work on foward secrecy
parent
980406b699
commit
38913b62ce
|
@ -14,3 +14,4 @@ onionr/.onionr-lock
|
||||||
core
|
core
|
||||||
.vscode/*
|
.vscode/*
|
||||||
venv/*
|
venv/*
|
||||||
|
onionr/fs*
|
||||||
|
|
|
@ -726,6 +726,13 @@ class Core:
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
try:
|
||||||
|
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
||||||
|
data = forwardEncrypted[0]
|
||||||
|
meta['newFSKey'] = forwardEncrypted[1][0]
|
||||||
|
except onionrexceptions.InvalidPubkey:
|
||||||
|
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
|
||||||
|
|
||||||
if sign:
|
if sign:
|
||||||
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
|
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
|
||||||
signer = self._crypto.pubKey
|
signer = self._crypto.pubKey
|
||||||
|
@ -747,12 +754,6 @@ class Core:
|
||||||
elif encryptType == 'asym':
|
elif encryptType == 'asym':
|
||||||
if self._utils.validatePubKey(asymPeer):
|
if self._utils.validatePubKey(asymPeer):
|
||||||
# Encrypt block data with forward secrecy key first, but not meta
|
# Encrypt block data with forward secrecy key first, but not meta
|
||||||
try:
|
|
||||||
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
|
||||||
data = forwardEncrypted[0]
|
|
||||||
meta['newFSKey'] = forwardEncrypted[1][0]
|
|
||||||
except onionrexceptions.InvalidPubkey:
|
|
||||||
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
|
|
||||||
jsonMeta = json.dumps(meta)
|
jsonMeta = json.dumps(meta)
|
||||||
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
|
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
|
||||||
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
|
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
'''
|
'''
|
||||||
|
|
||||||
import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions
|
import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions, onionrusers
|
||||||
import json, os, sys, datetime, base64
|
import json, os, sys, datetime, base64
|
||||||
|
|
||||||
class Block:
|
class Block:
|
||||||
|
@ -91,6 +91,12 @@ class Block:
|
||||||
self.signature = core._crypto.pubKeyDecrypt(self.signature, anonymous=anonymous, encodedData=encodedData)
|
self.signature = core._crypto.pubKeyDecrypt(self.signature, anonymous=anonymous, encodedData=encodedData)
|
||||||
self.signer = core._crypto.pubKeyDecrypt(self.signer, anonymous=anonymous, encodedData=encodedData)
|
self.signer = core._crypto.pubKeyDecrypt(self.signer, anonymous=anonymous, encodedData=encodedData)
|
||||||
self.signedData = json.dumps(self.bmetadata) + self.bcontent.decode()
|
self.signedData = json.dumps(self.bmetadata) + self.bcontent.decode()
|
||||||
|
try:
|
||||||
|
assert self.bmetadata['forwardEnc'] is True
|
||||||
|
except (AssertionError, KeyError) as e:
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt()
|
||||||
except nacl.exceptions.CryptoError:
|
except nacl.exceptions.CryptoError:
|
||||||
pass
|
pass
|
||||||
#logger.debug('Could not decrypt block. Either invalid key or corrupted data')
|
#logger.debug('Could not decrypt block. Either invalid key or corrupted data')
|
||||||
|
|
|
@ -55,13 +55,13 @@ class OnionrUser:
|
||||||
return decrypted
|
return decrypted
|
||||||
|
|
||||||
def forwardEncrypt(self, data):
|
def forwardEncrypt(self, data):
|
||||||
self.generateForwardKey()
|
|
||||||
retData = ''
|
retData = ''
|
||||||
forwardKey = self._getLatestForwardKey()
|
forwardKey = self._getLatestForwardKey()
|
||||||
if self._core._utils.validatePubKey(forwardKey):
|
if self._core._utils.validatePubKey(forwardKey):
|
||||||
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
||||||
else:
|
else:
|
||||||
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
||||||
|
self.generateForwardKey()
|
||||||
return (retData, forwardKey)
|
return (retData, forwardKey)
|
||||||
|
|
||||||
def forwardDecrypt(self, encrypted):
|
def forwardDecrypt(self, encrypted):
|
||||||
|
|
Loading…
Reference in New Issue