Implemented discovery announce encryption

2026-04-27 14:20:35 +00:00 · 2026-01-03 02:20:24 +01:00 · 2026-01-03 02:20:24 +01:00 · f2a778ffa4
commit f2a778ffa4
parent 1a77b5752c
2 changed files with 23 additions and 9 deletions
--- a/RNS/Discovery.py
+++ b/RNS/Discovery.py
@ -93,7 +93,7 @@ class InterfaceAnnouncer():

        if not interface_type in self.DISCOVERABLE_INTERFACE_TYPES: return None
        else:
-            flags = bytes([0x00])
+            flags = 0x00
            info  = {INTERFACE_TYPE: interface_type,
                     TRANSPORT:      RNS.Reticulum.transport_enabled(),
                     TRANSPORT_ID:   RNS.Transport.identity.hash,
@ -134,13 +134,22 @@ class InterfaceAnnouncer():
            packed    = msgpack.packb(info)
            infohash  = RNS.Identity.full_hash(packed)

-            if infohash in self.stamp_cache: return flags+packed+self.stamp_cache[infohash]
+            if infohash in self.stamp_cache: stamp = self.stamp_cache[infohash]
            else: stamp, v = self.stamper.generate_stamp(infohash, stamp_cost=stamp_value, expand_rounds=self.WORKBLOCK_EXPAND_ROUNDS)
-
            if not stamp: return None
-            else:
-                self.stamp_cache[infohash] = stamp
-                return flags+packed+stamp
+            else: self.stamp_cache[infohash] = stamp
+
+            if interface.discovery_encrypt:
+                flags |= InterfaceAnnounceHandler.FLAG_ENCRYPTED
+                if not self.owner.has_network_identity():
+                    RNS.log(f"Discovery encryption requested for {interface}, but no network identity configured. Aborting discovery announce.", RNS.LOG_ERROR)
+                    return None
+                
+                else: payload = self.owner.network_identity.encrypt(packed+stamp)
+                    
+            else: payload = packed+stamp
+
+            return bytes([flags])+payload

 class InterfaceAnnounceHandler:
    FLAG_SIGNED       = 0b00000001
@ -172,6 +181,11 @@ class InterfaceAnnounceHandler:
                signed    = flags & self.FLAG_SIGNED
                encrypted = flags & self.FLAG_ENCRYPTED

+                if encrypted:
+                    if not RNS.Transport.has_network_identity(): return
+                    app_data = RNS.Transport.network_identity.decrypt(app_data)
+                    if not app_data: return
+
                stamp     = app_data[-self.stamper.STAMP_SIZE:]
                packed    = app_data[:-self.stamper.STAMP_SIZE]
                infohash  = RNS.Identity.full_hash(packed)
--- a/RNS/Reticulum.py
+++ b/RNS/Reticulum.py
@ -708,7 +708,7 @@ class Reticulum:
                        discovery_announce_interval = None
                        discovery_stamp_value = None
                        discovery_name = None
-                        discovery_sign = False
+                        discovery_encrypt = False
                        reachable_on = None
                        publish_ifac = False
                        latitude = None
@ -728,7 +728,7 @@ class Reticulum:
                                if discovery_announce_interval == None: discovery_announce_interval = 6*60*60
                                if "discovery_stamp_value" in c: discovery_stamp_value = c.as_int("discovery_stamp_value")
                                if "discovery_name" in c: discovery_name = c["discovery_name"]
-                                if "discovery_sign" in c: discovery_sign = c.as_bool("discovery_sign")
+                                if "discovery_encrypt" in c: discovery_encrypt = c.as_bool("discovery_encrypt")
                                if "reachable_on" in c: reachable_on = c["reachable_on"]
                                if "publish_ifac" in c: publish_ifac = c.as_bool("publish_ifac")
                                if "latitude" in c: latitude = c.as_float("latitude")
@ -759,7 +759,7 @@ class Reticulum:
                                    interface.discovery_publish_ifac = publish_ifac
                                    interface.reachable_on = reachable_on
                                    interface.discovery_name = discovery_name
-                                    interface.discovery_sign = discovery_sign
+                                    interface.discovery_encrypt = discovery_encrypt
                                    interface.discovery_stamp_value = discovery_stamp_value
                                    interface.discovery_latitude = latitude
                                    interface.discovery_longitude = longitude