From 4e4c68071f241971ce033d6e8da62fb1ad8dee0e Mon Sep 17 00:00:00 2001 From: Mark Qvist Date: Tue, 13 May 2025 13:18:44 +0200 Subject: [PATCH] Removed legacy encryption modes. Default to AES-256 for links and packets. --- RNS/Cryptography/Token.py | 1 - RNS/Identity.py | 63 ++++++++++----------------------------- RNS/Link.py | 2 +- 3 files changed, 16 insertions(+), 50 deletions(-) diff --git a/RNS/Cryptography/Token.py b/RNS/Cryptography/Token.py index 53cc27a..c0ac5db 100644 --- a/RNS/Cryptography/Token.py +++ b/RNS/Cryptography/Token.py @@ -103,7 +103,6 @@ class Token(): def decrypt(self, token = None): - # RNS.log(f"Trying decryption with {self.mode}") # TODO: Remove if not isinstance(token, bytes): raise TypeError("Token must be bytes") if not self.verify_hmac(token): raise ValueError("Token HMAC was invalid") diff --git a/RNS/Identity.py b/RNS/Identity.py index c1e17aa..b5e9dfa 100644 --- a/RNS/Identity.py +++ b/RNS/Identity.py @@ -87,7 +87,6 @@ class Identity: """ DERIVED_KEY_LENGTH = 512//8 - DERIVED_KEY_LENGTH_LEGACY = 256//8 # Storage known_destinations = {} @@ -679,20 +678,8 @@ class Identity: shared_key = ephemeral_key.exchange(target_public_key) - # TODO: Reset after migration - # derived_key = RNS.Cryptography.hkdf( - # length=Identity.DERIVED_KEY_LENGTH, - # derive_from=shared_key, - # salt=self.get_salt(), - # context=self.get_context(), - # ) - - # Use legacy derived key length (AES-128) during migration by - # default. This allows AES-256 capable instances on RNS 0.9.5 - # to still communicate with older versions. This migration - # handling will be removed in RNS 0.9.6. derived_key = RNS.Cryptography.hkdf( - length=Identity.DERIVED_KEY_LENGTH_LEGACY, + length=Identity.DERIVED_KEY_LENGTH, derive_from=shared_key, salt=self.get_salt(), context=self.get_context(), @@ -706,6 +693,16 @@ class Identity: else: raise KeyError("Encryption failed because identity does not hold a public key") + def __decrypt(self, shared_key, ciphertext): + derived_key = RNS.Cryptography.hkdf( + length=Identity.DERIVED_KEY_LENGTH, + derive_from=shared_key, + salt=self.get_salt(), + context=self.get_context()) + + token = Token(derived_key) + plaintext = token.decrypt(ciphertext) + return plaintext def decrypt(self, ciphertext_token, ratchets=None, enforce_ratchets=False, ratchet_id_receiver=None): """ @@ -716,36 +713,6 @@ class Identity: :raises: *KeyError* if the instance does not hold a private key. """ - # This handles decryption during migration to AES-256 where - # older instances may still use AES-128. If decryption fails - # initially, AES-128 will be attempted as a fallback mode. - # This handler will be removed in RNS 0.9.6. - def migration_decrypt(shared_key, ciphertext): - try: - derived_key = RNS.Cryptography.hkdf( - length=Identity.DERIVED_KEY_LENGTH, - derive_from=shared_key, - salt=self.get_salt(), - context=self.get_context()) - - token = Token(derived_key) - plaintext = token.decrypt(ciphertext) - - # TODO: Remove after migration - # If decryption fails, try legacy decryption mode - except Exception as e: - RNS.log("Decryption failed, attempting legacy mode fallback", RNS.LOG_DEBUG) - derived_key = RNS.Cryptography.hkdf( - length=Identity.DERIVED_KEY_LENGTH_LEGACY, - derive_from=shared_key, - salt=self.get_salt(), - context=self.get_context()) - - token = Token(derived_key) - plaintext = token.decrypt(ciphertext) - - return plaintext - if self.prv != None: if len(ciphertext_token) > Identity.KEYSIZE//8//2: plaintext = None @@ -760,8 +727,7 @@ class Identity: ratchet_prv = X25519PrivateKey.from_private_bytes(ratchet) ratchet_id = Identity._get_ratchet_id(ratchet_prv.public_key().public_bytes()) shared_key = ratchet_prv.exchange(peer_pub) - plaintext = migration_decrypt(shared_key, ciphertext) - + plaintext = self.__decrypt(shared_key, ciphertext) if ratchet_id_receiver: ratchet_id_receiver.latest_ratchet_id = ratchet_id @@ -778,7 +744,7 @@ class Identity: if plaintext == None: shared_key = self.prv.exchange(peer_pub) - plaintext = migration_decrypt(shared_key, ciphertext) + plaintext = self.__decrypt(shared_key, ciphertext) if ratchet_id_receiver: ratchet_id_receiver.latest_ratchet_id = None @@ -788,7 +754,8 @@ class Identity: if ratchet_id_receiver: ratchet_id_receiver.latest_ratchet_id = None - return plaintext; + return plaintext + else: RNS.log("Decryption failed because the token size was invalid.", RNS.LOG_DEBUG) return None diff --git a/RNS/Link.py b/RNS/Link.py index 7118fca..2542c46 100644 --- a/RNS/Link.py +++ b/RNS/Link.py @@ -127,7 +127,7 @@ class Link: MODE_PQ_RESERVED_3 = 0x06 MODE_PQ_RESERVED_4 = 0x07 ENABLED_MODES = [MODE_AES128_CBC, MODE_AES256_CBC] - MODE_DEFAULT = MODE_AES128_CBC + MODE_DEFAULT = MODE_AES256_CBC MODE_DESCRIPTIONS = {MODE_AES128_CBC: "AES_128_CBC", MODE_AES256_CBC: "AES_256_CBC", MODE_AES256_GCM: "MODE_AES256_GCM",