Added plaintext link support

This commit is contained in:
Mark Qvist 2018-04-16 22:04:28 +02:00
parent 75e0cb039d
commit 8772db6736
3 changed files with 46 additions and 3 deletions

View File

@ -42,19 +42,21 @@ class Link:
RNS.log("Validating link request failed", RNS.LOG_VERBOSE) RNS.log("Validating link request failed", RNS.LOG_VERBOSE)
return None return None
else: else:
RNS.log("Invalid link request payload size, dropping request", RNS.LOG_VERBOSE) RNS.log("Invalid link request payload size, dropping request", RNS.LOG_VERBOSE)
return None return None
def __init__(self, destination=None, owner=None, peer_pub_bytes = None): def __init__(self, destination=None, owner=None, peer_pub_bytes = None):
if destination != None and destination.type != RNS.Destination.SINGLE:
raise TypeError("Links can only be established to the \"single\" destination type")
self.callbacks = LinkCallbacks() self.callbacks = LinkCallbacks()
self.status = Link.PENDING self.status = Link.PENDING
self.type = RNS.Destination.LINK self.type = RNS.Destination.LINK
self.owner = owner self.owner = owner
self.destination = destination self.destination = destination
self.attached_interface = None self.attached_interface = None
self.__encryption_disabled = False
if self.destination == None: if self.destination == None:
self.initiator = False self.initiator = False
else: else:
@ -142,6 +144,8 @@ class Link:
self.callbacks.packet(plaintext, packet) self.callbacks.packet(plaintext, packet)
def encrypt(self, plaintext): def encrypt(self, plaintext):
if self.__encryption_disabled:
return plaintext
try: try:
fernet = Fernet(base64.urlsafe_b64encode(self.derived_key)) fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
ciphertext = base64.urlsafe_b64decode(fernet.encrypt(plaintext)) ciphertext = base64.urlsafe_b64decode(fernet.encrypt(plaintext))
@ -151,6 +155,8 @@ class Link:
def decrypt(self, ciphertext): def decrypt(self, ciphertext):
if self.__encryption_disabled:
return ciphertext
try: try:
fernet = Fernet(base64.urlsafe_b64encode(self.derived_key)) fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
plaintext = fernet.decrypt(base64.urlsafe_b64encode(ciphertext)) plaintext = fernet.decrypt(base64.urlsafe_b64encode(ciphertext))
@ -170,5 +176,14 @@ class Link:
def resource_completed_callback(self, callback): def resource_completed_callback(self, callback):
self.callbacks.resource_completed = callback self.callbacks.resource_completed = callback
def disableEncryption(self):
if (RNS.Reticulum.should_allow_unencrypted()):
RNS.log("The link "+str(self)+" was downgraded to an encryptionless link", RNS.LOG_NOTICE)
self.__encryption_disabled = True
else:
RNS.log("Attempt to disable encryption on link, but encryptionless links are not allowed by config.", RNS.LOG_CRITICAL)
RNS.log("Shutting down Reticulum now!", RNS.LOG_CRITICAL)
RNS.panic()
def __str__(self): def __str__(self):
return RNS.prettyhexrep(self.link_id) return RNS.prettyhexrep(self.link_id)

View File

@ -28,6 +28,8 @@ class Reticulum:
Reticulum.storagepath = Reticulum.configdir+"/storage" Reticulum.storagepath = Reticulum.configdir+"/storage"
Reticulum.cachepath = Reticulum.configdir+"/storage/cache" Reticulum.cachepath = Reticulum.configdir+"/storage/cache"
Reticulum.__allow_unencrypted = False
if not os.path.isdir(Reticulum.storagepath): if not os.path.isdir(Reticulum.storagepath):
os.makedirs(Reticulum.storagepath) os.makedirs(Reticulum.storagepath)
@ -61,6 +63,24 @@ class Reticulum:
if RNS.loglevel > 6: if RNS.loglevel > 6:
RNS.loglevel = 6 RNS.loglevel = 6
if "reticulum" in self.config:
for option in self.config["reticulum"]:
value = self.config["reticulum"][option]
if option == "allow_unencrypted":
if value == "true":
RNS.log("", RNS.LOG_CRITICAL)
RNS.log("! ! !", RNS.LOG_CRITICAL)
RNS.log("", RNS.LOG_CRITICAL)
RNS.log("Danger! Encryptionless links have been allowed in the config file!", RNS.LOG_CRITICAL)
RNS.log("Beware of the consequences! Any data sent over a link can potentially be intercepted,", RNS.LOG_CRITICAL)
RNS.log("read and modified! If you are not absolutely sure that you want this,", RNS.LOG_CRITICAL)
RNS.log("you should exit Reticulum NOW and change your config file!", RNS.LOG_CRITICAL)
RNS.log("", RNS.LOG_CRITICAL)
RNS.log("! ! !", RNS.LOG_CRITICAL)
RNS.log("", RNS.LOG_CRITICAL)
Reticulum.__allow_unencrypted = True
for name in self.config["interfaces"]: for name in self.config["interfaces"]:
c = self.config["interfaces"][name] c = self.config["interfaces"][name]
try: try:
@ -236,3 +256,7 @@ class Reticulum:
os.makedirs(Reticulum.configdir) os.makedirs(Reticulum.configdir)
self.config.write() self.config.write()
self.applyConfig() self.applyConfig()
@staticmethod
def should_allow_unencrypted():
return Reticulum.__allow_unencrypted

View File

@ -1,4 +1,5 @@
import os import os
import sys
import glob import glob
import time import time
@ -74,3 +75,6 @@ def prettyhexrep(data):
delimiter = "" delimiter = ""
hexrep = "<"+delimiter.join("{:02x}".format(ord(c)) for c in data)+">" hexrep = "<"+delimiter.join("{:02x}".format(ord(c)) for c in data)+">"
return hexrep return hexrep
def panic():
os._exit(255)