Removed option to allow unencrypted links.
This commit is contained in:
parent
0fe76d50f6
commit
cd9daaefee
@ -11,5 +11,4 @@ class Interface:
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
def get_hash(self):
|
def get_hash(self):
|
||||||
# TODO: Maybe expand this to something more unique
|
|
||||||
return RNS.Identity.full_hash(str(self).encode("utf-8"))
|
return RNS.Identity.full_hash(str(self).encode("utf-8"))
|
27
RNS/Link.py
27
RNS/Link.py
@ -130,7 +130,6 @@ class Link:
|
|||||||
self.destination = destination
|
self.destination = destination
|
||||||
self.attached_interface = None
|
self.attached_interface = None
|
||||||
self.__remote_identity = None
|
self.__remote_identity = None
|
||||||
self.__encryption_disabled = False
|
|
||||||
if self.destination == None:
|
if self.destination == None:
|
||||||
self.initiator = False
|
self.initiator = False
|
||||||
self.prv = self.owner.identity.prv
|
self.prv = self.owner.identity.prv
|
||||||
@ -699,8 +698,6 @@ class Link:
|
|||||||
|
|
||||||
|
|
||||||
def encrypt(self, plaintext):
|
def encrypt(self, plaintext):
|
||||||
if self.__encryption_disabled:
|
|
||||||
return plaintext
|
|
||||||
try:
|
try:
|
||||||
if not self.fernet:
|
if not self.fernet:
|
||||||
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
|
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
|
||||||
@ -722,8 +719,6 @@ class Link:
|
|||||||
|
|
||||||
|
|
||||||
def decrypt(self, ciphertext):
|
def decrypt(self, ciphertext):
|
||||||
if self.__encryption_disabled:
|
|
||||||
return ciphertext
|
|
||||||
try:
|
try:
|
||||||
if not self.fernet:
|
if not self.fernet:
|
||||||
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
|
self.fernet = Fernet(base64.urlsafe_b64encode(self.derived_key))
|
||||||
@ -842,28 +837,6 @@ class Link:
|
|||||||
else:
|
else:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def disable_encryption(self):
|
|
||||||
"""
|
|
||||||
HAZARDOUS. This will downgrade the link to encryptionless. All
|
|
||||||
information over the link will be sent in plaintext. Never use
|
|
||||||
this in production applications. Should only be used for debugging
|
|
||||||
purposes, and will disappear in a future version.
|
|
||||||
|
|
||||||
If encryptionless links are not explicitly allowed in the users
|
|
||||||
configuration file, Reticulum will terminate itself along with the
|
|
||||||
client application and throw an error message to the user.
|
|
||||||
"""
|
|
||||||
if (RNS.Reticulum.should_allow_unencrypted()):
|
|
||||||
RNS.log("The link "+str(self)+" was downgraded to an encryptionless link", RNS.LOG_NOTICE)
|
|
||||||
self.__encryption_disabled = True
|
|
||||||
else:
|
|
||||||
RNS.log("Attempt to disable encryption on link, but encryptionless links are not allowed by config.", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("Shutting down Reticulum now!", RNS.LOG_CRITICAL)
|
|
||||||
RNS.panic()
|
|
||||||
|
|
||||||
def encryption_disabled(self):
|
|
||||||
return self.__encryption_disabled
|
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return RNS.prettyhexrep(self.link_id)
|
return RNS.prettyhexrep(self.link_id)
|
||||||
|
|
||||||
|
@ -238,11 +238,8 @@ class Resource:
|
|||||||
# make optimal use of packet MTU on an entire
|
# make optimal use of packet MTU on an entire
|
||||||
# encrypted stream. The Resource instance will
|
# encrypted stream. The Resource instance will
|
||||||
# use it's underlying link directly to encrypt.
|
# use it's underlying link directly to encrypt.
|
||||||
if not self.link.encryption_disabled():
|
|
||||||
self.data = self.link.encrypt(self.data)
|
self.data = self.link.encrypt(self.data)
|
||||||
self.encrypted = True
|
self.encrypted = True
|
||||||
else:
|
|
||||||
self.encrypted = False
|
|
||||||
|
|
||||||
self.size = len(self.data)
|
self.size = len(self.data)
|
||||||
self.sent_parts = 0
|
self.sent_parts = 0
|
||||||
|
@ -95,7 +95,6 @@ class Reticulum:
|
|||||||
Reticulum.cachepath = Reticulum.configdir+"/storage/cache"
|
Reticulum.cachepath = Reticulum.configdir+"/storage/cache"
|
||||||
Reticulum.resourcepath = Reticulum.configdir+"/storage/resources"
|
Reticulum.resourcepath = Reticulum.configdir+"/storage/resources"
|
||||||
|
|
||||||
Reticulum.__allow_unencrypted = False
|
|
||||||
Reticulum.__transport_enabled = False
|
Reticulum.__transport_enabled = False
|
||||||
Reticulum.__use_implicit_proof = True
|
Reticulum.__use_implicit_proof = True
|
||||||
|
|
||||||
@ -202,20 +201,6 @@ class Reticulum:
|
|||||||
Reticulum.__use_implicit_proof = True
|
Reticulum.__use_implicit_proof = True
|
||||||
if v == False:
|
if v == False:
|
||||||
Reticulum.__use_implicit_proof = False
|
Reticulum.__use_implicit_proof = False
|
||||||
if option == "allow_unencrypted":
|
|
||||||
v = self.config["reticulum"].as_bool(option)
|
|
||||||
if v == True:
|
|
||||||
RNS.log("", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("! ! ! ! ! ! ! ! !", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("Danger! Encryptionless links have been allowed in the config file!", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("Beware of the consequences! Any data sent over a link can potentially be intercepted,", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("read and modified! If you are not absolutely sure that you want this,", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("you should exit Reticulum NOW and change your config file!", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("! ! ! ! ! ! ! ! !", RNS.LOG_CRITICAL)
|
|
||||||
RNS.log("", RNS.LOG_CRITICAL)
|
|
||||||
Reticulum.__allow_unencrypted = True
|
|
||||||
|
|
||||||
self.__start_local_interface()
|
self.__start_local_interface()
|
||||||
|
|
||||||
@ -466,16 +451,6 @@ class Reticulum:
|
|||||||
self.config.write()
|
self.config.write()
|
||||||
self.__apply_config()
|
self.__apply_config()
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def should_allow_unencrypted():
|
|
||||||
"""
|
|
||||||
Returns whether unencrypted links are allowed by the
|
|
||||||
current configuration.
|
|
||||||
|
|
||||||
:returns: True if the current running configuration allows downgrading links to plaintext. False if not.
|
|
||||||
"""
|
|
||||||
return Reticulum.__allow_unencrypted
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def should_use_implicit_proof():
|
def should_use_implicit_proof():
|
||||||
"""
|
"""
|
||||||
@ -506,14 +481,6 @@ __default_rns_config__ = '''# This is the default Reticulum config file.
|
|||||||
|
|
||||||
[reticulum]
|
[reticulum]
