Due: Tue, May 6, 11:59pm
In this project, you will implement the basic version of the Double Ratchet algorithm. Basic means that your project will implement Section 2.4 of the protocol specification.
For this project, you will implement two executables:
Our protocol will match Section 2.4, where alice is the client (that is, Alice sends the first message), and bob is the server (Bob receives the first message). Thus, bob must be started first. Upon connection, alice and bob interact in a simple chat session: each sends any input the user enters on stdin, and the receiver prints this message to stdout. If the user enters ^D or the process encounters an error, that endpoint closes its connection and exits; upon detecting the close, the peer endpoint also closes its connection and exits. In other words, each process executes for only a single chat session.
The "Alice" (initial sender) party of a double-ratchet communication.
alice [options] BOB_HOST
The "host:port" string for Bob. Host can be either an IP address or a hostname.
The file that contains the 32-byte shared secret that serves as the initial root key.
Default: secret.key
A file with Bob's raw public X25519 key (that is, the file is the raw key bytes, rather than a DER or PEM-encoding of these bytes).
Default: bob-pub.key
Display this usage statement and exit.
./alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
The "Bob" (initial receiver) party of a double-ratchet communication.
bob [options] BOB_HOST
The "[host]:port" string for Bob's address. Host can be either an IP address, a host name (e.g., "localhost") or omitted altogether.
The file that contains the 32-byte shared secret that serves as the initial root key.
Default: secret.key
A file with Bob's raw public X25519 key (that is, the file is the raw key bytes, rather than a DER or PEM-encoding of these bytes).
Default: bob-pub.key
A file with Bob's raw private X25519 key (that is, the file is the raw key bytes, rather than a DER or PEM-encoding of these bytes).
Default: bob-priv.key
Display this usage statement and exit.
./bob -secret assets/secret.key -pub bob-pub.key -priv bob-priv.key 127.0.0.1:12345
To help get started, please use the following drat.zip skeleton module.
The protocol data unit (PDU) for our implementation is very simple: each PDU contains a header and a body. The header is the sender's current public key, and the body is the AES-GCM encrypted message. Our implementation uses Go's gob encoding as the data representation format. The file internal/drat/pdu.go hides the gob-encoding behind the two higher-level interfaces that you should use: Send and ReceivePDU.
The file internal/drat/crypto.go contains all of the cryptographic functions that you need. In particular, Encrypt, Decrypt, KDF_CK, and KDF_RK are straightforward Go implementations of the Python code in Section 3 of the Double Ratchet specification. Note that for Encrypt and Decrypt, the associated data (assocData) are the raw bytes of the PDU header (header.Marshal()).
Regarding design, for both alice and bob you will want to launch two goroutines: one that reads from stdin and one that receives messages from its peer. These goroutines can communicate with the main goroutine over separate Go channels in which they enqueue the outgoing or incoming messages, respectively. The main goroutine uses a select statement to concurrently read from each channel. In the case of an outgoing message, the main goroutine encrypts and sends the message; for an incoming message, the main routine decrypts and displays the message.
You may find it helpful to test your code against my versions in instructor-drat.zip. The zip file contains binaries for linux-amd64 and macos-arm64. These alice and bob executables also take -verbose option that displays debugging logging.
Submit your project as a zip file via gradescope. Your project must include a Makefile that builds two executables: alice and bob. Please refer to the instructions for submitting an assignment for details on how to login to gradescope and properly zip your project.
./instructor/bob -secret assets/secret.key -pub assets/bob-pub.key -priv assets/bob-priv.key 127.0.0.1:12345
(out)alice: a
(out)b
(out)alice: c
(out)d
./alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
(out)a
(out)bob: b
(out)c
(out)bob: d
./instructor/bob -secret assets/secret.key -pub assets/bob-pub.key -priv assets/bob-priv.key 127.0.0.1:12345
(out)alice: red
(out)alice: orange
(out)yellow
(out)green
(out)blue
(out)alice: indigo
(out)alice: violet
./alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
(out)red
(out)orange
(out)bob: yellow
(out)bob: green
(out)bob: blue
(out)indigo
(out)violet
./bob -secret assets/secret.key -pub assets/bob-pub.key -priv assets/bob-priv.key 127.0.0.1:12345
(out)alice: a
(out)b
(out)alice: c
(out)d
./instructor/alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
(out)a
(out)bob: b
(out)c
(out)bob: d
./bob -secret assets/secret.key -pub assets/bob-pub.key -priv assets/bob-priv.key 127.0.0.1:12345
(out)alice: red
(out)alice: orange
(out)yellow
(out)green
(out)blue
(out)alice: indigo
(out)alice: violet
./instructor/alice -secret assets/secret.key -bob-pub assets/bob-pub.key 127.0.0.1:12345
(out)red
(out)orange
(out)bob: yellow
(out)bob: green
(out)bob: blue
(out)indigo
(out)violet