Removed option to allow unencrypted links.

2024-11-05 13:50:14 +00:00 · 2021-09-03 10:13:48 +02:00 · 2021-09-03 10:13:48 +02:00 · cd9daaefee
commit cd9daaefee
parent 0fe76d50f6
8 changed files with 5 additions and 97 deletions
--- a/RNS/Interfaces/Interface.py
+++ b/RNS/Interfaces/Interface.py
@ -11,5 +11,4 @@ class Interface:
        pass

    def get_hash(self):
-        # TODO: Maybe expand this to something more unique
        return RNS.Identity.full_hash(str(self).encode("utf-8"))
--- a/RNS/Link.py
+++ b/RNS/Link.py
@ -130,7 +130,6 @@ class Link:
        self.destination = destination
        self.attached_interface = None
        self.__remote_identity = None
-        self.__encryption_disabled = False
        if self.destination == None:
            self.initiator = False
            self.prv     = self.owner.identity.prv
@ -699,8 +698,6 @@ class Link:


    def encrypt(self, plaintext):
-        if self.__encryption_disabled:
-            return plaintext
        try:
            if not self.fernet:
                self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
@ -722,8 +719,6 @@ class Link:


    def decrypt(self, ciphertext):
-        if self.__encryption_disabled:
-            return ciphertext
        try:
            if not self.fernet:
                self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
@ -842,28 +837,6 @@ class Link:
        else:
            return True

-    def disable_encryption(self):
-        """
-        HAZARDOUS. This will downgrade the link to encryptionless. All
-        information over the link will be sent in plaintext. Never use
-        this in production applications. Should only be used for debugging
-        purposes, and will disappear in a future version.
-
-        If encryptionless links are not explicitly allowed in the users
-        configuration file, Reticulum will terminate itself along with the
-        client application and throw an error message to the user.
-        """
-        if (RNS.Reticulum.should_allow_unencrypted()):
-            RNS.log("The link "+str(self)+" was downgraded to an encryptionless link", RNS.LOG_NOTICE)
-            self.__encryption_disabled = True
-        else:
-            RNS.log("Attempt to disable encryption on link, but encryptionless links are not allowed by config.", RNS.LOG_CRITICAL)
-            RNS.log("Shutting down Reticulum now!", RNS.LOG_CRITICAL)
-            RNS.panic()
-
-    def encryption_disabled(self):
-        return self.__encryption_disabled
-
    def __str__(self):
        return RNS.prettyhexrep(self.link_id)

--- a/RNS/Resource.py
+++ b/RNS/Resource.py
@ -238,11 +238,8 @@ class Resource:
            # make optimal use of packet MTU on an entire
            # encrypted stream. The Resource instance will
            # use it's underlying link directly to encrypt.
-            if not self.link.encryption_disabled():
-                self.data = self.link.encrypt(self.data)
-                self.encrypted = True
-            else:
-                self.encrypted = False
+            self.data = self.link.encrypt(self.data)
+            self.encrypted = True

            self.size = len(self.data)
            self.sent_parts = 0
--- a/RNS/Reticulum.py
+++ b/RNS/Reticulum.py
@ -95,7 +95,6 @@ class Reticulum:
        Reticulum.cachepath     = Reticulum.configdir+"/storage/cache"
        Reticulum.resourcepath  = Reticulum.configdir+"/storage/resources"

-        Reticulum.__allow_unencrypted = False
        Reticulum.__transport_enabled = False
        Reticulum.__use_implicit_proof = True

@ -202,20 +201,6 @@ class Reticulum:
                        Reticulum.__use_implicit_proof = True
                    if v == False:
                        Reticulum.__use_implicit_proof = False
-                if option == "allow_unencrypted":
-                    v = self.config["reticulum"].as_bool(option)
-                    if v == True:
-                        RNS.log("", RNS.LOG_CRITICAL)
-                        RNS.log("! ! !     ! ! !     ! ! !", RNS.LOG_CRITICAL)
-                        RNS.log("", RNS.LOG_CRITICAL)
-                        RNS.log("Danger! Encryptionless links have been allowed in the config file!", RNS.LOG_CRITICAL)
-                        RNS.log("Beware of the consequences! Any data sent over a link can potentially be intercepted,", RNS.LOG_CRITICAL)
-                        RNS.log("read and modified! If you are not absolutely sure that you want this,", RNS.LOG_CRITICAL)
-                        RNS.log("you should exit Reticulum NOW and change your config file!", RNS.LOG_CRITICAL)
-                        RNS.log("", RNS.LOG_CRITICAL)
-                        RNS.log("! ! !     ! ! !     ! ! !", RNS.LOG_CRITICAL)
-                        RNS.log("", RNS.LOG_CRITICAL)
-                        Reticulum.__allow_unencrypted = True

        self.__start_local_interface()

