fixed forward secrecy expiration, key deletion and block expire detection
parent
97e0945e12
commit
6568086e24
|
@ -737,6 +737,8 @@ class Core:
|
||||||
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
||||||
data = forwardEncrypted[0]
|
data = forwardEncrypted[0]
|
||||||
meta['forwardEnc'] = True
|
meta['forwardEnc'] = True
|
||||||
|
expire = forwardEncrypted[2] # Expire time of key. no sense keeping block after that
|
||||||
|
print(expire, self._utils.getEpoch())
|
||||||
except onionrexceptions.InvalidPubkey:
|
except onionrexceptions.InvalidPubkey:
|
||||||
pass
|
pass
|
||||||
#onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
|
#onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
|
||||||
|
|
|
@ -32,6 +32,8 @@ def deleteExpiredKeys(coreInst):
|
||||||
conn.close()
|
conn.close()
|
||||||
return
|
return
|
||||||
|
|
||||||
|
DEFAULT_KEY_EXPIRE = 604800
|
||||||
|
|
||||||
class OnionrUser:
|
class OnionrUser:
|
||||||
def __init__(self, coreInst, publicKey, saveUser=False):
|
def __init__(self, coreInst, publicKey, saveUser=False):
|
||||||
'''
|
'''
|
||||||
|
@ -84,14 +86,15 @@ class OnionrUser:
|
||||||
return decrypted
|
return decrypted
|
||||||
|
|
||||||
def forwardEncrypt(self, data):
|
def forwardEncrypt(self, data):
|
||||||
|
deleteExpiredKeys(self._core)
|
||||||
retData = ''
|
retData = ''
|
||||||
forwardKey = self._getLatestForwardKey()
|
forwardKey = self._getLatestForwardKey()
|
||||||
if self._core._utils.validatePubKey(forwardKey):
|
if self._core._utils.validatePubKey(forwardKey[0]):
|
||||||
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey[0], encodedData=True)
|
||||||
else:
|
else:
|
||||||
raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user")
|
raise onionrexceptions.InvalidPubkey("No valid forward secrecy key available for this user")
|
||||||
#self.generateForwardKey()
|
#self.generateForwardKey()
|
||||||
return (retData, forwardKey)
|
return (retData, forwardKey[0], forwardKey[1])
|
||||||
|
|
||||||
def forwardDecrypt(self, encrypted):
|
def forwardDecrypt(self, encrypted):
|
||||||
retData = ""
|
retData = ""
|
||||||
|
@ -114,7 +117,7 @@ class OnionrUser:
|
||||||
|
|
||||||
# TODO: account for keys created at the same time (same epoch)
|
# TODO: account for keys created at the same time (same epoch)
|
||||||
for row in c.execute("SELECT forwardKey, max(DATE) FROM forwardKeys WHERE peerKey = ?", (self.publicKey,)):
|
for row in c.execute("SELECT forwardKey, max(DATE) FROM forwardKeys WHERE peerKey = ?", (self.publicKey,)):
|
||||||
key = row[0]
|
key = (row[0], row[1])
|
||||||
break
|
break
|
||||||
|
|
||||||
conn.commit()
|
conn.commit()
|
||||||
|
@ -135,7 +138,7 @@ class OnionrUser:
|
||||||
|
|
||||||
return list(keyList)
|
return list(keyList)
|
||||||
|
|
||||||
def generateForwardKey(self, expire=604800):
|
def generateForwardKey(self, expire=DEFAULT_KEY_EXPIRE):
|
||||||
|
|
||||||
# Generate a forward secrecy key for the peer
|
# Generate a forward secrecy key for the peer
|
||||||
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
|
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
|
||||||
|
@ -173,7 +176,7 @@ class OnionrUser:
|
||||||
keyList = self.getGeneratedForwardKeys()
|
keyList = self.getGeneratedForwardKeys()
|
||||||
return list(keyList)
|
return list(keyList)
|
||||||
|
|
||||||
def addForwardKey(self, newKey, expire=604800):
|
def addForwardKey(self, newKey, expire=DEFAULT_KEY_EXPIRE):
|
||||||
if not self._core._utils.validatePubKey(newKey):
|
if not self._core._utils.validatePubKey(newKey):
|
||||||
# Do not add if something went wrong with the key
|
# Do not add if something went wrong with the key
|
||||||
raise onionrexceptions.InvalidPubkey(newKey)
|
raise onionrexceptions.InvalidPubkey(newKey)
|
||||||
|
|
|
@ -281,7 +281,7 @@ class OnionrUtils:
|
||||||
break
|
break
|
||||||
elif i == 'expire':
|
elif i == 'expire':
|
||||||
try:
|
try:
|
||||||
assert int(metadata[i]) > self.getEpoch()
|
assert int(metadata[i]) < self.getEpoch()
|
||||||
except AssertionError:
|
except AssertionError:
|
||||||
logger.warn('Block is expired')
|
logger.warn('Block is expired')
|
||||||
break
|
break
|
||||||
|
|
Loading…
Reference in New Issue