From 50557f32db9d67b3e04b421a19843e27cdcd3d89 Mon Sep 17 00:00:00 2001 From: Hannes <55623006+umgefahren@users.noreply.github.com> Date: Wed, 23 Mar 2022 17:00:25 +0100 Subject: [PATCH 1/6] Updated hashbrown version and changed version number --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index ea95aba..bd63791 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,7 @@ homepage = "https://github.com/Dione-Software/double-ratchet-2" repository = "https://github.com/Dione-Software/double-ratchet-2" readme = "README.md" keywords = ["double-ratchet", "crypto", "cryptography", "signal"] -version = "0.3.5" +version = "0.3.6" edition = "2018" license = "MIT" @@ -28,7 +28,7 @@ sha2 = {version = "0.9.5", optional = true} serde = {version = "1.0.125", default-features = false, features = ["derive"]} serde_bytes = "0.11.5" bincode = "1.3.3" -hashbrown = {version = "0.11.2", features = ["serde"]} +hashbrown = {version = "0.12", features = ["serde"]} zeroize = {version = "1.3", features = ["zeroize_derive"]} const-oid = "0.7.0" @@ -46,4 +46,4 @@ opt-level = 3 [features] default = ["sha2"] ring = ["ring-compat/digest"] -wasm = ["getrandom/js"] \ No newline at end of file +wasm = ["getrandom/js"] From 6c406867c333b80e02a853582cbcc0cc2205489e Mon Sep 17 00:00:00 2001 From: Hannes <55623006+umgefahren@users.noreply.github.com> Date: Wed, 23 Mar 2022 17:00:52 +0100 Subject: [PATCH 2/6] Added warning for using P-256 --- README.md | 9 ++++----- src/lib.rs | 2 ++ 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 547826a..0e9e973 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ Implementation of the double ratchet system/encryption as specified by [Signal][1]. +**WARNING! This implementation uses P-256 NOT Curve25519 as specified by Signal!** + The implementation follows the cryptographic recommendations provided by [Signal][2]. The AEAD Algorithm uses a constant Nonce. This might be changed in the future. @@ -118,12 +120,9 @@ assert_eq!(im_ratchet, bob_ratchet) ## Features -The crate supports a feature for better performance: ring. If feature is enabled the crate switches +Currently the crate only supports one feature: ring. If feature is enabled the crate switches to ring-compat and uses ring as backend for Sha512 Hashing. May result in slightly better performance. -### WASM - -For WASM support enable the feature `wasm`. TODO: - [x] Standard Double Ratchet @@ -133,6 +132,6 @@ TODO: [2]: https://signal.org/docs/specifications/doubleratchet/#recommended-cryptographic-algorithms [3]: https://signal.org/docs/specifications/doubleratchet/#double-ratchet-with-header-encryption -Current version: 0.3.4 +Current version: 0.4.0 License: MIT diff --git a/src/lib.rs b/src/lib.rs index fcd6390..7d34599 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,5 +1,7 @@ //! Implementation of the double ratchet system/encryption as specified by [Signal][1]. //! +//! **WARNING! This implementation uses P-256 NOT Curve25519 as specified by Signal!** +//! //! The implementation follows the cryptographic recommendations provided by [Signal][2]. //! The AEAD Algorithm uses a constant Nonce. This might be changed in the future. //! From b7e05e57662191da781b5660aa1bac98a8ef2bc5 Mon Sep 17 00:00:00 2001 From: Hannes <55623006+umgefahren@users.noreply.github.com> Date: Wed, 23 Mar 2022 17:01:39 +0100 Subject: [PATCH 3/6] Fixed critical issue --- src/ratchet.