update(pubkey + prev)
            prev = hasher.hexdigest()
        result = prev
        return result
    def sha3Hash(self, data):
        return hashers.sha3_hash(data)
    def blake2bHash(self, data):
        return hashers.blake2b_hash(data)
    def verifyPow(self, blockContent):
        '''
            Verifies the proof of work associated with a block
        '''
        retData = False
        dataLen = len(blockContent)
        try:
            blockContent = blockContent.encode()
        except AttributeError:
            pass
        blockHash = self.sha3Hash(blockContent)
        try:
            blockHash = blockHash.decode() # bytes on some versions for some reason
        except AttributeError:
            pass
        difficulty = onionrproofs.getDifficultyForNewBlock(blockContent, ourBlock=False)
        if difficulty < int(config.get('general.minimum_block_pow')):
            difficulty = int(config.get('general.minimum_block_pow'))
        mainHash = '0000000000000000000000000000000000000000000000000000000000000000'#nacl.hash.blake2b(nacl.utils.random()).decode()
        puzzle = mainHash[:difficulty]
        if blockHash[:difficulty] == puzzle:
            # logger.debug('Validated block pow')
            retData = True
        else:
            logger.debug("Invalid token, bad proof")
        return retData
--- a/onionr/onionrcrypto/encryption/init.py
+++ b/onionr/onionrcrypto/encryption/init.py
@ -1,9 +1,29 @@
 import nacl.encoding, nacl.public, nacl.signing
 from .. import getourkeypair
 import unpaddedbase32
 pair = getourkeypair.get_keypair()
 our_pub_key = pair[0]
 our_priv_key = pair[1]
 def pub_key_encrypt(data, pubkey, encodedData=False):
    '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
    pubkey = unpaddedbase32.repad(bytesconverter.str_to_bytes(pubkey))
    retVal = ''
    box = None
    data = bytesconverter.str_to_bytes(data)
    pubkey = nacl.signing.VerifyKey(pubkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_public_key()
    if encodedData:
        encoding = nacl.encoding.Base64Encoder
    else:
        encoding = nacl.encoding.RawEncoder
    box = nacl.public.SealedBox(pubkey)
    retVal = box.encrypt(data, encoder=encoding)
    return retVal
 def pub_key_decrypt(data, pubkey='', privkey='', encodedData=False):
    '''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)'''
    decrypted = False
--- a/onionr/onionrevents.py
+++ b/onionr/onionrevents.py
@ -33,11 +33,11 @@ def __event_caller(event_name, data = {}, onionr = None):
        try:
            call(plugins.get_plugin(plugin), event_name, data, get_pluginapi(onionr, data))
        except ModuleNotFoundError as e:
-            logger.warn('Disabling nonexistant plugin "%s"...' % plugin)
+            logger.warn('Disabling nonexistant plugin "%s"...' % plugin, terminal=True)
            plugins.disable(plugin, onionr, stop_event = False)
        except Exception as e:
-            logger.warn('Event "%s" failed for plugin "%s".' % (event_name, plugin))
+            logger.warn('Event "%s" failed for plugin "%s".' % (event_name, plugin), terminal=True)
-            logger.debug(str(e))
+            logger.debug(str(e), terminal=True)
 def event(event_name, data = {}, onionr = None, threaded = True):
--- a/onionr/onionrpluginapi.py
+++ b/onionr/onionrpluginapi.py
@ -18,7 +18,7 @@
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 '''
-import onionrplugins, logger, onionrcrypto
+import onionrplugins, logger
 from onionrutils import localcommand
 from coredb import daemonqueue
 class DaemonAPI:
@ -154,7 +154,6 @@ class pluginapi:
        self.plugins = PluginAPI(self)
        self.commands = CommandAPI(self)
        self.web = WebAPI(self)
        self.crypto = onionrcrypto.OnionrCrypto()
    def get_onionr(self):
        return self.onionr
@ -162,9 +161,6 @@ class pluginapi:
    def get_data(self):
        return self.data
    def get_crypto(self):
        return self.crypto
    def get_daemonapi(self):
        return self.daemon
--- a/onionr/onionrproofs.py
+++ b/onionr/onionrproofs.py
@ -26,7 +26,6 @@ def getDifficultyModifier():
    '''returns the difficulty modifier for block storage based 
    on a variety of factors, currently only disk use.
