Documentation ¶
Overview ¶
Package ratchet originally written by AGL to implement the axolotl ratchet (designed by Trevor Perrin) for the Pond messaging system but then modified for a Katzenpost decryption mix network messaging system. Improvements herein made by Masala, Sofia Celli and David Stainton. David's latest changes turn the ratchet into a computationally expensive PQ hybrid ratchet wherein there's an ECDH and a CSIDH ratchet which both progress together. Both of these ratchets feed their computed shared secrets into the KDF ratchet via the root KDF chain. More clever designs and feedback encouraged.
Index ¶
Constants ¶
const ( PQRatchetPublicKeyInHeaderOffset = 4 + 4 + 32 // MaxMissingMessages is the maximum number of missing messages that // we'll keep track of. MaxMissingMessages = 8 // RatchetKeyMaxLifetime is the maximum lifetime of the ratchet RatchetKeyMaxLifetime = time.Hour * 672 // DoubleRatchetOverhead is the number of bytes the ratchet adds in ciphertext overhead. DoubleRatchetOverhead = 120 + csidh.PublicKeySize )
Variables ¶
var ( ErrDuplicateOrDelayed = errors.New("Ratchet: duplicate message or message delayed longer than tolerance") ErrHandshakeAlreadyComplete = errors.New("Ratchet: handshake already complete") ErrCannotDecrypt = errors.New("Ratchet: cannot decrypt") ErrIncorrectHeaderSize = errors.New("Ratchet: incorrect header size") ErrSerialisedKeyLength = errors.New("Ratchet: bad serialised key length") ErrNextEncryptedMessageWithoutRatchetFlag = errors.New("Ratchet: received message encrypted to next header key without ratchet flag set") ErrOldFormKeyExchange = errors.New("Ratchet: peer using old-form key exchange") ErrCorruptMessage = errors.New("Ratchet: corrupt message") ErrMessageExceedsReorderingLimit = errors.New("Ratchet: message exceeds reordering limit") ErrEchoedDHValues = errors.New("Ratchet: peer echoed our own DH values back") ErrInvalidSignatureLength = errors.New("Ratchet: invalid signature length") ErrRatchetHeaderTooSmall = errors.New("Ratchet: header too small to be valid") ErrInvalidKeyExchange = errors.New("Ratchet: peer's key exchange is invalid") ErrFailedToInitializeRatchet = errors.New("Ratchet: failed to initialize") ErrInvalidPubkey = errors.New("Ratchet: invalid public key") ErrInvalidPublicIdentityKey = errors.New("Ratchet: invalid public identity key") ErrInvalidSignature = errors.New("Ratchet: invalid signature") ErrKeyExchangeKeysNotIsomorphicallyEqual = errors.New("Ratchet: key exchange and identity public keys must be isomorphically equal") ErrFailedToLoadPQRatchet = errors.New("Ratchet: failed to load PQ Ratchet from state") ErrImportPQDh0 = errors.New("Ratchet: failed to import PQ DH0 from exchange blob") ErrCSIDHPrivateExport = errors.New("Ratchet: CSIDH: failed to export private key") ErrCSIDHPrivateImport = errors.New("Ratchet: CSIDH: failed to import private key") ErrCSIDHPublicExport = errors.New("Ratchet: CSIDH: failed to export public key") ErrCSIDHPublicImport = errors.New("Ratchet: CSIDH: failed to import public key") ErrCSIDHInvalidPublicKey = errors.New("Ratchet: CSIDH public key validation failure") ErrInconsistentState = errors.New("Ratchet: the state is inconsistent") )
Functions ¶
func DestroyRatchet ¶ added in v0.0.1
func DestroyRatchet(r *Ratchet)
DestroyRatchet destroys the ratchet
Types ¶
type Ratchet ¶
type Ratchet struct { // Now is an optional function that will be used to get the current // time. If nil, time.Now is used. Now func() time.Time // contains filtered or unexported fields }
Ratchet stucture contains the per-contact, crypto state.
func InitRatchet ¶ added in v0.0.1
InitRatchet initializes a ratchet struct
func NewRatchetFromBytes ¶ added in v0.0.9
NewRatchetFromBytes takes ownership of data and unmarshals it into a new *Ratchet. The bytes are wiped afterwards. The new *Ratchet is returned unless there's an error.
func (*Ratchet) CreateKeyExchange ¶
CreateKeyExchange returns a byte slice which is meant to be transmitted to the other party via an encrypted and authenticated communications channel. The other party can then call their Ratchet's ProcessKeyExchange method to process this byte blob and establish a communications channel with the sender.
func (*Ratchet) Encrypt ¶
Encrypt acts like append() but appends an encrypted version of msg to out.
func (*Ratchet) ProcessKeyExchange ¶
ProcessKeyExchange processes the data of a keyExchange which is used to establish an encrypted authenticated communications channel.