search

joebandenburg / libaxolotl-javascript

A JavaScript implementation of axolotl. Axolotl is a ratcheting forward secrecy protocol.
GNU Lesser General Public License v3.0
75 stars 13 forks source link

Support protocol version 2 #3

Open joebandenburg opened 9 years ago

joebandenburg commented 9 years ago

It would be good to be interoperable with older clients. Although it would be worth finding out if there are many version 2 clients out there before starting on this.

CharlesOkwuagwu commented 9 years ago

Hi,

You could require the HKDF constructor to take a version variable then, set iterationStartOffset to either 1 or 0 depending on the version... for a start

I think the HKDF for V3 is more in line with the standard... or is it the other way around?

CharlesOkwuagwu commented 9 years ago

IT would be good to support both versions just in case

joebandenburg commented 9 years ago

@CharlesOkwuagwu Absolutely, I've put a few "TODO" comments in the code to indicate where changes would need to be made to support version 2. I don't think it would be too difficult. The biggest unknown is if both the node.js crypto module and WebCrypto support AES-256-CTR with a custom CTR (see libaxolotl-android). They both support counter mode, but it's not entirely clear if node.js supports initialising the counter to a specific value.

CharlesOkwuagwu commented 9 years ago

@joebandenburg Interesting. I've been toying with porting Axolotl to .net, the full libaxolotl-android seems like over-kill compared to the Web-browser version or, better yet your version. There is no CTR mode in .net at all... that would make V2 support tricky, without a 3rd party lib.

Quick question, you leave Store and Crypto as service interfaces in your implementation. Where is the concrete implementation for these?

(Over-kill WRT https://github.com/trevp/axolotl/wiki, i've actually come a cross a surprisingly simple python implementation, here on github)

joebandenburg commented 9 years ago

I think the HKDF for V3 is more in line with the standard... or is it the other way around?

Yes, from my reading of the spec starting with 1 (version 3) is in line with the standard.

I've been toying with porting Axolotl to .net

Awesome :) I'd be very interested to hear your feedback about my code. I've tried to make the implementation as clear as possible to help others understand it. I found Axolotl quite complex initially.

without a 3rd party lib.

You may need a 3rd party library anyway to support Curve25519 and Ed25519, which are required by both versions of the protocol. (They are needed for the calculateAgreement and sign methods on the Crypto interface.)

Quick question, you leave Store and Crypto as service interfaces in your implementation. Where is the concrete implementation for these?

There aren't any implementations yet. You can see a sort-of node.js implementation in test/unit/FakeCrypto.js, although take note that the calculateAgreement and sign methods are not suitable for a real implementation. I've been pondering including an implementation of Curve25519/Ed25519 in libaxolotl-javascript, so the user doesn't need to provide it themselves.

I will be adding documentation to the README to explain the exact requirements for each method of Crypto interface.

joebandenburg commented 9 years ago

(Over-kill WRT https://github.com/trevp/axolotl/wiki, i've actually come a cross a surprisingly simple python implementation, here on github)

My implementation, like libaxolotl-android, is specific to TextSecure and therefore has the same "non-standard" bits (WTR https://github.com/trevp/axolotl/wiki).