refactor: Improve plausible deniability and add SMP encryption

Author: chadsec1

core/constants.py

@@ -12,7 +12,7 @@
 # crypto parameters (bytes)
 CHALLENGE_LEN     = 11264
 
-AES_GCM_NONCE_LEN = 12
+CHACHA20POLY1305_NONCE_LEN = 12
 
 OTP_PAD_SIZE       = 11264
 OTP_PADDING_LENGTH = 2

core/crypto.py

@@ -148,6 +148,14 @@ def generate_kem_keys(algorithm: str):
         private_key = kem.export_secret_key()
         return private_key, public_key
 
+def encap_shared_secret(public_key: bytes, algorithm: str):
+    with oqs.KeyEncapsulation(algorithm) as kem:
+        return kem.encap_secret(public_key[:ALGOS_BUFFER_LIMITS[algorithm]["PK_LEN"]])
+ 
+def decap_shared_secret(ciphertext: bytes, private_key: bytes, algorithm: str):
+    with oqs.KeyEncapsulation(algorithm, secret_key = private_key[:ALGOS_BUFFER_LIMITS[algorithm]["SK_LEN"]]) as kem:
+        return kem.decap_secret(ciphertext[:ALGOS_BUFFER_LIMITS[algorithm]["CT_LEN"]])
+
 def decrypt_shared_secrets(ciphertext_blob: bytes, private_key: bytes, algorithm: str = None, otp_pad_size: int = OTP_PAD_SIZE):
     """
     Decrypts concatenated KEM ciphertexts to derive shared one-time pad.

core/trad_crypto.py

@@ -8,11 +8,13 @@
 These functions rely on the cryptography library and are intended for use within Coldwire's higher-level protocol logic.
 """
 
-from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
 from cryptography.hazmat.primitives.kdf.argon2 import Argon2id
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.hkdf import HKDF
 from core.constants import (
     OTP_PAD_SIZE,
-    AES_GCM_NONCE_LEN,
+    CHACHA20POLY1305_NONCE_LEN,
     ARGON2_ITERS,
     ARGON2_MEMORY,
     ARGON2_LANES,
@@ -39,6 +41,14 @@ def sha3_512(data: bytes) -> bytes:
     return h.digest()
 
 
+def hkdf(key: bytes, length: int = 32, salt: bytes = None, info: bytes = None) -> bytes:
+    return HKDF(
+        algorithm = hashes.SHA3_256(),
+        length = length,
+        salt = salt,
+        info = info,
+    ).derive(key)
+
 def derive_key_argon2id(password: bytes, salt: bytes = None, salt_length: int = ARGON2_SALT_LEN, output_length: int = ARGON2_OUTPUT_LEN) -> tuple[bytes, bytes]:
     """
     Derive a symmetric key from a password using Argon2id.
@@ -70,42 +80,49 @@ def derive_key_argon2id(password: bytes, salt: bytes = None, salt_length: int =
     return derived_key, salt
 
 
-def encrypt_aes_gcm(key: bytes, plaintext: bytes) -> tuple[bytes, bytes]:
+def encrypt_chacha20poly1305(key: bytes, plaintext: bytes, counter: int = None, counter_safety: int = 2 ** 32) -> tuple[bytes, bytes]:
     """
-    Encrypt plaintext using AES-256 in GCM mode.
+    Encrypt plaintext using ChaCha20Poly1305.
 
     A random nonce is generated for each encryption.
 
     Args:
-        key: A 32-byte AES key.
+        key: A 32-byte ChaCha20Poly1305 key.
         plaintext: Data to encrypt.
+        counter: an (optional) number to add to nonce
 
     Returns:
         A tuple (nonce, ciphertext) where:
         - nonce: The randomly generated AES-GCM nonce.
         - ciphertext: The encrypted data including the authentication tag.
     """
-    nonce = secrets.token_bytes(AES_GCM_NONCE_LEN)
-    aes_gcm = AESGCM(key)
-    ciphertext = aes_gcm.encrypt(nonce, plaintext, None)
+    nonce = secrets.token_bytes(CHACHA20POLY1305_NONCE_LEN)
+    if counter is not None:
+        if counter > counter_safety:
+            raise ValueError("ChaCha counter has overflowen")
+
+        nonce = nonce[:CHACHA20POLY1305_NONCE_LEN - 4] + counter.to_bytes(4, "big")
+
+    chacha = ChaCha20Poly1305(key)
+    ciphertext = chacha.encrypt(nonce, plaintext, None)
     return nonce, ciphertext
 
 
-def decrypt_aes_gcm(key: bytes, nonce: bytes, ciphertext: bytes) -> bytes:
+def decrypt_chacha20poly1305(key: bytes, nonce: bytes, ciphertext: bytes) -> bytes:
     """
-    Decrypt ciphertext using AES-256 in GCM mode.
+    Decrypt ciphertext using ChaCha20Poly1305.
 
     Raises an exception if authentication fails.
 
     Args:
-        key: The 32-byte AES key used for encryption.
+        key: The 32-byte ChaCha20Poly1305 key used for encryption.
         nonce: The nonce used during encryption.
         ciphertext: The encrypted data including the authentication tag.
 
     Returns:
         The decrypted plaintext bytes.
     """
-    aes_gcm = AESGCM(key)
-    return aes_gcm.decrypt(nonce, ciphertext, None)
+    chacha = ChaCha20Poly1305(key)
+    return chacha.decrypt(nonce, ciphertext, None)
 
 

logic/contacts.py

@@ -60,6 +60,7 @@ def save_contact(user_data: dict, user_data_lock, contact_id: str) -> None:
                     "contact_nonce": None,
                     "smp_step": None,
                     "tmp_proof": None,
+                    "tmp_key": None,
                     "contact_kem_public_key": None,
                     "our_kem_keys": {
                         "private_key": None,