Removed option to allow unencrypted links.

RNS/Interfaces/Interface.py

@@ -11,5 +11,4 @@ class Interface:
         pass
 
     def get_hash(self):
-        # TODO: Maybe expand this to something more unique
         return RNS.Identity.full_hash(str(self).encode("utf-8"))

RNS/Link.py

@@ -130,7 +130,6 @@ class Link:
         self.destination = destination
         self.attached_interface = None
         self.__remote_identity = None
-        self.__encryption_disabled = False
         if self.destination == None:
             self.initiator = False
             self.prv     = self.owner.identity.prv
@@ -699,8 +698,6 @@ class Link:
 
 
     def encrypt(self, plaintext):
-        if self.__encryption_disabled:
-            return plaintext
         try:
             if not self.fernet:
                 self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
@@ -722,8 +719,6 @@ class Link:
 
 
     def decrypt(self, ciphertext):
-        if self.__encryption_disabled:
-            return ciphertext
         try:
             if not self.fernet:
                 self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
@@ -842,28 +837,6 @@ class Link:
         else:
             return True
 
-    def disable_encryption(self):
-        """
-        HAZARDOUS. This will downgrade the link to encryptionless. All
-        information over the link will be sent in plaintext. Never use
-        this in production applications. Should only be used for debugging
-        purposes, and will disappear in a future version.
-
-        If encryptionless links are not explicitly allowed in the users
-        configuration file, Reticulum will terminate itself along with the
-        client application and throw an error message to the user.
-        """
-        if (RNS.Reticulum.should_allow_unencrypted()):
-            RNS.log("The link "+str(self)+" was downgraded to an encryptionless link", RNS.LOG_NOTICE)
-            self.__encryption_disabled = True
-        else:
-            RNS.log("Attempt to disable encryption on link, but encryptionless links are not allowed by config.", RNS.LOG_CRITICAL)
-            RNS.log("Shutting down Reticulum now!", RNS.LOG_CRITICAL)
-            RNS.panic()
-
-    def encryption_disabled(self):
-        return self.__encryption_disabled
-
     def __str__(self):
         return RNS.prettyhexrep(self.link_id)
 

RNS/Resource.py

@@ -238,11 +238,8 @@ class Resource:
             # make optimal use of packet MTU on an entire
             # encrypted stream. The Resource instance will
             # use it's underlying link directly to encrypt.
-            if not self.link.encryption_disabled():
-                self.data = self.link.encrypt(self.data)
-                self.encrypted = True
-            else:
-                self.encrypted = False
+            self.data = self.link.encrypt(self.data)
+            self.encrypted = True
 
             self.size = len(self.data)
             self.sent_parts = 0

RNS/Reticulum.py

@@ -95,7 +95,6 @@ class Reticulum:
         Reticulum.cachepath     = Reticulum.configdir+"/storage/cache"
         Reticulum.resourcepath  = Reticulum.configdir+"/storage/resources"
 
-        Reticulum.__allow_unencrypted = False
         Reticulum.__transport_enabled = False
         Reticulum.__use_implicit_proof = True
 
@@ -202,20 +201,6 @@ class Reticulum:
                         Reticulum.__use_implicit_proof = True
                     if v == False:
                         Reticulum.__use_implicit_proof = False
-                if option == "allow_unencrypted":
-                    v = self.config["reticulum"].as_bool(option)
-                    if v == True:
-                        RNS.log("", RNS.LOG_CRITICAL)
-                        RNS.log("! ! !     ! ! !     ! ! !", RNS.LOG_CRITICAL)
-                        RNS.log("", RNS.LOG_CRITICAL)
-                        RNS.log("Danger! Encryptionless links have been allowed in the config file!", RNS.LOG_CRITICAL)
-                        RNS.log("Beware of the consequences! Any data sent over a link can potentially be intercepted,", RNS.LOG_CRITICAL)
-                        RNS.log("read and modified! If you are not absolutely sure that you want this,", RNS.LOG_CRITICAL)
-                        RNS.log("you should exit Reticulum NOW and change your config file!", RNS.LOG_CRITICAL)
-                        RNS.log("", RNS.LOG_CRITICAL)
-                        RNS.log("! ! !     ! ! !     ! ! !", RNS.LOG_CRITICAL)
-                        RNS.log("", RNS.LOG_CRITICAL)
-                        Reticulum.__allow_unencrypted = True
 
         self.__start_local_interface()
 
