lime
Lime is a C++ library implementing Open Whisper System Signal protocol
lime_double_ratchet.hpp
Go to the documentation of this file.
1 /*
2  lime_double_ratchet.hpp
3  @author Johan Pascal
4  @copyright Copyright (C) 2017 Belledonne Communications SARL
5 
6  This program is free software: you can redistribute it and/or modify
7  it under the terms of the GNU General Public License as published by
8  the Free Software Foundation, either version 3 of the License, or
9  (at your option) any later version.
10 
11  This program is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU General Public License for more details.
15 
16  You should have received a copy of the GNU General Public License
17  along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 #ifndef lime_double_ratchet_hpp
20 #define lime_double_ratchet_hpp
21 
22 #include <array>
23 #include <string>
24 #include <unordered_map>
25 #include <vector>
26 #include <memory>
27 
28 #include "lime_settings.hpp"
29 #include "lime_defines.hpp"
30 #include "lime_x3dh.hpp"
31 #include "lime_crypto_primitives.hpp"
32 #include "lime_log.hpp"
33 
34 namespace lime {
35 
36  class Db; // forward declaration of class Db used by DR, declared in lime_localStorage.hpp
37 
39  using DRChainKey = lime::sBuffer<lime::settings::DRChainKeySize>;
40 
42  using SharedADBuffer = std::array<uint8_t, lime::settings::DRSessionSharedADSize>;
43 
44  /* The key type for remote asymmetric ratchet keys. Hold the public key(s) provided by remote */
45  template <typename Curve, bool = std::is_base_of_v<genericKEM, Curve>>
46  struct ARrKey;
47 
48  // Remote public key for elliptic curve
49  template <typename Curve>
50  struct ARrKey <Curve, false> {
51  private:
52  X<Curve, lime::Xtype::publicKey> m_DHr;
53 
54  public:
55  static constexpr size_t serializedSize(void) {return X<Curve, lime::Xtype::publicKey>::ssize();};
56  using serializedBuffer = std::array<uint8_t, X<Curve, lime::Xtype::publicKey>::ssize()>;
57 
58  ARrKey(const SignedPreKey<Curve> &SPk) : m_DHr{SPk.cpublicKey()} {};
59  // Unserializing constructor
60  ARrKey(const serializedBuffer &DHr) : m_DHr(DHr.data()) {};
61  ARrKey() : m_DHr{} {};
62 
63  const X<Curve, lime::Xtype::publicKey> &publicKey(void) const { return m_DHr;};
65  std::vector<uint8_t> getIndex(void) const {
66  std::vector<uint8_t>index(lime::settings::DRPkIndexSize);
67  HMAC<SHA512>(nullptr, 0, m_DHr.data(), m_DHr.size(), index.data(), lime::settings::DRPkIndexSize);
68  return index;
69  }
70  serializedBuffer serialize(void) const { return m_DHr;}
71  };
72 
73 
74  // Remote public key for any type based on genericKEM - note: it will fail if we try to instanciate it for a KEM only type
75  template <typename Algo>
76  struct ARrKey <Algo, true> {
77  private:
78  X<typename Algo::EC, lime::Xtype::publicKey> m_ec_DHr;
79  K<typename Algo::KEM, lime::Ktype::publicKey> m_kem_DHr;
80  K<typename Algo::KEM, lime::Ktype::cipherText> m_kem_CTr;
81  public:
82  static constexpr size_t serializedSize(void) {return
83  X<Algo, lime::Xtype::publicKey>::ssize()
84  + K<Algo, lime::Ktype::publicKey>::ssize()
85  + K<Algo, lime::Ktype::cipherText>::ssize(); };
86 
87  using serializedBuffer = std::array<uint8_t,
88  X<Algo, lime::Xtype::publicKey>::ssize()
89  + K<Algo, lime::Ktype::publicKey>::ssize()
90  + K<Algo, lime::Ktype::cipherText>::ssize()>;
91 
92  ARrKey(const X<typename Algo::EC, lime::Xtype::publicKey> &ecDHr, K<typename Algo::KEM, lime::Ktype::publicKey> &kemDHr, K<typename Algo::KEM, lime::Ktype::cipherText> &kemCTr ) : m_ec_DHr{ecDHr}, m_kem_DHr{kemDHr}, m_kem_CTr{kemCTr} {};
93  // At Sender's session creation, we do not have any peer CT
94  ARrKey(const X<typename Algo::EC, lime::Xtype::publicKey> &ecDHr, K<typename Algo::KEM, lime::Ktype::publicKey> &kemDHr) : m_ec_DHr{ecDHr}, m_kem_DHr{kemDHr}, m_kem_CTr{} {};
95  ARrKey(const SignedPreKey<Algo> &SPk) : m_ec_DHr{SPk.cECpublicKey()}, m_kem_DHr{SPk.cKEMpublicKey()}, m_kem_CTr{} {};
96  // Unserializing constructor
97  ARrKey(const serializedBuffer &DHr){
98  m_ec_DHr = X<typename Algo::EC, lime::Xtype::publicKey>(DHr.data());
99  m_kem_DHr = K<typename Algo::KEM, lime::Ktype::publicKey>(DHr.data()+X<Algo, lime::Xtype::publicKey>::ssize());
100  m_kem_CTr = K<typename Algo::KEM, lime::Ktype::cipherText>(DHr.data()+X<Algo, lime::Xtype::publicKey>::ssize() + K<Algo, lime::Ktype::publicKey>::ssize());
101  };
102  ARrKey() : m_ec_DHr{}, m_kem_DHr{}, m_kem_CTr{} {};
103 
104  // const accessors
105  const X<typename Algo::EC, lime::Xtype::publicKey> &ECPublicKey(void) const { return m_ec_DHr;};
106  const K<typename Algo::KEM, lime::Ktype::publicKey> &KEMPublicKey(void) const { return m_kem_DHr;};
107  const K<typename Algo::KEM, lime::Ktype::cipherText> &KEMCipherText(void) const { return m_kem_CTr;};
108  // Set EC pk only (we may update the EC key only when performing a DH ratchet)
109  void setECPk(const X<typename Algo::EC, lime::Xtype::publicKey> ec_Pk) {m_ec_DHr = ec_Pk;};
110  // KEM index is used to identify peer's KEM PK without sending it all.'