    '''
    classInst = coreOrUtilsInst
    retData = 0
    useFunc = storagecounter.StorageCounter().getPercent
--- a/onionr/onionrstorage/init.py
+++ b/onionr/onionrstorage/init.py
@ -24,14 +24,7 @@ import filepaths, onionrcrypto, dbcreator, onionrexceptions
 from onionrcrypto import hashers
 DB_ENTRY_SIZE_LIMIT = 10000 # Will be a config option
 def dbCreate():
    try:
        dbcreator.DBCreator().createBlockDataDB()
    except FileExistsError:
        pass
 def _dbInsert(blockHash, data):
    dbCreate()
    conn = sqlite3.connect(dbfiles.block_data_db, timeout=10)
    c = conn.cursor()
    data = (blockHash, data)
@ -40,7 +33,6 @@ def _dbInsert(blockHash, data):
    conn.close()
 def _dbFetch(blockHash):
    dbCreate()
    conn = sqlite3.connect(dbfiles.block_data_db, timeout=10)
    c = conn.cursor()
    for i in c.execute('SELECT data from blockData where hash = ?', (blockHash,)):
@ -54,7 +46,6 @@ def deleteBlock(blockHash):
    if os.path.exists('%s/%s.dat' % (filepaths.block_data_location, blockHash)):
        os.remove('%s/%s.dat' % (filepaths.block_data_location, blockHash))
        return True
    dbCreate()
    conn = sqlite3.connect(dbfiles.block_data_db, timeout=10)
    c = conn.cursor()
    data = (blockHash,)
@ -91,7 +82,7 @@ def getData(bHash):
        with open(fileLocation, 'rb') as block:
            retData = block.read()
    else:
-        retData = _dbFetch(coreInst, bHash)
+        retData = _dbFetch(bHash)
        if retData is None:
            raise onionrexceptions.NoDataAvailable("Block data for %s is not available" % [bHash])
    return retData
--- a/onionr/onionrstorage/setdata.py
+++ b/onionr/onionrstorage/setdata.py
@ -1,12 +1,11 @@
 import sys, sqlite3
-import onionrstorage, onionrexceptions, onionrcrypto
+import onionrstorage, onionrexceptions, onionrcrypto as crypto
 import filepaths, storagecounter
 from coredb import dbfiles
 def set_data(data):
    '''
        Set the data assciated with a hash
    '''
    crypto = onionrcrypto.OnionrCrypto()
    storage_counter = storagecounter.StorageCounter()
    data = data
    dataSize = sys.getsizeof(data)
@ -14,7 +13,7 @@ def set_data(data):
    if not type(data) is bytes:
        data = data.encode()
-    dataHash = crypto.sha3Hash(data)
+    dataHash = crypto.hashers.sha3_hash(data)
    if type(dataHash) is bytes:
        dataHash = dataHash.decode()
--- a/onionr/onionrutils/localcommand.py
+++ b/onionr/onionrutils/localcommand.py
@ -30,9 +30,13 @@ def get_hostname():
    maxWait = 3
    while True:
        if cache.get('client_api') is None:
-            hostname = getclientapiserver.get_client_API_server()
+            try:
-            cache.put('hostname', hostname)
+                hostname = getclientapiserver.get_client_API_server()
-            cache.flush()
+            except FileNotFoundError:
                hostname = False
            else:
                cache.put('hostname', hostname)
                cache.flush()
        else:
            hostname = cache.get('hostname')
        if hostname == '' or hostname is None:
@ -48,9 +52,11 @@ def local_command(command, data='', silent = True, post=False, postData = {}, ma
    '''
    # TODO: URL encode parameters, just as an extra measure. May not be needed, but should be added regardless.
    hostname = get_hostname()
    if hostname == False: return False
    if data != '':
        data = '&data=' + urllib.parse.quote_plus(data)
    payload = 'http://%s/%s%s' % (hostname, command, data)
    try:
        if post:
            retData = requests.post(payload, data=postData, headers={'token': config.get('client.webpassword'), 'Connection':'close'}, timeout=(maxWait, maxWait)).text
--- a/onionr/onionrutils/mnemonickeys.py
+++ b/onionr/onionrutils/mnemonickeys.py
@ -23,6 +23,6 @@ import onionrcrypto
 def get_human_readable_ID(pub=''):
    '''gets a human readable ID from a public key'''
    if pub == '':
-        pub = onionrcrypto.OnionrCrypto().pubKey
+        pub = onionrcrypto.pub_key
    pub = base64.b16encode(base64.b32decode(pub)).decode()
    return ' '.join(pgpwords.wordify(pub))
--- a/onionr/static-data/default-plugins/flow/main.py
+++ b/onionr/static-data/default-plugins/flow/main.py
@ -96,7 +96,6 @@ def on_init(api, data = None):
        inputted is executed. Could be called when daemon is starting or when
        just the client is running.
    '''
    # Doing this makes it so that the other functions can access the api object
    # by simply referencing the variable `pluginapi`.
    global pluginapi
--- a/onionr/subprocesspow.py
+++ b/onionr/subprocesspow.py
@ -22,9 +22,8 @@
 import subprocess, os
 import multiprocessing, threading, time, json
 from multiprocessing import Pipe, Process
-import onionrblockapi, config, onionrutils, logger, onionrproofs, onionrcrypto
+import onionrblockapi, config, onionrutils, logger, onionrproofs, onionrcrypto as crypto
 from onionrutils import bytesconverter
 crypto = onionrcrypto.OnionrCrypto()
 class SubprocessPOW:
    def __init__(self, data, metadata, subproc_count=None):
        '''
@ -105,7 +104,7 @@ class SubprocessPOW:
            # Serialize metadata, combine with block data
            payload = json.dumps(metadata).encode() + b'\n' + data
            # Check sha3_256 hash of block, compare to puzzle. Send payload if puzzle finished
-            token = crypto.sha3Hash(payload)
+            token = crypto.hashers.sha3_hash(payload)
            token = bytesconverter.bytes_to_str(token) # ensure token is string
            if puzzle == token[0:difficulty]:
                pipe.send(payload)
`@ -1 +1,3 @@`
	`from . import insert`	`from . import insert`

		`insert = insert.insert_block`