work on foward secrecy

master
Kevin Froman 2018-10-06 13:06:46 -05:00
parent 15877449f8
commit 8de7bd16c6
2 changed files with 24 additions and 3 deletions

View File

@ -21,7 +21,7 @@ import sqlite3, os, sys, time, math, base64, tarfile, getpass, simplecrypt, hash
from onionrblockapi import Block from onionrblockapi import Block
import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues
import onionrblacklist, onionrchat import onionrblacklist, onionrchat, onionrusers
import dbcreator import dbcreator
if sys.version_info < (3, 6): if sys.version_info < (3, 6):
try: try:
@ -731,8 +731,16 @@ class Core:
if len(jsonMeta) > 1000: if len(jsonMeta) > 1000:
raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes') raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes')
user = onionrusers.OnionrUser(self, symKey)
# encrypt block metadata/sig/content # encrypt block metadata/sig/content
if encryptType == 'sym': if encryptType == 'sym':
# Encrypt block data with forward secrecy key first, but not meta
forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
data = forwardEncrypted[0]
jsonMeta['newFSKey'] = forwardEncrypted[1]
if len(symKey) < self.requirements.passwordLength: if len(symKey) < self.requirements.passwordLength:
raise onionrexceptions.SecurityError('Weak encryption key') raise onionrexceptions.SecurityError('Weak encryption key')
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode() jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()

View File

@ -55,20 +55,23 @@ class OnionrUser:
return decrypted return decrypted
def forwardEncrypt(self, data): def forwardEncrypt(self, data):
self.generateForwardKey()
retData = '' retData = ''
forwardKey = self._getLatestForwardKey() forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey): if self._core._utils.validatePubKey(forwardKey):
encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
else: else:
raise Exception("No valid forward key available for this user") raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
return return (data, forwardKey)
def forwardDecrypt(self, encrypted): def forwardDecrypt(self, encrypted):
retData = '' retData = ''
for key in self
return return
def _getLatestForwardKey(self): def _getLatestForwardKey(self):
# Get the latest forward secrecy key for a peer # Get the latest forward secrecy key for a peer
key = ""
conn = sqlite3.connect(self._core.peerDB, timeout=10) conn = sqlite3.connect(self._core.peerDB, timeout=10)
c = conn.cursor() c = conn.cursor()
@ -111,7 +114,17 @@ class OnionrUser:
conn.commit() conn.commit()
conn.close() conn.close()
return newPub
def getGeneratedForwardKeys(self, peer):
# Fetch the keys we generated for the peer, that are still around
conn = sqlite3.connect(self._core.peerDB, timeout=10)
c = conn.cursor()
command = (peer,)
keyList = [] # list of tuples containing pub, private for peer
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
keyList.append((result[1], result[2]))
return keyList
def addForwardKey(self, newKey): def addForwardKey(self, newKey):
if not self._core._utils.validatePubKey(newKey): if not self._core._utils.validatePubKey(newKey):