111  std::vector<uint8_t> getKEMIndex(void) const {
112  std::vector<uint8_t>index(lime::settings::DRPkIndexSize);
113  std::vector<uint8_t> serializedKEM(m_kem_DHr.cbegin(), m_kem_DHr.cend());
114  serializedKEM.insert(serializedKEM.end(), m_kem_CTr.cbegin(), m_kem_CTr.cend());
115  HMAC<SHA512>(nullptr, 0, serializedKEM.data(), serializedKEM.size(), index.data(), lime::settings::DRPkIndexSize);
116  return index;
117  }
120  std::vector<uint8_t> getIndex(void) const {
121  std::vector<uint8_t>index(lime::settings::DRPkIndexSize);
122  // EC index
123  HMAC<SHA512>(nullptr, 0, m_ec_DHr.data(), m_ec_DHr.size(), index.data(), lime::settings::DRPkIndexSize);
124  const auto KEMIndex = getKEMIndex();
125  index.insert(index.end(), KEMIndex.cbegin(), KEMIndex.cend());
126  return index;
127  }
128  serializedBuffer serialize(void) const {
129  serializedBuffer s{};
130  std::copy_n(m_ec_DHr.cbegin(), m_ec_DHr.size(), s.begin());
131  std::copy_n(m_kem_DHr.cbegin(), m_kem_DHr.size(), s.begin() + m_ec_DHr.size());
132  std::copy_n(m_kem_CTr.cbegin(), m_kem_CTr.size(), s.begin() + m_ec_DHr.size() + m_kem_DHr.size());
133  return s;
134  }
135  };
136 
137  /* The key type for self Asymmetric Ratchet keys. Hold the key(s) generated locally */
138  template <typename Curve, bool = std::is_base_of_v<genericKEM, Curve>>
139  struct ARsKey;
140 
141  // Self AR keys for elliptic curve
142  template <typename Curve>
143  struct ARsKey<Curve, false> {
144  private:
145  Xpair<Curve> m_DHs; // Self key for elliptic curve
146  public:
147  static constexpr size_t serializedSize(void) {return X<Curve, lime::Xtype::publicKey>::ssize() + X<Curve, lime::Xtype::privateKey>::ssize();};
148  static constexpr size_t serializedPublicSize(void) {return X<Curve, lime::Xtype::publicKey>::ssize();};
149  using serializedBuffer = sBuffer<X<Curve, lime::Xtype::publicKey>::ssize() + X<Curve, lime::Xtype::privateKey>::ssize()>;
150  using serializedPublicBuffer = std::array<uint8_t, X<Curve, lime::Xtype::publicKey>::ssize()>;
151 
152  ARsKey(const SignedPreKey<Curve> &SPk) {
153  m_DHs.publicKey() = SPk.cpublicKey();
154  m_DHs.privateKey() = SPk.cprivateKey();
155  };
156  ARsKey(const X<Curve, lime::Xtype::publicKey> &DHsPublic, const X<Curve, lime::Xtype::privateKey> &DHsPrivate) {
157  m_DHs.publicKey() = DHsPublic;
158  m_DHs.privateKey() = DHsPrivate;
159  };
160  ARsKey() : m_DHs{} {};
161  // Unserializing constructor
162  ARsKey(const serializedBuffer &DHs) {
163  m_DHs.publicKey() = X<Curve, lime::Xtype::publicKey>(DHs.data());
164  m_DHs.privateKey() = X<Curve, lime::Xtype::privateKey>(DHs.data() + X<Curve, lime::Xtype::publicKey>::ssize());
165  };
166 
167  X<Curve, lime::Xtype::privateKey> &privateKey(void) {return m_DHs.privateKey();};
168  X<Curve, lime::Xtype::publicKey> &publicKey(void) {return m_DHs.publicKey();};
170  serializedBuffer serialize(void) const {
171  serializedBuffer s{};
172  std::copy_n(m_DHs.cpublicKey().cbegin(), X<Curve, lime::Xtype::publicKey>::ssize(), s.begin());
173  std::copy_n(m_DHs.cprivateKey().cbegin(), X<Curve, lime::Xtype::privateKey>::ssize(), s.begin()+X<Curve, lime::Xtype::publicKey>::ssize());
174  return s;
175  }
177  std::vector<uint8_t> serializePublic(void) const { return std::vector<uint8_t>(m_DHs.cpublicKey().cbegin(), m_DHs.cpublicKey().cend());}
178  };
179 
180  // Self AR keys for EC/KEM based algo
181  template <typename Algo>
182  struct ARsKey<Algo, true> {
183  private:
184  Xpair<typename Algo::EC> m_ec_DHs;
185  Kpair<typename Algo::KEM> m_kem_DHs;
186  K<typename Algo::KEM, lime::Ktype::cipherText> m_kem_CTs;
188  public:
189  static constexpr size_t serializedSize(void) {
190  return X<Algo, lime::Xtype::publicKey>::ssize() + X<Algo, lime::Xtype::privateKey>::ssize()
191  + K<Algo, lime::Ktype::publicKey>::ssize() + K<Algo, lime::Ktype::privateKey>::ssize()
192  + K<Algo, lime::Ktype::cipherText>::ssize();
193  };
194  static constexpr size_t serializedPublicSize(void) {
195  return X<Algo, lime::Xtype::publicKey>::ssize()
196  + K<Algo, lime::Ktype::publicKey>::ssize()
197  + K<Algo, lime::Ktype::cipherText>::ssize();
198  };
199  using serializedBuffer = sBuffer<
200  X<Algo, lime::Xtype::publicKey>::ssize() + X<Algo, lime::Xtype::privateKey>::ssize()
201  + K<Algo, lime::Ktype::publicKey>::ssize() + K<Algo, lime::Ktype::privateKey>::ssize()
202  + K<Algo, lime::Ktype::cipherText>::ssize()>;
203 
204  using serializedPublicBuffer = std::array<uint8_t,
205  X<Algo, lime::Xtype::publicKey>::ssize()
206  + K<Algo, lime::Ktype::publicKey>::ssize()
207  + K<Algo, lime::Ktype::cipherText>::ssize()>;
208 
209 
210  ARsKey(const Xpair<typename Algo::EC> &ecDHs, const Kpair<typename Algo::KEM> &kemDHs, const K<typename Algo::KEM, lime::Ktype::cipherText> &kemCTs) : m_ec_DHs{ecDHs}, m_kem_DHs{kemDHs}, m_kem_CTs{kemCTs} {};
