work on foward secrecy
parent
8de7bd16c6
commit
5606a07757
|
@ -76,6 +76,8 @@ class Core:
|
||||||
os.mkdir(self.dataDir + 'blocks/')
|
os.mkdir(self.dataDir + 'blocks/')
|
||||||
if not os.path.exists(self.blockDB):
|
if not os.path.exists(self.blockDB):
|
||||||
self.createBlockDB()
|
self.createBlockDB()
|
||||||
|
if not os.path.exists(self.forwardKeysFile):
|
||||||
|
self.dbCreate.createForwardKeyDB()
|
||||||
|
|
||||||
if os.path.exists(self.dataDir + '/hs/hostname'):
|
if os.path.exists(self.dataDir + '/hs/hostname'):
|
||||||
with open(self.dataDir + '/hs/hostname', 'r') as hs:
|
with open(self.dataDir + '/hs/hostname', 'r') as hs:
|
||||||
|
|
|
@ -37,6 +37,9 @@ class InvalidPubkey(Exception):
|
||||||
class KeyNotKnown(Exception):
|
class KeyNotKnown(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
class DecryptionError(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
# block exceptions
|
# block exceptions
|
||||||
class InvalidMetadata(Exception):
|
class InvalidMetadata(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
|
@ -59,15 +59,20 @@ class OnionrUser:
|
||||||
retData = ''
|
retData = ''
|
||||||
forwardKey = self._getLatestForwardKey()
|
forwardKey = self._getLatestForwardKey()
|
||||||
if self._core._utils.validatePubKey(forwardKey):
|
if self._core._utils.validatePubKey(forwardKey):
|
||||||
encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
||||||
else:
|
else:
|
||||||
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
||||||
return (data, forwardKey)
|
return (retData, forwardKey)
|
||||||
|
|
||||||
def forwardDecrypt(self, encrypted):
|
def forwardDecrypt(self, encrypted):
|
||||||
retData = ''
|
retData = ""
|
||||||
for key in self
|
for key in self.getGeneratedForwardKeys():
|
||||||
return
|
retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1])
|
||||||
|
if retData != False:
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
raise onionrexceptions.DecryptionError("Could not decrypt forward secrecy content")
|
||||||
|
return retData
|
||||||
|
|
||||||
def _getLatestForwardKey(self):
|
def _getLatestForwardKey(self):
|
||||||
# Get the latest forward secrecy key for a peer
|
# Get the latest forward secrecy key for a peer
|
||||||
|
@ -116,11 +121,11 @@ class OnionrUser:
|
||||||
conn.close()
|
conn.close()
|
||||||
return newPub
|
return newPub
|
||||||
|
|
||||||
def getGeneratedForwardKeys(self, peer):
|
def getGeneratedForwardKeys(self):
|
||||||
# Fetch the keys we generated for the peer, that are still around
|
# Fetch the keys we generated for the peer, that are still around
|
||||||
conn = sqlite3.connect(self._core.peerDB, timeout=10)
|
conn = sqlite3.connect(self._core.peerDB, timeout=10)
|
||||||
c = conn.cursor()
|
c = conn.cursor()
|
||||||
command = (peer,)
|
command = (self.publicKey,)
|
||||||
keyList = [] # list of tuples containing pub, private for peer
|
keyList = [] # list of tuples containing pub, private for peer
|
||||||
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
|
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
|
||||||
keyList.append((result[1], result[2]))
|
keyList.append((result[1], result[2]))
|
||||||
|
|
Loading…
Reference in New Issue