From 5faf13d50547a5919c172ec7e4d78792fa623e79 Mon Sep 17 00:00:00 2001 From: Mark Qvist Date: Thu, 30 Jun 2022 14:02:57 +0200 Subject: [PATCH] Expanded address space to 128 bits --- RNS/Cryptography/Fernet.py | 9 ++++----- RNS/Identity.py | 1 - RNS/Link.py | 17 ++++------------- RNS/Packet.py | 16 +++++++++------- RNS/Reticulum.py | 2 +- RNS/Utilities/rncp.py | 16 ++++++++-------- RNS/__init__.py | 9 +++++++++ 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/RNS/Cryptography/Fernet.py b/RNS/Cryptography/Fernet.py index 7227b90..b50098e 100644 --- a/RNS/Cryptography/Fernet.py +++ b/RNS/Cryptography/Fernet.py @@ -29,8 +29,7 @@ from RNS.Cryptography.AES import AES_128_CBC class Fernet(): FERNET_VERSION = 0x80 - FERNET_OVERHEAD = 57 # In bytes - OPTIMISED_FERNET_OVERHEAD = 54 # In bytes + FERNET_OVERHEAD = 48 # In bytes @staticmethod def generate_key(): @@ -73,7 +72,7 @@ class Fernet(): iv = iv, ) - signed_parts = b"\x80"+current_time.to_bytes(length=8, byteorder="big")+iv+ciphertext + signed_parts = iv+ciphertext return signed_parts + HMAC.new(self._signing_key, signed_parts).digest() @@ -85,8 +84,8 @@ class Fernet(): if not self.verify_hmac(token): raise ValueError("Fernet token HMAC was invalid") - iv = token[9:25] - ciphertext = token[25:-32] + iv = token[:16] + ciphertext = token[16:-32] try: plaintext = PKCS7.unpad( diff --git a/RNS/Identity.py b/RNS/Identity.py index d8aeb95..fce9da7 100644 --- a/RNS/Identity.py +++ b/RNS/Identity.py @@ -55,7 +55,6 @@ class Identity: # Non-configurable constants FERNET_VERSION = RNS.Cryptography.Fernet.FERNET_VERSION FERNET_OVERHEAD = RNS.Cryptography.Fernet.FERNET_OVERHEAD - OPTIMISED_FERNET_OVERHEAD = RNS.Cryptography.Fernet.OPTIMISED_FERNET_OVERHEAD AES128_BLOCKSIZE = 16 # In bytes HASHLENGTH = 256 # In bits SIGLENGTH = KEYSIZE # In bits diff --git a/RNS/Link.py b/RNS/Link.py index 2c027d2..e4aee94 100644 --- a/RNS/Link.py +++ b/RNS/Link.py @@ -59,7 +59,7 @@ class Link: ECPUBSIZE = 32+32 KEYSIZE = 32 - MDU = math.floor((RNS.Reticulum.MTU-RNS.Reticulum.IFAC_MIN_SIZE-RNS.Reticulum.HEADER_MINSIZE-RNS.Identity.OPTIMISED_FERNET_OVERHEAD)/RNS.Identity.AES128_BLOCKSIZE)*RNS.Identity.AES128_BLOCKSIZE - 1 + MDU = math.floor((RNS.Reticulum.MTU-RNS.Reticulum.IFAC_MIN_SIZE-RNS.Reticulum.HEADER_MINSIZE-RNS.Identity.FERNET_OVERHEAD)/RNS.Identity.AES128_BLOCKSIZE)*RNS.Identity.AES128_BLOCKSIZE - 1 ESTABLISHMENT_TIMEOUT_PER_HOP = RNS.Reticulum.DEFAULT_PER_HOP_TIMEOUT """ @@ -788,16 +788,7 @@ class Link: RNS.log("Could not "+str(self)+" instantiate Fernet while performin encryption on link. The contained exception was: "+str(e), RNS.LOG_ERROR) raise e - # The fernet token VERSION field is stripped here and - # reinserted on the receiving end, since it is always - # set to 0x80. - # - # Since we're also quite content with supporting time- - # stamps until the year 8921556 AD, we'll also strip 2 - # bytes from the timestamp field and reinsert those as - # 0x00 when received. - ciphertext = self.fernet.encrypt(plaintext)[3:] - return ciphertext + return self.fernet.encrypt(plaintext) except Exception as e: RNS.log("Encryption on link "+str(self)+" failed. The contained exception was: "+str(e), RNS.LOG_ERROR) @@ -809,8 +800,8 @@ class Link: if not self.fernet: self.fernet = Fernet(self.derived_key) - plaintext = self.fernet.decrypt(bytes([RNS.Identity.FERNET_VERSION, 0x00, 0x00]) + ciphertext) - return plaintext + return self.fernet.decrypt(ciphertext) + except Exception as e: RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR) diff --git a/RNS/Packet.py b/RNS/Packet.py index 234c801..a78efbe 100755 --- a/RNS/Packet.py +++ b/RNS/Packet.py @@ -216,16 +216,18 @@ class Packet: self.destination_type = (self.flags & 0b00001100) >> 2 self.packet_type = (self.flags & 0b00000011) + DST_LEN = RNS.Reticulum.TRUNCATED_HASHLENGTH//8 + if self.header_type == Packet.HEADER_2: - self.transport_id = self.raw[2:12] - self.destination_hash = self.raw[12:22] - self.context = ord(self.raw[22:23]) - self.data = self.raw[23:] + self.transport_id = self.raw[2:DST_LEN+2] + self.destination_hash = self.raw[DST_LEN+2:2*DST_LEN+2] + self.context = ord(self.raw[2*DST_LEN+2:2*DST_LEN+3]) + self.data = self.raw[2*DST_LEN+3:] else: self.transport_id = None - self.destination_hash = self.raw[2:12] - self.context = ord(self.raw[12:13]) - self.data = self.raw[13:] + self.destination_hash = self.raw[2:DST_LEN+2] + self.context = ord(self.raw[DST_LEN+2:DST_LEN+3]) + self.data = self.raw[DST_LEN+3:] self.packed = False self.update_hash() diff --git a/RNS/Reticulum.py b/RNS/Reticulum.py index ac444b0..74746a8 100755 --- a/RNS/Reticulum.py +++ b/RNS/Reticulum.py @@ -117,7 +117,7 @@ class Reticulum: DEFAULT_PER_HOP_TIMEOUT = 5 # Length of truncated hashes in bits. - TRUNCATED_HASHLENGTH = 80 + TRUNCATED_HASHLENGTH = 128 HEADER_MINSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*1 HEADER_MAXSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*2 diff --git a/RNS/Utilities/rncp.py b/RNS/Utilities/rncp.py index f01cb5d..de4442e 100644 --- a/RNS/Utilities/rncp.py +++ b/RNS/Utilities/rncp.py @@ -212,7 +212,7 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non temp_file.write(real_file.read()) temp_file.seek(0) - print("\r \r", end="") + print("\r \r", end="") reticulum = RNS.Reticulum(configdir=configdir, loglevel=targetloglevel) @@ -240,10 +240,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non i = (i+1)%len(syms) if not RNS.Transport.has_path(destination_hash): - print("\r \rPath not found") + print("\r \rPath not found") exit(1) else: - print("\r \rEstablishing link with "+RNS.prettyhexrep(destination_hash)+" ", end=" ") + print("\r \rEstablishing link with "+RNS.prettyhexrep(destination_hash)+" ", end=" ") receiver_identity = RNS.Identity.recall(destination_hash) receiver_destination = RNS.Destination( @@ -262,10 +262,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non i = (i+1)%len(syms) if not RNS.Transport.has_path(destination_hash): - print("\r \rCould not establish link with "+RNS.prettyhexrep(destination_hash)) + print("\r \rCould not establish link with "+RNS.prettyhexrep(destination_hash)) exit(1) else: - print("\r \rAdvertising file resource ", end=" ") + print("\r \rAdvertising file resource ", end=" ") link.identify(identity) resource = RNS.Resource(temp_file, link, callback = sender_progress, progress_callback = sender_progress) @@ -279,10 +279,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non if resource.status > RNS.Resource.COMPLETE: - print("\r \rFile was not accepted by "+RNS.prettyhexrep(destination_hash)) + print("\r \rFile was not accepted by "+RNS.prettyhexrep(destination_hash)) exit(1) else: - print("\r \rTransferring file ", end=" ") + print("\r \rTransferring file ", end=" ") while not resource_done: time.sleep(0.1) @@ -294,7 +294,7 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non i = (i+1)%len(syms) if current_resource.status != RNS.Resource.COMPLETE: - print("\r \rThe transfer failed") + print("\r \rThe transfer failed") exit(1) else: print("\r \r"+str(file_path)+" copied to "+RNS.prettyhexrep(destination_hash)) diff --git a/RNS/__init__.py b/RNS/__init__.py index ccb7bf8..a657ad2 100755 --- a/RNS/__init__.py +++ b/RNS/__init__.py @@ -172,6 +172,15 @@ def prettysize(num, suffix='B'): return "%.2f%s%s" % (num, last_unit, suffix) +def phyparams(): + print("Required Physical Layer MTU : "+str(Reticulum.MTU)+" bytes") + print("Plaintext Packet MDU : "+str(Packet.PLAIN_MDU)+" bytes") + print("Encrypted Packet MDU : "+str(Packet.ENCRYPTED_MDU)+" bytes") + print("Link Curve : "+str(Link.CURVE)) + print("Link Packet MDU : "+str(Packet.ENCRYPTED_MDU)+" bytes") + print("Link Public Key Size : "+str(Link.ECPUBSIZE*8)+" bits") + print("Link Private Key Size : "+str(Link.KEYSIZE*8)+" bits") + def panic(): os._exit(255)