Lab 08 - Whatsapp End-to-end Encryption (part 2)

In this lab you will continue the implementation of the Signal Protocol, which is the basis for WhatsApp's end-to-end encryption.

The protocol is described here. For more details you can also check this paper.

For the Elliptic Curves, you can use this library.

If you solved the previous lab, use your previous setup (replace the files with the ones from the .zip below to prevent any issues). If you are starting out with these labs, follow the steps below (NOTE: you can use your fep instance via Python3 environments):

  • Install the necessary tools (not necessary on fep):
sudo apt install build-essential python3-dev
sudo apt install python3-pip
  • Use wget to download the required zip (find it below)
  • Create a Python3 environment, make sure PyPI is up to date and install the required packages:
python3 -m venv create env
source ./env/bin/activate
pip install --upgrade pip
pip install cryptography donna25519

If local installation does not work, use your fep instance.

Task - Vertical & Horizontal ratcheting

See the previous lab for how to create a common master_secret for two clients which communicate through a server.

Then, send messages with different keys each time, by recalculating the Chain Key according to the Signal Protocol.

Recalculate the Root Key for each round trip with the new DH public keys sent in messages.

For this task you need to embed a new ephemeral public key in each message, in order to create a new RootKey.

You can find a good description of the ratcheting protocol here.

For the sake of simplicity, we will consider that all messages are in-order and none of them is lost.

You may start this lab from this code.

To generate the root keys and chain keys (e.g. in the method update_keys) you need to basically apply the HKDF method provided (hkdf) with a 64 byte output (512 bits), which is then split into the root key (first 32 bytes) and chain key (last 32 bytes)

You should do the same also in the method record_new_client_session, for the case when the client is the initiator. When the client is not the initiator both chain keys (chain_key_s and chain_key_r) will be initialized after receiving a message, so you can keep them as 'None'. As initiator you should only initialize root_key and chain_key_s as explained above, while chain_key_r can be left as 'None' for now.

How to run

Open three different terminals.

First terminal (start the server):

python main_server.py

Second terminal (start the first client and enter RECV mode:

python main_client.py
RECV

Third terminal (start the second client and send a message):

python main_client.py
MSG <id_other_client> Hello!
ac/laboratoare/08.txt · Last modified: 2024/11/14 13:05 by dimitrie.valu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0