Use 2 symmetric keys instead of reusing just one.

bahner · Oct 1, 2024 · eab1051 · eab1051
1 parent f427496
commit eab1051
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 17 deletions.
diff --git a/ma.go b/ma.go
@@ -16,6 +16,7 @@ const (
 	BROADCAST_TOPIC = "/" + NAME + "/broadcast/" + VERSION
 
 	// BLAKE3 label for symmetric key generation.
-	BLAKE3_LABEL    = NAME
-	BLAKE3_SUM_SIZE = 32 // 256 bits
+	BLAKE3_CONTENT_LABEL = RENDEZVOUS
+	BLAKE3_HEADERS_LABEL = NAME
+	BLAKE3_SUM_SIZE      = 32 // 256 bits
 )
diff --git a/msg/crypto.go b/msg/crypto.go
@@ -12,7 +12,7 @@ import (
 )
 
 // Decrypts a message fields from an message
-func decrypt(data []byte, ephemeralKey []byte, privKey []byte) ([]byte, error) {
+func decrypt(data []byte, ephemeralKey []byte, privKey []byte, symmetricKeyLabel []byte) ([]byte, error) {
 
 	// Derive the shared secret using recipient's private key and ephemeral public key
 	shared, err := curve25519.X25519(privKey, ephemeralKey)
@@ -21,7 +21,7 @@ func decrypt(data []byte, ephemeralKey []byte, privKey []byte) ([]byte, error) {
 	}
 	log.Debugf("shared: %x", shared)
 
-	symmetricKey := key.GenerateSymmetricKey(shared, ma.BLAKE3_SUM_SIZE, []byte(ma.BLAKE3_LABEL))
+	symmetricKey := key.GenerateSymmetricKey(shared, ma.BLAKE3_SUM_SIZE, symmetricKeyLabel)
 	log.Debugf("symmetricKey: %x", symmetricKey)
 
 	// Split the nonce from the ciphertext
@@ -77,7 +77,7 @@ func encrypt(data []byte, symmetricKey []byte) ([]byte, error) {
 	return cipherTextWithNonce, nil
 }
 
-func generateEphemeralKeys(recipientPublicKeyBytes []byte) ([]byte, []byte, error) {
+func generateSharedKey(recipientPublicKeyBytes []byte) ([]byte, []byte, error) {
 
 	// The private key is not stored, only used twice, both for the headers and the content encryption.
 	// This should be OK, but we could use a different key for the content encryption in the future, if deemed necessary.
@@ -96,16 +96,12 @@ func generateEphemeralKeys(recipientPublicKeyBytes []byte) ([]byte, []byte, erro
 	log.Debugf("msg_enclose: ephemeralPublic: %x", ephemeralPublic)
 
 	// Derive shared secret
-	shared, err := curve25519.X25519(ephemeralPrivate[:], recipientPublicKeyBytes)
+	sharedSecret, err := curve25519.X25519(ephemeralPrivate[:], recipientPublicKeyBytes)
 	if err != nil {
 		return nil, nil, fmt.Errorf("msg_encrypt: error deriving shared secret: %w", err)
 	}
 	// log.Debugf("msg_encrypt: shared: %x", shared)
 
-	// Generate a symmetric key from the shared secret using blake3
-	symmetricKey := key.GenerateSymmetricKey(shared, ma.BLAKE3_SUM_SIZE, []byte(ma.BLAKE3_LABEL))
-	// log.Debugf("msg_encrypt: symmetricKey: %x", symmetricKey)
-
-	return ephemeralPublic, symmetricKey, nil
+	return ephemeralPublic, sharedSecret, nil
 
 }
diff --git a/msg/envelope.go b/msg/envelope.go
@@ -4,7 +4,9 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/bahner/go-ma"
 	"github.com/bahner/go-ma/did/doc"
+	"github.com/bahner/go-ma/key"
 	cbor "github.com/fxamacker/cbor/v2"
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
 	"golang.org/x/crypto/curve25519"
@@ -58,7 +60,7 @@ func (m *Message) Enclose() (*Envelope, error) {
 	}
 
 	// Generate ephemeral keys to be used for his message
-	ephemeralPublic, symmetricKey, err := generateEphemeralKeys(recipientPublicKeyBytes)
+	ephemeralPublic, sharedSecret, err := generateSharedKey(recipientPublicKeyBytes)
 	if err != nil {
 		return nil, fmt.Errorf("msg_enclose: %w", err)
 	}
@@ -68,19 +70,21 @@ func (m *Message) Enclose() (*Envelope, error) {
 		return nil, fmt.Errorf("msg_enclose: %w", err)
 	}
 
-	encryptedMsgHeaders, err := encrypt(msgHeaders, symmetricKey)
+	symmetricHeadersKey := key.GenerateSymmetricKey(sharedSecret, ma.BLAKE3_SUM_SIZE, []byte(ma.NAME))
+	encryptedHeaders, err := encrypt(msgHeaders, symmetricHeadersKey)
 	if err != nil {
 		return nil, fmt.Errorf("msg_enclose: %w", err)
 	}
 
-	encryptedContent, err := encrypt(m.Content, symmetricKey)
+	symmetricContentKey := key.GenerateSymmetricKey(sharedSecret, ma.BLAKE3_SUM_SIZE, []byte(ma.RENDEZVOUS))
+	encryptedContent, err := encrypt(m.Content, symmetricContentKey)
 	if err != nil {
 		return nil, fmt.Errorf("msg_enclose: %w", err)
 	}
 
 	return &Envelope{
 		EphemeralKey:     ephemeralPublic,
-		EncryptedHeaders: encryptedMsgHeaders,
+		EncryptedHeaders: encryptedHeaders,
 		EncryptedContent: encryptedContent,
 	}, nil
 }
@@ -132,12 +136,12 @@ func UnmarshalAndVerifyEnvelopeFromCBOR(data []byte) (*Envelope, error) {
 }
 
 func (e *Envelope) getContent(privkey []byte) ([]byte, error) {
-	return decrypt(e.EncryptedContent, e.EphemeralKey, privkey)
+	return decrypt(e.EncryptedContent, e.EphemeralKey, privkey, []byte(ma.BLAKE3_CONTENT_LABEL))
 }
 
 func (e *Envelope) getHeaders(privkey []byte) (*Headers, error) {
 
-	bytes, err := decrypt(e.EncryptedHeaders, e.EphemeralKey, privkey)
+	bytes, err := decrypt(e.EncryptedHeaders, e.EphemeralKey, privkey, []byte(ma.BLAKE3_HEADERS_LABEL))
 	if err != nil {
 		return nil, err
 	}