Thanks to visit codestin.com
Credit goes to Github.com

Skip to content

Add AES-256 encryption support for cross-implementation compatibility#2

Open
ShaTie wants to merge 1 commit intoliamcottle:masterfrom
ShaTie:feature/aes256-support
Open

Add AES-256 encryption support for cross-implementation compatibility#2
ShaTie wants to merge 1 commit intoliamcottle:masterfrom
ShaTie:feature/aes256-support

Conversation

@ShaTie
Copy link

@ShaTie ShaTie commented Nov 14, 2025

Summary

This PR adds AES-256-CBC encryption support to achieve full compatibility with Python Reticulum's Link.MODE_AES256_CBC.

Changes

Core Encryption (fernet.js)

  • Support both 32-byte (AES-128) and 64-byte (AES-256) keys
  • Split 64-byte keys: first 32 bytes for signing (HMAC), last 32 bytes for encryption
  • Dynamic cipher mode selection based on key length

Link Encryption (link.js)

  • Use 64-byte derivedKey for AES-256 compatibility with Python
  • Update HKDF to generate 64-byte keys matching Python implementation
  • Add error handling in decrypt() to prevent crashes on decryption failures
  • Add null checks before using decrypted data

Interface Statistics (interface.js, websocket_client_interface.js)

  • Add statistics fields matching Python implementation: rxb, txb, online, OUT
  • Check WebSocket readyState before sending to prevent errors
  • Track byte counters for received/transmitted data
  • Set connection status flags on connect/disconnect

Testing

Tested with 11/11 E2E tests passing, including:

  • Cross-implementation message delivery (Python → JavaScript) ✅
  • Messages with LXMF fields (icons, images, audio, file attachments) ✅
  • Large messages (1MB+) ✅

Browser Compatibility

Works in browsers with standard polyfills:

  • crypto-browserify supports AES-256-CBC
  • Already tested in meshchat-web with Vite + node polyfills

Backwards Compatibility

Fully backwards compatible - still supports 32-byte AES-128 mode for existing implementations.

This commit adds AES-256-CBC encryption support to achieve full
compatibility with Python Reticulum's Link.MODE_AES256_CBC.

Changes:
- **fernet.js**: Support both 32-byte (AES-128) and 64-byte (AES-256) keys
  - Split 64-byte keys: first 32 bytes for signing, last 32 for encryption
  - Dynamic cipher mode selection based on key length

- **link.js**: Use 64-byte derivedKey for AES-256 compatibility
  - Update HKDF to generate 64-byte keys matching Python implementation
  - Add error handling in decrypt() to prevent crashes on decryption failures
  - Add null checks before using decrypted data

- **interface.js**: Add statistics fields matching Python implementation
  - rxb/txb counters for received/transmitted bytes
  - online/OUT status flags

- **websocket_client_interface.js**: Improve connection handling
  - Check WebSocket readyState before sending
  - Track rxb/txb statistics
  - Set online/OUT flags on connect/disconnect

Tested with 11/11 E2E tests passing, including cross-implementation
message delivery (Python → JavaScript).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant