work on foward secrecy

master
Kevin Froman 2018-10-07 21:25:59 -05:00
parent 980406b699
commit 38913b62ce
4 changed files with 16 additions and 8 deletions

1
.gitignore vendored
View File

@ -14,3 +14,4 @@ onionr/.onionr-lock
core core
.vscode/* .vscode/*
venv/* venv/*
onionr/fs*

View File

@ -726,6 +726,13 @@ class Core:
except AttributeError: except AttributeError:
pass pass
try:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0]
meta['newFSKey'] = forwardEncrypted[1][0]
except onionrexceptions.InvalidPubkey:
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
if sign: if sign:
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True) signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
signer = self._crypto.pubKey signer = self._crypto.pubKey
@ -747,12 +754,6 @@ class Core:
elif encryptType == 'asym': elif encryptType == 'asym':
if self._utils.validatePubKey(asymPeer): if self._utils.validatePubKey(asymPeer):
# Encrypt block data with forward secrecy key first, but not meta # Encrypt block data with forward secrecy key first, but not meta
try:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0]
meta['newFSKey'] = forwardEncrypted[1][0]
except onionrexceptions.InvalidPubkey:
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
jsonMeta = json.dumps(meta) jsonMeta = json.dumps(meta)
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode() jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode() data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()

View File

@ -18,7 +18,7 @@
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
''' '''
import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions, onionrusers
import json, os, sys, datetime, base64 import json, os, sys, datetime, base64
class Block: class Block:
@ -91,6 +91,12 @@ class Block:
self.signature = core._crypto.pubKeyDecrypt(self.signature, anonymous=anonymous, encodedData=encodedData) self.signature = core._crypto.pubKeyDecrypt(self.signature, anonymous=anonymous, encodedData=encodedData)
self.signer = core._crypto.pubKeyDecrypt(self.signer, anonymous=anonymous, encodedData=encodedData) self.signer = core._crypto.pubKeyDecrypt(self.signer, anonymous=anonymous, encodedData=encodedData)
self.signedData = json.dumps(self.bmetadata) + self.bcontent.decode() self.signedData = json.dumps(self.bmetadata) + self.bcontent.decode()
try:
assert self.bmetadata['forwardEnc'] is True
except (AssertionError, KeyError) as e:
pass
else:
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt()
except nacl.exceptions.CryptoError: except nacl.exceptions.CryptoError:
pass pass
#logger.debug('Could not decrypt block. Either invalid key or corrupted data') #logger.debug('Could not decrypt block. Either invalid key or corrupted data')

View File

@ -55,13 +55,13 @@ class OnionrUser:
return decrypted return decrypted
def forwardEncrypt(self, data): def forwardEncrypt(self, data):
self.generateForwardKey()
retData = '' retData = ''
forwardKey = self._getLatestForwardKey() forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey): if self._core._utils.validatePubKey(forwardKey):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
else: else:
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user") raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
self.generateForwardKey()
return (retData, forwardKey) return (retData, forwardKey)
def forwardDecrypt(self, encrypted): def forwardDecrypt(self, encrypted):