work on foward secrecy
This commit is contained in:
parent
5606a07757
commit
980406b699
4 changed files with 18 additions and 11 deletions
|
@ -738,11 +738,6 @@ class Core:
|
||||||
# encrypt block metadata/sig/content
|
# encrypt block metadata/sig/content
|
||||||
if encryptType == 'sym':
|
if encryptType == 'sym':
|
||||||
|
|
||||||
# Encrypt block data with forward secrecy key first, but not meta
|
|
||||||
forwardEncrypted = onionrusers.OnionrUser(self, key=symKey).forwardEncrypt(data)
|
|
||||||
data = forwardEncrypted[0]
|
|
||||||
jsonMeta['newFSKey'] = forwardEncrypted[1]
|
|
||||||
|
|
||||||
if len(symKey) < self.requirements.passwordLength:
|
if len(symKey) < self.requirements.passwordLength:
|
||||||
raise onionrexceptions.SecurityError('Weak encryption key')
|
raise onionrexceptions.SecurityError('Weak encryption key')
|
||||||
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
|
jsonMeta = self._crypto.symmetricEncrypt(jsonMeta, key=symKey, returnEncoded=True).decode()
|
||||||
|
@ -751,6 +746,14 @@ class Core:
|
||||||
signer = self._crypto.symmetricEncrypt(signer, key=symKey, returnEncoded=True).decode()
|
signer = self._crypto.symmetricEncrypt(signer, key=symKey, returnEncoded=True).decode()
|
||||||
elif encryptType == 'asym':
|
elif encryptType == 'asym':
|
||||||
if self._utils.validatePubKey(asymPeer):
|
if self._utils.validatePubKey(asymPeer):
|
||||||
|
# Encrypt block data with forward secrecy key first, but not meta
|
||||||
|
try:
|
||||||
|
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
||||||
|
data = forwardEncrypted[0]
|
||||||
|
meta['newFSKey'] = forwardEncrypted[1][0]
|
||||||
|
except onionrexceptions.InvalidPubkey:
|
||||||
|
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
|
||||||
|
jsonMeta = json.dumps(meta)
|
||||||
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
|
jsonMeta = self._crypto.pubKeyEncrypt(jsonMeta, asymPeer, encodedData=True, anonymous=True).decode()
|
||||||
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
|
data = self._crypto.pubKeyEncrypt(data, asymPeer, encodedData=True, anonymous=True).decode()
|
||||||
signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True, anonymous=True).decode()
|
signature = self._crypto.pubKeyEncrypt(signature, asymPeer, encodedData=True, anonymous=True).decode()
|
||||||
|
|
|
@ -115,7 +115,7 @@ class OnionrUser:
|
||||||
time = self._core._utils.getEpoch()
|
time = self._core._utils.getEpoch()
|
||||||
command = (self.publicKey, newPub, newPriv, time, expire)
|
command = (self.publicKey, newPub, newPriv, time, expire)
|
||||||
|
|
||||||
c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?);", command)
|
c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?, ?);", command)
|
||||||
|
|
||||||
conn.commit()
|
conn.commit()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
@ -123,7 +123,7 @@ class OnionrUser:
|
||||||
|
|
||||||
def getGeneratedForwardKeys(self):
|
def getGeneratedForwardKeys(self):
|
||||||
# Fetch the keys we generated for the peer, that are still around
|
# Fetch the keys we generated for the peer, that are still around
|
||||||
conn = sqlite3.connect(self._core.peerDB, timeout=10)
|
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
|
||||||
c = conn.cursor()
|
c = conn.cursor()
|
||||||
command = (self.publicKey,)
|
command = (self.publicKey,)
|
||||||
keyList = [] # list of tuples containing pub, private for peer
|
keyList = [] # list of tuples containing pub, private for peer
|
||||||
|
@ -131,7 +131,7 @@ class OnionrUser:
|
||||||
keyList.append((result[1], result[2]))
|
keyList.append((result[1], result[2]))
|
||||||
return keyList
|
return keyList
|
||||||
|
|
||||||
def addForwardKey(self, newKey):
|
def addForwardKey(self, newKey, expire=432000):
|
||||||
if not self._core._utils.validatePubKey(newKey):
|
if not self._core._utils.validatePubKey(newKey):
|
||||||
raise onionrexceptions.InvalidPubkey
|
raise onionrexceptions.InvalidPubkey
|
||||||
# Add a forward secrecy key for the peer
|
# Add a forward secrecy key for the peer
|
||||||
|
@ -139,9 +139,9 @@ class OnionrUser:
|
||||||
c = conn.cursor()
|
c = conn.cursor()
|
||||||
# Prepare the insert
|
# Prepare the insert
|
||||||
time = self._core._utils.getEpoch()
|
time = self._core._utils.getEpoch()
|
||||||
command = (self.publicKey, newKey, time)
|
command = (self.publicKey, newKey, time, expire)
|
||||||
|
|
||||||
c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?);", command)
|
c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?, ?);", command)
|
||||||
|
|
||||||
conn.commit()
|
conn.commit()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
|
@ -267,6 +267,10 @@ class OnionrUtils:
|
||||||
blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks
|
blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks
|
||||||
signer = self.bytesToStr(myBlock.signer)
|
signer = self.bytesToStr(myBlock.signer)
|
||||||
valid = myBlock.verifySig()
|
valid = myBlock.verifySig()
|
||||||
|
|
||||||
|
if myBlock.getMetadata('newFSKey') is not None:
|
||||||
|
onionrusers.OnionrUser(self._core, signer).addForwardKey(myBlock.getMetadata('newFSKey'))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if len(blockType) <= 10:
|
if len(blockType) <= 10:
|
||||||
self._core.updateBlockInfo(blockHash, 'dataType', blockType)
|
self._core.updateBlockInfo(blockHash, 'dataType', blockType)
|
||||||
|
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
<p>The content on this server is not necessarily created by the server owner, and was not necessarily stored specifically with the owner's knowledge of its contents.</p>
|
<p>The content on this server is not necessarily created by the server owner, and was not necessarily stored specifically with the owner's knowledge of its contents.</p>
|
||||||
|
|
||||||
<p>Onionr is a decentralized, distributed data storage system, that anyone can insert data into.</p>
|
<p>Onionr is a decentralized data storage system that anyone can insert data into.</p>
|
||||||
|
|
||||||
<p>To learn more about Onionr, see the website at <a href="https://onionr.voidnet.tech/">https://Onionr.VoidNet.tech/</a></p>
|
<p>To learn more about Onionr, see the website at <a href="https://onionr.voidnet.tech/">https://Onionr.VoidNet.tech/</a></p>
|
||||||
|
|
Loading…
Reference in a new issue