Git-Mirrors/Reticulum
1
0
Fork 0
mirror of https://github.com/markqvist/Reticulum.git synced 2025-08-09 15:03:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Implemented interface authentication and virtual network segmentation

Browse source
This commit is contained in:
Mark Qvist 2022-04-27 19:00:09 +02:00
parent b701cdd07f
commit 5d90ea565a
4 changed files with 117 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

76
RNS/Reticulum.py
View file

@ -21,6 +21,11 @@
# SOFTWARE.
from .vendor.platformutils import get_platform
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.backends import default_backend
cio_default_backend = default_backend()
if get_platform() == "android":
from .Interfaces import Interface
@ -122,6 +127,7 @@ class Reticulum:
HEADER_MINSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*1
HEADER_MAXSIZE = 2+1+(TRUNCATED_HASHLENGTH//8)*2
IFAC_MIN_SIZE = 1
IFAC_SALT = bytes.fromhex("adf54d882c9a9b80771eb4995d702d4a3e733391b2a0f53f416d9f907e55cff8")
MDU = MTU - HEADER_MAXSIZE - IFAC_MIN_SIZE
@ -186,6 +192,8 @@ class Reticulum:
self.share_instance = True
self.rpc_listener = None
self.ifac_salt = Reticulum.IFAC_SALT
self.requested_loglevel = loglevel
if self.requested_loglevel != None:
if self.requested_loglevel > RNS.LOG_EXTREME:
@ -356,14 +364,20 @@ class Reticulum:
ifac_size = c.as_int("ifac_size")
ifac_netname = None
if "ifac_netname" in c:
if c.as_int("ifac_netname") >= Reticulum.IFAC_MIN_SIZE:
ifac_netname = c.as_int("ifac_netname")
if "networkname" in c:
if c["networkname"] != "":
ifac_netname = c["networkname"]
if "network_name" in c:
if c["network_name"] != "":
ifac_netname = c["network_name"]
ifac_netkey = None
if "ifac_netkey" in c:
if c.as_int("ifac_netkey") >= Reticulum.IFAC_MIN_SIZE:
ifac_netkey = c.as_int("ifac_netkey")
if "passphrase" in c:
if c["passphrase"] != "":
ifac_netkey = c["passphrase"]
if "pass_phrase" in c:
if c["pass_phrase"] != "":
ifac_netkey = c["pass_phrase"]
configured_bitrate = None
if "bitrate" in c:
@ -406,8 +420,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -452,8 +464,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -492,8 +502,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -529,8 +537,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -562,8 +568,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -599,8 +603,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -650,8 +652,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -702,8 +702,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -748,8 +746,6 @@ class Reticulum:
interface.mode = interface_mode
RNS.Transport.interfaces.append(interface)
interface.announce_cap = announce_cap
if configured_bitrate:
interface.bitrate = configured_bitrate
@ -762,6 +758,27 @@ class Reticulum:
interface.ifac_netname = ifac_netname
interface.ifac_netkey = ifac_netkey
if interface.ifac_netname != None or interface.ifac_netkey != None:
ifac_origin = b""
if interface.ifac_netname != None:
ifac_origin += RNS.Identity.full_hash(interface.ifac_netname.encode("utf-8"))
if interface.ifac_netkey != None:
ifac_origin += RNS.Identity.full_hash(interface.ifac_netkey.encode("utf-8"))
ifac_origin_hash = RNS.Identity.full_hash(ifac_origin)
interface.ifac_key = HKDF(
algorithm=hashes.SHA256(),
length=64,
salt=self.ifac_salt,
info=None,
backend=cio_default_backend,
).derive(ifac_origin_hash)
interface.ifac_identity = RNS.Identity.from_bytes(interface.ifac_key)
interface.ifac_signature = interface.ifac_identity.sign(RNS.Identity.full_hash(interface.ifac_key))
RNS.Transport.interfaces.append(interface)
else:
@ -859,6 +876,15 @@ class Reticulum:
else:
ifstats["peers"] = None
if hasattr(interface, "ifac_signature"):
ifstats["ifac_signature"] = interface.ifac_signature
ifstats["ifac_size"] = interface.ifac_size
ifstats["ifac_netname"] = interface.ifac_netname
else:
ifstats["ifac_signature"] = None
ifstats["ifac_size"] = None
ifstats["ifac_netname"] = None
if hasattr(interface, "announce_queue"):
if interface.announce_queue != None:
ifstats["announce_queue"] = len(interface.announce_queue)