211  ARsKey(const SignedPreKey<Algo> &SPk) : m_ec_DHs{SPk.cECKeypair()}, m_kem_DHs{SPk.cKEMKeypair()}, m_kem_CTs{} {};
212  ARsKey(const Xpair<typename Algo::EC> &ecDHs, const Kpair<typename Algo::KEM> &kemDHs) : m_ec_DHs{ecDHs}, m_kem_DHs{kemDHs}, m_kem_CTs{} {};
213  ARsKey(const X<typename Algo::EC, lime::Xtype::publicKey> &ECPublic, const X<typename Algo::EC, lime::Xtype::privateKey> &ECPrivate,
214  const K<typename Algo::KEM, lime::Ktype::publicKey> &KEMPublic, const K<typename Algo::KEM, lime::Ktype::privateKey> &KEMPrivate,
215  const K<typename Algo::KEM, lime::Ktype::cipherText> &KEMCT) : m_ec_DHs(ECPublic, ECPrivate), m_kem_DHs(KEMPublic, KEMPrivate), m_kem_CTs{KEMCT} {};
216  ARsKey() : m_ec_DHs{}, m_kem_DHs{}, m_kem_CTs{} {};
217  // Unserializing constructor
218  ARsKey(const serializedBuffer &DHs) {
219  m_ec_DHs.publicKey() = X<typename Algo::EC, lime::Xtype::publicKey>(DHs.data());
220  size_t index = X<Algo, lime::Xtype::publicKey>::ssize();
221  m_ec_DHs.privateKey() = X<typename Algo::EC, lime::Xtype::privateKey>(DHs.data() + index);
222  index += X<Algo, lime::Xtype::privateKey>::ssize();
223  m_kem_DHs.publicKey() = K<typename Algo::KEM, lime::Ktype::publicKey>(DHs.data() + index);
224  index += K<Algo, lime::Ktype::publicKey>::ssize();
225  m_kem_DHs.privateKey() = K<typename Algo::KEM, lime::Ktype::privateKey>(DHs.data() + index);
226  index += K<Algo, lime::Ktype::privateKey>::ssize();
227  m_kem_CTs = K<typename Algo::KEM, lime::Ktype::cipherText>(DHs.data() + index);
228  };
229 
231  void setEC(const X<typename Algo::EC, lime::Xtype::publicKey> &ECPublic, const X<typename Algo::EC, lime::Xtype::privateKey> &ECPrivate) {
232  m_ec_DHs = Xpair<typename Algo::EC>(ECPublic, ECPrivate);
233  }
234 
235  X<typename Algo::EC, lime::Xtype::privateKey> &ECPrivateKey(void) {return m_ec_DHs.privateKey();};
236  const X<typename Algo::EC, lime::Xtype::publicKey> &ECPublicKey(void) const {return m_ec_DHs.cpublicKey();};
237  K<typename Algo::KEM, lime::Ktype::privateKey> &KEMPrivateKey(void) {return m_kem_DHs.privateKey();};
238  const K<typename Algo::KEM, lime::Ktype::publicKey> &KEMPublicKey(void) const {return m_kem_DHs.cpublicKey();};
239  K<typename Algo::KEM, lime::Ktype::cipherText> &KEMCipherText(void) {return m_kem_DHs.cipherText();};
241  serializedBuffer serialize(void) const{
242  serializedBuffer s{};
243  std::copy_n(m_ec_DHs.cpublicKey().cbegin(), m_ec_DHs.cpublicKey().size(), s.begin());
244  size_t index = X<Algo, lime::Xtype::publicKey>::ssize();
245  std::copy_n(m_ec_DHs.cprivateKey().cbegin(), m_ec_DHs.cprivateKey().size(), s.begin()+index);
246  index += X<Algo, lime::Xtype::privateKey>::ssize();
247  std::copy_n(m_kem_DHs.cpublicKey().cbegin(), m_kem_DHs.cpublicKey().size(), s.begin()+index);
248  index += K<Algo, lime::Ktype::publicKey>::ssize();
249  std::copy_n(m_kem_DHs.cprivateKey().cbegin(), m_kem_DHs.cprivateKey().size(), s.begin()+index);
250  index += K<Algo, lime::Ktype::privateKey>::ssize();
251  std::copy_n(m_kem_CTs.cbegin(), m_kem_CTs.size(), s.begin()+index);
252  return s;
253  }
255  std::vector<uint8_t> serializePublic(void) const {
256  std::vector<uint8_t> v(m_ec_DHs.cpublicKey().cbegin(), m_ec_DHs.cpublicKey().cend());
257  v.insert(v.end(), m_kem_DHs.cpublicKey().cbegin(), m_kem_DHs.cpublicKey().cend());
258  v.insert(v.end(), m_kem_CTs.cbegin(), m_kem_CTs.cend());
259  return v;
260  }
262  std::vector<uint8_t> serializeECPublic(void) const {
263  return std::vector<uint8_t>(m_ec_DHs.cpublicKey().cbegin(), m_ec_DHs.cpublicKey().cend());
264  }
266  std::vector<uint8_t> getKEMIndex(void) const {
267  std::vector<uint8_t>index(lime::settings::DRPkIndexSize);
268  std::vector serializedKEM (m_kem_DHs.cpublicKey().cbegin(), m_kem_DHs.cpublicKey().cend());
269  serializedKEM.insert(serializedKEM.end(), m_kem_CTs.cbegin(), m_kem_CTs.cend());
270  HMAC<SHA512>(nullptr, 0, serializedKEM.data(), serializedKEM.size(), index.data(), lime::settings::DRPkIndexSize);
271  return index;
272  }
273  };
274 
282  template <typename Curve>
283  struct ARKeys {
284  private:
285  ARrKey<Curve> m_DHr; // Remote public key for elliptic curve
286  bool m_DHr_valid; // do we have a valid remote public key, flag used to spot the first message arriving at session creation in receiver mode
287  ARsKey<Curve> m_DHs; // self Key pair
288  public:
289  ARKeys(const ARrKey<Curve> &DHr) : m_DHr{DHr}, m_DHr_valid{true}, m_DHs{} {};
290  ARKeys(bool valid=false) : m_DHr{}, m_DHr_valid{valid}, m_DHs{} {};
291  ARKeys(const ARsKey<Curve> &DHs) : m_DHr{}, m_DHr_valid{false}, m_DHs{DHs} {};
292 
293  void setValid(bool valid) {m_DHr_valid = valid;};
294  bool getValid(void) const { return m_DHr_valid;};
295 
296  void setDHr(const ARrKey<Curve> &DHr) {m_DHr = DHr;};
