William
/
Reticulum
mirror of https://github.com/markqvist/Reticulum.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Expanded address space to 128 bits

This commit is contained in:
Mark Qvist 2022-06-30 14:02:57 +02:00
parent 2be1c7633d
commit 5faf13d505
7 changed files with 35 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
RNS/Cryptography/Fernet.py
View File

@ -29,8 +29,7 @@ from RNS.Cryptography.AES import AES_128_CBC
class Fernet(): class Fernet():
FERNET_VERSION = 0x80 FERNET_VERSION = 0x80
FERNET_OVERHEAD = 57 # In bytes FERNET_OVERHEAD = 48 # In bytes
OPTIMISED_FERNET_OVERHEAD = 54 # In bytes
@staticmethod @staticmethod
def generate_key(): def generate_key():
@ -73,7 +72,7 @@ class Fernet():
iv = iv, iv = iv,
) )
signed_parts = b"\x80"+current_time.to_bytes(length=8, byteorder="big")+iv+ciphertext signed_parts = iv+ciphertext
return signed_parts + HMAC.new(self._signing_key, signed_parts).digest() return signed_parts + HMAC.new(self._signing_key, signed_parts).digest()
@ -85,8 +84,8 @@ class Fernet():
if not self.verify_hmac(token): if not self.verify_hmac(token):
raise ValueError("Fernet token HMAC was invalid") raise ValueError("Fernet token HMAC was invalid")
iv = token[9:25] iv = token[:16]
ciphertext = token[25:-32] ciphertext = token[16:-32]
try: try:
plaintext = PKCS7.unpad( plaintext = PKCS7.unpad(

1
RNS/Identity.py
View File

@ -55,7 +55,6 @@ class Identity:
# Non-configurable constants # Non-configurable constants
FERNET_VERSION = RNS.Cryptography.Fernet.FERNET_VERSION FERNET_VERSION = RNS.Cryptography.Fernet.FERNET_VERSION
FERNET_OVERHEAD = RNS.Cryptography.Fernet.FERNET_OVERHEAD FERNET_OVERHEAD = RNS.Cryptography.Fernet.FERNET_OVERHEAD
OPTIMISED_FERNET_OVERHEAD = RNS.Cryptography.Fernet.OPTIMISED_FERNET_OVERHEAD
AES128_BLOCKSIZE = 16 # In bytes AES128_BLOCKSIZE = 16 # In bytes
HASHLENGTH = 256 # In bits HASHLENGTH = 256 # In bits
SIGLENGTH = KEYSIZE # In bits SIGLENGTH = KEYSIZE # In bits

17
RNS/Link.py
View File

@ -59,7 +59,7 @@ class Link:
ECPUBSIZE = 32+32 ECPUBSIZE = 32+32
KEYSIZE = 32 KEYSIZE = 32
MDU = math.floor((RNS.Reticulum.MTU-RNS.Reticulum.IFAC_MIN_SIZE-RNS.Reticulum.HEADER_MINSIZE-RNS.Identity.OPTIMISED_FERNET_OVERHEAD)/RNS.Identity.AES128_BLOCKSIZE)*RNS.Identity.AES128_BLOCKSIZE - 1 MDU = math.floor((RNS.Reticulum.MTU-RNS.Reticulum.IFAC_MIN_SIZE-RNS.Reticulum.HEADER_MINSIZE-RNS.Identity.FERNET_OVERHEAD)/RNS.Identity.AES128_BLOCKSIZE)*RNS.Identity.AES128_BLOCKSIZE - 1
ESTABLISHMENT_TIMEOUT_PER_HOP = RNS.Reticulum.DEFAULT_PER_HOP_TIMEOUT ESTABLISHMENT_TIMEOUT_PER_HOP = RNS.Reticulum.DEFAULT_PER_HOP_TIMEOUT
""" """
@ -788,16 +788,7 @@ class Link:
RNS.log("Could not "+str(self)+" instantiate Fernet while performin encryption on link. The contained exception was: "+str(e), RNS.LOG_ERROR) RNS.log("Could not "+str(self)+" instantiate Fernet while performin encryption on link. The contained exception was: "+str(e), RNS.LOG_ERROR)
raise e raise e
# The fernet token VERSION field is stripped here and return self.fernet.encrypt(plaintext)
# reinserted on the receiving end, since it is always
# set to 0x80.
#
# Since we're also quite content with supporting time-
# stamps until the year 8921556 AD, we'll also strip 2
# bytes from the timestamp field and reinsert those as
# 0x00 when received.
ciphertext = self.fernet.encrypt(plaintext)[3:]
return ciphertext
except Exception as e: except Exception as e:
RNS.log("Encryption on link "+str(self)+" failed. The contained exception was: "+str(e), RNS.LOG_ERROR) RNS.log("Encryption on link "+str(self)+" failed. The contained exception was: "+str(e), RNS.LOG_ERROR)
@ -809,8 +800,8 @@ class Link:
if not self.fernet: if not self.fernet:
self.fernet = Fernet(self.derived_key) self.fernet = Fernet(self.derived_key)
plaintext = self.fernet.decrypt(bytes([RNS.Identity.FERNET_VERSION, 0x00, 0x00]) + ciphertext) return self.fernet.decrypt(ciphertext)
return plaintext
except Exception as e: except Exception as e:
RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR) RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)

