Removed option to allow unencrypted links.

This commit is contained in:
Mark Qvist 2021-09-03 10:13:48 +02:00
parent 0fe76d50f6
commit cd9daaefee
8 changed files with 5 additions and 97 deletions

View File

@ -11,5 +11,4 @@ class Interface:
pass pass
def get_hash(self): def get_hash(self):
# TODO: Maybe expand this to something more unique
return RNS.Identity.full_hash(str(self).encode("utf-8")) return RNS.Identity.full_hash(str(self).encode("utf-8"))

View File

@ -130,7 +130,6 @@ class Link:
self.destination = destination self.destination = destination
self.attached_interface = None self.attached_interface = None
self.__remote_identity = None self.__remote_identity = None
self.__encryption_disabled = False
if self.destination == None: if self.destination == None:
self.initiator = False self.initiator = False
self.prv = self.owner.identity.prv self.prv = self.owner.identity.prv
@ -699,8 +698,6 @@ class Link:
def encrypt(self, plaintext): def encrypt(self, plaintext):
if self.__encryption_disabled:
return plaintext
try: try:
if not self.fernet: if not self.fernet:
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key)) self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
@ -722,8 +719,6 @@ class Link:
def decrypt(self, ciphertext): def decrypt(self, ciphertext):
if self.__encryption_disabled:
return ciphertext
try: try:
if not self.fernet: if not self.fernet:
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key)) self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
@ -842,28 +837,6 @@ class Link:
else: else:
return True return True
def disable_encryption(self):
"""
HAZARDOUS. This will downgrade the link to encryptionless. All
information over the link will be sent in plaintext. Never use
this in production applications. Should only be used for debugging
purposes, and will disappear in a future version.
If encryptionless links are not explicitly allowed in the users
configuration file, Reticulum will terminate itself along with the
client application and throw an error message to the user.
"""
if (RNS.Reticulum.should_allow_unencrypted()):
RNS.log("The link "+str(self)+" was downgraded to an encryptionless link", RNS.LOG_NOTICE)
self.__encryption_disabled = True
else:
RNS.log("Attempt to disable encryption on link, but encryptionless links are not allowed by config.", RNS.LOG_CRITICAL)
RNS.log("Shutting down Reticulum now!", RNS.LOG_CRITICAL)
RNS.panic()
def encryption_disabled(self):
return self.__encryption_disabled
def __str__(self): def __str__(self):
return RNS.prettyhexrep(self.link_id) return RNS.prettyhexrep(self.link_id)

View File

@ -238,11 +238,8 @@ class Resource:
# make optimal use of packet MTU on an entire # make optimal use of packet MTU on an entire
# encrypted stream. The Resource instance will # encrypted stream. The Resource instance will
# use it's underlying link directly to encrypt. # use it's underlying link directly to encrypt.
if not self.link.encryption_disabled(): self.data = self.link.encrypt(self.data)
self.data = self.link.encrypt(self.data) self.encrypted = True
self.encrypted = True
else:
self.encrypted = False
self.size = len(self.data) self.size = len(self.data)
self.sent_parts = 0 self.sent_parts = 0

View File

@ -95,7 +95,6 @@ class Reticulum:
Reticulum.cachepath = Reticulum.configdir+"/storage/cache" Reticulum.cachepath = Reticulum.configdir+"/storage/cache"
Reticulum.resourcepath = Reticulum.configdir+"/storage/resources" Reticulum.resourcepath = Reticulum.configdir+"/storage/resources"
Reticulum.__allow_unencrypted = False
Reticulum.__transport_enabled = False Reticulum.__transport_enabled = False
Reticulum.__use_implicit_proof = True Reticulum.__use_implicit_proof = True
@ -202,20 +201,6 @@ class Reticulum:
Reticulum.__use_implicit_proof = True Reticulum.__use_implicit_proof = True
if v == False: if v == False:
Reticulum.__use_implicit_proof = False Reticulum.__use_implicit_proof = False
if option == "allow_unencrypted":
v = self.config["reticulum"].as_bool(option)
if v == True:
RNS.log("", RNS.LOG_CRITICAL)
RNS.log("! ! ! ! ! ! ! ! !", RNS.LOG_CRITICAL)
RNS.log("", RNS.LOG_CRITICAL)
RNS.log("Danger! Encryptionless links have been allowed in the config file!", RNS.LOG_CRITICAL)
RNS.log("Beware of the consequences! Any data sent over a link can potentially be intercepted,", RNS.LOG_CRITICAL)
RNS.log("read and modified! If you are not absolutely sure that you want this,", RNS.LOG_CRITICAL)
RNS.log("you should exit Reticulum NOW and change your config file!", RNS.LOG_CRITICAL)
RNS.log("", RNS.LOG_CRITICAL)
RNS.log("! ! ! ! ! ! ! ! !", RNS.LOG_CRITICAL)
RNS.log("", RNS.LOG_CRITICAL)
Reticulum.__allow_unencrypted = True
self.__start_local_interface() self.__start_local_interface()
@ -466,16 +451,6 @@ class Reticulum:
self.config.write() self.config.write()
self.__apply_config() self.__apply_config()
@staticmethod
def should_allow_unencrypted():
"""
Returns whether unencrypted links are allowed by the
current configuration.
:returns: True if the current running configuration allows downgrading links to plaintext. False if not.
"""
return Reticulum.__allow_unencrypted
@staticmethod @staticmethod
def should_use_implicit_proof(): def should_use_implicit_proof():
""" """
@ -506,14 +481,6 @@ __default_rns_config__ = '''# This is the default Reticulum config file.
[reticulum] [reticulum]
# Don't allow unencrypted links by default.
# If you REALLY need to allow unencrypted links, for example
# for debug or regulatory purposes, this can be set to true.
# This directive is optional and can be removed for brevity.
allow_unencrypted = False
# If you enable Transport, your system will route traffic # If you enable Transport, your system will route traffic
# for other peers, pass announces and serve path requests. # for other peers, pass announces and serve path requests.
# This should be done for systems that are suited to act # This should be done for systems that are suited to act

