fixed forward secrecy and delete keys
parent
c0707a10f9
commit
c0c5061f1e
|
@ -99,11 +99,13 @@ class OnionrCommunicatorDaemon:
|
|||
netCheckTimer = OnionrCommunicatorTimers(self, self.daemonTools.netCheck, 600)
|
||||
announceTimer = OnionrCommunicatorTimers(self, self.daemonTools.announceNode, 305, requiresPeer=True, maxThreads=1)
|
||||
cleanupTimer = OnionrCommunicatorTimers(self, self.peerCleanup, 300, requiresPeer=True)
|
||||
forwardSecrecyTimer = OnionrCommunicatorTimers(self, self.daemonTools.cleanKeys, 15)
|
||||
|
||||
# set loop to execute instantly to load up peer pool (replaced old pool init wait)
|
||||
peerPoolTimer.count = (peerPoolTimer.frequency - 1)
|
||||
cleanupTimer.count = (cleanupTimer.frequency - 60)
|
||||
announceTimer.count = (cleanupTimer.frequency - 60)
|
||||
#forwardSecrecyTimer.count = (forwardSecrecyTimer.frequency - 990)
|
||||
|
||||
self.socketServer = threading.Thread(target=onionrsockets.OnionrSocketServer, args=(self._core,))
|
||||
self.socketServer.start()
|
||||
|
@ -450,7 +452,10 @@ class OnionrCommunicatorDaemon:
|
|||
if cmd[0] == 'shutdown':
|
||||
self.shutdown = True
|
||||
elif cmd[0] == 'announceNode':
|
||||
self.announce(cmd[1])
|
||||
if len(self.onlinePeers) > 0:
|
||||
self.announce(cmd[1])
|
||||
else:
|
||||
logger.warn("Not introducing, since I have no connected nodes.")
|
||||
elif cmd[0] == 'runCheck':
|
||||
logger.debug('Status check; looks good.')
|
||||
open(self._core.dataDir + '.runcheck', 'w+').close()
|
||||
|
|
|
@ -670,7 +670,7 @@ class Core:
|
|||
except AttributeError:
|
||||
pass
|
||||
|
||||
if encryptType == 'sym':
|
||||
if encryptType == 'asym':
|
||||
try:
|
||||
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
|
||||
data = forwardEncrypted[0]
|
||||
|
|
|
@ -124,8 +124,8 @@ class DBCreator:
|
|||
c = conn.cursor()
|
||||
c.execute('''CREATE TABLE myForwardKeys(
|
||||
peer text not null,
|
||||
public key text not null,
|
||||
private key text not null,
|
||||
publickey text not null,
|
||||
privatekey text not null,
|
||||
date int not null,
|
||||
expire int not null
|
||||
);
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
'''
|
||||
import onionrexceptions, onionrpeers, onionrproofs, base64, logger
|
||||
import onionrexceptions, onionrpeers, onionrproofs, base64, logger, onionrusers, sqlite3
|
||||
from dependencies import secrets
|
||||
class DaemonTools:
|
||||
def __init__(self, daemon):
|
||||
|
@ -78,6 +78,26 @@ class DaemonTools:
|
|||
self.daemon._core._blacklist.addToDB(bHash)
|
||||
self.daemon._core.removeBlock(bHash)
|
||||
self.daemon.decrementThreadCount('cleanOldBlocks')
|
||||
|
||||
def cleanKeys(self):
|
||||
'''Delete expired forward secrecy keys'''
|
||||
conn = sqlite3.connect(self.daemon._core.peerDB, timeout=10)
|
||||
c = conn.cursor()
|
||||
time = self.daemon._core._utils.getEpoch()
|
||||
deleteKeys = []
|
||||
for entry in c.execute("SELECT * FROM forwardKeys where expire <= ?", (time,)):
|
||||
logger.info(entry[1])
|
||||
deleteKeys.append(entry[1])
|
||||
|
||||
for key in deleteKeys:
|
||||
logger.info('Deleting forward key '+ key)
|
||||
c.execute("DELETE from forwardKeys where forwardKey = ?", (key,))
|
||||
conn.commit()
|
||||
conn.close()
|
||||
|
||||
onionrusers.deleteExpiredKeys(self.daemon._core)
|
||||
|
||||
self.daemon.decrementThreadCount('cleanKeys')
|
||||
|
||||
def cooldownPeer(self):
|
||||
'''Randomly add an online peer to cooldown, so we can connect a new one'''
|
||||
|
|
|
@ -19,6 +19,19 @@
|
|||
'''
|
||||
import onionrblockapi, logger, onionrexceptions, json, sqlite3
|
||||
import nacl.exceptions
|
||||
|
||||
def deleteExpiredKeys(coreInst):
|
||||
# Fetch the keys we generated for the peer, that are still around
|
||||
conn = sqlite3.connect(coreInst.forwardKeysFile, timeout=10)
|
||||
c = conn.cursor()
|
||||
|
||||
curTime = coreInst._utils.getEpoch()
|
||||
c.execute("DELETE from myForwardKeys where expire <= ?", (curTime,))
|
||||
conn.commit()
|
||||
conn.execute("VACUUM")
|
||||
