Using AES-CBC with predictable IV under static key, and using SASs is not safe #2
Description
Hi, nice to see another project working on data-diode isolated TCBs.
The line 915 of audioReceiver.py shows you're using a hard-coded and thus predictable IV. This is not safe since you're using the X25519 shared key repeatedly. Please see the explanation here for more information.
Also, you're using per-session short authentication strings that are not very secure. Please strongly consider the best practice of generating long-term ed25519 identity keys instead to sign and verify the per-session X25519 public values, and generate a 256-bit fingerprint of the ed25519 public (signature verification) key that the users verify once and mark as verified. You can combine the public keys for a symmetric fingerprint by sorting them lexicographically and taking the BLAKE2 hash of them. My recommendation is to use base-10 encoding for representing the fingerprint as human languages have evolved to communicate digits in a distinguishable way for obvious reasons.