Git-Mirrors/Reticulum
1
0
Fork 0
mirror of https://github.com/markqvist/Reticulum.git synced 2025-05-23 16:51:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Cleanup

Browse source
This commit is contained in:
Mark Qvist 2025-05-13 13:26:26 +02:00
parent 4e4c68071f
commit 11e06b477e
1 changed files with 3 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

16
RNS/Cryptography/Token.py
View file

@ -37,9 +37,6 @@ from RNS.Cryptography import AES
from RNS.Cryptography.AES import AES_128_CBC from RNS.Cryptography.AES import AES_128_CBC
from RNS.Cryptography.AES import AES_256_CBC from RNS.Cryptography.AES import AES_256_CBC
# TODO: Remove after migration
import RNS
class Token(): class Token():
""" """
This class provides a slightly modified implementation of the Fernet spec This class provides a slightly modified implementation of the Fernet spec
@ -53,7 +50,7 @@ class Token():
TOKEN_OVERHEAD = 48 # Bytes TOKEN_OVERHEAD = 48 # Bytes
@staticmethod @staticmethod
def generate_key(mode=AES_128_CBC): def generate_key(mode=AES_256_CBC):
if mode == AES_128_CBC: return os.urandom(32) if mode == AES_128_CBC: return os.urandom(32)
elif mode == AES_256_CBC: return os.urandom(64) elif mode == AES_256_CBC: return os.urandom(64)
else: raise TypeError(f"Invalid token mode: {mode}") else: raise TypeError(f"Invalid token mode: {mode}")
@ -91,14 +88,12 @@ class Token():
if not isinstance(data, bytes): raise TypeError("Token plaintext input must be bytes") if not isinstance(data, bytes): raise TypeError("Token plaintext input must be bytes")
iv = os.urandom(16) iv = os.urandom(16)
# RNS.log(f"Encrypting with {self.mode}") # TODO: Remove
ciphertext = self.mode.encrypt( ciphertext = self.mode.encrypt(
plaintext = PKCS7.pad(data), plaintext = PKCS7.pad(data),
key = self._encryption_key, key = self._encryption_key,
iv = iv) iv = iv)
signed_parts = iv+ciphertext signed_parts = iv+ciphertext
return signed_parts + HMAC.new(self._signing_key, signed_parts).digest() return signed_parts + HMAC.new(self._signing_key, signed_parts).digest()
@ -110,15 +105,10 @@ class Token():
ciphertext = token[16:-32] ciphertext = token[16:-32]
try: try:
plaintext = PKCS7.unpad( return PKCS7.unpad(
self.mode.decrypt( self.mode.decrypt(
ciphertext = ciphertext, ciphertext = ciphertext,
key = self._encryption_key, key = self._encryption_key,
iv = iv)) iv = iv))
# RNS.log(f"Decrypted packet with {self.mode}") # TODO: Remove except Exception as e: raise ValueError(f"Could not decrypt token: {e}")
return plaintext
except Exception as e:
RNS.trace_exception(e) # TODO: Remove after migration
raise ValueError("Could not decrypt token")