work on foward secrecy

master
Kevin Froman 2018-10-08 00:11:46 -05:00
parent 38913b62ce
commit c823eecfe3
3 changed files with 14 additions and 8 deletions

View File

@ -714,8 +714,6 @@ class Core:
meta['type'] = header
meta['type'] = str(meta['type'])
jsonMeta = json.dumps(meta)
if encryptType in ('asym', 'sym', ''):
metadata['encryptType'] = encryptType
else:
@ -729,10 +727,13 @@ class Core:
try:
forwardEncrypted = onionrusers.OnionrUser(self, asymPeer).forwardEncrypt(data)
data = forwardEncrypted[0]
meta['newFSKey'] = forwardEncrypted[1][0]
meta['newFSKey'] = forwardEncrypted[1]
meta['forwardEnc'] = True
except onionrexceptions.InvalidPubkey:
meta['newFSKey'] = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0][0]
onionrusers.OnionrUser(self, asymPeer).generateForwardKey()
fsKey = onionrusers.OnionrUser(self, asymPeer).getGeneratedForwardKeys()[0]
meta['newFSKey'] = fsKey[0]
jsonMeta = json.dumps(meta)
if sign:
signature = self._crypto.edSign(jsonMeta.encode() + data, key=self._crypto.privKey, encodeResult=True)
signer = self._crypto.pubKey

View File

@ -96,7 +96,10 @@ class Block:
except (AssertionError, KeyError) as e:
pass
else:
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt()
try:
self.bcontent = onionrusers.OnionrUser(self.core, self.signer).forwardDecrypt(self.bcontent)
except onionrexceptions.DecryptionError:
pass
except nacl.exceptions.CryptoError:
pass
#logger.debug('Could not decrypt block. Either invalid key or corrupted data')

View File

@ -58,7 +58,7 @@ class OnionrUser:
retData = ''
forwardKey = self._getLatestForwardKey()
if self._core._utils.validatePubKey(forwardKey):
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True)
retData = self._core._crypto.pubKeyEncrypt(data, forwardKey, encodedData=True, anonymous=True)
else:
raise onionrexceptions.InvalidPubkey("No valid forward key available for this user")
self.generateForwardKey()
@ -67,7 +67,8 @@ class OnionrUser:
def forwardDecrypt(self, encrypted):
retData = ""
for key in self.getGeneratedForwardKeys():
retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1])
retData = self._core._crypto.pubKeyDecrypt(encrypted, pubkey=key[1], anonymous=True)
logger('decrypting ' + key + ' got ' + retData)
if retData != False:
break
else:
@ -132,6 +133,7 @@ class OnionrUser:
return keyList
def addForwardKey(self, newKey, expire=432000):
logger.info(newKey)
if not self._core._utils.validatePubKey(newKey):
raise onionrexceptions.InvalidPubkey
# Add a forward secrecy key for the peer