work on foward secrecy
parent
15877449f8
commit
8de7bd16c6
|
@ -21,7 +21,7 @@ import sqlite3, os, sys, time, math, base64, tarfile, getpass, simplecrypt, hash
|
|||
from onionrblockapi import Block
|
||||
|
||||
import onionrutils, onionrcrypto, onionrproofs, onionrevents as events, onionrexceptions, onionrvalues
|
||||
import onionrblacklist, onionrchat
|
||||
import onionrblacklist, onionrchat, onionrusers
|
||||
import dbcreator
|
||||
if sys.version_info < (3, 6):
|
||||
try:
|
||||
|
@ -731,8 +731,16 @@ class Core:
|
|||
if len(jsonMeta) > 1000:
|
||||
raise onionrexceptions.InvalidMetadata('meta in json encoded form must not exceed 1000 bytes')
|
||||
|
||||
user = onionrusers.OnionrUser(self, symKey)
|
||||
|
||||
# encrypt block metadata/sig/content
|
||||
if encryptType == 'sym':
|
||||
|
||||
# Encrypt block data with forward secrecy key first, but not meta
|
||||
forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
|
||||
data = forwardEncrypted[0]
|
||||
jsonMeta['newFSKey'] = forwardEncrypted[1]
|
||||
|
||||
if len(symKey) < self.requirements.passwordLength:
|
||||
raise onionrexceptions.SecurityError('Weak encryption key')
|
||||
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
|
||||
|
|
|
@ -55,20 +55,23 @@ class OnionrUser:
|
|||
return decrypted
|
||||
|
||||
def forwardEncrypt(self, data):
|
||||
self.generateForwardKey()
|
||||
retData = ''
|
||||
forwardKey = self._getLatestForwardKey()
|
||||
if self._core._utils.validatePubKey(forwardKey):
|
||||
encrypted = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
|
||||
else:
|
||||
raise Exception("No valid forward key available for this user")
|
||||
return
|
||||
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
|
||||
return (data, forwardKey)
|
||||
|
||||
def forwardDecrypt(self, encrypted):
|
||||
retData = ''
|
||||
for key in self
|
||||
return
|
||||
|
||||
def _getLatestForwardKey(self):
|
||||
# Get the latest forward secrecy key for a peer
|
||||
key = ""
|
||||
conn = sqlite3.connect(self._core.peerDB, timeout=10)
|
||||
c = conn.cursor()
|
||||
|
||||
|
@ -111,7 +114,17 @@ class OnionrUser:
|
|||
|
||||
conn.commit()
|
||||
conn.close()
|
||||
return newPub
|
||||
|
||||
def getGeneratedForwardKeys(self, peer):
|
||||
# Fetch the keys we generated for the peer, that are still around
|
||||
conn = sqlite3.connect(self._core.peerDB, timeout=10)
|
||||
c = conn.cursor()
|
||||
command = (peer,)
|
||||
keyList = [] # list of tuples containing pub, private for peer
|
||||
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
|
||||
keyList.append((result[1], result[2]))
|
||||
return keyList
|
||||
|
||||
def addForwardKey(self, newKey):
|
||||
if not self._core._utils.validatePubKey(newKey):
|
||||
|
|
Loading…
Reference in New Issue