mirror of
https://github.com/markqvist/Reticulum.git
synced 2024-12-22 11:50:18 +00:00
Removed option to allow unencrypted links.
This commit is contained in:
parent
0fe76d50f6
commit
cd9daaefee
@ -11,5 +11,4 @@ class Interface:
|
||||
pass
|
||||
|
||||
def get_hash(self):
|
||||
# TODO: Maybe expand this to something more unique
|
||||
return RNS.Identity.full_hash(str(self).encode("utf-8"))
|
27
RNS/Link.py
27
RNS/Link.py
@ -130,7 +130,6 @@ class Link:
|
||||
self.destination = destination
|
||||
self.attached_interface = None
|
||||
self.__remote_identity = None
|
||||
self.__encryption_disabled = False
|
||||
if self.destination == None:
|
||||
self.initiator = False
|
||||
self.prv = self.owner.identity.prv
|
||||
@ -699,8 +698,6 @@ class Link:
|
||||
|
||||
|
||||
def encrypt(self, plaintext):
|
||||
if self.__encryption_disabled:
|
||||
return plaintext
|
||||
try:
|
||||
if not self.fernet:
|
||||
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
|
||||
@ -722,8 +719,6 @@ class Link:
|
||||
|
||||
|
||||
def decrypt(self, ciphertext):
|
||||
if self.__encryption_disabled:
|
||||
return ciphertext
|
||||
try:
|
||||
if not self.fernet:
|
||||
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
|
||||
@ -842,28 +837,6 @@ class Link:
|
||||
else:
|
||||
return True
|
||||
|
||||
def disable_encryption(self):
|
||||
"""
|
||||
HAZARDOUS. This will downgrade the link to encryptionless. All
|
||||
information over the link will be sent in plaintext. Never use
|
||||
this in production applications. Should only be used for debugging
|
||||
purposes, and will disappear in a future version.
|
||||
|
||||
If encryptionless links are not explicitly allowed in the users
|
||||
configuration file, Reticulum will terminate itself along with the
|
||||
client application and throw an error message to the user.
|
||||
"""
|
||||
if (RNS.Reticulum.should_allow_unencrypted()):
|
||||
RNS.log("The link "+str(self)+" was downgraded to an encryptionless link", RNS.LOG_NOTICE)
|
||||
self.__encryption_disabled = True
|
||||
else:
|
||||
RNS.log("Attempt to disable encryption on link, but encryptionless links are not allowed by config.", RNS.LOG_CRITICAL)
|
||||
RNS.log("Shutting down Reticulum now!", RNS.LOG_CRITICAL)
|
||||
RNS.panic()
|
||||
|
||||
def encryption_disabled(self):
|
||||
return self.__encryption_disabled
|
||||
|
||||
def __str__(self):
|
||||
return RNS.prettyhexrep(self.link_id)
|
||||
|
||||
|
@ -238,11 +238,8 @@ class Resource:
|
||||
# make optimal use of packet MTU on an entire
|
||||
# encrypted stream. The Resource instance will
|
||||
# use it's underlying link directly to encrypt.
|
||||
if not self.link.encryption_disabled():
|
||||
self.data = self.link.encrypt(self.data)
|
||||
self.encrypted = True
|
||||
else:
|
||||
self.encrypted = False
|
||||
self.data = self.link.encrypt(self.data)
|
||||
self.encrypted = True
|
||||
|
||||
self.size = len(self.data)
|
||||
self.sent_parts = 0
|
||||
|
@ -95,7 +95,6 @@ class Reticulum:
|
||||
Reticulum.cachepath = Reticulum.configdir+"/storage/cache"
|
||||
Reticulum.resourcepath = Reticulum.configdir+"/storage/resources"
|
||||
|
||||
Reticulum.__allow_unencrypted = False
|
||||
Reticulum.__transport_enabled = False
|
||||
Reticulum.__use_implicit_proof = True
|
||||
|
||||
@ -202,20 +201,6 @@ class Reticulum:
|
||||
Reticulum.__use_implicit_proof = True
|
||||
if v == False:
|
||||
Reticulum.__use_implicit_proof = False
|
||||
if option == "allow_unencrypted":
|
||||
v = self.config["reticulum"].as_bool(option)
|
||||
if v == True:
|
||||
RNS.log("", RNS.LOG_CRITICAL)
|
||||
RNS.log("! ! ! ! ! ! ! ! !", RNS.LOG_CRITICAL)
|
||||
RNS.log("", RNS.LOG_CRITICAL)
|
||||
RNS.log("Danger! Encryptionless links have been allowed in the config file!", RNS.LOG_CRITICAL)
|
||||
RNS.log("Beware of the consequences! Any data sent over a link can potentially be intercepted,", RNS.LOG_CRITICAL)
|
||||
RNS.log("read and modified! If you are not absolutely sure that you want this,", RNS.LOG_CRITICAL)
|
||||
RNS.log("you should exit Reticulum NOW and change your config file!", RNS.LOG_CRITICAL)
|
||||
RNS.log("", RNS.LOG_CRITICAL)
|
||||
RNS.log("! ! ! ! ! ! ! ! !", RNS.LOG_CRITICAL)
|
||||
RNS.log("", RNS.LOG_CRITICAL)
|
||||
Reticulum.__allow_unencrypted = True
|
||||
|
||||
self.__start_local_interface()
|
||||
|
||||
@ -466,16 +451,6 @@ class Reticulum:
|
||||
self.config.write()
|
||||
self.__apply_config()
|
||||
|
||||
@staticmethod
|
||||
def should_allow_unencrypted():
|
||||
"""
|
||||
Returns whether unencrypted links are allowed by the
|
||||
current configuration.
