tuxmain/double-ratchet-rs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #22 from Dione-Software/fix_critical_bug

Browse source 
Fix critical bug
This commit is contained in:
Hannes 2022-03-23 17:27:36 +01:00 committed by GitHub
commit 9d635cd3c9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 22 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Cargo.toml
View file

@ -6,7 +6,7 @@ homepage = "https://github.com/Dione-Software/double-ratchet-2"
repository = "https://github.com/Dione-Software/double-ratchet-2" repository = "https://github.com/Dione-Software/double-ratchet-2"
readme = "README.md" readme = "README.md"
keywords = ["double-ratchet", "crypto", "cryptography", "signal"] keywords = ["double-ratchet", "crypto", "cryptography", "signal"]
version = "0.3.5" version = "0.3.6"
edition = "2018" edition = "2018"
license = "MIT" license = "MIT"
@ -28,7 +28,7 @@ sha2 = {version = "0.9.5", optional = true}
serde = {version = "1.0.125", default-features = false, features = ["derive"]} serde = {version = "1.0.125", default-features = false, features = ["derive"]}
serde_bytes = "0.11.5" serde_bytes = "0.11.5"
bincode = "1.3.3" bincode = "1.3.3"
hashbrown = {version = "0.11.2", features = ["serde"]} hashbrown = {version = "0.12", features = ["serde"]}
zeroize = {version = "1.3", features = ["zeroize_derive"]} zeroize = {version = "1.3", features = ["zeroize_derive"]}
const-oid = "0.7.0" const-oid = "0.7.0"

9
README.md
View file

@ -8,6 +8,8 @@
Implementation of the double ratchet system/encryption as specified by [Signal][1]. Implementation of the double ratchet system/encryption as specified by [Signal][1].
**WARNING! This implementation uses P-256 NOT Curve25519 as specified by Signal!**
The implementation follows the cryptographic recommendations provided by [Signal][2]. The implementation follows the cryptographic recommendations provided by [Signal][2].
The AEAD Algorithm uses a constant Nonce. This might be changed in the future. The AEAD Algorithm uses a constant Nonce. This might be changed in the future.
@ -118,12 +120,9 @@ assert_eq!(im_ratchet, bob_ratchet)
## Features ## Features
The crate supports a feature for better performance: ring. If feature is enabled the crate switches Currently the crate only supports one feature: ring. If feature is enabled the crate switches
to ring-compat and uses ring as backend for Sha512 Hashing. May result in slightly better performance. to ring-compat and uses ring as backend for Sha512 Hashing. May result in slightly better performance.
### WASM
For WASM support enable the feature `wasm`.
TODO: TODO:
- [x] Standard Double Ratchet - [x] Standard Double Ratchet
@ -133,6 +132,6 @@ TODO:
[2]: https://signal.org/docs/specifications/doubleratchet/#recommended-cryptographic-algorithms [2]: https://signal.org/docs/specifications/doubleratchet/#recommended-cryptographic-algorithms
[3]: https://signal.org/docs/specifications/doubleratchet/#double-ratchet-with-header-encryption [3]: https://signal.org/docs/specifications/doubleratchet/#double-ratchet-with-header-encryption
Current version: 0.3.4 Current version: 0.4.0
License: MIT License: MIT

2
src/lib.rs
View file

@ -1,5 +1,7 @@
//! Implementation of the double ratchet system/encryption as specified by [Signal][1]. //! Implementation of the double ratchet system/encryption as specified by [Signal][1].
//! //!
//! **WARNING! This implementation uses P-256 NOT Curve25519 as specified by Signal!**
//!
//! The implementation follows the cryptographic recommendations provided by [Signal][2]. //! The implementation follows the cryptographic recommendations provided by [Signal][2].
//! The AEAD Algorithm uses a constant Nonce. This might be changed in the future. //! The AEAD Algorithm uses a constant Nonce. This might be changed in the future.
//! //!

