Merge pull request #22 from Dione-Software/fix_critical_bug

Fix critical bug
2022-03-23 17:27:36 +01:00 · 2022-03-23 17:27:36 +01:00 · 9d635cd3c9
commit 9d635cd3c9
parent 21f6deb629 8c3fa0dd10
5 changed files with 22 additions and 16 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -6,7 +6,7 @@ homepage = "https://github.com/Dione-Software/double-ratchet-2"
 repository = "https://github.com/Dione-Software/double-ratchet-2"
 readme = "README.md"
 keywords = ["double-ratchet", "crypto", "cryptography", "signal"]
-version = "0.3.5"
+version = "0.3.6"
 edition = "2018"
 license = "MIT"

@ -28,7 +28,7 @@ sha2 = {version = "0.9.5", optional = true}
 serde = {version = "1.0.125", default-features = false, features = ["derive"]}
 serde_bytes = "0.11.5"
 bincode = "1.3.3"
-hashbrown = {version = "0.11.2", features = ["serde"]}
+hashbrown = {version = "0.12", features = ["serde"]}
 zeroize = {version = "1.3", features = ["zeroize_derive"]}
 const-oid = "0.7.0"

@ -46,4 +46,4 @@ opt-level = 3
 [features]
 default = ["sha2"]
 ring = ["ring-compat/digest"]
-wasm = ["getrandom/js"]
+wasm = ["getrandom/js"]
--- a/README.md
+++ b/README.md
@ -8,6 +8,8 @@

 Implementation of the double ratchet system/encryption as specified by [Signal][1].

+**WARNING! This implementation uses P-256 NOT Curve25519 as specified by Signal!**
+
 The implementation follows the cryptographic recommendations provided by [Signal][2].
 The AEAD Algorithm uses a constant Nonce. This might be changed in the future.

@ -118,12 +120,9 @@ assert_eq!(im_ratchet, bob_ratchet)

 ## Features

-The crate supports a feature for better performance: ring. If feature is enabled the crate switches
+Currently the crate only supports one feature: ring. If feature is enabled the crate switches
 to ring-compat and uses ring as backend for Sha512 Hashing. May result in slightly better performance.

-### WASM
-
-For WASM support enable the feature `wasm`.

 TODO:
 - [x] Standard Double Ratchet
@ -133,6 +132,6 @@ TODO:
 [2]: https://signal.org/docs/specifications/doubleratchet/#recommended-cryptographic-algorithms
 [3]: https://signal.org/docs/specifications/doubleratchet/#double-ratchet-with-header-encryption

-Current version: 0.3.4
+Current version: 0.4.0

 License: MIT
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1,5 +1,7 @@
 //! Implementation of the double ratchet system/encryption as specified by [Signal][1].
 //!
+//! **WARNING! This implementation uses P-256 NOT Curve25519 as specified by Signal!**
+//!
 //! The implementation follows the cryptographic recommendations provided by [Signal][2].
 //! The AEAD Algorithm uses a constant Nonce. This might be changed in the future.
 //!
--- a/src/ratchet.rs
+++ b/src/ratchet.rs
@ -111,10 +111,11 @@ impl Ratchet {
            return Err("Skipped to many keys");
        }
        match self.ckr {
-            Some(d) => {
+            Some(mut d) => {
                while self.nr < until {
                    let (ckr, mk) = kdf_ck(&d);
                    self.ckr = Some(ckr);
+                    d = ckr;
                    self.mkskipped.insert((self.dhr.unwrap().to_string().as_bytes().to_vec(), self.nr), mk);
                    self.nr += 1
                }
@ -372,10 +373,10 @@ impl RatchetEncHeader {
        if self.nr + MAX_SKIP < until {
            return Err("Skipping went wrong")
        }
-        if let Some(d) = self.ckr {
+        if let Some(d) = &mut self.ckr {
            while self.nr < until {
-                let (ckr, mk) = kdf_ck(&d);
-                self.ckr = Some(ckr);
+                let (ckr, mk) = kdf_ck(d);
+                *d = ckr;
                self.mkskipped.insert((self.hkr, self.nr), mk);
                self.nr += 1
            }
@ -444,4 +445,4 @@ impl RatchetEncHeader {
        let ex: ExRatchetEncHeader = bincode::deserialize(inp).unwrap();
        RatchetEncHeader::from(&ex)
    }
-}
+}
--- a/tests/mod.rs
+++ b/tests/mod.rs
@ -27,9 +27,11 @@ fn ratchet_enc_skip() {
    let data = include_bytes!("../src/header.rs").to_vec();
    let (header1, encrypted1, nonce1) = alice_ratchet.ratchet_encrypt(&data, b"");
    let (header2, encrypted2, nonce2) = alice_ratchet.ratchet_encrypt(&data, b"");
+    let (header3, encrypted3, nonce3) = alice_ratchet.ratchet_encrypt(&data, b"");
+    let decrypted3 = bob_ratchet.ratchet_decrypt(&header3, &encrypted3, &nonce3, b"");
    let decrypted2 = bob_ratchet.ratchet_decrypt(&header2, &encrypted2, &nonce2, b"");
    let decrypted1 = bob_ratchet.ratchet_decrypt(&header1, &encrypted1, &nonce1, b"");
-    let comp_res = decrypted1 == data && decrypted2 == data;
+    let comp_res = decrypted1 == data && decrypted2 == data && decrypted3 == data;
    assert!(comp_res)
 }

@ -101,9 +103,11 @@ fn ratchet_ench_enc_skip() {
    let data = include_bytes!("../src/header.rs").to_vec();
    let (header1, encrypted1, nonce1) = alice_ratchet.ratchet_encrypt(&data, b"");
    let (header2, encrypted2, nonce2) = alice_ratchet.ratchet_encrypt(&data, b"");
+    let (header3, encrypted3, nonce3) = alice_ratchet.ratchet_encrypt(&data, b"");
+    let decrypted3 = bob_ratchet.ratchet_decrypt(&header3, &encrypted3, &nonce3, b"");
    let decrypted2 = bob_ratchet.ratchet_decrypt(&header2, &encrypted2, &nonce2, b"");
    let decrypted1 = bob_ratchet.ratchet_decrypt(&header1, &encrypted1, &nonce1, b"");
-    let comp_res = decrypted1 == data && decrypted2 == data;
+    let comp_res = decrypted1 == data && decrypted2 == data && decrypted3 == data;
    assert!(comp_res)
 }

@ -191,4 +195,4 @@ fn import_export() {
    let ex_alice_ratchet = alice_ratchet.export();
    let in_alice_ratchet = RatchetEncHeader::import(&ex_alice_ratchet);
    assert_eq!(in_alice_ratchet, alice_ratchet);
-}
+}