actually handle future-set blocks properly
parent
a4370c26b0
commit
98bc3b3271
|
@ -33,9 +33,7 @@ class OnionrCrypto:
|
||||||
self._keyFile = self._core.dataDir + 'keys.txt'
|
self._keyFile = self._core.dataDir + 'keys.txt'
|
||||||
self.pubKey = None
|
self.pubKey = None
|
||||||
self.privKey = None
|
self.privKey = None
|
||||||
|
|
||||||
self.secrets = secrets
|
self.secrets = secrets
|
||||||
|
|
||||||
self.deterministicRequirement = 25 # Min deterministic password/phrase length
|
self.deterministicRequirement = 25 # Min deterministic password/phrase length
|
||||||
self.HASH_ID_ROUNDS = 2000
|
self.HASH_ID_ROUNDS = 2000
|
||||||
self.keyManager = keymanager.KeyManager(self)
|
self.keyManager = keymanager.KeyManager(self)
|
||||||
|
@ -99,7 +97,6 @@ class OnionrCrypto:
|
||||||
def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False):
|
def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False):
|
||||||
'''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
|
'''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
|
||||||
retVal = ''
|
retVal = ''
|
||||||
|
|
||||||
try:
|
try:
|
||||||
pubkey = pubkey.encode()
|
pubkey = pubkey.encode()
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
|
@ -198,7 +195,7 @@ class OnionrCrypto:
|
||||||
private_key = nacl.signing.SigningKey.generate()
|
private_key = nacl.signing.SigningKey.generate()
|
||||||
public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder())
|
public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder())
|
||||||
return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode())
|
return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode())
|
||||||
|
|
||||||
def generateDeterministic(self, passphrase, bypassCheck=False):
|
def generateDeterministic(self, passphrase, bypassCheck=False):
|
||||||
'''Generate a Ed25519 public key pair from a password'''
|
'''Generate a Ed25519 public key pair from a password'''
|
||||||
passStrength = self.deterministicRequirement
|
passStrength = self.deterministicRequirement
|
||||||
|
@ -212,7 +209,7 @@ class OnionrCrypto:
|
||||||
salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
|
salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
|
||||||
ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
|
ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
|
||||||
mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
|
mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
|
||||||
|
|
||||||
key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
|
key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
|
||||||
key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
|
key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
|
||||||
publicKey = key.public_key
|
publicKey = key.public_key
|
||||||
|
@ -285,6 +282,6 @@ class OnionrCrypto:
|
||||||
logger.debug("Invalid token, bad proof")
|
logger.debug("Invalid token, bad proof")
|
||||||
|
|
||||||
return retData
|
return retData
|
||||||
|
|
||||||
def safeCompare(self, one, two):
|
def safeCompare(self, one, two):
|
||||||
return hmac.compare_digest(one, two)
|
return hmac.compare_digest(one, two)
|
||||||
|
|
|
@ -392,7 +392,7 @@ class OnionrUtils:
|
||||||
if not self.isIntegerString(metadata[i]):
|
if not self.isIntegerString(metadata[i]):
|
||||||
logger.warn('Block metadata time stamp is not integer string')
|
logger.warn('Block metadata time stamp is not integer string')
|
||||||
break
|
break
|
||||||
if metadata[i] > self.getEpoch():
|
if (metadata[i] - self.getEpoch()) > 30:
|
||||||
logger.warn('Block metadata time stamp is set for the future, which is not allowed.')
|
logger.warn('Block metadata time stamp is set for the future, which is not allowed.')
|
||||||
break
|
break
|
||||||
if (self.getEpoch() - metadata[i]) > maxAge:
|
if (self.getEpoch() - metadata[i]) > maxAge:
|
||||||
|
|
Loading…
Reference in New Issue