297  ARrKey<Curve> &getDHr(void) { return m_DHr;};
298  const ARrKey<Curve> &cgetDHr(void) const { return m_DHr;};
299  const typename ARrKey<Curve>::serializedBuffer serializeDHr(void) { return m_DHr.serialize();};
300 
301  void setDHs(const ARsKey<Curve> &DHs) { m_DHs = DHs; };
302  ARsKey<Curve> &getDHs(void) { return m_DHs;};
303  const ARsKey<Curve> &cgetDHs(void) const{ return m_DHs;};
304  const typename ARsKey<Curve>::serializedBuffer serializeDHs(void) { return m_DHs.serialize();};
305  const std::vector<uint8_t> serializePublicDHs(void) const { return m_DHs.serializePublic();};
306  };
307 
311  class DR {
312  public:
313  virtual void ratchetEncrypt(const std::vector<uint8_t> &plaintext, std::vector<uint8_t> &&AD, std::vector<uint8_t> &ciphertext, const bool payloadDirectEncryption) = 0;
314  virtual bool ratchetDecrypt(const std::vector<uint8_t> &cipherText, const std::vector<uint8_t> &AD, std::vector<uint8_t> &plaintext, const bool payloadDirectEncryption) = 0;
316  virtual long int dbSessionId(void) const = 0;
318  virtual bool isActive(void) const = 0;
319  virtual ~DR() = default;
320  };
321  template <typename Algo> std::shared_ptr<DR> make_DR_from_localStorage(std::shared_ptr<lime::Db> localStorage, long sessionId, std::shared_ptr<RNG> RNG_context);
322  template <typename Algo> std::shared_ptr<DR> make_DR_for_sender(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARrKey<Algo> &peerPublicKey, long int peerDid, const std::string &peerDeviceId, const DSA<typename Algo::EC, lime::DSAtype::publicKey> &peerIk, long int selfDid, const std::vector<uint8_t> &X3DH_initMessage, std::shared_ptr<RNG> RNG_context);
323  template <typename Algo> std::shared_ptr<DR> make_DR_for_receiver(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARsKey<Algo> &selfKeyPair, long int peerDid, const std::string &peerDeviceId, const uint32_t OPk_id, const DSA<typename Algo::EC, lime::DSAtype::publicKey> &peerIk, long int selfDeviceId, std::shared_ptr<RNG> RNG_context);
324 
325 
329  struct RecipientInfos : public RecipientData {
330  std::shared_ptr<DR> DRSession;
339  RecipientInfos(const std::string &deviceId, std::shared_ptr<DR> session) : RecipientData(deviceId), DRSession{session} {};
345  RecipientInfos(const std::string &deviceId) : RecipientData(deviceId), DRSession{nullptr} {};
346  };
347 
348  // helpers function wich are the one to be used to encrypt/decrypt messages
349  void encryptMessage(std::vector<RecipientInfos>& recipients, const std::vector<uint8_t>& plaintext, const std::vector<uint8_t>& recipientUserId, const std::string& sourceDeviceId, std::vector<uint8_t>& cipherMessage, const lime::EncryptionPolicy encryptionPolicy, std::shared_ptr<lime::Db> localStorage, const std::shared_ptr<limeRandomSeedCallback> randomSeedCallback = nullptr);
350 
351  std::shared_ptr<DR> decryptMessage(const std::string& sourceDeviceId, const std::string& recipientDeviceId, const std::vector<uint8_t>& recipientUserId, std::vector<std::shared_ptr<DR>>& DRSessions, const std::vector<uint8_t>& DRmessage, const std::vector<uint8_t>& cipherMessage, std::vector<uint8_t>& plaintext);
352 
353  /* this templates are instanciated once in the lime_double_ratchet.cpp file, explicitly tell anyone including this header that there is no need to re-instanciate them */
354 #ifdef EC25519_ENABLED
355  extern template std::shared_ptr<DR> make_DR_from_localStorage<C255>(std::shared_ptr<lime::Db> localStorage, long sessionId, std::shared_ptr<RNG> RNG_context);
356  extern template std::shared_ptr<DR> make_DR_for_sender(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARrKey<C255> &peerPublicKey, long int peerDid, const std::string &peerDeviceId, const DSA<C255::EC, lime::DSAtype::publicKey> &peerIk, long int selfDid, const std::vector<uint8_t> &X3DH_initMessage, std::shared_ptr<RNG> RNG_context);
357  extern template std::shared_ptr<DR> make_DR_for_receiver(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARsKey<C255> &selfKeyPair, long int peerDid, const std::string &peerDeviceId, const uint32_t OPk_id, const DSA<C255::EC, lime::DSAtype::publicKey> &peerIk, long int selfDeviceId, std::shared_ptr<RNG> RNG_context);
358 
359 #endif
360 #ifdef EC448_ENABLED
361  extern template std::shared_ptr<DR> make_DR_from_localStorage<C448>(std::shared_ptr<lime::Db> localStorage, long sessionId, std::shared_ptr<RNG> RNG_context);
362  extern template std::shared_ptr<DR> make_DR_for_sender(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARrKey<C448> &peerPublicKey, long int peerDid, const std::string &peerDeviceId, const DSA<C448::EC, lime::DSAtype::publicKey> &peerIk, long int selfDid, const std::vector<uint8_t> &X3DH_initMessage, std::shared_ptr<RNG> RNG_context);
