github/darkfi
1
1
Fork 0
mirror of https://github.com/darkrenaissance/darkfi.git synced 2026-04-28 03:00:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

x3dh: Use aes-gcm-siv for AEAD encryption.

Browse Source
This commit is contained in:
Luther Blissett
2022-10-26 16:55:42 +02:00
parent afcccefac9
commit 2d27510980
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
script/research/x3dh/Cargo.toml
View File

@@ -10,7 +10,7 @@ anyhow = "1.0.56"
sha2 = "0.10.6"
digest = "0.10.5"
rand = "0.7.3"
crypto_api_chachapoly = "0.5.0"
aes-gcm-siv = "0.11.1"
curve25519-dalek = "3.2.1"
ed25519-dalek = "1.0.1"
x25519-dalek = "1.2.0"

18
script/research/x3dh/src/main.rs
View File

@@ -1,8 +1,8 @@
//! https://signal.org/docs/specifications/x3dh/x3dh.pdf
use std::collections::{HashMap, VecDeque};
use aes_gcm_siv::{AeadInPlace, Aes256GcmSiv, KeyInit};
use anyhow::Result;
use crypto_api_chachapoly::ChachaPolyIetf;
use rand::rngs::OsRng;
use sha2::Sha256;
use x25519_dalek::{PublicKey as X25519PublicKey, StaticSecret as X25519SecretKey};
@@ -205,7 +205,10 @@ fn main() -> Result<()> {
let message = b"ohai bob";
let mut ciphertext = vec![0u8; message.len() + AEAD_TAG_SIZE];
ChachaPolyIetf::aead_cipher().seal_to(&mut ciphertext, message, &ad, &sk, &[0u8; 12]).unwrap();
ciphertext[..message.len()].copy_from_slice(message);
let nonce = [0u8; 12][..].into();
Aes256GcmSiv::new(&sk.into()).encrypt_in_place(nonce, &ad, &mut ciphertext).unwrap();
let initial_message = InitialMessage {
identity_key: alice_ik_public,
@@ -264,10 +267,13 @@ fn main() -> Result<()> {
// Finally, Bob attempts to decrypt the initial ciphertext using SK and AD.
// If the initial ciphertext fails to decrypt, Bob aborts the protocol and
// deletes SK.
let mut plaintext = vec![0_u8; initial_message.ciphertext.len() - AEAD_TAG_SIZE];
ChachaPolyIetf::aead_cipher()
.open_to(&mut plaintext, &initial_message.ciphertext, &ad, &sk2, &[0u8; 12])
.unwrap();
let mut plaintext = vec![0_u8; initial_message.ciphertext.len()];
plaintext.copy_from_slice(&initial_message.ciphertext);
let nonce = [0u8; 12][..].into();
Aes256GcmSiv::new(&sk2.into()).decrypt_in_place(nonce, &ad, &mut plaintext).unwrap();
plaintext.resize(plaintext.len() - AEAD_TAG_SIZE, 0);
assert_eq!(plaintext, message); // Just to confirm everything's correct
// If the initial ciphertext decrypts successfully, the protocol is complete