From ee2a74380b02f23c91ed77dc21939dca3976706e Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Thu, 13 Sep 2018 12:26:22 -0500 Subject: [PATCH] work on metadata, forward secrecy, and starting on sockets --- onionr/core.py | 1 + onionr/dbcreator.py | 24 ++++++++++++++++++- onionr/onionrusers.py | 20 ++++++++++++++++ onionr/onionrutils.py | 3 ++- .../default-plugins/metadataprocessor/main.py | 19 +++++++++++---- 5 files changed, 61 insertions(+), 6 deletions(-) diff --git a/onionr/core.py b/onionr/core.py index 15c862c5..3ce4bbfd 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -48,6 +48,7 @@ class Core: self.torPort = torPort self.dataNonceFile = 'data/block-nonces.dat' self.dbCreate = dbcreator.DBCreator(self) + self.forwardKeysFile = 'data/forward-keys.db' self.usageFile = 'data/disk-usage.txt' self.config = config diff --git a/onionr/dbcreator.py b/onionr/dbcreator.py index 05ea796e..f9838342 100644 --- a/onionr/dbcreator.py +++ b/onionr/dbcreator.py @@ -71,7 +71,9 @@ class DBCreator: c.execute('''CREATE TABLE forwardKeys( peerKey text not null, forwardKey text not null, - date int not null);''') + date int not null, + expire int not null + );''') conn.commit() conn.close() return @@ -108,4 +110,24 @@ class DBCreator: ''') conn.commit() conn.close() + return + + def createForwardKeyDB(self): + ''' + Create the forward secrecy key db (*for *OUR* keys*) + ''' + if os.path.exists(self.core.forwardKeysFile): + raise Exception("Block database already exists") + conn = sqlite3.connect(self.core.forwardKeysFile) + c = conn.cursor() + c.execute('''CREATE TABLE myForwardKeys( + peer text not null, + public key text not null, + private key text not null, + date int not null, + expire int not null + ); + ''') + conn.commit() + conn.close() return \ No newline at end of file diff --git a/onionr/onionrusers.py b/onionr/onionrusers.py index 898f9ae4..1e8cdf29 100644 --- a/onionr/onionrusers.py +++ b/onionr/onionrusers.py @@ -93,6 +93,26 @@ class OnionrUser: return list(keyList) + def generateForwardKey(self, expire=432000): + + # Generate a forward secrecy key for the peer + conn = sqlite3.connect(self._core.forwardKeysFile) + c = conn.cursor() + # Prepare the insert + time = self._core._utils.getEpoch() + newKeys = self._core._crypto.generatePubKey() + newPub = newKeys[0] + newPriv = newKeys[1] + + time = self._core._utils.getEpoch() + command = (self.publicKey, newPub, newPriv, time, expire) + + c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?);", command) + + conn.commit() + conn.close() + + def addForwardKey(self, newKey): if not self._core._utils.validatePubKey(newKey): raise onionrexceptions.InvalidPubkey diff --git a/onionr/onionrutils.py b/onionr/onionrutils.py index 6449e152..b5fc10c1 100644 --- a/onionr/onionrutils.py +++ b/onionr/onionrutils.py @@ -265,11 +265,12 @@ class OnionrUtils: myBlock.decrypt() blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks signer = self.bytesToStr(myBlock.signer) + valid = myBlock.verifySig() try: if len(blockType) <= 10: self._core.updateBlockInfo(blockHash, 'dataType', blockType) - onionrevents.event('processBlocks', data = {'block': myBlock, 'type': blockType}, onionr = None) + onionrevents.event('processBlocks', data = {'block': myBlock, 'type': blockType, 'signer': signer, 'validSig': valid}, onionr = None) except TypeError: pass diff --git a/onionr/static-data/default-plugins/metadataprocessor/main.py b/onionr/static-data/default-plugins/metadataprocessor/main.py index 74397c12..5145d911 100644 --- a/onionr/static-data/default-plugins/metadataprocessor/main.py +++ b/onionr/static-data/default-plugins/metadataprocessor/main.py @@ -22,7 +22,7 @@ import logger, config import os, sys, json, time, random, shutil, base64, getpass, datetime, re from onionrblockapi import Block -import onionrusers +import onionrusers, onionrexceptions plugin_name = 'metadataprocessor' @@ -50,6 +50,13 @@ def _processForwardKey(api, myBlock): Get the forward secrecy key specified by the user for us to use ''' peer = onionrusers.OnionrUser(self.api.get_core(), myBlock.signer) + key = myBlock.getMetadata('newFSKey') + + # We don't need to validate here probably, but it helps + if api.get_utils().validatePubKey(key): + peer.addForwardKey(key) + else: + raise onionrexceptions.InvalidPubkey("%s is nota valid pubkey key" % (key,)) def on_processBlocks(api): myBlock = api.data['block'] @@ -60,12 +67,16 @@ def on_processBlocks(api): # userInfo blocks, such as for setting username if blockType == 'userInfo': - if myBlock.verifySig(): + if api.data['validSig']: _processUserInfo(api, myBlock) - # forwardKey blocks + # forwardKey blocks, add a new forward secrecy key for a peer elif blockType == 'forwardKey': - if myBlock.verifySig(): + if api.data['validSig']: _processForwardKey(api, myBlock) + # socket blocks + elif blockType == 'openSocket': + if api.data['validSig']: + pass def on_init(api, data = None):