|
||||
|
||||
:returns: True if the current running configuration allows downgrading links to plaintext. False if not.
|
||||
"""
|
||||
return Reticulum.__allow_unencrypted
|
||||
|
||||
@staticmethod
|
||||
def should_use_implicit_proof():
|
||||
"""
|
||||
@ -506,14 +481,6 @@ __default_rns_config__ = '''# This is the default Reticulum config file.
|
||||
|
||||
[reticulum]
|
||||
|
||||
# Don't allow unencrypted links by default.
|
||||
# If you REALLY need to allow unencrypted links, for example
|
||||
# for debug or regulatory purposes, this can be set to true.
|
||||
# This directive is optional and can be removed for brevity.
|
||||
|
||||
allow_unencrypted = False
|
||||
|
||||
|
||||
# If you enable Transport, your system will route traffic
|
||||
# for other peers, pass announces and serve path requests.
|
||||
# This should be done for systems that are suited to act
|
||||
|
@ -99,15 +99,13 @@
|
||||
<li><a href="reference.html#RNS.Identity.decrypt">(RNS.Identity method)</a>
|
||||
</li>
|
||||
</ul></li>
|
||||
<li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
|
||||
</li>
|
||||
</ul></td>
|
||||
<td style="width: 33%; vertical-align: top;"><ul>
|
||||
<li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
|
||||
</li>
|
||||
<li><a href="reference.html#RNS.Destination.deregister_request_handler">deregister_request_handler() (RNS.Destination method)</a>
|
||||
</li>
|
||||
<li><a href="reference.html#RNS.Destination">Destination (class in RNS)</a>
|
||||
</li>
|
||||
<li><a href="reference.html#RNS.Link.disable_encryption">disable_encryption() (RNS.Link method)</a>
|
||||
</li>
|
||||
</ul></td>
|
||||
</tr></table>
|
||||
@ -346,8 +344,6 @@
|
||||
<li><a href="reference.html#RNS.PacketReceipt.set_timeout">set_timeout() (RNS.PacketReceipt method)</a>
|
||||
</li>
|
||||
<li><a href="reference.html#RNS.PacketReceipt.set_timeout_callback">set_timeout_callback() (RNS.PacketReceipt method)</a>
|
||||
</li>
|
||||
<li><a href="reference.html#RNS.Reticulum.should_allow_unencrypted">should_allow_unencrypted() (RNS.Reticulum static method)</a>
|
||||
</li>
|
||||
<li><a href="reference.html#RNS.Reticulum.should_use_implicit_proof">should_use_implicit_proof() (RNS.Reticulum static method)</a>
|
||||
</li>
|
||||
|
Binary file not shown.
@ -84,18 +84,6 @@ MTU is a prerequisite for peers to communicate in the same network.</p>
|
||||
the default value.</p>
|
||||
</dd></dl>
|
||||
|
||||
<dl class="py method">
|
||||
<dt class="sig sig-object py" id="RNS.Reticulum.should_allow_unencrypted">
|
||||
<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_allow_unencrypted</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_allow_unencrypted" title="Permalink to this definition">¶</a></dt>
|
||||
<dd><p>Returns whether unencrypted links are allowed by the
|
||||
current configuration.</p>
|
||||
<dl class="field-list simple">
|
||||
<dt class="field-odd">Returns</dt>
|
||||
<dd class="field-odd"><p>True if the current running configuration allows downgrading links to plaintext. False if not.</p>
|
||||
</dd>
|
||||
</dl>
|
||||
</dd></dl>
|
||||
|
||||
<dl class="py method">
|
||||
<dt class="sig sig-object py" id="RNS.Reticulum.should_use_implicit_proof">
|
||||
<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_use_implicit_proof</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_use_implicit_proof" title="Permalink to this definition">¶</a></dt>
|
||||
@ -969,18 +957,6 @@ identified over this link.</p>
|
||||
</dl>
|
||||
</dd></dl>
|
||||
|
||||
<dl class="py method">
|
||||
<dt class="sig sig-object py" id="RNS.Link.disable_encryption">
|
||||
<span class="sig-name descname"><span class="pre">disable_encryption</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Link.disable_encryption" title="Permalink to this definition">¶</a></dt>
|
||||
<dd><p>HAZARDOUS. This will downgrade the link to encryptionless. All
|
||||
information over the link will be sent in plaintext. Never use
|
||||
this in production applications. Should only be used for debugging
|
||||
purposes, and will disappear in a future version.</p>
|
||||
<p>If encryptionless links are not explicitly allowed in the users
|
||||
configuration file, Reticulum will terminate itself along with the
|
||||
client application and throw an error message to the user.</p>
|
||||
</dd></dl>
|
||||
|
||||
</dd></dl>
|
||||
|
||||
</div>
|
||||
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user