View File

@ -99,15 +99,13 @@
<li><a href="reference.html#RNS.Identity.decrypt">(RNS.Identity method)</a> <li><a href="reference.html#RNS.Identity.decrypt">(RNS.Identity method)</a>
</li> </li>
</ul></li> </ul></li>
<li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
</li>
</ul></td> </ul></td>
<td style="width: 33%; vertical-align: top;"><ul> <td style="width: 33%; vertical-align: top;"><ul>
<li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
</li>
<li><a href="reference.html#RNS.Destination.deregister_request_handler">deregister_request_handler() (RNS.Destination method)</a> <li><a href="reference.html#RNS.Destination.deregister_request_handler">deregister_request_handler() (RNS.Destination method)</a>
</li> </li>
<li><a href="reference.html#RNS.Destination">Destination (class in RNS)</a> <li><a href="reference.html#RNS.Destination">Destination (class in RNS)</a>
</li>
<li><a href="reference.html#RNS.Link.disable_encryption">disable_encryption() (RNS.Link method)</a>
</li> </li>
</ul></td> </ul></td>
</tr></table> </tr></table>
@ -346,8 +344,6 @@
<li><a href="reference.html#RNS.PacketReceipt.set_timeout">set_timeout() (RNS.PacketReceipt method)</a> <li><a href="reference.html#RNS.PacketReceipt.set_timeout">set_timeout() (RNS.PacketReceipt method)</a>
</li> </li>
<li><a href="reference.html#RNS.PacketReceipt.set_timeout_callback">set_timeout_callback() (RNS.PacketReceipt method)</a> <li><a href="reference.html#RNS.PacketReceipt.set_timeout_callback">set_timeout_callback() (RNS.PacketReceipt method)</a>
</li>
<li><a href="reference.html#RNS.Reticulum.should_allow_unencrypted">should_allow_unencrypted() (RNS.Reticulum static method)</a>
</li> </li>
<li><a href="reference.html#RNS.Reticulum.should_use_implicit_proof">should_use_implicit_proof() (RNS.Reticulum static method)</a> <li><a href="reference.html#RNS.Reticulum.should_use_implicit_proof">should_use_implicit_proof() (RNS.Reticulum static method)</a>
</li> </li>

Binary file not shown.

View File

@ -84,18 +84,6 @@ MTU is a prerequisite for peers to communicate in the same network.</p>
the default value.</p> the default value.</p>
</dd></dl> </dd></dl>
<dl class="py method">
<dt class="sig sig-object py" id="RNS.Reticulum.should_allow_unencrypted">
<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_allow_unencrypted</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_allow_unencrypted" title="Permalink to this definition"></a></dt>
<dd><p>Returns whether unencrypted links are allowed by the
current configuration.</p>
<dl class="field-list simple">
<dt class="field-odd">Returns</dt>
<dd class="field-odd"><p>True if the current running configuration allows downgrading links to plaintext. False if not.</p>
</dd>
</dl>
</dd></dl>
<dl class="py method"> <dl class="py method">
<dt class="sig sig-object py" id="RNS.Reticulum.should_use_implicit_proof"> <dt class="sig sig-object py" id="RNS.Reticulum.should_use_implicit_proof">
<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_use_implicit_proof</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_use_implicit_proof" title="Permalink to this definition"></a></dt> <em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_use_implicit_proof</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_use_implicit_proof" title="Permalink to this definition"></a></dt>
@ -969,18 +957,6 @@ identified over this link.</p>
</dl> </dl>
</dd></dl> </dd></dl>
<dl class="py method">
<dt class="sig sig-object py" id="RNS.Link.disable_encryption">
<span class="sig-name descname"><span class="pre">disable_encryption</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Link.disable_encryption" title="Permalink to this definition"></a></dt>
<dd><p>HAZARDOUS. This will downgrade the link to encryptionless. All
information over the link will be sent in plaintext. Never use
this in production applications. Should only be used for debugging
purposes, and will disappear in a future version.</p>
<p>If encryptionless links are not explicitly allowed in the users
configuration file, Reticulum will terminate itself along with the
client application and throw an error message to the user.</p>
</dd></dl>
</dd></dl> </dd></dl>
</div> </div>

File diff suppressed because one or more lines are too long