From 4df67304d6af9457ba7358169396f1dcc0175bac Mon Sep 17 00:00:00 2001 From: Mark Qvist Date: Thu, 2 Feb 2023 20:48:52 +0100 Subject: [PATCH] Added payload masking to interfaces with IFAC enabled --- RNS/Transport.py | 46 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/RNS/Transport.py b/RNS/Transport.py index e4b328d..e7524de 100755 --- a/RNS/Transport.py +++ b/RNS/Transport.py @@ -586,12 +586,36 @@ class Transport: # Calculate packet access code ifac = interface.ifac_identity.sign(raw)[-interface.ifac_size:] + # Generate mask + mask = RNS.Cryptography.hkdf( + length=len(raw)+interface.ifac_size, + derive_from=interface.ifac_signature+ifac, + salt=RNS.Reticulum.IFAC_SALT, + context=None, + ) + # Set IFAC flag new_header = bytes([raw[0] | 0x80, raw[1]]) - # Assemble new payload with IFAC and send it + # Assemble new payload with IFAC new_raw = new_header+ifac+raw[2:] - interface.processOutgoing(new_raw) + + # Mask payload + i = 0; masked_raw = b"" + for byte in new_raw: + if i == 1 or i > interface.ifac_size+1: + masked_raw += bytes([byte ^ mask[i]]) + else: + masked_raw += bytes([byte]) + i += 1 + + # Send it + interface.processOutgoing(masked_raw) + + # TODO: Remove + # RNS.log("Mask material : "+RNS.hexrep(mask_material), RNS.LOG_DEBUG) + # RNS.log("Before masking : "+RNS.hexrep(new_raw), RNS.LOG_DEBUG) + # RNS.log("After masking : "+RNS.hexrep(masked_raw), RNS.LOG_DEBUG) else: interface.processOutgoing(raw) @@ -905,6 +929,24 @@ class Transport: # Extract IFAC ifac = raw[2:2+interface.ifac_size] + # Generate mask + mask = RNS.Cryptography.hkdf( + length=len(raw), + derive_from=interface.ifac_signature+ifac, + salt=RNS.Reticulum.IFAC_SALT, + context=None, + ) + + # Unmask payload + i = 0; unmasked_raw = b"" + for byte in raw: + if i == 1 or i > interface.ifac_size+1: + unmasked_raw += bytes([byte ^ mask[i]]) + else: + unmasked_raw += bytes([byte]) + i += 1 + raw = unmasked_raw + # Unset IFAC flag new_header = bytes([raw[0] & 0x7f, raw[1]])