363  extern template std::shared_ptr<DR> make_DR_for_receiver(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARsKey<C448> &selfKeyPair, long int peerDid, const std::string &peerDeviceId, const uint32_t OPk_id, const DSA<C448::EC, lime::DSAtype::publicKey> &peerIk, long int selfDeviceId, std::shared_ptr<RNG> RNG_context);
364 
365 #endif
366 #ifdef HAVE_BCTBXPQ
367 #ifdef EC25519_ENABLED
368  extern template std::shared_ptr<DR> make_DR_from_localStorage<C255K512>(std::shared_ptr<lime::Db> localStorage, long sessionId, std::shared_ptr<RNG> RNG_context);
369  extern template std::shared_ptr<DR> make_DR_for_sender(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARrKey<C255K512> &peerPublicKey, long int peerDid, const std::string &peerDeviceId, const DSA<C255K512::EC, lime::DSAtype::publicKey> &peerIk, long int selfDid, const std::vector<uint8_t> &X3DH_initMessage, std::shared_ptr<RNG> RNG_context);
370  extern template std::shared_ptr<DR> make_DR_for_receiver(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARsKey<C255K512> &selfKeyPair, long int peerDid, const std::string &peerDeviceId, const uint32_t OPk_id, const DSA<C255K512::EC, lime::DSAtype::publicKey> &peerIk, long int selfDeviceId, std::shared_ptr<RNG> RNG_context);
371 
372  extern template std::shared_ptr<DR> make_DR_from_localStorage<C255MLK512>(std::shared_ptr<lime::Db> localStorage, long sessionId, std::shared_ptr<RNG> RNG_context);
373  extern template std::shared_ptr<DR> make_DR_for_sender(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARrKey<C255MLK512> &peerPublicKey, long int peerDid, const std::string &peerDeviceId, const DSA<C255MLK512::EC, lime::DSAtype::publicKey> &peerIk, long int selfDid, const std::vector<uint8_t> &X3DH_initMessage, std::shared_ptr<RNG> RNG_context);
374  extern template std::shared_ptr<DR> make_DR_for_receiver(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARsKey<C255MLK512> &selfKeyPair, long int peerDid, const std::string &peerDeviceId, const uint32_t OPk_id, const DSA<C255MLK512::EC, lime::DSAtype::publicKey> &peerIk, long int selfDeviceId, std::shared_ptr<RNG> RNG_context);
375 #endif
376 #ifdef EC448_ENABLED
377  extern template std::shared_ptr<DR> make_DR_from_localStorage<C448MLK1024>(std::shared_ptr<lime::Db> localStorage, long sessionId, std::shared_ptr<RNG> RNG_context);
378  extern template std::shared_ptr<DR> make_DR_for_sender(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARrKey<C448MLK1024> &peerPublicKey, long int peerDid, const std::string &peerDeviceId, const DSA<C448MLK1024::EC, lime::DSAtype::publicKey> &peerIk, long int selfDid, const std::vector<uint8_t> &X3DH_initMessage, std::shared_ptr<RNG> RNG_context);
379  extern template std::shared_ptr<DR> make_DR_for_receiver(std::shared_ptr<lime::Db> localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARsKey<C448MLK1024> &selfKeyPair, long int peerDid, const std::string &peerDeviceId, const uint32_t OPk_id, const DSA<C448MLK1024::EC, lime::DSAtype::publicKey> &peerIk, long int selfDeviceId, std::shared_ptr<RNG> RNG_context);
380 #endif
381 #endif // HAVE_BCTBXPQ
382 
383 }
384 
385 #endif /* lime_double_ratchet_hpp */
lime::ARrKey< Algo, true >::serializedSize
static constexpr size_t serializedSize(void)
Definition: lime_double_ratchet.hpp:82
lime::K::ssize
static constexpr size_t ssize(void)
provide a static size function to be able to call the function not on an object
Definition: lime_crypto_primitives.hpp:105
lime::encryptMessage
void encryptMessage(std::vector< RecipientInfos > &recipients, const std::vector< uint8_t > &plaintext, const std::vector< uint8_t > &recipientUserId, const std::string &sourceDeviceId, std::vector< uint8_t > &cipherMessage, const lime::EncryptionPolicy encryptionPolicy, std::shared_ptr< lime::Db > localStorage, const std::shared_ptr< limeRandomSeedCallback > randomSeedCallback)
Encrypt a message to all recipients, identified by their device id.
Definition: lime_double_ratchet.cpp:1589
lime::ARsKey< Algo, true >::serializedSize
static constexpr size_t serializedSize(void)
Definition: lime_double_ratchet.hpp:189
lime::X::ssize
static constexpr size_t ssize(void)
provide a static size function to be able to call the function not on an object
Definition: lime_crypto_primitives.hpp:59
lime::ARsKey< Curve, false >::ARsKey
ARsKey()
Definition: lime_double_ratchet.hpp:160
lime::ARsKey< Curve, false >::serializedPublicBuffer
std::array< uint8_t, X< Curve, lime::Xtype::publicKey >::ssize()> serializedPublicBuffer
Definition: lime_double_ratchet.hpp:150
lime::ARsKey< Curve, false >::serializedPublicSize
static constexpr size_t serializedPublicSize(void)
Definition: lime_double_ratchet.hpp:148
lime::ARsKey< Algo, true >::ECPublicKey
const X< typename Algo::EC, lime::Xtype::publicKey > & ECPublicKey(void) const
Definition: lime_double_ratchet.hpp:236
lime::DR
A virtual class to define the Double Ratchet interface.
