actually handle future-set blocks properly

master
Kevin Froman 2018-12-15 23:35:06 -06:00
parent a4370c26b0
commit 98bc3b3271
2 changed files with 4 additions and 7 deletions

View File

@ -33,9 +33,7 @@ class OnionrCrypto:
self._keyFile = self._core.dataDir + 'keys.txt' self._keyFile = self._core.dataDir + 'keys.txt'
self.pubKey = None self.pubKey = None
self.privKey = None self.privKey = None
self.secrets = secrets self.secrets = secrets
self.deterministicRequirement = 25 # Min deterministic password/phrase length self.deterministicRequirement = 25 # Min deterministic password/phrase length
self.HASH_ID_ROUNDS = 2000 self.HASH_ID_ROUNDS = 2000
self.keyManager = keymanager.KeyManager(self) self.keyManager = keymanager.KeyManager(self)
@ -99,7 +97,6 @@ class OnionrCrypto:
def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False): def pubKeyEncrypt(self, data, pubkey, anonymous=True, encodedData=False):
'''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)''' '''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
retVal = '' retVal = ''
try: try:
pubkey = pubkey.encode() pubkey = pubkey.encode()
except AttributeError: except AttributeError:
@ -198,7 +195,7 @@ class OnionrCrypto:
private_key = nacl.signing.SigningKey.generate() private_key = nacl.signing.SigningKey.generate()
public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder()) public_key = private_key.verify_key.encode(encoder=nacl.encoding.Base32Encoder())
return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode()) return (public_key.decode(), private_key.encode(encoder=nacl.encoding.Base32Encoder()).decode())
def generateDeterministic(self, passphrase, bypassCheck=False): def generateDeterministic(self, passphrase, bypassCheck=False):
'''Generate a Ed25519 public key pair from a password''' '''Generate a Ed25519 public key pair from a password'''
passStrength = self.deterministicRequirement passStrength = self.deterministicRequirement
@ -212,7 +209,7 @@ class OnionrCrypto:
salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes salt = b"U81Q7llrQcdTP0Ux" # Does not need to be unique or secret, but must be 16 bytes
ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem) key = kdf(nacl.secret.SecretBox.KEY_SIZE, passphrase, salt, opslimit=ops, memlimit=mem)
key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder()) key = nacl.public.PrivateKey(key, nacl.encoding.RawEncoder())
publicKey = key.public_key publicKey = key.public_key
@ -285,6 +282,6 @@ class OnionrCrypto:
logger.debug("Invalid token, bad proof") logger.debug("Invalid token, bad proof")
return retData return retData
def safeCompare(self, one, two): def safeCompare(self, one, two):
return hmac.compare_digest(one, two) return hmac.compare_digest(one, two)

View File

@ -392,7 +392,7 @@ class OnionrUtils:
if not self.isIntegerString(metadata[i]): if not self.isIntegerString(metadata[i]):
logger.warn('Block metadata time stamp is not integer string') logger.warn('Block metadata time stamp is not integer string')
break break
if metadata[i] > self.getEpoch(): if (metadata[i] - self.getEpoch()) > 30:
logger.warn('Block metadata time stamp is set for the future, which is not allowed.') logger.warn('Block metadata time stamp is set for the future, which is not allowed.')
break break
if (self.getEpoch() - metadata[i]) > maxAge: if (self.getEpoch() - metadata[i]) > maxAge: