Implemented discovery announce encryption

2026-05-21 07:14:48 -07:00 · 2026-01-03 02:20:24 +01:00
parent 1a77b5752c
commit f2a778ffa4
2 changed files with 23 additions and 9 deletions
--- a/RNS/Discovery.py
+++ b/RNS/Discovery.py
@@ -93,7 +93,7 @@ class InterfaceAnnouncer():

        if not interface_type in self.DISCOVERABLE_INTERFACE_TYPES: return None
        else:
-            flags = bytes([0x00])
+            flags = 0x00
            info  = {INTERFACE_TYPE: interface_type,
                     TRANSPORT:      RNS.Reticulum.transport_enabled(),
                     TRANSPORT_ID:   RNS.Transport.identity.hash,
@@ -134,13 +134,22 @@ class InterfaceAnnouncer():
            packed    = msgpack.packb(info)
            infohash  = RNS.Identity.full_hash(packed)

-            if infohash in self.stamp_cache: return flags+packed+self.stamp_cache[infohash]
+            if infohash in self.stamp_cache: stamp = self.stamp_cache[infohash]
            else: stamp, v = self.stamper.generate_stamp(infohash, stamp_cost=stamp_value, expand_rounds=self.WORKBLOCK_EXPAND_ROUNDS)
-
            if not stamp: return None
-            else:
-                self.stamp_cache[infohash] = stamp
-                return flags+packed+stamp
+            else: self.stamp_cache[infohash] = stamp
+
+            if interface.discovery_encrypt:
+                flags |= InterfaceAnnounceHandler.FLAG_ENCRYPTED
+                if not self.owner.has_network_identity():
+                    RNS.log(f"Discovery encryption requested for {interface}, but no network identity configured. Aborting discovery announce.", RNS.LOG_ERROR)
+                    return None
+                
+                else: payload = self.owner.network_identity.encrypt(packed+stamp)
+                    
+            else: payload = packed+stamp
+
+            return bytes([flags])+payload

 class InterfaceAnnounceHandler:
    FLAG_SIGNED       = 0b00000001
@@ -172,6 +181,11 @@ class InterfaceAnnounceHandler:
                signed    = flags & self.FLAG_SIGNED
                encrypted = flags & self.FLAG_ENCRYPTED

+                if encrypted:
+                    if not RNS.Transport.has_network_identity(): return
+                    app_data = RNS.Transport.network_identity.decrypt(app_data)
+                    if not app_data: return
+
                stamp     = app_data[-self.stamper.STAMP_SIZE:]
                packed    = app_data[:-self.stamper.STAMP_SIZE]
                infohash  = RNS.Identity.full_hash(packed)