feat: implement double ratchet, x3dh foundations, and desktop UI refactoring

Author: alec-c4

docs/roadmap.md

@@ -44,8 +44,8 @@
     - [x] Inbox Zero: TTL auto-deletion (backend + UI).
 - [ ] **Advanced Cryptography (Double Ratchet)**
     - [ ] Implement **X3DH** (Extended Triple Diffie-Hellman) for initial key exchange.
-    - [ ] Implement **Double Ratchet** session management (root key, chain keys).
-    - [ ] Store session states securely in SQLite (using `sqlcipher` or application-level encryption).
+    - [x] Implement **Double Ratchet** session management (root key, chain keys).
+    - [x] Store session states securely in SQLite (using `sqlcipher` or application-level encryption).
     - [ ] Header Encryption (hide routing metadata).
 - [ ] **Inbox Zero Logic**
     - [ ] **Semantic Actions:**

ratatoskr-core/Cargo.toml

@@ -9,7 +9,7 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 libp2p = { version = "0.53", features = ["tokio", "gossipsub", "mdns", "noise", "yamux", "tcp", "dns", "websocket", "macros", "kad"] }
 ed25519-dalek = "2.1"
-x25519-dalek = { version = "2.0", features = ["static_secrets"] }
+x25519-dalek = { version = "2.0", features = ["serde", "static_secrets"] }
 rand = "0.8"
 aes-gcm = "0.10"
 sha2 = "0.10"
@@ -18,6 +18,8 @@ thiserror = "1.0"
 log = "0.4"
 sqlx = { version = "0.7", features = ["runtime-tokio-rustls", "sqlite"] }
 bip39 = "2.2.2"
+hkdf = "0.12.4"
+hmac = "0.12.1"
 
 [dev-dependencies]
-tempfile = "3.10"
+tempfile = "3.10"

ratatoskr-core/migrations/20240123120000_add_sessions.sql

@@ -0,0 +1,5 @@
+CREATE TABLE IF NOT EXISTS sessions (
+    did TEXT PRIMARY KEY,
+    session_data BLOB NOT NULL,
+    updated_at INTEGER NOT NULL
+);

ratatoskr-core/migrations/20240123130000_add_prekeys.sql

@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS my_signed_prekeys (
+    id INTEGER PRIMARY KEY,
+    key_data BLOB NOT NULL, -- Serialized KeyPair or Secret
+    created_at INTEGER NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS my_onetime_prekeys (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    key_data BLOB NOT NULL,
+    published INTEGER DEFAULT 0 -- 0=No, 1=Yes
+);

ratatoskr-core/src/key_vault.rs

@@ -5,6 +5,7 @@ use rand::RngCore;
 use std::fs;
 use std::path::Path;
 use thiserror::Error;
+use x25519_dalek::StaticSecret;
 
 #[derive(Error, Debug)]
 pub enum VaultError {
@@ -17,7 +18,8 @@ pub enum VaultError {
 }
 
 pub struct KeyVault {
-    keypair: SigningKey,
+    pub signing_key: SigningKey,
+    pub dh_identity: StaticSecret,
 }
 
 impl KeyVault {
@@ -42,50 +44,77 @@ impl KeyVault {
         let mnemonic = Mnemonic::parse_in(Language::English, phrase)?;
         let seed = mnemonic.to_seed(""); // No password for seed
 
-        // We use the first 32 bytes of the seed as the Ed25519 secret key.
         // BIP-39 seeds are 64 bytes.
-        let mut secret_bytes = [0u8; 32];
-        secret_bytes.copy_from_slice(&seed[0..32]);
+        // First 32 bytes -> Ed25519 Signing Key
+        let mut signing_bytes = [0u8; 32];
+        signing_bytes.copy_from_slice(&seed[0..32]);
+        let signing_key = SigningKey::from_bytes(&signing_bytes);
+
+        // Second 32 bytes -> X25519 Identity Key
+        let mut dh_bytes = [0u8; 32];
+        dh_bytes.copy_from_slice(&seed[32..64]);
+        let dh_identity = StaticSecret::from(dh_bytes);
 
-        let signing_key = SigningKey::from_bytes(&secret_bytes);
         Ok(Self {
-            keypair: signing_key,
+            signing_key,
+            dh_identity,
         })
     }
 
