fixed forward secrecy expiration, key deletion and block expire detection

master
Kevin Froman 2019-03-13 19:50:45 -05:00
parent 97e0945e12
commit 6568086e24
3 changed files with 12 additions and 7 deletions

View File

@ -737,6 +737,8 @@ class Core:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0]
meta['forwardEnc'] = True
expire = forwardEncrypted[2] # Expire time of key. no sense keeping block after that
print(expire, self._utils.getEpoch())
except onionrexceptions.InvalidPubkey:
pass
#onionrusers.OnionrUser(self, asymPeer).generateForwardKey()

View File

@ -32,6 +32,8 @@ def deleteExpiredKeys(coreInst):
conn.close()
return
DEFAULT_KEY_EXPIRE = 604800
class OnionrUser:
def __init__(self, coreInst, publicKey, saveUser=False):
'''
@ -84,14 +86,15 @@ class OnionrUser:
return decrypted
def forwardEncrypt(self, data):
deleteExpiredKeys(self._core)
retData = ''
forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
if self._core._utils.validatePubKey(forwardKey[0]):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey[0], encodedData=True)
else:
raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user")
#self.generateForwardKey()
return (retData, forwardKey)
return (retData, forwardKey[0], forwardKey[1])
def forwardDecrypt(self, encrypted):
retData = ""
@ -114,7 +117,7 @@ class OnionrUser:
# TODO: account for keys created at the same time (same epoch)
for row in c.execute("SELECT forwardKey, max(DATE) FROM forwardKeys WHERE peerKey = ?", (self.publicKey,)):
key = row[0]
key = (row[0], row[1])
break
conn.commit()
@ -135,7 +138,7 @@ class OnionrUser:
return list(keyList)
def generateForwardKey(self, expire=604800):
def generateForwardKey(self, expire=DEFAULT_KEY_EXPIRE):
# Generate a forward secrecy key for the peer
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
@ -173,7 +176,7 @@ class OnionrUser:
keyList = self.getGeneratedForwardKeys()
return list(keyList)
def addForwardKey(self, newKey, expire=604800):
def addForwardKey(self, newKey, expire=DEFAULT_KEY_EXPIRE):
if not self._core._utils.validatePubKey(newKey):
# Do not add if something went wrong with the key
raise onionrexceptions.InvalidPubkey(newKey)

View File

@ -281,7 +281,7 @@ class OnionrUtils:
break
elif i == 'expire':
try:
assert int(metadata[i]) > self.getEpoch()
assert int(metadata[i]) < self.getEpoch()
except AssertionError:
logger.warn('Block is expired')
break