work on foward secrecy

master
Kevin Froman 2018-10-07 21:25:59 -05:00
parent 980406b699
commit 38913b62ce
4 changed files with 16 additions and 8 deletions

1
.gitignore vendored
View File

@ -14,3 +14,4 @@ onionr/.onionr-lock
core
.vscode/*
venv/*
onionr/fs*

View File

@ -726,6 +726,13 @@ class Core:
except AttributeError:
pass
try:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0]
meta['newFSKey'] = forwardEncrypted[1][0]
except onionrexceptions.InvalidPubkey:
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
if sign:
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
signer = self._crypto.pubKey
@ -747,12 +754,6 @@ class Core:
elif encryptType == 'asym':
if self._utils.validatePubKey(asymPeer):
# Encrypt block data with forward secrecy key first, but not meta
try:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0]
meta['newFSKey'] = forwardEncrypted[1][0]
except onionrexceptions.InvalidPubkey:
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
jsonMeta = json.dumps(meta)
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()

View File

@ -18,7 +18,7 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
'''
import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions
import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions, onionrusers
import json, os, sys, datetime, base64
class Block:
@ -91,6 +91,12 @@ class Block:
self.signature = core._crypto.pubKeyDecrypt(self.signature, anonymous=anonymous, encodedData=encodedData)
self.signer = core._crypto.pubKeyDecrypt(self.signer, anonymous=anonymous, encodedData=encodedData)
self.signedData = json.dumps(self.bmetadata) + self.bcontent.decode()
try:
assert self.bmetadata['forwardEnc'] is True
except (AssertionError, KeyError) as e:
pass
else:
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt()
except nacl.exceptions.CryptoError:
pass
#logger.debug('Could not decrypt block. Either invalid key or corrupted data')

View File

@ -55,13 +55,13 @@ class OnionrUser:
return decrypted
def forwardEncrypt(self, data):
self.generateForwardKey()
retData = ''
forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
else:
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
self.generateForwardKey()
return (retData, forwardKey)
def forwardDecrypt(self, encrypted):