work on foward secrecy
parent
15877449f8
commit
8de7bd16c6
|
@ -21,7 +21,7 @@ import sqlite3, os, sys, time, math, base64, tarfile, getpass, simplecrypt, hash
|
||||||
from onionrblockapi import Block
|
from onionrblockapi import Block
|
||||||
|
|
||||||
import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues
|
import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues
|
||||||
import onionrblacklist, onionrchat
|
import onionrblacklist, onionrchat, onionrusers
|
||||||
import dbcreator
|
import dbcreator
|
||||||
if sys.version_info < (3, 6):
|
if sys.version_info < (3, 6):
|
||||||
try:
|
try:
|
||||||
|
@ -731,8 +731,16 @@ class Core:
|
||||||
if len(jsonMeta) > 1000:
|
if len(jsonMeta) > 1000:
|
||||||
raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes')
|
raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes')
|
||||||
|
|
||||||
|
user = onionrusers.OnionrUser(self, symKey)
|
||||||
|
|
||||||
# encrypt block metadata/sig/content
|
# encrypt block metadata/sig/content
|
||||||
if encryptType == 'sym':
|
if encryptType == 'sym':
|
||||||
|
|
||||||
|
# Encrypt block data with forward secrecy key first, but not meta
|
||||||
|
forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
|
||||||
|
data = forwardEncrypted[0]
|
||||||
|
jsonMeta['newFSKey'] = forwardEncrypted[1]
|
||||||
|
|
||||||
if len(symKey) < self.requirements.passwordLength:
|
if len(symKey) < self.requirements.passwordLength:
|
||||||
raise onionrexceptions.SecurityError('Weak encryption key')
|
raise onionrexceptions.SecurityError('Weak encryption key')
|
||||||
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
|
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
|
||||||
|
|
|
@ -55,20 +55,23 @@ class OnionrUser:
|
||||||
return decrypted
|
return decrypted
|
||||||
|
|
||||||
def forwardEncrypt(self, data):
|
def forwardEncrypt(self, data):
|
||||||
|
self.generateForwardKey()
|
||||||
retData = ''
|
retData = ''
|
||||||
forwardKey = self._getLatestForwardKey()
|
forwardKey = self._getLatestForwardKey()
|
||||||
if self._core._utils.validatePubKey(forwardKey):
|
if self._core._utils.validatePubKey(forwardKey):
|
||||||
encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
||||||
else:
|
else:
|
||||||
raise Exception("No valid forward key available for this user")
|
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
||||||
return
|
return (data, forwardKey)
|
||||||
|
|
||||||
def forwardDecrypt(self, encrypted):
|
def forwardDecrypt(self, encrypted):
|
||||||
retData = ''
|
retData = ''
|
||||||
|
for key in self
|
||||||
return
|
return
|
||||||
|
|
||||||
def _getLatestForwardKey(self):
|
def _getLatestForwardKey(self):
|
||||||
# Get the latest forward secrecy key for a peer
|
# Get the latest forward secrecy key for a peer
|
||||||
|
key = ""
|
||||||
conn = sqlite3.connect(self._core.peerDB, timeout=10)
|
conn = sqlite3.connect(self._core.peerDB, timeout=10)
|
||||||
c = conn.cursor()
|
c = conn.cursor()
|
||||||
|
|
||||||
|
@ -111,7 +114,17 @@ class OnionrUser:
|
||||||
|
|
||||||
conn.commit()
|
conn.commit()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
return newPub
|
||||||
|
|
||||||
|
def getGeneratedForwardKeys(self, peer):
|
||||||
|
# Fetch the keys we generated for the peer, that are still around
|
||||||
|
conn = sqlite3.connect(self._core.peerDB, timeout=10)
|
||||||
|
c = conn.cursor()
|
||||||
|
command = (peer,)
|
||||||
|
keyList = [] # list of tuples containing pub, private for peer
|
||||||
|
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
|
||||||
|
keyList.append((result[1], result[2]))
|
||||||
|
return keyList
|
||||||
|
|
||||||
def addForwardKey(self, newKey):
|
def addForwardKey(self, newKey):
|
||||||
if not self._core._utils.validatePubKey(newKey):
|
if not self._core._utils.validatePubKey(newKey):
|
||||||
|
|
Loading…
Reference in New Issue