16
RNS/Packet.py
View File

@ -216,16 +216,18 @@ class Packet:
self.destination_type = (self.flags & 0b00001100) >> 2 self.destination_type = (self.flags & 0b00001100) >> 2
self.packet_type = (self.flags & 0b00000011) self.packet_type = (self.flags & 0b00000011)
DST_LEN = RNS.Reticulum.TRUNCATED_HASHLENGTH//8
if self.header_type == Packet.HEADER_2: if self.header_type == Packet.HEADER_2:
self.transport_id = self.raw[2:12] self.transport_id = self.raw[2:DST_LEN+2]
self.destination_hash = self.raw[12:22] self.destination_hash = self.raw[DST_LEN+2:2*DST_LEN+2]
self.context = ord(self.raw[22:23]) self.context = ord(self.raw[2*DST_LEN+2:2*DST_LEN+3])
self.data = self.raw[23:] self.data = self.raw[2*DST_LEN+3:]
else: else:
self.transport_id = None self.transport_id = None
self.destination_hash = self.raw[2:12] self.destination_hash = self.raw[2:DST_LEN+2]
self.context = ord(self.raw[12:13]) self.context = ord(self.raw[DST_LEN+2:DST_LEN+3])
self.data = self.raw[13:] self.data = self.raw[DST_LEN+3:]
self.packed = False self.packed = False
self.update_hash() self.update_hash()

2
RNS/Reticulum.py
View File

@ -117,7 +117,7 @@ class Reticulum:
DEFAULT_PER_HOP_TIMEOUT = 5 DEFAULT_PER_HOP_TIMEOUT = 5
# Length of truncated hashes in bits. # Length of truncated hashes in bits.
TRUNCATED_HASHLENGTH = 80 TRUNCATED_HASHLENGTH = 128
HEADER_MINSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*1 HEADER_MINSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*1
HEADER_MAXSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*2 HEADER_MAXSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*2

16
RNS/Utilities/rncp.py
View File

@ -212,7 +212,7 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
temp_file.write(real_file.read()) temp_file.write(real_file.read())
temp_file.seek(0) temp_file.seek(0)
print("\r \r", end="") print("\r \r", end="")
reticulum = RNS.Reticulum(configdir=configdir, loglevel=targetloglevel) reticulum = RNS.Reticulum(configdir=configdir, loglevel=targetloglevel)
@ -240,10 +240,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
i = (i+1)%len(syms) i = (i+1)%len(syms)
if not RNS.Transport.has_path(destination_hash): if not RNS.Transport.has_path(destination_hash):
print("\r \rPath not found") print("\r \rPath not found")
exit(1) exit(1)
else: else:
print("\r \rEstablishing link with "+RNS.prettyhexrep(destination_hash)+" ", end=" ") print("\r \rEstablishing link with "+RNS.prettyhexrep(destination_hash)+" ", end=" ")
receiver_identity = RNS.Identity.recall(destination_hash) receiver_identity = RNS.Identity.recall(destination_hash)
receiver_destination = RNS.Destination( receiver_destination = RNS.Destination(
@ -262,10 +262,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
i = (i+1)%len(syms) i = (i+1)%len(syms)
if not RNS.Transport.has_path(destination_hash): if not RNS.Transport.has_path(destination_hash):
print("\r \rCould not establish link with "+RNS.prettyhexrep(destination_hash)) print("\r \rCould not establish link with "+RNS.prettyhexrep(destination_hash))
exit(1) exit(1)
else: else:
print("\r \rAdvertising file resource ", end=" ") print("\r \rAdvertising file resource ", end=" ")
link.identify(identity) link.identify(identity)
resource = RNS.Resource(temp_file, link, callback = sender_progress, progress_callback = sender_progress) resource = RNS.Resource(temp_file, link, callback = sender_progress, progress_callback = sender_progress)
@ -279,10 +279,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
if resource.status > RNS.Resource.COMPLETE: if resource.status > RNS.Resource.COMPLETE:
print("\r \rFile was not accepted by "+RNS.prettyhexrep(destination_hash)) print("\r \rFile was not accepted by "+RNS.prettyhexrep(destination_hash))
exit(1) exit(1)
else: else:
print("\r \rTransferring file ", end=" ") print("\r \rTransferring file ", end=" ")
while not resource_done: while not resource_done:
time.sleep(0.1) time.sleep(0.1)
@ -294,7 +294,7 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
i = (i+1)%len(syms) i = (i+1)%len(syms)
if current_resource.status != RNS.Resource.COMPLETE: if current_resource.status != RNS.Resource.COMPLETE:
print("\r \rThe transfer failed") print("\r \rThe transfer failed")
exit(1) exit(1)
else: else:
print("\r \r"+str(file_path)+" copied to "+RNS.prettyhexrep(destination_hash)) print("\r \r"+str(file_path)+" copied to "+RNS.prettyhexrep(destination_hash))

9
RNS/__init__.py
View File

@ -172,6 +172,15 @@ def prettysize(num, suffix='B'):
return "%.2f%s%s" % (num, last_unit, suffix) return "%.2f%s%s" % (num, last_unit, suffix)
def phyparams():
print("Required Physical Layer MTU : "+str(Reticulum.MTU)+" bytes")
print("Plaintext Packet MDU : "+str(Packet.PLAIN_MDU)+" bytes")
print("Encrypted Packet MDU : "+str(Packet.ENCRYPTED_MDU)+" bytes")
print("Link Curve : "+str(Link.CURVE))
print("Link Packet MDU : "+str(Packet.ENCRYPTED_MDU)+" bytes")
print("Link Public Key Size : "+str(Link.ECPUBSIZE*8)+" bits")
print("Link Private Key Size : "+str(Link.KEYSIZE*8)+" bits")
def panic(): def panic():
os._exit(255) os._exit(255)