@@ -466,16 +451,6 @@ class Reticulum:
         self.config.write()
         self.__apply_config()
 
-    @staticmethod
-    def should_allow_unencrypted():
-        """
-        Returns whether unencrypted links are allowed by the
-        current configuration.
-
-        :returns: True if the current running configuration allows downgrading links to plaintext. False if not.
-        """
-        return Reticulum.__allow_unencrypted
-
     @staticmethod
     def should_use_implicit_proof():
         """
@@ -506,14 +481,6 @@ __default_rns_config__ = '''# This is the default Reticulum config file.
 
 [reticulum]
 
-# Don't allow unencrypted links by default.
-# If you REALLY need to allow unencrypted links, for example
-# for debug or regulatory purposes, this can be set to true.
-# This directive is optional and can be removed for brevity.
-
-allow_unencrypted = False
-
-
 # If you enable Transport, your system will route traffic
 # for other peers, pass announces and serve path requests.
 # This should be done for systems that are suited to act

docs/manual/genindex.html

@@ -99,15 +99,13 @@
         <li><a href="reference.html#RNS.Identity.decrypt">(RNS.Identity method)</a>
 </li>
       </ul></li>
-      <li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
-</li>
   </ul></td>
   <td style="width: 33%; vertical-align: top;"><ul>
+      <li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
+</li>
       <li><a href="reference.html#RNS.Destination.deregister_request_handler">deregister_request_handler() (RNS.Destination method)</a>
 </li>
       <li><a href="reference.html#RNS.Destination">Destination (class in RNS)</a>
-</li>
-      <li><a href="reference.html#RNS.Link.disable_encryption">disable_encryption() (RNS.Link method)</a>
 </li>
   </ul></td>
 </tr></table>
@@ -346,8 +344,6 @@
       <li><a href="reference.html#RNS.PacketReceipt.set_timeout">set_timeout() (RNS.PacketReceipt method)</a>
 </li>
       <li><a href="reference.html#RNS.PacketReceipt.set_timeout_callback">set_timeout_callback() (RNS.PacketReceipt method)</a>
-</li>
-      <li><a href="reference.html#RNS.Reticulum.should_allow_unencrypted">should_allow_unencrypted() (RNS.Reticulum static method)</a>
 </li>
       <li><a href="reference.html#RNS.Reticulum.should_use_implicit_proof">should_use_implicit_proof() (RNS.Reticulum static method)</a>
 </li>

docs/manual/reference.html

@@ -84,18 +84,6 @@ MTU is a prerequisite for peers to communicate in the same network.</p>
 the default value.</p>
 </dd></dl>
 
-<dl class="py method">
-<dt class="sig sig-object py" id="RNS.Reticulum.should_allow_unencrypted">
-<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_allow_unencrypted</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_allow_unencrypted" title="Permalink to this definition">¶</a></dt>
-<dd><p>Returns whether unencrypted links are allowed by the
-current configuration.</p>
-<dl class="field-list simple">
-<dt class="field-odd">Returns</dt>
-<dd class="field-odd"><p>True if the current running configuration allows downgrading links to plaintext. False if not.</p>
-</dd>
-</dl>
-</dd></dl>
-
 <dl class="py method">
 <dt class="sig sig-object py" id="RNS.Reticulum.should_use_implicit_proof">
 <em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_use_implicit_proof</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_use_implicit_proof" title="Permalink to this definition">¶</a></dt>
@@ -969,18 +957,6 @@ identified over this link.</p>
 </dl>
 </dd></dl>
 
-<dl class="py method">
-<dt class="sig sig-object py" id="RNS.Link.disable_encryption">
-<span class="sig-name descname"><span class="pre">disable_encryption</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Link.disable_encryption" title="Permalink to this definition">¶</a></dt>
-<dd><p>HAZARDOUS. This will downgrade the link to encryptionless. All
-information over the link will be sent in plaintext. Never use
-this in production applications. Should only be used for debugging
-purposes, and will disappear in a future version.</p>
-<p>If encryptionless links are not explicitly allowed in the users
-configuration file, Reticulum will terminate itself along with the
-client application and throw an error message to the user.</p>
-</dd></dl>
-
 </dd></dl>
 
 </div>