Implemented elliptic curve signatures and verify on links, auto proofs on links

This commit is contained in:
Mark Qvist 2018-04-25 22:08:17 +02:00
parent dc86f6884a
commit d69f3c2c34
7 changed files with 127 additions and 28 deletions

View File

@ -138,7 +138,7 @@ def client(destination_hexhash, configpath, timeout=None):
# a callback function, that will get called if
# the packet times out.
if timeout != None:
packet_receipt.setTimeout(timeout)
packet_receipt.set_timeout(timeout)
packet_receipt.timeout_callback(packet_timed_out)
# We can then set a delivery callback on the receipt.

View File

@ -56,10 +56,13 @@ class Identity:
@staticmethod
def loadKnownDestinations():
if os.path.isfile(RNS.Reticulum.storagepath+"/known_destinations"):
file = open(RNS.Reticulum.storagepath+"/known_destinations","r")
Identity.known_destinations = umsgpack.load(file)
file.close()
RNS.log("Loaded "+str(len(Identity.known_destinations))+" known destinations from storage", RNS.LOG_VERBOSE)
try:
file = open(RNS.Reticulum.storagepath+"/known_destinations","r")
Identity.known_destinations = umsgpack.load(file)
file.close()
RNS.log("Loaded "+str(len(Identity.known_destinations))+" known destinations from storage", RNS.LOG_VERBOSE)
except:
RNS.log("Error loading known destinations from disk, file will be recreated on exit", RNS.LOG_ERROR)
else:
RNS.log("Destinations file does not exist, so no known destinations loaded", RNS.LOG_VERBOSE)

View File

@ -2,19 +2,16 @@ from Interface import Interface
import SocketServer
import threading
import socket
import time
import sys
import RNS
class UdpInterface(Interface):
bind_ip = None
bind_port = None
forward_ip = None
forward_port = None
owner = None
def __init__(self, owner, name, bindip=None, bindport=None, forwardip=None, forwardport=None):
self.IN = True
self.OUT = False
self.transmit_delay = 0.001
self.name = name
@ -42,6 +39,7 @@ class UdpInterface(Interface):
self.owner.inbound(data, self)
def processOutgoing(self,data):
time.sleep(self.transmit_delay)
udp_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_socket.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
udp_socket.sendto(data, (self.forward_ip, self.forward_port))

View File

@ -30,7 +30,7 @@ class Link:
# but calculated from something like
# first-hop RTT latency and distance
DEFAULT_TIMEOUT = 5
TIMEOUT_FACTOR = 3
TIMEOUT_FACTOR = 5
KEEPALIVE = 120
PENDING = 0x00
@ -54,6 +54,7 @@ class Link:
try:
link = Link(owner = owner, peer_pub_bytes = data[:Link.ECPUBSIZE])
link.setLinkID(packet)
link.destination = packet.destination
RNS.log("Validating link request "+RNS.prettyhexrep(link.link_id), RNS.LOG_VERBOSE)
link.handshake()
link.attached_interface = packet.receiving_interface
@ -137,7 +138,8 @@ class Link:
def loadPeer(self, peer_pub_bytes):
self.peer_pub_bytes = peer_pub_bytes
self.peer_pub = serialization.load_der_public_key(peer_pub_bytes, backend=default_backend())
self.peer_pub.curce = Link.CURVE
if not hasattr(self.peer_pub, "curve"):
self.peer_pub.curve = Link.CURVE
def setLinkID(self, packet):
self.link_id = RNS.Identity.truncatedHash(packet.raw)
@ -162,6 +164,18 @@ class Link:
proof = RNS.Packet(self, proof_data, packet_type=RNS.Packet.PROOF, context=RNS.Packet.LRPROOF)
proof.send()
def prove_packet(self, packet):
signature = self.sign(packet.packet_hash)
# TODO: Hardcoded as explicit proof for now
# if RNS.Reticulum.should_use_implicit_proof():
# proof_data = signature
# else:
# proof_data = packet.packet_hash + signature
proof_data = packet.packet_hash + signature
proof = RNS.Packet(self, proof_data, RNS.Packet.PROOF)
proof.send()
def validateProof(self, packet):
if self.initiator:
peer_pub_bytes = packet.data[:Link.ECPUBSIZE]
@ -326,8 +340,15 @@ class Link:
if packet.packet_type == RNS.Packet.DATA:
if packet.context == RNS.Packet.NONE:
plaintext = self.decrypt(packet.data)
if (self.callbacks.packet != None):
if self.callbacks.packet != None:
self.callbacks.packet(plaintext, packet)
if self.destination.proof_strategy == RNS.Destination.PROVE_ALL:
packet.prove()
elif self.destination.proof_strategy == RNS.Destination.PROVE_APP:
if self.destination.callbacks.proof_requested:
self.destination.callbacks.proof_requested(packet)
elif packet.context == RNS.Packet.LRRTT:
if not self.initiator:
@ -415,6 +436,16 @@ class Link:
except Exception as e:
RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)
def sign(self, message):
return self.prv.sign(message, ec.ECDSA(hashes.SHA256()))
def validate(self, signature, message):
try:
self.peer_pub.verify(signature, message, ec.ECDSA(hashes.SHA256()))
return True
except Exception as e:
return False
def link_established_callback(self, callback):
self.callbacks.link_established = callback
@ -432,7 +463,13 @@ class Link:
def resource_concluded_callback(self, callback):
self.callbacks.resource_concluded = callback
def setResourceStrategy(self, resource_strategy):
def resource_concluded(self, resource):
if resource in self.incoming_resources:
self.incoming_resources.remove(resource)
if resource in self.outgoing_resources:
self.outgoing_resources.remove(resource)
def set_resource_strategy(self, resource_strategy):
if not resource_strategy in Link.resource_strategies:
raise TypeError("Unsupported resource strategy")
else:

View File

@ -17,7 +17,7 @@ class Packet:
HEADER_4 = 0x03 # Reserved
header_types = [HEADER_1, HEADER_2, HEADER_3, HEADER_4]
# Context types
# Data packet context types
NONE = 0x00 # Generic data packet
RESOURCE = 0x01 # Packet is part of a resource
RESOURCE_ADV = 0x02 # Packet is a resource advertisement
@ -31,8 +31,9 @@ class Packet:
RESPONSE = 0x0A # Packet is a response to a request
COMMAND = 0x0B # Packet is a command
COMMAND_STATUS = 0x0C # Packet is a status of an executed command
KEEPALIVE = 0xFC # Packet is a keepalive packet
LINKCLOSE = 0xFD # Packet is a link close message
KEEPALIVE = 0xFB # Packet is a keepalive packet
LINKCLOSE = 0xFC # Packet is a link close message
LINKPROOF = 0xFD # Packet is a link packet proof
LRRTT = 0xFE # Packet is a link request round-trip time measurement
LRPROOF = 0xFF # Packet is a link request proof
@ -102,6 +103,9 @@ class Packet:
elif self.packet_type == Packet.PROOF and self.context == Packet.RESOURCE_PRF:
# Resource proofs are not encrypted
self.ciphertext = self.data
elif self.packet_type == Packet.PROOF and self.destination.type == RNS.Destination.LINK:
# Packet proofs over links are not encrypted
self.ciphertext = self.data
elif self.context == Packet.RESOURCE:
# A resource takes care of symmetric
# encryption by itself
@ -187,9 +191,13 @@ class Packet:
raise IOError("Packet was not sent yet")
def prove(self, destination=None):
if self.fromPacked and self.destination:
if self.fromPacked and hasattr(self, "destination") and self.destination:
if self.destination.identity and self.destination.identity.prv:
self.destination.identity.prove(self, destination)
elif self.fromPacked and hasattr(self, "link") and self.link:
self.link.prove_packet(self)
else:
RNS.log("Could not prove packet associated with neither a destination nor a link", RNS.LOG_ERROR)
# Generates a special destination that allows Reticulum
# to direct the proof back to the proved packet's sender
@ -246,7 +254,48 @@ class PacketReceipt:
# Validate a proof packet
def validateProofPacket(self, proof_packet):
return self.validateProof(proof_packet.data)
if hasattr(proof_packet, "link") and proof_packet.link:
return self.validate_link_proof(proof_packet.data, proof_packet.link)
else:
return self.validateProof(proof_packet.data)
# Validate a raw proof for a link
def validate_link_proof(self, proof, link):
# TODO: Hardcoded as explicit proofs for now
if True or len(proof) == PacketReceipt.EXPL_LENGTH:
# This is an explicit proof
proof_hash = proof[:RNS.Identity.HASHLENGTH/8]
signature = proof[RNS.Identity.HASHLENGTH/8:RNS.Identity.HASHLENGTH/8+RNS.Identity.SIGLENGTH/8]
if proof_hash == self.hash:
proof_valid = link.validate(signature, self.hash)
if proof_valid:
self.status = PacketReceipt.DELIVERED
self.proved = True
self.concluded_at = time.time()
if self.callbacks.delivery != None:
self.callbacks.delivery(self)
return True
else:
return False
else:
return False
elif len(proof) == PacketReceipt.IMPL_LENGTH:
pass
# signature = proof[:RNS.Identity.SIGLENGTH/8]
# proof_valid = self.link.validate(signature, self.hash)
# if proof_valid:
# self.status = PacketReceipt.DELIVERED
# self.proved = True
# self.concluded_at = time.time()
# if self.callbacks.delivery != None:
# self.callbacks.delivery(self)
# RNS.log("valid")
# return True
# else:
# RNS.log("invalid")
# return False
else:
return False
# Validate a raw proof
def validateProof(self, proof):
@ -286,11 +335,11 @@ class PacketReceipt:
def rtt(self):
return self.concluded_at - self.sent_at
def isTimedOut(self):
def is_timed_out(self):
return (self.sent_at+self.timeout < time.time())
def checkTimeout(self):
if self.isTimedOut():
def check_timeout(self):
if self.is_timed_out():
self.status = PacketReceipt.FAILED
self.concluded_at = time.time()
if self.callbacks.timeout:
@ -298,7 +347,7 @@ class PacketReceipt:
# Set the timeout in seconds
def setTimeout(self, timeout):
def set_timeout(self, timeout):
self.timeout = float(timeout)
# Set a function that gets called when

View File

@ -311,6 +311,7 @@ class Resource:
self.status = Resource.CORRUPT
if self.callback != None:
self.link.resource_concluded(self)
self.callback(self)
@ -327,6 +328,7 @@ class Resource:
if proof_data[RNS.Identity.HASHLENGTH/8:] == self.expected_proof:
self.status = Resource.COMPLETE
if self.callback != None:
self.link.resource_concluded(self)
self.callback(self)
else:
pass
@ -487,6 +489,7 @@ class Resource:
self.link.cancel_incoming_resource(self)
if self.callback != None:
self.link.resource_concluded(self)
self.callback(self)
def progress_callback(self, callback):

View File

@ -73,7 +73,7 @@ class Transport:
# Process receipts list for timed-out packets
if Transport.receipts_last_checked+Transport.receipts_check_interval < time.time():
for receipt in Transport.receipts:
receipt.checkTimeout()
receipt.check_timeout()
if receipt.status != RNS.PacketReceipt.SENT:
Transport.receipts.remove(receipt)
@ -127,6 +127,7 @@ class Transport:
@staticmethod
def packet_filter(packet):
# TODO: Think long and hard about this
if packet.context == RNS.Packet.KEEPALIVE:
return True
if packet.context == RNS.Packet.RESOURCE_REQ:
@ -184,9 +185,10 @@ class Transport:
if destination.proof_strategy == RNS.Destination.PROVE_ALL:
packet.prove()
if destination.proof_strategy == RNS.Destination.PROVE_APP:
elif destination.proof_strategy == RNS.Destination.PROVE_APP:
if destination.callbacks.proof_requested:
destination.callbacks.proof_requested(packet)
if destination.callbacks.proof_requested(packet):
packet.prove()
elif packet.packet_type == RNS.Packet.PROOF:
if packet.context == RNS.Packet.LRPROOF:
@ -200,6 +202,13 @@ class Transport:
if link.link_id == packet.destination_hash:
link.receive(packet)
else:
if packet.destination_type == RNS.Destination.LINK:
for link in Transport.active_links:
if link.link_id == packet.destination_hash:
packet.link = link
# plaintext = link.decrypt(packet.data)
# TODO: Make sure everything uses new proof handling
if len(packet.data) == RNS.PacketReceipt.EXPL_LENGTH:
proof_hash = packet.data[:RNS.Identity.HASHLENGTH/8]
@ -230,7 +239,7 @@ class Transport:
@staticmethod
def registerLink(link):
RNS.log("Registering link "+str(link))
RNS.log("Registering link "+str(link), RNS.LOG_DEBUG)
if link.initiator:
Transport.pending_links.append(link)
else:
@ -238,7 +247,7 @@ class Transport:
@staticmethod
def activateLink(link):
RNS.log("Activating link "+str(link))
RNS.log("Activating link "+str(link), RNS.LOG_DEBUG)
if link in Transport.pending_links:
Transport.pending_links.remove(link)
Transport.active_links.append(link)