Definition: lime_double_ratchet.hpp:311
lime::ARsKey< Algo, true >::KEMPublicKey
const K< typename Algo::KEM, lime::Ktype::publicKey > & KEMPublicKey(void) const
Definition: lime_double_ratchet.hpp:238
lime::Xpair::privateKey
X< Curve, lime::Xtype::privateKey > & privateKey(void)
access the private key
Definition: lime_crypto_primitives.hpp:80
lime::ARrKey< Curve, false >::ARrKey
ARrKey(const serializedBuffer &DHr)
Definition: lime_double_ratchet.hpp:60
lime::ARrKey< Algo, true >::ARrKey
ARrKey(const X< typename Algo::EC, lime::Xtype::publicKey > &ecDHr, K< typename Algo::KEM, lime::Ktype::publicKey > &kemDHr)
Definition: lime_double_ratchet.hpp:94
lime::ARKeys::serializeDHs
const ARsKey< Curve >::serializedBuffer serializeDHs(void)
Definition: lime_double_ratchet.hpp:304
lime::ARrKey
Definition: lime_double_ratchet.hpp:46
lime::ARsKey< Curve, false >::serializedSize
static constexpr size_t serializedSize(void)
Definition: lime_double_ratchet.hpp:147
lime::ARrKey< Curve, false >::ARrKey
ARrKey()
Definition: lime_double_ratchet.hpp:61
lime::RecipientInfos::DRSession
std::shared_ptr< DR > DRSession
Definition: lime_double_ratchet.hpp:330
lime_log.hpp
lime::K
Base buffer definition for KEM data structure.
Definition: lime_crypto_primitives.hpp:102
lime::ARsKey< Algo, true >::ARsKey
ARsKey()
Definition: lime_double_ratchet.hpp:216
lime::ARrKey< Algo, true >::KEMPublicKey
const K< typename Algo::KEM, lime::Ktype::publicKey > & KEMPublicKey(void) const
Definition: lime_double_ratchet.hpp:106
lime::ARsKey< Algo, true >::ARsKey
ARsKey(const SignedPreKey< Algo > &SPk)
Definition: lime_double_ratchet.hpp:211
lime::ARKeys::cgetDHs
const ARsKey< Curve > & cgetDHs(void) const
Definition: lime_double_ratchet.hpp:303
lime::ARKeys::ARKeys
ARKeys(const ARrKey< Curve > &DHr)
Definition: lime_double_ratchet.hpp:289
lime::ARsKey< Curve, false >::privateKey
X< Curve, lime::Xtype::privateKey > & privateKey(void)
Definition: lime_double_ratchet.hpp:167
lime::ARKeys::setValid
void setValid(bool valid)
Definition: lime_double_ratchet.hpp:293
lime::ARsKey< Algo, true >::ARsKey
ARsKey(const serializedBuffer &DHs)
Definition: lime_double_ratchet.hpp:218
lime::ARrKey< Curve, false >::serializedSize
static constexpr size_t serializedSize(void)
Definition: lime_double_ratchet.hpp:55
lime::ARKeys::cgetDHr
const ARrKey< Curve > & cgetDHr(void) const
Definition: lime_double_ratchet.hpp:298
lime::ARrKey< Curve, false >::ARrKey
ARrKey(const SignedPreKey< Curve > &SPk)
Definition: lime_double_ratchet.hpp:58
lime::make_DR_for_receiver
std::shared_ptr< DR > make_DR_for_receiver(std::shared_ptr< lime::Db > localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARsKey< Algo > &selfKeyPair, long int peerDid, const std::string &peerDeviceId, const uint32_t OPk_id, const DSA< typename Algo::EC, lime::DSAtype::publicKey > &peerIk, long int selfDeviceId, std::shared_ptr< RNG > RNG_context)
Definition: lime_double_ratchet.cpp:1532
lime::DSA
Base buffer definition for DSA data structure.
Definition: lime_crypto_primitives.hpp:148
lime::Xpair
Key pair structure for key exchange algorithm.
Definition: lime_crypto_primitives.hpp:74
lime::ARrKey< Algo, true >::ARrKey
ARrKey(const SignedPreKey< Algo > &SPk)
Definition: lime_double_ratchet.hpp:95
lime::ARsKey< Algo, true >::ECPrivateKey
X< typename Algo::EC, lime::Xtype::privateKey > & ECPrivateKey(void)
Definition: lime_double_ratchet.hpp:235
lime::ARsKey< Curve, false >::serializePublic
std::vector< uint8_t > serializePublic(void) const
Serialize the public part only to insert in the DR message header.
Definition: lime_double_ratchet.hpp:177
lime::Xpair::cpublicKey
const X< Curve, lime::Xtype::publicKey > & cpublicKey(void) const
Definition: lime_crypto_primitives.hpp:84
lime::ARsKey< Curve, false >::ARsKey
ARsKey(const X< Curve, lime::Xtype::publicKey > &DHsPublic, const X< Curve, lime::Xtype::privateKey > &DHsPrivate)
Definition: lime_double_ratchet.hpp:156
lime::ARKeys
structure to hold the keys used in asymmetric ratchet For EC only DR, it holds
Definition: lime_double_ratchet.hpp:283
lime_defines.hpp
lime::DR::ratchetEncrypt
virtual void ratchetEncrypt(const std::vector< uint8_t > &plaintext, std::vector< uint8_t > &&AD, std::vector< uint8_t > &ciphertext, const bool payloadDirectEncryption)=0
lime::ARrKey< Algo, true >::serialize
serializedBuffer serialize(void) const
Definition: lime_double_ratchet.hpp:128
lime::SharedADBuffer
std::array< uint8_t, lime::settings::DRSessionSharedADSize > SharedADBuffer
Definition: lime_double_ratchet.hpp:42
lime_crypto_primitives.hpp
lime::ARKeys::getDHs
ARsKey< Curve > & getDHs(void)
Definition: lime_double_ratchet.hpp:302
lime::ARKeys::ARKeys
ARKeys(bool valid=false)
Definition: lime_double_ratchet.hpp:290
lime::ARrKey< Algo, true >::ECPublicKey
const X< typename Algo::EC, lime::Xtype::publicKey > & ECPublicKey(void) const
Definition: lime_double_ratchet.hpp:105
lime::Kpair::cprivateKey
const K< Algo, lime::Ktype::privateKey > & cprivateKey(void) const
Definition: lime_crypto_primitives.hpp:127
lime::ARsKey< Curve, false >::serialize
serializedBuffer serialize(void) const
Serialize the key pair (to store in DB): First the public value, then the private one...
