dxs/onionr
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

progress in removing core

Browse source
This commit is contained in:
Kevin Froman 2019-07-19 19:01:16 -05:00
parent e12781a49d
commit e1676ef168
21 changed files with 152 additions and 477 deletions
Download patch file Download diff file Expand all files Collapse all files

98
onionr/onionrcrypto/__init__.py
View file

@ -36,7 +36,7 @@ class OnionrCrypto:
self.secrets = secrets
self.deterministicRequirement = 25 # Min deterministic password/phrase length
self.HASH_ID_ROUNDS = 2000
self.keyManager = keymanager.KeyManager(self)
self.keyManager = keymanager.KeyManager()
# Load our own pub/priv Ed25519 keys, gen & save them if they don't exist
if os.path.exists(self._keyFile):
@ -52,47 +52,6 @@ class OnionrCrypto:
self.keyManager.addKey(self.pubKey, self.privKey)
return
def edVerify(self, data, key, sig, encodedData=True):
'''Verify signed data (combined in nacl) to an ed25519 key'''
try:
key = nacl.signing.VerifyKey(key=key, encoder=nacl.encoding.Base32Encoder)
except nacl.exceptions.ValueError:
#logger.debug('Signature by unknown key (cannot reverse hash)')
return False
except binascii.Error:
logger.warn('Could not load key for verification, invalid padding')
return False
retData = False
sig = base64.b64decode(sig)
try:
data = data.encode()
except AttributeError:
pass
if encodedData:
try:
retData = key.verify(data, sig) # .encode() is not the same as nacl.encoding
except nacl.exceptions.BadSignatureError:
pass
else:
try:
retData = key.verify(data, sig)
except nacl.exceptions.BadSignatureError:
pass
return retData
def edSign(self, data, key, encodeResult=False):
'''Ed25519 sign data'''
try:
data = data.encode()
except AttributeError:
pass
key = nacl.signing.SigningKey(seed=key, encoder=nacl.encoding.Base32Encoder)
retData = ''
if encodeResult:
retData = key.sign(data, encoder=nacl.encoding.Base64Encoder).signature.decode() # .encode() is not the same as nacl.encoding
else:
retData = key.sign(data).signature
return retData
def pubKeyEncrypt(self, data, pubkey, encodedData=False):
'''Encrypt to a public key (Curve25519, taken from base32 Ed25519 pubkey)'''
@ -113,25 +72,6 @@ class OnionrCrypto:
return retVal
def pubKeyDecrypt(self, data, pubkey='', privkey='', encodedData=False):
'''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)'''
decrypted = False
if encodedData:
encoding = nacl.encoding.Base64Encoder
else:
encoding = nacl.encoding.RawEncoder
if privkey == '':
privkey = self.privKey
ownKey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key()
if stringvalidators.validate_pub_key(privkey):
privkey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key()
anonBox = nacl.public.SealedBox(privkey)
else:
anonBox = nacl.public.SealedBox(ownKey)
decrypted = anonBox.decrypt(data, encoder=encoding)
return decrypted
def symmetricEncrypt(self, data, key, encodedKey=False, returnEncoded=True):
'''Encrypt data with a 32-byte key (Salsa20-Poly1305 MAC)'''
if encodedKey:
@ -251,38 +191,4 @@ class OnionrCrypto:
else:
logger.debug("Invalid token, bad proof")
return retData
@staticmethod
def replayTimestampValidation(timestamp):
if epoch.get_epoch() - int(timestamp) > 2419200:
return False
else:
return True
@staticmethod
def safeCompare(one, two):
# Do encode here to avoid spawning core
try:
one = one.encode()
except AttributeError:
pass
try:
two = two.encode()
except AttributeError:
pass
return hmac.compare_digest(one, two)
@staticmethod
def randomShuffle(theList):
myList = list(theList)
shuffledList = []
myListLength = len(myList) + 1
while myListLength > 0:
removed = secrets.randbelow(myListLength)
try:
shuffledList.append(myList.pop(removed))
except IndexError:
pass
myListLength = len(myList)
return shuffledList
return retData

5
onionr/onionrcrypto/cryptoutils/__init__.py Normal file
View file

@ -0,0 +1,5 @@
from . import safecompare, replayvalidation, randomshuffle
replay_validator = replayvalidation.replay_timestamp_validation
random_shuffle = randomshuffle.random_shuffle
safe_compare = safecompare.safe_compare

13
onionr/onionrcrypto/cryptoutils/randomshuffle.py Normal file
View file

@ -0,0 +1,13 @@
import secrets
def random_shuffle(theList):
myList = list(theList)
shuffledList = []
myListLength = len(myList) + 1
while myListLength > 0:
removed = secrets.randbelow(myListLength)
try:
shuffledList.append(myList.pop(removed))
except IndexError:
pass
myListLength = len(myList)
return shuffledList

6
onionr/onionrcrypto/cryptoutils/replayvalidation.py Normal file
View file

@ -0,0 +1,6 @@
import utils # onionr utils epoch, not this utils
def replay_timestamp_validation(timestamp):
if utils.epoch.get_epoch() - int(timestamp) > 2419200:
return False
else:
return True

12
onionr/onionrcrypto/cryptoutils/safecompare.py Normal file
View file

@ -0,0 +1,12 @@
import hmac
def safe_compare(one, two):
# Do encode here to avoid spawning core
try:
one = one.encode()
except AttributeError:
pass
try:
two = two.encode()
except AttributeError:
pass
return hmac.compare_digest(one, two)

24
onionr/onionrcrypto/encryption/__init__.py Normal file
View file

@ -0,0 +1,24 @@
import nacl.encoding, nacl.public, nacl.signing
from .. import getourkeypair
pair = getourkeypair.get_keypair()
our_pub_key = pair[0]
our_priv_key = pair[1]
def pub_key_decrypt(data, pubkey='', privkey='', encodedData=False):
'''pubkey decrypt (Curve25519, taken from Ed25519 pubkey)'''
decrypted = False
if encodedData:
encoding = nacl.encoding.Base64Encoder
else:
encoding = nacl.encoding.RawEncoder
if privkey == '':
privkey = our_priv_key
ownKey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key()
if stringvalidators.validate_pub_key(privkey):
privkey = nacl.signing.SigningKey(seed=privkey, encoder=nacl.encoding.Base32Encoder()).to_curve25519_private_key()
anonBox = nacl.public.SealedBox(privkey)
else:
anonBox = nacl.public.SealedBox(ownKey)
decrypted = anonBox.decrypt(data, encoder=encoding)
return decrypted

17
onionr/onionrcrypto/getourkeypair.py Normal file
View file

@ -0,0 +1,17 @@
import os
import keymanager, config, filepaths
from . import generate
def get_keypair():
key_m = keymanager.KeyManager()
if os.path.exists(filepaths.keys_file):
if len(config.get('general.public_key', '')) > 0:
pubKey = config.get('general.public_key')
else:
pubKey = key_m.getPubkeyList()[0]
privKey = key_m.getPrivkey(pubKey)
else:
keys = generate.generate_pub_key()
pubKey = keys[0]
privKey = keys[1]
key_m.addKey(pubKey, privKey)
return (pubKey, privKey)

44
onionr/onionrcrypto/signing/__init__.py Normal file
View file

@ -0,0 +1,44 @@
import base64, binascii
import nacl.encoding, nacl.signing, nacl.exceptions
import logger
def ed_sign(data, key, encodeResult=False):
'''Ed25519 sign data'''
try:
data = data.encode()
except AttributeError:
pass
key = nacl.signing.SigningKey(seed=key, encoder=nacl.encoding.Base32Encoder)
retData = ''
if encodeResult:
retData = key.sign(data, encoder=nacl.encoding.Base64Encoder).signature.decode() # .encode() is not the same as nacl.encoding
else:
retData = key.sign(data).signature
return retData
def ed_verify(data, key, sig, encodedData=True):
'''Verify signed data (combined in nacl) to an ed25519 key'''
try:
key = nacl.signing.VerifyKey(key=key, encoder=nacl.encoding.Base32Encoder)
except nacl.exceptions.ValueError:
#logger.debug('Signature by unknown key (cannot reverse hash)')
return False
except binascii.Error:
logger.warn('Could not load key for verification, invalid padding')
return False
retData = False
sig = base64.b64decode(sig)
try:
data = data.encode()
except AttributeError:
pass
if encodedData:
try:
retData = key.verify(data, sig) # .encode() is not the same as nacl.encoding
except nacl.exceptions.BadSignatureError:
pass
else:
try:
retData = key.verify(data, sig)
except nacl.exceptions.BadSignatureError:
pass
return retData