Optimised sent Fernet token data.

This commit is contained in:
Mark Qvist 2021-09-02 18:34:58 +02:00
parent cd8de64201
commit e9c89209c7
2 changed files with 13 additions and 3 deletions

View File

@ -35,7 +35,7 @@ class Identity:
# Non-configurable constants # Non-configurable constants
FERNET_VERSION = 0x80 FERNET_VERSION = 0x80
FERNET_OVERHEAD = 57 # In bytes FERNET_OVERHEAD = 54 # In bytes
AES128_BLOCKSIZE = 16 # In bytes AES128_BLOCKSIZE = 16 # In bytes
HASHLENGTH = 256 # In bits HASHLENGTH = 256 # In bits
SIGLENGTH = KEYSIZE # In bits SIGLENGTH = KEYSIZE # In bits

View File

@ -706,8 +706,18 @@ class Link:
if not self.fernet: if not self.fernet:
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key)) self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
ciphertext = base64.urlsafe_b64decode(self.fernet.encrypt(plaintext)) # The fernet token VERSION field is stripped here and
# reinserted on the receiving end, since it is always
# set to 0x80.
#
# Since we're also quite content with supporting time-
# stamps until the year 8921556 AD, we'll also strip 2
# bytes from the timestamp field and reinsert those as
# 0x00 when received.
ciphertext = base64.urlsafe_b64decode(self.fernet.encrypt(plaintext))[3:]
RNS.log("FTKN: "+RNS.hexrep(ciphertext))
return ciphertext return ciphertext
except Exception as e: except Exception as e:
RNS.log("Encryption on link "+str(self)+" failed. The contained exception was: "+str(e), RNS.LOG_ERROR) RNS.log("Encryption on link "+str(self)+" failed. The contained exception was: "+str(e), RNS.LOG_ERROR)
raise e raise e
@ -720,7 +730,7 @@ class Link:
if not self.fernet: if not self.fernet:
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key)) self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
plaintext = self.fernet.decrypt(base64.urlsafe_b64encode(ciphertext)) plaintext = self.fernet.decrypt(base64.urlsafe_b64encode(bytes([RNS.Identity.FERNET_VERSION, 0x00, 0x00])+ciphertext))
return plaintext return plaintext
except Exception as e: except Exception as e:
RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR) RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)