9
src/ratchet.rs
View file

@ -111,10 +111,11 @@ impl Ratchet {
return Err("Skipped to many keys"); return Err("Skipped to many keys");
} }
match self.ckr { match self.ckr {
Some(d) => { Some(mut d) => {
while self.nr < until { while self.nr < until {
let (ckr, mk) = kdf_ck(&d); let (ckr, mk) = kdf_ck(&d);
self.ckr = Some(ckr); self.ckr = Some(ckr);
d = ckr;
self.mkskipped.insert((self.dhr.unwrap().to_string().as_bytes().to_vec(), self.nr), mk); self.mkskipped.insert((self.dhr.unwrap().to_string().as_bytes().to_vec(), self.nr), mk);
self.nr += 1 self.nr += 1
} }
@ -372,10 +373,10 @@ impl RatchetEncHeader {
if self.nr + MAX_SKIP < until { if self.nr + MAX_SKIP < until {
return Err("Skipping went wrong") return Err("Skipping went wrong")
} }
if let Some(d) = self.ckr { if let Some(d) = &mut self.ckr {
while self.nr < until { while self.nr < until {
let (ckr, mk) = kdf_ck(&d); let (ckr, mk) = kdf_ck(d);
self.ckr = Some(ckr); *d = ckr;
self.mkskipped.insert((self.hkr, self.nr), mk); self.mkskipped.insert((self.hkr, self.nr), mk);
self.nr += 1 self.nr += 1
} }

8
tests/mod.rs
View file

@ -27,9 +27,11 @@ fn ratchet_enc_skip() {
let data = include_bytes!("../src/header.rs").to_vec(); let data = include_bytes!("../src/header.rs").to_vec();
let (header1, encrypted1, nonce1) = alice_ratchet.ratchet_encrypt(&data, b""); let (header1, encrypted1, nonce1) = alice_ratchet.ratchet_encrypt(&data, b"");
let (header2, encrypted2, nonce2) = alice_ratchet.ratchet_encrypt(&data, b""); let (header2, encrypted2, nonce2) = alice_ratchet.ratchet_encrypt(&data, b"");
let (header3, encrypted3, nonce3) = alice_ratchet.ratchet_encrypt(&data, b"");
let decrypted3 = bob_ratchet.ratchet_decrypt(&header3, &encrypted3, &nonce3, b"");
let decrypted2 = bob_ratchet.ratchet_decrypt(&header2, &encrypted2, &nonce2, b""); let decrypted2 = bob_ratchet.ratchet_decrypt(&header2, &encrypted2, &nonce2, b"");
let decrypted1 = bob_ratchet.ratchet_decrypt(&header1, &encrypted1, &nonce1, b""); let decrypted1 = bob_ratchet.ratchet_decrypt(&header1, &encrypted1, &nonce1, b"");
let comp_res = decrypted1 == data && decrypted2 == data; let comp_res = decrypted1 == data && decrypted2 == data && decrypted3 == data;
assert!(comp_res) assert!(comp_res)
} }
@ -101,9 +103,11 @@ fn ratchet_ench_enc_skip() {
let data = include_bytes!("../src/header.rs").to_vec(); let data = include_bytes!("../src/header.rs").to_vec();
let (header1, encrypted1, nonce1) = alice_ratchet.ratchet_encrypt(&data, b""); let (header1, encrypted1, nonce1) = alice_ratchet.ratchet_encrypt(&data, b"");
let (header2, encrypted2, nonce2) = alice_ratchet.ratchet_encrypt(&data, b""); let (header2, encrypted2, nonce2) = alice_ratchet.ratchet_encrypt(&data, b"");
let (header3, encrypted3, nonce3) = alice_ratchet.ratchet_encrypt(&data, b"");
let decrypted3 = bob_ratchet.ratchet_decrypt(&header3, &encrypted3, &nonce3, b"");
let decrypted2 = bob_ratchet.ratchet_decrypt(&header2, &encrypted2, &nonce2, b""); let decrypted2 = bob_ratchet.ratchet_decrypt(&header2, &encrypted2, &nonce2, b"");
let decrypted1 = bob_ratchet.ratchet_decrypt(&header1, &encrypted1, &nonce1, b""); let decrypted1 = bob_ratchet.ratchet_decrypt(&header1, &encrypted1, &nonce1, b"");
let comp_res = decrypted1 == data && decrypted2 == data; let comp_res = decrypted1 == data && decrypted2 == data && decrypted3 == data;
assert!(comp_res) assert!(comp_res)
} }