work on foward secrecy
This commit is contained in:
		
							parent
							
								
									5606a07757
								
							
						
					
					
						commit
						980406b699
					
				
					 4 changed files with 18 additions and 11 deletions
				
			
		|  | @ -738,11 +738,6 @@ class Core: | |||
|         # encrypt block metadata/sig/content | ||||
|         if encryptType == 'sym': | ||||
| 
 | ||||
|             # Encrypt block data with forward secrecy key first, but not meta | ||||
|             forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data) | ||||
|             data = forwardEncrypted[0] | ||||
|             jsonMeta['newFSKey'] = forwardEncrypted[1] | ||||
| 
 | ||||
|             if len(symKey) < self.requirements.passwordLength: | ||||
|                 raise onionrexceptions.SecurityError('Weak encryption key') | ||||
|             jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode() | ||||
|  | @ -751,6 +746,14 @@ class Core: | |||
|             signer = self._crypto.symmetricEncrypt(signer, key=symKey, returnEncoded=True).decode() | ||||
|         elif encryptType == 'asym': | ||||
|             if self._utils.validatePubKey(asymPeer): | ||||
|                 # Encrypt block data with forward secrecy key first, but not meta | ||||
|                 try: | ||||
|                     forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) | ||||
|                     data = forwardEncrypted[0] | ||||
|                     meta['newFSKey'] = forwardEncrypted[1][0] | ||||
|                 except onionrexceptions.InvalidPubkey: | ||||
|                     meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0] | ||||
|                 jsonMeta = json.dumps(meta) | ||||
|                 jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode() | ||||
|                 data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode() | ||||
|                 signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True, anonymous=True).decode() | ||||
|  |  | |||
|  | @ -115,7 +115,7 @@ class OnionrUser: | |||
|         time = self._core._utils.getEpoch() | ||||
|         command = (self.publicKey, newPub, newPriv, time, expire) | ||||
| 
 | ||||
|         c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?);", command) | ||||
|         c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?, ?);", command) | ||||
| 
 | ||||
|         conn.commit() | ||||
|         conn.close() | ||||
|  | @ -123,7 +123,7 @@ class OnionrUser: | |||
| 
 | ||||
|     def getGeneratedForwardKeys(self): | ||||
|         # Fetch the keys we generated for the peer, that are still around | ||||
|         conn = sqlite3.connect(self._core.peerDB, timeout=10) | ||||
|         conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10) | ||||
|         c = conn.cursor() | ||||
|         command = (self.publicKey,) | ||||
|         keyList = [] # list of tuples containing pub, private for peer | ||||
|  | @ -131,7 +131,7 @@ class OnionrUser: | |||
|             keyList.append((result[1], result[2])) | ||||
|         return keyList | ||||
| 
 | ||||
|     def addForwardKey(self, newKey): | ||||
|     def addForwardKey(self, newKey, expire=432000): | ||||
|         if not self._core._utils.validatePubKey(newKey): | ||||
|             raise onionrexceptions.InvalidPubkey | ||||
|         # Add a forward secrecy key for the peer | ||||
|  | @ -139,9 +139,9 @@ class OnionrUser: | |||
|         c = conn.cursor() | ||||
|         # Prepare the insert | ||||
|         time = self._core._utils.getEpoch() | ||||
|         command = (self.publicKey, newKey, time) | ||||
|         command = (self.publicKey, newKey, time, expire) | ||||
| 
 | ||||
|         c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?);", command) | ||||
|         c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?, ?);", command) | ||||
| 
 | ||||
|         conn.commit() | ||||
|         conn.close() | ||||
|  |  | |||
|  | @ -267,6 +267,10 @@ class OnionrUtils: | |||
|             blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks | ||||
|             signer = self.bytesToStr(myBlock.signer) | ||||
|             valid = myBlock.verifySig() | ||||
| 
 | ||||
|             if myBlock.getMetadata('newFSKey') is not None: | ||||
|                 onionrusers.OnionrUser(self._core, signer).addForwardKey(myBlock.getMetadata('newFSKey')) | ||||
|          | ||||
|             try: | ||||
|                 if len(blockType) <= 10: | ||||
|                     self._core.updateBlockInfo(blockHash, 'dataType', blockType) | ||||
|  |  | |||
|  | @ -2,6 +2,6 @@ | |||
| 
 | ||||
| <p>The content on this server is not necessarily created by the server owner, and was not necessarily stored specifically with the owner's knowledge of its contents.</p> | ||||
| 
 | ||||
| <p>Onionr is a decentralized, distributed data storage system, that anyone can insert data into.</p> | ||||
| <p>Onionr is a decentralized data storage system that anyone can insert data into.</p> | ||||
| 
 | ||||
| <p>To learn more about Onionr, see the website at <a href="https://onionr.voidnet.tech/">https://Onionr.VoidNet.tech/</a></p> | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue