From ff0dff745c900f925816b0ff0469e9d9b4f89f2c Mon Sep 17 00:00:00 2001 From: Moxie Marlinspike Date: Wed, 4 Dec 2013 19:53:42 -0800 Subject: [PATCH] Let's order 3DHE by Alice/Bob roles. --- .../textsecure/crypto/ratchet/RatchetingSession.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/src/org/whispersystems/textsecure/crypto/ratchet/RatchetingSession.java b/library/src/org/whispersystems/textsecure/crypto/ratchet/RatchetingSession.java index 313ccbebe4..2548fa3abe 100644 --- a/library/src/org/whispersystems/textsecure/crypto/ratchet/RatchetingSession.java +++ b/library/src/org/whispersystems/textsecure/crypto/ratchet/RatchetingSession.java @@ -46,7 +46,7 @@ public class RatchetingSession { sessionRecord.setLocalIdentityKey(ourIdentityKey.getPublicKey()); ECKeyPair sendingKey = Curve.generateKeyPairForType(ourIdentityKey.getPublicKey().getPublicKey().getType()); - Pair receivingChain = calculate3DHE(ourBaseKey, theirBaseKey, ourIdentityKey, theirIdentityKey); + Pair receivingChain = calculate3DHE(true, ourBaseKey, theirBaseKey, ourIdentityKey, theirIdentityKey); Pair sendingChain = receivingChain.first.createChain(theirEphemeralKey, sendingKey); sessionRecord.addReceiverChain(theirEphemeralKey, receivingChain.second); @@ -64,21 +64,22 @@ public class RatchetingSession { sessionRecord.setRemoteIdentityKey(theirIdentityKey); sessionRecord.setLocalIdentityKey(ourIdentityKey.getPublicKey()); - Pair sendingChain = calculate3DHE(ourBaseKey, theirBaseKey, + Pair sendingChain = calculate3DHE(false, ourBaseKey, theirBaseKey, ourIdentityKey, theirIdentityKey); sessionRecord.setSenderChain(ourEphemeralKey, sendingChain.second); sessionRecord.setRootKey(sendingChain.first); } - private static Pair calculate3DHE(ECKeyPair ourEphemeral, ECPublicKey theirEphemeral, + private static Pair calculate3DHE(boolean isAlice, + ECKeyPair ourEphemeral, ECPublicKey theirEphemeral, IdentityKeyPair ourIdentity, IdentityKey theirIdentity) throws InvalidKeyException { try { ByteArrayOutputStream secrets = new ByteArrayOutputStream(); - if (isLowEnd(ourEphemeral.getPublicKey(), theirEphemeral)) { + if (isAlice) { secrets.write(Curve.calculateAgreement(theirEphemeral, ourIdentity.getPrivateKey())); secrets.write(Curve.calculateAgreement(theirIdentity.getPublicKey(), ourEphemeral.getPrivateKey())); } else {