|
||||||
|
|
||||||
# Don't allow unencrypted links by default.
|
|
||||||
# If you REALLY need to allow unencrypted links, for example
|
|
||||||
# for debug or regulatory purposes, this can be set to true.
|
|
||||||
# This directive is optional and can be removed for brevity.
|
|
||||||
|
|
||||||
allow_unencrypted = False
|
|
||||||
|
|
||||||
|
|
||||||
# If you enable Transport, your system will route traffic
|
# If you enable Transport, your system will route traffic
|
||||||
# for other peers, pass announces and serve path requests.
|
# for other peers, pass announces and serve path requests.
|
||||||
# This should be done for systems that are suited to act
|
# This should be done for systems that are suited to act
|
||||||
|
@ -99,15 +99,13 @@
|
|||||||
<li><a href="reference.html#RNS.Identity.decrypt">(RNS.Identity method)</a>
|
<li><a href="reference.html#RNS.Identity.decrypt">(RNS.Identity method)</a>
|
||||||
</li>
|
</li>
|
||||||
</ul></li>
|
</ul></li>
|
||||||
<li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
|
|
||||||
</li>
|
|
||||||
</ul></td>
|
</ul></td>
|
||||||
<td style="width: 33%; vertical-align: top;"><ul>
|
<td style="width: 33%; vertical-align: top;"><ul>
|
||||||
|
<li><a href="reference.html#RNS.Transport.deregister_announce_handler">deregister_announce_handler() (RNS.Transport static method)</a>
|
||||||
|
</li>
|
||||||
<li><a href="reference.html#RNS.Destination.deregister_request_handler">deregister_request_handler() (RNS.Destination method)</a>
|
<li><a href="reference.html#RNS.Destination.deregister_request_handler">deregister_request_handler() (RNS.Destination method)</a>
|
||||||
</li>
|
</li>
|
||||||
<li><a href="reference.html#RNS.Destination">Destination (class in RNS)</a>
|
<li><a href="reference.html#RNS.Destination">Destination (class in RNS)</a>
|
||||||
</li>
|
|
||||||
<li><a href="reference.html#RNS.Link.disable_encryption">disable_encryption() (RNS.Link method)</a>
|
|
||||||
</li>
|
</li>
|
||||||
</ul></td>
|
</ul></td>
|
||||||
</tr></table>
|
</tr></table>
|
||||||
@ -346,8 +344,6 @@
|
|||||||
<li><a href="reference.html#RNS.PacketReceipt.set_timeout">set_timeout() (RNS.PacketReceipt method)</a>
|
<li><a href="reference.html#RNS.PacketReceipt.set_timeout">set_timeout() (RNS.PacketReceipt method)</a>
|
||||||
</li>
|
</li>
|
||||||
<li><a href="reference.html#RNS.PacketReceipt.set_timeout_callback">set_timeout_callback() (RNS.PacketReceipt method)</a>
|
<li><a href="reference.html#RNS.PacketReceipt.set_timeout_callback">set_timeout_callback() (RNS.PacketReceipt method)</a>
|
||||||
</li>
|
|
||||||
<li><a href="reference.html#RNS.Reticulum.should_allow_unencrypted">should_allow_unencrypted() (RNS.Reticulum static method)</a>
|
|
||||||
</li>
|
</li>
|
||||||
<li><a href="reference.html#RNS.Reticulum.should_use_implicit_proof">should_use_implicit_proof() (RNS.Reticulum static method)</a>
|
<li><a href="reference.html#RNS.Reticulum.should_use_implicit_proof">should_use_implicit_proof() (RNS.Reticulum static method)</a>
|
||||||
</li>
|
</li>
|
||||||
|
Binary file not shown.
@ -84,18 +84,6 @@ MTU is a prerequisite for peers to communicate in the same network.</p>
|
|||||||
the default value.</p>
|
the default value.</p>
|
||||||
</dd></dl>
|
</dd></dl>
|
||||||
|
|
||||||
<dl class="py method">
|
|
||||||
<dt class="sig sig-object py" id="RNS.Reticulum.should_allow_unencrypted">
|
|
||||||
<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_allow_unencrypted</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_allow_unencrypted" title="Permalink to this definition">¶</a></dt>
|
|
||||||
<dd><p>Returns whether unencrypted links are allowed by the
|
|
||||||
current configuration.</p>
|
|
||||||
<dl class="field-list simple">
|
|
||||||
<dt class="field-odd">Returns</dt>
|
|
||||||
<dd class="field-odd"><p>True if the current running configuration allows downgrading links to plaintext. False if not.</p>
|
|
||||||
</dd>
|
|
||||||
</dl>
|
|
||||||
</dd></dl>
|
|
||||||
|
|
||||||
<dl class="py method">
|
<dl class="py method">
|
||||||
<dt class="sig sig-object py" id="RNS.Reticulum.should_use_implicit_proof">
|
<dt class="sig sig-object py" id="RNS.Reticulum.should_use_implicit_proof">
|
||||||
<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_use_implicit_proof</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_use_implicit_proof" title="Permalink to this definition">¶</a></dt>
|
<em class="property"><span class="pre">static</span> </em><span class="sig-name descname"><span class="pre">should_use_implicit_proof</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Reticulum.should_use_implicit_proof" title="Permalink to this definition">¶</a></dt>
|
||||||
@ -969,18 +957,6 @@ identified over this link.</p>
|
|||||||
</dl>
|
</dl>
|
||||||
</dd></dl>
|
</dd></dl>
|
||||||
|
|
||||||
<dl class="py method">
|
|
||||||
<dt class="sig sig-object py" id="RNS.Link.disable_encryption">
|
|
||||||
<span class="sig-name descname"><span class="pre">disable_encryption</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#RNS.Link.disable_encryption" title="Permalink to this definition">¶</a></dt>
|
|
||||||
<dd><p>HAZARDOUS. This will downgrade the link to encryptionless. All
|
|
||||||
information over the link will be sent in plaintext. Never use
|
|
||||||
this in production applications. Should only be used for debugging
|
|
||||||
purposes, and will disappear in a future version.</p>
|
|
||||||
<p>If encryptionless links are not explicitly allowed in the users
|
|
||||||
configuration file, Reticulum will terminate itself along with the
|
|
||||||
client application and throw an error message to the user.</p>
|
|
||||||
</dd></dl>
|
|
||||||
|
|
||||||
</dd></dl>
|
</dd></dl>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user