     /// Legacy generation (random bytes, no mnemonic recovery possible unless saved)
     pub fn generate_random() -> Self {
-        let mut secret_bytes = [0u8; 32];
-        OsRng.fill_bytes(&mut secret_bytes);
-        let signing_key = SigningKey::from_bytes(&secret_bytes);
+        let mut signing_bytes = [0u8; 32];
+        OsRng.fill_bytes(&mut signing_bytes);
+        let signing_key = SigningKey::from_bytes(&signing_bytes);
+
+        let mut dh_bytes = [0u8; 32];
+        OsRng.fill_bytes(&mut dh_bytes);
+        let dh_identity = StaticSecret::from(dh_bytes);
+
         Self {
-            keypair: signing_key,
+            signing_key,
+            dh_identity,
         }
     }
 
     pub fn save_to_file<P: AsRef<Path>>(&self, path: P) -> Result<(), VaultError> {
-        let bytes = self.keypair.to_bytes();
+        // We save 64 bytes: 32 bytes Ed25519 + 32 bytes X25519
+        let mut bytes = Vec::with_capacity(64);
+        bytes.extend_from_slice(&self.signing_key.to_bytes());
+        bytes.extend_from_slice(&self.dh_identity.to_bytes());
         fs::write(path, bytes)?;
         Ok(())
     }
 
     pub fn load_from_file<P: AsRef<Path>>(path: P) -> Result<Self, VaultError> {
         let bytes = fs::read(path)?;
-        let secret_bytes: [u8; 32] = bytes
-            .try_into()
-            .map_err(|_| VaultError::Crypto("Invalid key length".into()))?;
+        if bytes.len() != 64 {
+            return Err(VaultError::Crypto(
+                "Invalid key file length. Expected 64 bytes.".into(),
+            ));
+        }
+
+        let signing_bytes: [u8; 32] = bytes[0..32].try_into().unwrap();
+        let dh_bytes: [u8; 32] = bytes[32..64].try_into().unwrap();
+
+        let signing_key = SigningKey::from_bytes(&signing_bytes);
+        let dh_identity = StaticSecret::from(dh_bytes);
 
-        let signing_key = SigningKey::from_bytes(&secret_bytes);
         Ok(Self {
-            keypair: signing_key,
+            signing_key,
+            dh_identity,
         })
     }
 
     pub fn public_key_hex(&self) -> String {
-        hex::encode(self.keypair.verifying_key().as_bytes())
+        hex::encode(self.signing_key.verifying_key().as_bytes())
+    }
+
+    pub fn dh_public_key_hex(&self) -> String {
+        hex::encode(x25519_dalek::PublicKey::from(&self.dh_identity).as_bytes())
     }
 
     pub fn signing_key(&self) -> &SigningKey {
-        &self.keypair
+        &self.signing_key
     }
 }

ratatoskr-core/src/lib.rs

@@ -1,9 +1,12 @@
 pub mod access_control;
 pub mod crypto;
 pub mod key_vault;
+pub mod messaging;
 pub mod models;
 pub mod network;
+pub mod ratchet;
 pub mod storage;
+pub mod x3dh;
 
 pub fn init() -> String {
     "Ratatoskr Core: Ready".to_string()