conn.close()
|
||||
return
|
||||
|
||||
class OnionrUser:
|
||||
def __init__(self, coreInst, publicKey):
|
||||
self.trust = 0
|
||||
|
@ -58,7 +71,7 @@ class OnionrUser:
|
|||
def forwardEncrypt(self, data):
|
||||
retData = ''
|
||||
forwardKey = self._getLatestForwardKey()
|
||||
logger.info('using ' + forwardKey)
|
||||
#logger.info('using ' + forwardKey)
|
||||
if self._core._utils.validatePubKey(forwardKey):
|
||||
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True)
|
||||
else:
|
||||
|
@ -68,9 +81,9 @@ class OnionrUser:
|
|||
|
||||
def forwardDecrypt(self, encrypted):
|
||||
retData = ""
|
||||
logger.error(self.publicKey)
|
||||
logger.error(self.getGeneratedForwardKeys())
|
||||
for key in self.getGeneratedForwardKeys():
|
||||
#logger.error(self.publicKey)
|
||||
#logger.error(self.getGeneratedForwardKeys(False))
|
||||
for key in self.getGeneratedForwardKeys(False):
|
||||
logger.info(encrypted)
|
||||
try:
|
||||
retData = self._core._crypto.pubKeyDecrypt(encrypted, privkey=key[1], anonymous=True, encodedData=True)
|
||||
|
@ -109,7 +122,7 @@ class OnionrUser:
|
|||
|
||||
return list(keyList)
|
||||
|
||||
def generateForwardKey(self, expire=432000):
|
||||
def generateForwardKey(self, expire=604800):
|
||||
|
||||
# Generate a forward secrecy key for the peer
|
||||
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
|
||||
|
@ -121,7 +134,7 @@ class OnionrUser:
|
|||
newPriv = self._core._utils.bytesToStr(newKeys[1])
|
||||
|
||||
time = self._core._utils.getEpoch()
|
||||
command = (self.publicKey, newPub, newPriv, time, expire)
|
||||
command = (self.publicKey, newPub, newPriv, time, expire + time)
|
||||
|
||||
c.execute("INSERT INTO myForwardKeys VALUES(?, ?, ?, ?, ?);", command)
|
||||
|
||||
|
@ -129,7 +142,7 @@ class OnionrUser:
|
|||
conn.close()
|
||||
return newPub
|
||||
|
||||
def getGeneratedForwardKeys(self):
|
||||
def getGeneratedForwardKeys(self, genNew=True):
|
||||
# Fetch the keys we generated for the peer, that are still around
|
||||
conn = sqlite3.connect(self._core.forwardKeysFile, timeout=10)
|
||||
c = conn.cursor()
|
||||
|
@ -140,11 +153,12 @@ class OnionrUser:
|
|||
for result in c.execute("SELECT * FROM myForwardKeys where peer=?", command):
|
||||
keyList.append((result[1], result[2]))
|
||||
if len(keyList) == 0:
|
||||
self.generateForwardKey()
|
||||
keyList = self.getGeneratedForwardKeys()
|
||||
if genNew:
|
||||
self.generateForwardKey()
|
||||
keyList = self.getGeneratedForwardKeys()
|
||||
return list(keyList)
|
||||
|
||||
def addForwardKey(self, newKey, expire=432000):
|
||||
def addForwardKey(self, newKey, expire=604800):
|
||||
if not self._core._utils.validatePubKey(newKey):
|
||||
raise onionrexceptions.InvalidPubkey
|
||||
# Add a forward secrecy key for the peer
|
||||
|
@ -152,7 +166,7 @@ class OnionrUser:
|
|||
c = conn.cursor()
|
||||
# Prepare the insert
|
||||
time = self._core._utils.getEpoch()
|
||||
command = (self.publicKey, newKey, time, expire)
|
||||
command = (self.publicKey, newKey, time, time + expire)
|
||||
|
||||
c.execute("INSERT INTO forwardKeys VALUES(?, ?, ?, ?);", command)
|
||||
|
||||
|
|
|
@ -263,14 +263,19 @@ class OnionrUtils:
|
|||
'''
|
||||
myBlock = Block(blockHash, self._core)
|
||||
if myBlock.isEncrypted:
|
||||
#pass
|
||||
logger.warn(myBlock.decrypt())
|
||||
if (myBlock.isEncrypted and myBlock.decrypted) or (not myBlock.isEncrypted):
|
||||
blockType = myBlock.getMetadata('type') # we would use myBlock.getType() here, but it is bugged with encrypted blocks
|
||||
signer = self.bytesToStr(myBlock.signer)
|
||||
valid = myBlock.verifySig()
|
||||
|
||||
logger.info('Checking for fs key')
|
||||
if myBlock.getMetadata('newFSKey') is not None:
|
||||
onionrusers.OnionrUser(self._core, signer).addForwardKey(myBlock.getMetadata('newFSKey'))
|
||||
else:
|
||||
logger.warn('FS not used for this encrypted block')
|
||||
logger.info(myBlock.bmetadata)
|
||||
|
||||
try:
|
||||
if len(blockType) <= 10:
|
||||
|
|
Loading…
Reference in New Issue