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ratchet.rs b/src/ratchet.rs index e638aab..c78b51e 100644 --- a/src/ratchet.rs +++ b/src/ratchet.rs @@ -111,10 +111,11 @@ impl Ratchet { return Err("Skipped to many keys"); } match self.ckr { - Some(d) => { + Some(mut d) => { while self.nr < until { let (ckr, mk) = kdf_ck(&d); self.ckr = Some(ckr); + d = ckr; self.mkskipped.insert((self.dhr.unwrap().to_string().as_bytes().to_vec(), self.nr), mk); self.nr += 1 } @@ -372,10 +373,11 @@ impl RatchetEncHeader { if self.nr + MAX_SKIP < until { return Err("Skipping went wrong") } - if let Some(d) = self.ckr { + if let Some(mut d) = self.ckr { while self.nr < until { let (ckr, mk) = kdf_ck(&d); self.ckr = Some(ckr); + d = ckr; self.mkskipped.insert((self.hkr, self.nr), mk); self.nr += 1 } @@ -444,4 +446,4 @@ impl RatchetEncHeader { let ex: ExRatchetEncHeader = bincode::deserialize(inp).unwrap(); RatchetEncHeader::from(&ex) } -} \ No newline at end of file +} From 01b0eca079f96ef348adaebc1079560f388cd888 Mon Sep 17 00:00:00 2001 From: Hannes <55623006+umgefahren@users.noreply.github.com> Date: Wed, 23 Mar 2022 17:01:59 +0100 Subject: [PATCH 4/6] Extended tests to catch the now fixed bug --- tests/mod.rs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/mod.rs b/tests/mod.rs index 1284a1b..2b7752c 100644 --- a/tests/mod.rs +++ b/tests/mod.rs @@ -27,9 +27,11 @@ fn ratchet_enc_skip() { let data = include_bytes!("../src/header.rs").to_vec(); let (header1, encrypted1, nonce1) = alice_ratchet.ratchet_encrypt(&data, b""); let (header2, encrypted2, nonce2) = alice_ratchet.ratchet_encrypt(&data, b""); + let (header3, encrypted3, nonce3) = alice_ratchet.ratchet_encrypt(&data, b""); + let decrypted3 = bob_ratchet.ratchet_decrypt(&header3, &encrypted3, &nonce3, b""); let decrypted2 = bob_ratchet.ratchet_decrypt(&header2, &encrypted2, &nonce2, b""); let decrypted1 = bob_ratchet.ratchet_decrypt(&header1, &encrypted1, &nonce1, b""); - let comp_res = decrypted1 == data && decrypted2 == data; + let comp_res = decrypted1 == data && decrypted2 == data && decrypted3 == data; assert!(comp_res) } @@ -101,9 +103,11 @@ fn ratchet_ench_enc_skip() { let data = include_bytes!("../src/header.rs").to_vec(); let (header1, encrypted1, nonce1) = alice_ratchet.ratchet_encrypt(&data, b""); let (header2, encrypted2, nonce2) = alice_ratchet.ratchet_encrypt(&data, b""); + let (header3, encrypted3, nonce3) = alice_ratchet.ratchet_encrypt(&data, b""); + let decrypted3 = bob_ratchet.ratchet_decrypt(&header3, &encrypted3, &nonce3, b""); let decrypted2 = bob_ratchet.ratchet_decrypt(&header2, &encrypted2, &nonce2, b""); let decrypted1 = bob_ratchet.ratchet_decrypt(&header1, &encrypted1, &nonce1, b""); - let comp_res = decrypted1 == data && decrypted2 == data; + let comp_res = decrypted1 == data && decrypted2 == data && decrypted3 == data; assert!(comp_res) } @@ -191,4 +195,4 @@ fn import_export() { let ex_alice_ratchet = alice_ratchet.export(); let in_alice_ratchet = RatchetEncHeader::import(&ex_alice_ratchet); assert_eq!(in_alice_ratchet, alice_ratchet); -} \ No newline at end of file +} From c96a0714b6e35a032a5538fc4212cfee65dc1ce5 Mon Sep 17 00:00:00 2001 From: Hannes <55623006+umgefahren@users.noreply.github.com> Date: Wed, 23 Mar 2022 17:17:53 +0100 Subject: [PATCH 5/6] Added a tiny improvement from my stupid friends --- src/ratchet.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/ratchet.rs b/src/ratchet.rs index c78b51e..2015f30 100644 --- a/src/ratchet.rs +++ b/src/ratchet.rs @@ -373,11 +373,10 @@ impl RatchetEncHeader { if self.nr + MAX_SKIP < until { return Err("Skipping went wrong") } - if let Some(mut d) = self.ckr { + if let Some(d) = &mut self.ckr { while self.nr < until { let (ckr, mk) = kdf_ck(&d); - self.ckr = Some(ckr); - d = ckr; + *d = ckr; self.mkskipped.insert((self.hkr, self.nr), mk); self.nr += 1 } From 8c3fa0dd10edf2cea0846635606c8e9fb3ec696e Mon Sep 17 00:00:00 2001 From: Hannes <55623006+umgefahren@users.noreply.github.com> Date: Wed, 23 Mar 2022 17:19:36 +0100 Subject: [PATCH 6/6] Removed unneccessary reference --- src/ratchet.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ratchet.rs b/src/ratchet.rs index 2015f30..67435c8 100644 --- a/src/ratchet.rs +++ b/src/ratchet.rs @@ -375,7 +375,7 @@ impl RatchetEncHeader { } if let Some(d) = &mut self.ckr { while self.nr < until { - let (ckr, mk) = kdf_ck(&d); + let (ckr, mk) = kdf_ck(d); *d = ckr; self.mkskipped.insert((self.hkr, self.nr), mk); self.nr += 1