work on foward secrecy
parent
980406b699
commit
38913b62ce
|
@ -14,3 +14,4 @@ onionr/.onionr-lock
|
|||
core
|
||||
.vscode/*
|
||||
venv/*
|
||||
onionr/fs*
|
||||
|
|
|
@ -726,6 +726,13 @@ class Core:
|
|||
except AttributeError:
|
||||
pass
|
||||
|
||||
try:
|
||||
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
||||
data = forwardEncrypted[0]
|
||||
meta['newFSKey'] = forwardEncrypted[1][0]
|
||||
except onionrexceptions.InvalidPubkey:
|
||||
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
|
||||
|
||||
if sign:
|
||||
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
|
||||
signer = self._crypto.pubKey
|
||||
|
@ -747,12 +754,6 @@ class Core:
|
|||
elif encryptType == 'asym':
|
||||
if self._utils.validatePubKey(asymPeer):
|
||||
# Encrypt block data with forward secrecy key first, but not meta
|
||||
try:
|
||||
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
||||
data = forwardEncrypted[0]
|
||||
meta['newFSKey'] = forwardEncrypted[1][0]
|
||||
except onionrexceptions.InvalidPubkey:
|
||||
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
|
||||
jsonMeta = json.dumps(meta)
|
||||
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
|
||||
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
'''
|
||||
|
||||
import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions
|
||||
import core as onionrcore, logger, config, onionrexceptions, nacl.exceptions, onionrusers
|
||||
import json, os, sys, datetime, base64
|
||||
|
||||
class Block:
|
||||
|
@ -91,6 +91,12 @@ class Block:
|
|||
self.signature = core._crypto.pubKeyDecrypt(self.signature, anonymous=anonymous, encodedData=encodedData)
|
||||
self.signer = core._crypto.pubKeyDecrypt(self.signer, anonymous=anonymous, encodedData=encodedData)
|
||||
self.signedData = json.dumps(self.bmetadata) + self.bcontent.decode()
|
||||
try:
|
||||
assert self.bmetadata['forwardEnc'] is True
|
||||
except (AssertionError, KeyError) as e:
|
||||
pass
|
||||
else:
|
||||
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt()
|
||||
except nacl.exceptions.CryptoError:
|
||||
pass
|
||||
#logger.debug('Could not decrypt block. Either invalid key or corrupted data')
|
||||
|
|
|
@ -55,13 +55,13 @@ class OnionrUser:
|
|||
return decrypted
|
||||
|
||||
def forwardEncrypt(self, data):
|
||||
self.generateForwardKey()
|
||||
retData = ''
|
||||
forwardKey = self._getLatestForwardKey()
|
||||
if self._core._utils.validatePubKey(forwardKey):
|
||||
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
||||
else:
|
||||
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
||||
self.generateForwardKey()
|
||||
return (retData, forwardKey)
|
||||
|
||||
def forwardDecrypt(self, encrypted):
|
||||
|
|
Loading…
Reference in New Issue