ratatoskr-core/src/messaging.rs

@@ -0,0 +1,156 @@
+use crate::key_vault::KeyVault;
+use crate::models::EncryptedMessage;
+use crate::storage::Storage;
+use crate::x3dh::{self, PreKeyBundle};
+use ed25519_dalek::VerifyingKey;
+use x25519_dalek::PublicKey;
+
+pub struct MessagingService<'a> {
+    storage: &'a Storage,
+    vault: &'a KeyVault,
+}
+
+impl<'a> MessagingService<'a> {
+    pub fn new(storage: &'a Storage, vault: &'a KeyVault) -> Self {
+        Self { storage, vault }
+    }
+
+    /// Encrypts a message for a recipient.
+    pub async fn encrypt_message(
+        &self,
+        recipient_did: &str,
+        recipient_ed25519_key: Option<&VerifyingKey>, // Required if new session
+        recipient_bundle: Option<&PreKeyBundle>,      // Required if new session
+        plaintext: &[u8],
+    ) -> Result<EncryptedMessage, String> {
+        // 1. Load Session
+        let session_opt = self
+            .storage
+            .load_session(recipient_did)
+            .await
+            .map_err(|e| e.to_string())?;
+
+        if let Some(mut session) = session_opt {
+            // Existing Session
+            let (header, ciphertext) = session.encrypt(plaintext).map_err(|e| e.to_string())?;
+
+            // Save Session
+            self.storage
+                .save_session(recipient_did, &session)
+                .await
+                .map_err(|e| e.to_string())?;
+
+            Ok(EncryptedMessage::Whisper { header, ciphertext })
+        } else {
+            // New Session - Needs Bundle
+            let bundle = recipient_bundle.ok_or("No session and no PreKeyBundle provided")?;
+            let recipient_vk =
+                recipient_ed25519_key.ok_or("No session and no Recipient Identity Key provided")?;
+
+            let result = x3dh::initialize_alice(
+                &self.vault.dh_identity,
+                PublicKey::from(&self.vault.dh_identity),
+                bundle,
+                recipient_vk,
+                plaintext,
+            )?;
+
+            // Save Session
+            self.storage
+                .save_session(recipient_did, &result.session)
+                .await
+                .map_err(|e| e.to_string())?;
+
+            Ok(EncryptedMessage::X3dhInit {
+                sender_identity_key: PublicKey::from(&self.vault.dh_identity),
+                ephemeral_key: result.ephemeral_key,
+                header: result.initial_header,
+                ciphertext: result.initial_ciphertext,
+                used_spk: bundle.signed_prekey, // Tell Bob which SPK we used
+                used_opk: result.used_opk,      // Tell Bob which OPK we used
+            })
+        }
+    }
+
+    /// Decrypts an incoming message
+    pub async fn decrypt_message(
+        &self,
+        sender_did: &str,
+        message: EncryptedMessage,
+    ) -> Result<Vec<u8>, String> {
+        match message {
+            EncryptedMessage::Whisper { header, ciphertext } => {
+                let mut session = self
+                    .storage
+                    .load_session(sender_did)
+                    .await
+                    .map_err(|e| e.to_string())?
+                    .ok_or("No session found for sender")?;
+
+                let plaintext = session.decrypt(&header, &ciphertext)?;
+
+                self.storage
+                    .save_session(sender_did, &session)
+                    .await
+                    .map_err(|e| e.to_string())?;
+                Ok(plaintext)
+            }
+            EncryptedMessage::X3dhInit {
+                sender_identity_key,
+                ephemeral_key,
+                header,
+                ciphertext,
+                used_spk,
+                used_opk,
+            } => {
+                // Bob receives init
+
+                // 1. Fetch Secrets
+                let spk_secret = self
+                    .storage
+                    .get_signed_prekey_secret(&used_spk)
+                    .await
+                    .map_err(|e| e.to_string())?
+                    .ok_or("Signed PreKey not found")?;
+
+                let mut opk_secret = None;
+                if let Some(opk_pub) = used_opk {
+                    let secret = self
+                        .storage
+                        .get_onetime_prekey_secret(&opk_pub)
+                        .await
+                        .map_err(|e| e.to_string())?
+                        .ok_or("One-time PreKey not found")?;
+                    opk_secret = Some(secret);
+                }
+
+                // 2. Initialize
+                let (session, plaintext) = x3dh::initialize_bob(
+                    &self.vault.dh_identity,
+                    &spk_secret,
+                    opk_secret.as_ref(),
+                    sender_identity_key,
+                    ephemeral_key,
+                    &header,
+                    &ciphertext,
+                )?;
+
+                // 3. Save Session
+                self.storage
+                    .save_session(sender_did, &session)
+                    .await
+                    .map_err(|e| e.to_string())?;
+
+                // 4. Delete consumed OPK
+                if let Some(opk_pub) = used_opk {
+                    self.storage
+                        .delete_onetime_prekey(&opk_pub)
+                        .await
+                        .map_err(|e| e.to_string())?;
+                }
+
+                Ok(plaintext)
+            }
+        }
+    }
+}

ratatoskr-core/src/models.rs

@@ -1,4 +1,5 @@
 use serde::{Deserialize, Serialize};
+use x25519_dalek::PublicKey;
 
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub enum SosType {
@@ -55,7 +56,7 @@ pub struct ChatMessage {
     pub recipient_did: String,
     pub msg_type: MessageType,
     pub status: MessageStatus,
-    pub content: Vec<u8>, // Encrypted blob
+    pub content: Vec<u8>, // Encrypted blob or Plaintext (depends on context, usually Plaintext in DB)
     pub timestamp: u64,
     pub ttl: Option<u64>,            // Optional expiry timestamp
     pub schema_id: String,           // For protocol extensibility
@@ -68,3 +69,31 @@ pub struct Message {
     pub content: String,
     pub timestamp: u64,
 }
+
+// --- Protocol Models ---
+
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct RatchetHeader {
+    pub dh_pub: PublicKey,
+    pub n: u32,  // Number of the message in the sending chain
+    pub pn: u32, // Number of the previous sending chain
+}
+
+#[derive(Serialize, Deserialize, Debug)]
+pub enum EncryptedMessage {
+    /// Initial X3DH handshake message + first payload
+    X3dhInit {
+        sender_identity_key: PublicKey, // IK_A
+        ephemeral_key: PublicKey,       // EK_A
+        header: RatchetHeader,
+        ciphertext: Vec<u8>,         // Initial message
+        used_spk: PublicKey,         // The SPK used (so Bob knows which secret to pick)
+        used_opk: Option<PublicKey>, // The OPK used (if any)
+    },
+
+    /// Subsequent Double Ratchet message
+    Whisper {
+        header: RatchetHeader,
+        ciphertext: Vec<u8>,
+    },
+}