From c823eecfe3200083c20c8186ca2a0da33289520b Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Mon, 8 Oct 2018 00:11:46 -0500 Subject: [PATCH] work on foward secrecy --- onionr/core.py | 11 ++++++----- onionr/onionrblockapi.py | 5 ++++- onionr/onionrusers.py | 6 ++++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/onionr/core.py b/onionr/core.py index c2cfc85d..7a1325cc 100644 --- a/onionr/core.py +++ b/onionr/core.py @@ -714,8 +714,6 @@ class Core: meta['type'] = header meta['type'] = str(meta['type']) - jsonMeta = json.dumps(meta) - if encryptType in ('asym', 'sym', ''): metadata['encryptType'] = encryptType else: @@ -729,10 +727,13 @@ class Core: try: forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data) data = forwardEncrypted[0] - meta['newFSKey'] = forwardEncrypted[1][0] + meta['newFSKey'] = forwardEncrypted[1] + meta['forwardEnc'] = True except onionrexceptions.InvalidPubkey: - meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0] - + onionrusers.OnionrUser(self, asymPeer).generateForwardKey() + fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0] + meta['newFSKey'] = fsKey[0] + jsonMeta = json.dumps(meta) if sign: signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True) signer = self._crypto.pubKey diff --git a/onionr/onionrblockapi.py b/onionr/onionrblockapi.py index b2d41cdf..f7d66891 100644 --- a/onionr/onionrblockapi.py +++ b/onionr/onionrblockapi.py @@ -96,7 +96,10 @@ class Block: except (AssertionError, KeyError) as e: pass else: - self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt() + try: + self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt(self.bcontent) + except onionrexceptions.DecryptionError: + pass except nacl.exceptions.CryptoError: pass #logger.debug('Could not decrypt block. Either invalid key or corrupted data') diff --git a/onionr/onionrusers.py b/onionr/onionrusers.py index 20dced6d..e1a3c88b 100644 --- a/onionr/onionrusers.py +++ b/onionr/onionrusers.py @@ -58,7 +58,7 @@ class OnionrUser: retData = '' forwardKey = self._getLatestForwardKey() if self._core._utils.validatePubKey(forwardKey): - retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True) + retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True) else: raise onionrexceptions.InvalidPubkey("No valid forward key available for this user") self.generateForwardKey() @@ -67,7 +67,8 @@ class OnionrUser: def forwardDecrypt(self, encrypted): retData = "" for key in self.getGeneratedForwardKeys(): - retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1]) + retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1], anonymous=True) + logger('decrypting ' + key + ' got ' + retData) if retData != False: break else: @@ -132,6 +133,7 @@ class OnionrUser: return keyList def addForwardKey(self, newKey, expire=432000): + logger.info(newKey) if not self._core._utils.validatePubKey(newKey): raise onionrexceptions.InvalidPubkey # Add a forward secrecy key for the peer