fixed forward secrecy and delete keys

master
Kevin Froman 2018-11-09 13:07:26 -06:00
parent c0707a10f9
commit c0c5061f1e
No known key found for this signature in database
GPG Key ID: 0D414D0FE405B63B
6 changed files with 60 additions and 16 deletions

View File

@ -99,11 +99,13 @@ class OnionrCommunicatorDaemon:
netCheckTimer = OnionrCommunicatorTimers(self, self.daemonTools.netCheck, 600)
announceTimer = OnionrCommunicatorTimers(self, self.daemonTools.announceNode, 305, requiresPeer=True, maxThreads=1)
cleanupTimer = OnionrCommunicatorTimers(self, self.peerCleanup, 300, requiresPeer=True)
forwardSecrecyTimer = OnionrCommunicatorTimers(self, self.daemonTools.cleanKeys, 15)
# set loop to execute instantly to load up peer pool (replaced old pool init wait)
peerPoolTimer.count = (peerPoolTimer.frequency - 1)
cleanupTimer.count = (cleanupTimer.frequency - 60)
announceTimer.count = (cleanupTimer.frequency - 60)
#forwardSecrecyTimer.count = (forwardSecrecyTimer.frequency - 990)
self.socketServer = threading.Thread(target=onionrsockets.OnionrSocketServer, args=(self._core,))
self.socketServer.start()
@ -450,7 +452,10 @@ class OnionrCommunicatorDaemon:
if cmd[0] == 'shutdown':
self.shutdown = True
elif cmd[0] == 'announceNode':
self.announce(cmd[1])
if len(self.onlinePeers) > 0:
self.announce(cmd[1])
else:
logger.warn("Not introducing, since I have no connected nodes.")
elif cmd[0] == 'runCheck':
logger.debug('Status check; looks good.')
open(self._core.dataDir + '.runcheck', 'w+').close()

View File

@ -670,7 +670,7 @@ class Core:
except AttributeError:
pass
if encryptType == 'sym':
if encryptType == 'asym':
try:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0]

View File

@ -124,8 +124,8 @@ class DBCreator:
c = conn.cursor()
c.execute('''CREATE TABLE myForwardKeys(
peer text not null,
public key text not null,
private key text not null,
publickey text not null,
privatekey text not null,
date int not null,
expire int not null
);

View File

@ -17,7 +17,7 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
'''
import onionrexceptions, onionrpeers, onionrproofs, base64, logger
import onionrexceptions, onionrpeers, onionrproofs, base64, logger, onionrusers, sqlite3
from dependencies import secrets
class DaemonTools:
def __init__(self, daemon):
@ -78,6 +78,26 @@ class DaemonTools:
self.daemon._core._blacklist.addToDB(bHash)
self.daemon._core.removeBlock(bHash)
self.daemon.decrementThreadCount('cleanOldBlocks')
def cleanKeys(self):
'''Delete expired forward secrecy keys'''
conn = sqlite3.connect(self.daemon._core.peerDB, timeout=10)
c = conn.cursor()
time = self.daemon._core._utils.getEpoch()
deleteKeys = []
for entry in c.execute("SELECT * FROM forwardKeys where expire <= ?", (time,)):
logger.info(entry[1])
deleteKeys.append(entry[1])
for key in deleteKeys:
logger.info('Deleting forward key '+ key)
c.execute("DELETE from forwardKeys where forwardKey = ?", (key,))
conn.commit()
conn.close()
onionrusers.deleteExpiredKeys(self.daemon._core)
self.daemon.decrementThreadCount('cleanKeys')
def cooldownPeer(self):
'''Randomly add an online peer to cooldown, so we can connect a new one'''

View File

@ -19,6 +19,19 @@
'''
import onionrblockapi, logger, onionrexceptions, json, sqlite3
import nacl.exceptions
def deleteExpiredKeys(coreInst):
# Fetch the keys we generated for the peer, that are still around
conn = sqlite3.connect(coreInst.forwardKeysFile, timeout=10)
c = conn.cursor()
curTime = coreInst._utils.getEpoch()
c.execute("DELETE from myForwardKeys where expire <= ?", (curTime,))
conn.commit()
conn.execute("VACUUM")
conn.close()
return
class OnionrUser:
def __init__(self, coreInst, publicKey):
self.trust = 0
@ -58,7 +71,7 @@ class OnionrUser:
def forwardEncrypt(self, data):
retData = ''
forwardKey = self._getLatestForwardKey()
logger.info('using ' + forwardKey)
#logger.info('using ' + forwardKey)
if self._core._utils.validatePubKey(forwardKey):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True)
else:
@ -68,9 +81,9 @@ class OnionrUser:
def forwardDecrypt(self, encrypted):
retData = ""
logger.error(self.publicKey)
logger.error(self.getGeneratedForwardKeys())
for key in self.getGeneratedForwardKeys():
#logger.error(self.publicKey)
#logger.error(self.getGeneratedForwardKeys(False))
for key in self.getGeneratedForwardKeys(False):
logger.info(encrypted)
try:
retData = self._core._crypto.pubKeyDecrypt(encrypted, privkey=key[1], anonymous=True, encodedData=True)
@ -109,7 +122,7 @@ class OnionrUser:
return list(keyList)
def generateForwardKey(self, expire=432000):
def generateForwardKey(self, expire=604800):
# Generate a forward secrecy key for the peer
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
@ -121,7 +134,7 @@ class OnionrUser:
newPriv = self._core._utils.bytesToStr(newKeys[1])
time = self._core._utils.getEpoch()
command = (self.publicKey, newPub, newPriv, time, expire)
command = (self.publicKey, newPub, newPriv, time, expire + time)
c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?, ?);", command)
@ -129,7 +142,7 @@ class OnionrUser:
conn.close()
return newPub
def getGeneratedForwardKeys(self):
def getGeneratedForwardKeys(self, genNew=True):
# Fetch the keys we generated for the peer, that are still around
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
c = conn.cursor()
@ -140,11 +153,12 @@ class OnionrUser:
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
keyList.append((result[1], result[2]))
if len(keyList) == 0:
self.generateForwardKey()
keyList = self.getGeneratedForwardKeys()
if genNew:
self.generateForwardKey()
keyList = self.getGeneratedForwardKeys()
return list(keyList)
def addForwardKey(self, newKey, expire=432000):
def addForwardKey(self, newKey, expire=604800):
if not self._core._utils.validatePubKey(newKey):
raise onionrexceptions.InvalidPubkey
# Add a forward secrecy key for the peer
@ -152,7 +166,7 @@ class OnionrUser:
c = conn.cursor()
# Prepare the insert
time = self._core._utils.getEpoch()
command = (self.publicKey, newKey, time, expire)
command = (self.publicKey, newKey, time, time + expire)
c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?, ?);", command)

View File

@ -263,14 +263,19 @@ class OnionrUtils:
'''
myBlock = Block(blockHash, self._core)
if myBlock.isEncrypted:
#pass
logger.warn(myBlock.decrypt())
if (myBlock.isEncrypted and myBlock.decrypted) or (not myBlock.isEncrypted):
blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks
signer = self.bytesToStr(myBlock.signer)
valid = myBlock.verifySig()
logger.info('Checking for fs key')
if myBlock.getMetadata('newFSKey') is not None:
onionrusers.OnionrUser(self._core, signer).addForwardKey(myBlock.getMetadata('newFSKey'))
else:
logger.warn('FS not used for this encrypted block')
logger.info(myBlock.bmetadata)
try:
if len(blockType) <= 10: