Expanded address space to 128 bits
This commit is contained in:
parent
2be1c7633d
commit
5faf13d505
@ -29,8 +29,7 @@ from RNS.Cryptography.AES import AES_128_CBC
|
|||||||
|
|
||||||
class Fernet():
|
class Fernet():
|
||||||
FERNET_VERSION = 0x80
|
FERNET_VERSION = 0x80
|
||||||
FERNET_OVERHEAD = 57 # In bytes
|
FERNET_OVERHEAD = 48 # In bytes
|
||||||
OPTIMISED_FERNET_OVERHEAD = 54 # In bytes
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def generate_key():
|
def generate_key():
|
||||||
@ -73,7 +72,7 @@ class Fernet():
|
|||||||
iv = iv,
|
iv = iv,
|
||||||
)
|
)
|
||||||
|
|
||||||
signed_parts = b"\x80"+current_time.to_bytes(length=8, byteorder="big")+iv+ciphertext
|
signed_parts = iv+ciphertext
|
||||||
|
|
||||||
return signed_parts + HMAC.new(self._signing_key, signed_parts).digest()
|
return signed_parts + HMAC.new(self._signing_key, signed_parts).digest()
|
||||||
|
|
||||||
@ -85,8 +84,8 @@ class Fernet():
|
|||||||
if not self.verify_hmac(token):
|
if not self.verify_hmac(token):
|
||||||
raise ValueError("Fernet token HMAC was invalid")
|
raise ValueError("Fernet token HMAC was invalid")
|
||||||
|
|
||||||
iv = token[9:25]
|
iv = token[:16]
|
||||||
ciphertext = token[25:-32]
|
ciphertext = token[16:-32]
|
||||||
|
|
||||||
try:
|
try:
|
||||||
plaintext = PKCS7.unpad(
|
plaintext = PKCS7.unpad(
|
||||||
|
@ -55,7 +55,6 @@ class Identity:
|
|||||||
# Non-configurable constants
|
# Non-configurable constants
|
||||||
FERNET_VERSION = RNS.Cryptography.Fernet.FERNET_VERSION
|
FERNET_VERSION = RNS.Cryptography.Fernet.FERNET_VERSION
|
||||||
FERNET_OVERHEAD = RNS.Cryptography.Fernet.FERNET_OVERHEAD
|
FERNET_OVERHEAD = RNS.Cryptography.Fernet.FERNET_OVERHEAD
|
||||||
OPTIMISED_FERNET_OVERHEAD = RNS.Cryptography.Fernet.OPTIMISED_FERNET_OVERHEAD
|
|
||||||
AES128_BLOCKSIZE = 16 # In bytes
|
AES128_BLOCKSIZE = 16 # In bytes
|
||||||
HASHLENGTH = 256 # In bits
|
HASHLENGTH = 256 # In bits
|
||||||
SIGLENGTH = KEYSIZE # In bits
|
SIGLENGTH = KEYSIZE # In bits
|
||||||
|
17
RNS/Link.py
17
RNS/Link.py
@ -59,7 +59,7 @@ class Link:
|
|||||||
ECPUBSIZE = 32+32
|
ECPUBSIZE = 32+32
|
||||||
KEYSIZE = 32
|
KEYSIZE = 32
|
||||||
|
|
||||||
MDU = math.floor((RNS.Reticulum.MTU-RNS.Reticulum.IFAC_MIN_SIZE-RNS.Reticulum.HEADER_MINSIZE-RNS.Identity.OPTIMISED_FERNET_OVERHEAD)/RNS.Identity.AES128_BLOCKSIZE)*RNS.Identity.AES128_BLOCKSIZE - 1
|
MDU = math.floor((RNS.Reticulum.MTU-RNS.Reticulum.IFAC_MIN_SIZE-RNS.Reticulum.HEADER_MINSIZE-RNS.Identity.FERNET_OVERHEAD)/RNS.Identity.AES128_BLOCKSIZE)*RNS.Identity.AES128_BLOCKSIZE - 1
|
||||||
|
|
||||||
ESTABLISHMENT_TIMEOUT_PER_HOP = RNS.Reticulum.DEFAULT_PER_HOP_TIMEOUT
|
ESTABLISHMENT_TIMEOUT_PER_HOP = RNS.Reticulum.DEFAULT_PER_HOP_TIMEOUT
|
||||||
"""
|
"""
|
||||||
@ -788,16 +788,7 @@ class Link:
|
|||||||
RNS.log("Could not "+str(self)+" instantiate Fernet while performin encryption on link. The contained exception was: "+str(e), RNS.LOG_ERROR)
|
RNS.log("Could not "+str(self)+" instantiate Fernet while performin encryption on link. The contained exception was: "+str(e), RNS.LOG_ERROR)
|
||||||
raise e
|
raise e
|
||||||
|
|
||||||
# The fernet token VERSION field is stripped here and
|
return self.fernet.encrypt(plaintext)
|
||||||
# reinserted on the receiving end, since it is always
|
|
||||||
# set to 0x80.
|
|
||||||
#
|
|
||||||
# Since we're also quite content with supporting time-
|
|
||||||
# stamps until the year 8921556 AD, we'll also strip 2
|
|
||||||
# bytes from the timestamp field and reinsert those as
|
|
||||||
# 0x00 when received.
|
|
||||||
ciphertext = self.fernet.encrypt(plaintext)[3:]
|
|
||||||
return ciphertext
|
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
RNS.log("Encryption on link "+str(self)+" failed. The contained exception was: "+str(e), RNS.LOG_ERROR)
|
RNS.log("Encryption on link "+str(self)+" failed. The contained exception was: "+str(e), RNS.LOG_ERROR)
|
||||||
@ -809,8 +800,8 @@ class Link:
|
|||||||
if not self.fernet:
|
if not self.fernet:
|
||||||
self.fernet = Fernet(self.derived_key)
|
self.fernet = Fernet(self.derived_key)
|
||||||
|
|
||||||
plaintext = self.fernet.decrypt(bytes([RNS.Identity.FERNET_VERSION, 0x00, 0x00]) + ciphertext)
|
return self.fernet.decrypt(ciphertext)
|
||||||
return plaintext
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)
|
RNS.log("Decryption failed on link "+str(self)+". The contained exception was: "+str(e), RNS.LOG_ERROR)
|
||||||
|
|
||||||
|
@ -216,16 +216,18 @@ class Packet:
|
|||||||
self.destination_type = (self.flags & 0b00001100) >> 2
|
self.destination_type = (self.flags & 0b00001100) >> 2
|
||||||
self.packet_type = (self.flags & 0b00000011)
|
self.packet_type = (self.flags & 0b00000011)
|
||||||
|
|
||||||
|
DST_LEN = RNS.Reticulum.TRUNCATED_HASHLENGTH//8
|
||||||
|
|
||||||
if self.header_type == Packet.HEADER_2:
|
if self.header_type == Packet.HEADER_2:
|
||||||
self.transport_id = self.raw[2:12]
|
self.transport_id = self.raw[2:DST_LEN+2]
|
||||||
self.destination_hash = self.raw[12:22]
|
self.destination_hash = self.raw[DST_LEN+2:2*DST_LEN+2]
|
||||||
self.context = ord(self.raw[22:23])
|
self.context = ord(self.raw[2*DST_LEN+2:2*DST_LEN+3])
|
||||||
self.data = self.raw[23:]
|
self.data = self.raw[2*DST_LEN+3:]
|
||||||
else:
|
else:
|
||||||
self.transport_id = None
|
self.transport_id = None
|
||||||
self.destination_hash = self.raw[2:12]
|
self.destination_hash = self.raw[2:DST_LEN+2]
|
||||||
self.context = ord(self.raw[12:13])
|
self.context = ord(self.raw[DST_LEN+2:DST_LEN+3])
|
||||||
self.data = self.raw[13:]
|
self.data = self.raw[DST_LEN+3:]
|
||||||
|
|
||||||
self.packed = False
|
self.packed = False
|
||||||
self.update_hash()
|
self.update_hash()
|
||||||
|
@ -117,7 +117,7 @@ class Reticulum:
|
|||||||
DEFAULT_PER_HOP_TIMEOUT = 5
|
DEFAULT_PER_HOP_TIMEOUT = 5
|
||||||
|
|
||||||
# Length of truncated hashes in bits.
|
# Length of truncated hashes in bits.
|
||||||
TRUNCATED_HASHLENGTH = 80
|
TRUNCATED_HASHLENGTH = 128
|
||||||
|
|
||||||
HEADER_MINSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*1
|
HEADER_MINSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*1
|
||||||
HEADER_MAXSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*2
|
HEADER_MAXSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*2
|
||||||
|
@ -212,7 +212,7 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
|
|||||||
temp_file.write(real_file.read())
|
temp_file.write(real_file.read())
|
||||||
temp_file.seek(0)
|
temp_file.seek(0)
|
||||||
|
|
||||||
print("\r \r", end="")
|
print("\r \r", end="")
|
||||||
|
|
||||||
reticulum = RNS.Reticulum(configdir=configdir, loglevel=targetloglevel)
|
reticulum = RNS.Reticulum(configdir=configdir, loglevel=targetloglevel)
|
||||||
|
|
||||||
@ -240,10 +240,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
|
|||||||
i = (i+1)%len(syms)
|
i = (i+1)%len(syms)
|
||||||
|
|
||||||
if not RNS.Transport.has_path(destination_hash):
|
if not RNS.Transport.has_path(destination_hash):
|
||||||
print("\r \rPath not found")
|
print("\r \rPath not found")
|
||||||
exit(1)
|
exit(1)
|
||||||
else:
|
else:
|
||||||
print("\r \rEstablishing link with "+RNS.prettyhexrep(destination_hash)+" ", end=" ")
|
print("\r \rEstablishing link with "+RNS.prettyhexrep(destination_hash)+" ", end=" ")
|
||||||
|
|
||||||
receiver_identity = RNS.Identity.recall(destination_hash)
|
receiver_identity = RNS.Identity.recall(destination_hash)
|
||||||
receiver_destination = RNS.Destination(
|
receiver_destination = RNS.Destination(
|
||||||
@ -262,10 +262,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
|
|||||||
i = (i+1)%len(syms)
|
i = (i+1)%len(syms)
|
||||||
|
|
||||||
if not RNS.Transport.has_path(destination_hash):
|
if not RNS.Transport.has_path(destination_hash):
|
||||||
print("\r \rCould not establish link with "+RNS.prettyhexrep(destination_hash))
|
print("\r \rCould not establish link with "+RNS.prettyhexrep(destination_hash))
|
||||||
exit(1)
|
exit(1)
|
||||||
else:
|
else:
|
||||||
print("\r \rAdvertising file resource ", end=" ")
|
print("\r \rAdvertising file resource ", end=" ")
|
||||||
|
|
||||||
link.identify(identity)
|
link.identify(identity)
|
||||||
resource = RNS.Resource(temp_file, link, callback = sender_progress, progress_callback = sender_progress)
|
resource = RNS.Resource(temp_file, link, callback = sender_progress, progress_callback = sender_progress)
|
||||||
@ -279,10 +279,10 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
|
|||||||
|
|
||||||
|
|
||||||
if resource.status > RNS.Resource.COMPLETE:
|
if resource.status > RNS.Resource.COMPLETE:
|
||||||
print("\r \rFile was not accepted by "+RNS.prettyhexrep(destination_hash))
|
print("\r \rFile was not accepted by "+RNS.prettyhexrep(destination_hash))
|
||||||
exit(1)
|
exit(1)
|
||||||
else:
|
else:
|
||||||
print("\r \rTransferring file ", end=" ")
|
print("\r \rTransferring file ", end=" ")
|
||||||
|
|
||||||
while not resource_done:
|
while not resource_done:
|
||||||
time.sleep(0.1)
|
time.sleep(0.1)
|
||||||
@ -294,7 +294,7 @@ def send(configdir, verbosity = 0, quietness = 0, destination = None, file = Non
|
|||||||
i = (i+1)%len(syms)
|
i = (i+1)%len(syms)
|
||||||
|
|
||||||
if current_resource.status != RNS.Resource.COMPLETE:
|
if current_resource.status != RNS.Resource.COMPLETE:
|
||||||
print("\r \rThe transfer failed")
|
print("\r \rThe transfer failed")
|
||||||
exit(1)
|
exit(1)
|
||||||
else:
|
else:
|
||||||
print("\r \r"+str(file_path)+" copied to "+RNS.prettyhexrep(destination_hash))
|
print("\r \r"+str(file_path)+" copied to "+RNS.prettyhexrep(destination_hash))
|
||||||
|
@ -172,6 +172,15 @@ def prettysize(num, suffix='B'):
|
|||||||
|
|
||||||
return "%.2f%s%s" % (num, last_unit, suffix)
|
return "%.2f%s%s" % (num, last_unit, suffix)
|
||||||
|
|
||||||
|
def phyparams():
|
||||||
|
print("Required Physical Layer MTU : "+str(Reticulum.MTU)+" bytes")
|
||||||
|
print("Plaintext Packet MDU : "+str(Packet.PLAIN_MDU)+" bytes")
|
||||||
|
print("Encrypted Packet MDU : "+str(Packet.ENCRYPTED_MDU)+" bytes")
|
||||||
|
print("Link Curve : "+str(Link.CURVE))
|
||||||
|
print("Link Packet MDU : "+str(Packet.ENCRYPTED_MDU)+" bytes")
|
||||||
|
print("Link Public Key Size : "+str(Link.ECPUBSIZE*8)+" bits")
|
||||||
|
print("Link Private Key Size : "+str(Link.KEYSIZE*8)+" bits")
|
||||||
|
|
||||||
def panic():
|
def panic():
|
||||||
os._exit(255)
|
os._exit(255)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user