Definition: lime_double_ratchet.hpp:170
lime_x3dh.hpp
lime::ARKeys::setDHr
void setDHr(const ARrKey< Curve > &DHr)
Definition: lime_double_ratchet.hpp:296
lime::Kpair::privateKey
K< Algo, lime::Ktype::privateKey > & privateKey(void)
access the private key
Definition: lime_crypto_primitives.hpp:126
lime::ARsKey< Algo, true >::serializeECPublic
std::vector< uint8_t > serializeECPublic(void) const
Serialize the EC public part only to insert in the DR message header when we avoid sending the KEM pa...
Definition: lime_double_ratchet.hpp:262
lime::RecipientInfos::RecipientInfos
RecipientInfos(const std::string &deviceId, std::shared_ptr< DR > session)
Definition: lime_double_ratchet.hpp:339
lime::ARKeys::serializePublicDHs
const std::vector< uint8_t > serializePublicDHs(void) const
Definition: lime_double_ratchet.hpp:305
lime::Kpair::publicKey
K< Algo, lime::Ktype::publicKey > & publicKey(void)
access the public key
Definition: lime_crypto_primitives.hpp:129
lime::ARsKey< Curve, false >::ARsKey
ARsKey(const SignedPreKey< Curve > &SPk)
Definition: lime_double_ratchet.hpp:152
lime::ARsKey< Algo, true >::serializePublic
std::vector< uint8_t > serializePublic(void) const
Serialize the public part only to insert in the DR message header: EC public || KEM public || KEM cip...
Definition: lime_double_ratchet.hpp:255
lime::Kpair::cpublicKey
const K< Algo, lime::Ktype::publicKey > & cpublicKey(void) const
Definition: lime_crypto_primitives.hpp:130
lime::ARKeys::getDHr
ARrKey< Curve > & getDHr(void)
Definition: lime_double_ratchet.hpp:297
lime::ARrKey< Curve, false >::getIndex
std::vector< uint8_t > getIndex(void) const
Index is a hash of public key to identify it without sending/storing it all.
Definition: lime_double_ratchet.hpp:65
lime::ARsKey< Algo, true >::serializedPublicBuffer
std::array< uint8_t, X< Algo, lime::Xtype::publicKey >::ssize()+K< Algo, lime::Ktype::publicKey >::ssize()+K< Algo, lime::Ktype::cipherText >::ssize()> serializedPublicBuffer
Definition: lime_double_ratchet.hpp:207
lime::ARsKey< Algo, true >::serialize
serializedBuffer serialize(void) const
Serialize the key pair (to store in DB): First the public value, then the private one...
Definition: lime_double_ratchet.hpp:241
lime::ARKeys::serializeDHr
const ARrKey< Curve >::serializedBuffer serializeDHr(void)
Definition: lime_double_ratchet.hpp:299
lime::ARsKey< Algo, true >::ARsKey
ARsKey(const X< typename Algo::EC, lime::Xtype::publicKey > &ECPublic, const X< typename Algo::EC, lime::Xtype::privateKey > &ECPrivate, const K< typename Algo::KEM, lime::Ktype::publicKey > &KEMPublic, const K< typename Algo::KEM, lime::Ktype::privateKey > &KEMPrivate, const K< typename Algo::KEM, lime::Ktype::cipherText > &KEMCT)
Definition: lime_double_ratchet.hpp:213
lime::make_DR_from_localStorage
std::shared_ptr< DR > make_DR_from_localStorage(std::shared_ptr< lime::Db > localStorage, long sessionId, std::shared_ptr< RNG > RNG_context)
Definition: lime_double_ratchet.cpp:1526
lime::ARrKey< Algo, true >::KEMCipherText
const K< typename Algo::KEM, lime::Ktype::cipherText > & KEMCipherText(void) const
Definition: lime_double_ratchet.hpp:107
lime::ARrKey< Algo, true >::ARrKey
ARrKey()
Definition: lime_double_ratchet.hpp:102
lime::ARrKey< Algo, true >::ARrKey
ARrKey(const X< typename Algo::EC, lime::Xtype::publicKey > &ecDHr, K< typename Algo::KEM, lime::Ktype::publicKey > &kemDHr, K< typename Algo::KEM, lime::Ktype::cipherText > &kemCTr)
Definition: lime_double_ratchet.hpp:92
lime::decryptMessage
std::shared_ptr< DR > decryptMessage(const std::string &sourceDeviceId, const std::string &recipientDeviceId, const std::vector< uint8_t > &recipientUserId, std::vector< std::shared_ptr< DR >> &DRSessions, const std::vector< uint8_t > &DRmessage, const std::vector< uint8_t > &cipherMessage, std::vector< uint8_t > &plaintext)
Decrypt a message.
Definition: lime_double_ratchet.cpp:1737
lime::ARrKey< Algo, true >::getKEMIndex
std::vector< uint8_t > getKEMIndex(void) const
Definition: lime_double_ratchet.hpp:111
lime::ARsKey
Definition: lime_double_ratchet.hpp:139
lime::Kpair
Key pair structure for key exchange algorithm.
