removed non-anonymous pubkey encryption, fixes, more tests

master
Kevin Froman 2019-02-15 22:08:03 -06:00
parent 4afff79d2f
commit 2e99b6b95c
7 changed files with 33 additions and 41 deletions

View File

@ -779,10 +779,10 @@ class Core:
if self._utils.validatePubKey(asymPeer): if self._utils.validatePubKey(asymPeer):
# Encrypt block data with forward secrecy key first, but not meta # Encrypt block data with forward secrecy key first, but not meta
jsonMeta = json.dumps(meta) jsonMeta = json.dumps(meta)
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode() jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True).decode()
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode() data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True).decode()
signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True, anonymous=True).decode() signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True).decode()
signer = self._crypto.pubKeyEncrypt(signer, asymPeer, encodedData=True, anonymous=True).decode() signer = self._crypto.pubKeyEncrypt(signer, asymPeer, encodedData=True).decode()
onionrusers.OnionrUser(self, asymPeer, saveUser=True) onionrusers.OnionrUser(self, asymPeer, saveUser=True)
else: else:
raise onionrexceptions.InvalidPubkey(asymPeer + ' is not a valid base32 encoded ed25519 key') raise onionrexceptions.InvalidPubkey(asymPeer + ' is not a valid base32 encoded ed25519 key')

View File

@ -94,46 +94,35 @@ class OnionrCrypto:
retData = key.sign(data).signature retData = key.sign(data).signature
return retData return retData
def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False): def pubKeyEncrypt(self, data, pubkey, encodedData=False):
'''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)''' '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
retVal = '' retVal = ''
try: box = None
pubkey = pubkey.encode() data = self._core._utils.strToBytes(data)
except AttributeError:
pass pubkey = nacl.signing.VerifyKey(pubkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_public_key()
if encodedData: if encodedData:
encoding = nacl.encoding.Base64Encoder encoding = nacl.encoding.Base64Encoder
else: else:
encoding = nacl.encoding.RawEncoder encoding = nacl.encoding.RawEncoder
if self.privKey != None and not anonymous: box = nacl.public.SealedBox(pubkey)
ownKey = nacl.signing.SigningKey(seed=self.privKey, encoder=nacl.encoding.Base32Encoder).to_curve25519_private_key() retVal = box.encrypt(data, encoder=encoding)
key = nacl.signing.VerifyKey(key=pubkey, encoder=nacl.encoding.Base32Encoder).to_curve25519_public_key()
ourBox = nacl.public.Box(ownKey, key)
retVal = ourBox.encrypt(data.encode(), encoder=encoding)
elif anonymous:
key = nacl.signing.VerifyKey(key=pubkey, encoder=nacl.encoding.Base32Encoder).to_curve25519_public_key()
anonBox = nacl.public.SealedBox(key)
try:
data = data.encode()
except AttributeError:
pass
retVal = anonBox.encrypt(data, encoder=encoding)
return retVal return retVal
def pubKeyDecrypt(self, data, pubkey='', privkey='', anonymous=False, encodedData=False): def pubKeyDecrypt(self, data, pubkey='', privkey='', encodedData=False):
'''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)''' '''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)'''
decrypted = False decrypted = False
if encodedData: if encodedData:
encoding = nacl.encoding.Base64Encoder encoding = nacl.encoding.Base64Encoder
else: else:
encoding = nacl.encoding.RawEncoder encoding = nacl.encoding.RawEncoder
ownKey = nacl.signing.SigningKey(seed=self.privKey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key() if privkey == '':
if self.privKey != None and not anonymous: privkey = self.privKey
ourBox = nacl.public.Box(ownKey, pubkey) ownKey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key()
decrypted = ourBox.decrypt(data, encoder=encoding)
elif anonymous:
if self._core._utils.validatePubKey(privkey): if self._core._utils.validatePubKey(privkey):
privkey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key() privkey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key()
anonBox = nacl.public.SealedBox(privkey) anonBox = nacl.public.SealedBox(privkey)

View File

@ -64,9 +64,9 @@ def getDifficultyForNewBlock(data, ourBlock=True):
else: else:
raise ValueError('not Block, str, or int') raise ValueError('not Block, str, or int')
if ourBlock: if ourBlock:
minDifficulty = config.get('general.minimum_send_pow') minDifficulty = config.get('general.minimum_send_pow', 4)
else: else:
minDifficulty = config.get('general.minimum_block_pow') minDifficulty = config.get('general.minimum_block_pow', 4)
retData = max(minDifficulty, math.floor(dataSize / 100000)) + getDifficultyModifier() retData = max(minDifficulty, math.floor(dataSize / 100000)) + getDifficultyModifier()
return retData return retData

View File

@ -87,7 +87,7 @@ class OnionrUser:
retData = '' retData = ''
forwardKey = self._getLatestForwardKey() forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey): if self._core._utils.validatePubKey(forwardKey):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True) retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
else: else:
raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user") raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user")
#self.generateForwardKey() #self.generateForwardKey()

View File

@ -69,7 +69,7 @@ class PlainEncryption:
data['data'] = plaintext data['data'] = plaintext
data = json.dumps(data) data = json.dumps(data)
plaintext = data plaintext = data
encrypted = self.api.get_core()._crypto.pubKeyEncrypt(plaintext, pubkey, anonymous=True, encodedData=True) encrypted = self.api.get_core()._crypto.pubKeyEncrypt(plaintext, pubkey, encodedData=True)
encrypted = self.api.get_core()._utils.bytesToStr(encrypted) encrypted = self.api.get_core()._utils.bytesToStr(encrypted)
logger.info('Encrypted Message: \n\nONIONR ENCRYPTED DATA %s END ENCRYPTED DATA' % (encrypted,)) logger.info('Encrypted Message: \n\nONIONR ENCRYPTED DATA %s END ENCRYPTED DATA' % (encrypted,))

View File

@ -49,13 +49,13 @@ class StorageCounter:
def getPercent(self): def getPercent(self):
'''Return percent (decimal/float) of disk space we're using''' '''Return percent (decimal/float) of disk space we're using'''
amount = self.getAmount() amount = self.getAmount()
return round(amount / self._core.config.get('allocations.disk'), 2) return round(amount / self._core.config.get('allocations.disk', 2000000000), 2)
def addBytes(self, amount): def addBytes(self, amount):
'''Record that we are now using more disk space, unless doing so would exceed configured max''' '''Record that we are now using more disk space, unless doing so would exceed configured max'''
newAmount = amount + self.getAmount() newAmount = amount + self.getAmount()
retData = newAmount retData = newAmount
if newAmount > self._core.config.get('allocations.disk'): if newAmount > self._core.config.get('allocations.disk', 2000000000):
retData = False retData = False
else: else:
self._update(newAmount) self._update(newAmount)

View File

@ -1,7 +1,10 @@
#!/bin/bash #!/bin/bash
cd onionr; cd onionr;
mkdir testdata; mkdir testdata;
ran=0
for f in tests/*.py; do for f in tests/*.py; do
python3 "$f" || break # if needed python3 "$f" || break # if needed
let "ran++"
done done
rm -rf testdata; rm -rf testdata;
echo "ran $ran test files successfully"