@ -466,16 +451,6 @@ class Reticulum:
        self.config.write()
        self.__apply_config()

-    @staticmethod
-    def should_allow_unencrypted():
-        """
-        Returns whether unencrypted links are allowed by the
-        current configuration.
-
-        :returns: True if the current running configuration allows downgrading links to plaintext. False if not.
-        """
-        return Reticulum.__allow_unencrypted
-
    @staticmethod
    def should_use_implicit_proof():
        """
@ -506,14 +481,6 @@ __default_rns_config__ = '''# This is the default Reticulum config file.

 [reticulum]

-# Don't allow unencrypted links by default.
-# If you REALLY need to allow unencrypted links, for example
-# for debug or regulatory purposes, this can be set to true.
-# This directive is optional and can be removed for brevity.
-
-allow_unencrypted = False
-
-
 # If you enable Transport, your system will route traffic
 # for other peers, pass announces and serve path requests.
 # This should be done for systems that are suited to act
--- a/docs/manual/genindex.html
+++ b/docs/manual/genindex.html
@ -99,15 +99,13 @@
        <li><a href="reference.html#RNS.Identity.decrypt">(RNS.Identity method)</a>
 </li>
      </ul></li>
-      <li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
-</li>
  </ul></td>
  <td style="width: 33%; vertical-align: top;"><ul>
+      <li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
+</li>
      <li><a href="reference.html#RNS.Destination.deregister_request_handler">deregister_request_handler() (RNS.Destination method)</a>
 </li>
      <li><a href="reference.html#RNS.Destination">Destination (class in RNS)</a>
-</li>
-      <li><a href="reference.html#RNS.Link.disable_encryption">disable_encryption() (RNS.Link method)</a>
 </li>
  </ul></td>
 </tr></table>
@ -346,8 +344,6 @@
      <li><a href="reference.html#RNS.PacketReceipt.set_timeout">set_timeout() (RNS.PacketReceipt method)</a>
 </li>
      <li><a href="reference.html#RNS.PacketReceipt.set_timeout_callback">set_timeout_callback() (RNS.PacketReceipt method)</a>
-</li>
-      <li><a href="reference.html#RNS.Reticulum.should_allow_unencrypted">should_allow_unencrypted() (RNS.Reticulum static method)</a>
 </li>
      <li><a href="reference.html#RNS.Reticulum.should_use_implicit_proof">should_use_implicit_proof() (RNS.Reticulum static method)</a>
 </li>
--- a/docs/manual/objects.inv
+++ b/docs/manual/objects.inv
--- a/docs/manual/reference.html
+++ b/docs/manual/reference.html
@ -84,18 +84,6 @@ MTU is a prerequisite for peers to communicate in the same network.</p>
 the default value.</p>
 </dd></dl>

-<dl class="py method">
-<dt class="sig sig-object py" id="RNS.Reticulum.should_allow_unencrypted">
-<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_allow_unencrypted</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_allow_unencrypted" title="Permalink to this definition">¶</a></dt>
-<dd><p>Returns whether unencrypted links are allowed by the
-current configuration.</p>
-<dl class="field-list simple">
-<dt class="field-odd">Returns</dt>
-<dd class="field-odd"><p>True if the current running configuration allows downgrading links to plaintext. False if not.</p>
-</dd>
-</dl>
-</dd></dl>
-
 <dl class="py method">
 <dt class="sig sig-object py" id="RNS.Reticulum.should_use_implicit_proof">
 <em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_use_implicit_proof</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_use_implicit_proof" title="Permalink to this definition">¶</a></dt>
@ -969,18 +957,6 @@ identified over this link.</p>
 </dl>
 </dd></dl>

-<dl class="py method">
-<dt class="sig sig-object py" id="RNS.Link.disable_encryption">
-<span class="sig-name descname"><span class="pre">disable_encryption</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Link.disable_encryption" title="Permalink to this definition">¶</a></dt>
-<dd><p>HAZARDOUS. This will downgrade the link to encryptionless. All
-information over the link will be sent in plaintext. Never use
-this in production applications. Should only be used for debugging
-purposes, and will disappear in a future version.</p>
-<p>If encryptionless links are not explicitly allowed in the users
-configuration file, Reticulum will terminate itself along with the
-client application and throw an error message to the user.</p>
-</dd></dl>
-
 </dd></dl>

 </div>
--- a/docs/manual/searchindex.js
+++ b/docs/manual/searchindex.js