Definition: lime_crypto_primitives.hpp:120
lime::HMAC< SHA512 >
void HMAC< SHA512 >(const uint8_t *const key, const size_t keySize, const uint8_t *const input, const size_t inputSize, uint8_t *hash, size_t hashSize)
Definition: lime_crypto_primitives.cpp:447
lime::ARsKey< Algo, true >::ARsKey
ARsKey(const Xpair< typename Algo::EC > &ecDHs, const Kpair< typename Algo::KEM > &kemDHs, const K< typename Algo::KEM, lime::Ktype::cipherText > &kemCTs)
Definition: lime_double_ratchet.hpp:210
lime::ARrKey< Algo, true >::getIndex
std::vector< uint8_t > getIndex(void) const
Definition: lime_double_ratchet.hpp:120
lime::ARrKey< Algo, true >::setECPk
void setECPk(const X< typename Algo::EC, lime::Xtype::publicKey > ec_Pk)
Definition: lime_double_ratchet.hpp:109
lime::ARsKey< Algo, true >::ARsKey
ARsKey(const Xpair< typename Algo::EC > &ecDHs, const Kpair< typename Algo::KEM > &kemDHs)
Definition: lime_double_ratchet.hpp:212
lime::DR::~DR
virtual ~DR()=default
lime
Definition: lime.cpp:33
lime::ARrKey< Algo, true >::serializedBuffer
std::array< uint8_t, X< Algo, lime::Xtype::publicKey >::ssize()+K< Algo, lime::Ktype::publicKey >::ssize()+K< Algo, lime::Ktype::cipherText >::ssize()> serializedBuffer
Definition: lime_double_ratchet.hpp:90
lime::ARrKey< Curve, false >::publicKey
const X< Curve, lime::Xtype::publicKey > & publicKey(void) const
Definition: lime_double_ratchet.hpp:63
lime::ARKeys::ARKeys
ARKeys(const ARsKey< Curve > &DHs)
Definition: lime_double_ratchet.hpp:291
lime::ARKeys::setDHs
void setDHs(const ARsKey< Curve > &DHs)
Definition: lime_double_ratchet.hpp:301
lime::ARsKey< Curve, false >::ARsKey
ARsKey(const serializedBuffer &DHs)
Definition: lime_double_ratchet.hpp:162
lime::Xpair::publicKey
X< Curve, lime::Xtype::publicKey > & publicKey(void)
access the public key
Definition: lime_crypto_primitives.hpp:83
lime::ARKeys::getValid
bool getValid(void) const
Definition: lime_double_ratchet.hpp:294
lime::DR::ratchetDecrypt
virtual bool ratchetDecrypt(const std::vector< uint8_t > &cipherText, const std::vector< uint8_t > &AD, std::vector< uint8_t > &plaintext, const bool payloadDirectEncryption)=0
lime::RecipientInfos::RecipientInfos
RecipientInfos(const std::string &deviceId)
Definition: lime_double_ratchet.hpp:345
lime::make_DR_for_sender
std::shared_ptr< DR > make_DR_for_sender(std::shared_ptr< lime::Db > localStorage, const DRChainKey &SK, const SharedADBuffer &AD, const ARrKey< Algo > &peerPublicKey, long int peerDid, const std::string &peerDeviceId, const DSA< typename Algo::EC, lime::DSAtype::publicKey > &peerIk, long int selfDid, const std::vector< uint8_t > &X3DH_initMessage, std::shared_ptr< RNG > RNG_context)
Definition: lime_double_ratchet.cpp:1529
lime::ARrKey< Curve, false >::serialize
serializedBuffer serialize(void) const
Definition: lime_double_ratchet.hpp:70
lime::RecipientInfos
extend the RecipientData to add a Double Ratchet session shared with the recipient ...
Definition: lime_double_ratchet.hpp:329
lime::RecipientData
The encrypt function input/output data structure.
Definition: lime.hpp:73
lime::ARsKey< Curve, false >::publicKey
X< Curve, lime::Xtype::publicKey > & publicKey(void)
Definition: lime_double_ratchet.hpp:168
lime::ARsKey< Algo, true >::getKEMIndex
std::vector< uint8_t > getKEMIndex(void) const
Index is a hash of KEM public key/Cipher Text to identify it without sending/storing it all...
Definition: lime_double_ratchet.hpp:266
lime::ARsKey< Algo, true >::serializedPublicSize
static constexpr size_t serializedPublicSize(void)
Definition: lime_double_ratchet.hpp:194
lime_settings.hpp
lime::ARsKey< Algo, true >::setEC
void setEC(const X< typename Algo::EC, lime::Xtype::publicKey > &ECPublic, const X< typename Algo::EC, lime::Xtype::privateKey > &ECPrivate)
Set Ec key pair only: used to update this part without touching the KEM one.
Definition: lime_double_ratchet.hpp:231
lime::DR::isActive
virtual bool isActive(void) const =0
return the current status of session
lime::ARsKey< Algo, true >::KEMPrivateKey
K< typename Algo::KEM, lime::Ktype::privateKey > & KEMPrivateKey(void)
Definition: lime_double_ratchet.hpp:237
lime::EncryptionPolicy
EncryptionPolicy
Definition: lime.hpp:47
lime::settings::DRPkIndexSize
constexpr size_t DRPkIndexSize
Definition: lime_defines.hpp:81
lime::ARrKey< Algo, true >::ARrKey
ARrKey(const serializedBuffer &DHr)
Definition: lime_double_ratchet.hpp:97
lime::Xpair::cprivateKey
const X< Curve, lime::Xtype::privateKey > & cprivateKey(void) const
Definition: lime_crypto_primitives.hpp:81
lime::DRChainKey
lime::sBuffer< lime::settings::DRChainKeySize > DRChainKey
Definition: lime_double_ratchet.hpp:39
lime::RecipientData::deviceId
const std::string deviceId
Definition: lime.hpp:74
lime::ARsKey< Algo, true >::KEMCipherText
K< typename Algo::KEM, lime::Ktype::cipherText > & KEMCipherText(void)
Definition: lime_double_ratchet.hpp:239
lime::ARrKey< Curve, false >::serializedBuffer
std::array< uint8_t, X< Curve, lime::Xtype::publicKey >::ssize()> serializedBuffer
Definition: lime_double_ratchet.hpp:56
lime::DR::dbSessionId
virtual long int dbSessionId(void) const =0
return the session's local storage id
Generated on Tue Oct 7 2025 23:00:30 for lime by   doxygen 1.8.10