document a few constants

[cosmicexplorer]

Broken out from #287.

1. Add documentation to several constants.
2. Put those constants in a limits submodule (this part can be reverted if desired).

[cosmicexplorer]

I'm aware that constants like these are supposed to be implementation details, but I like the idea of bringing these out into the open because some of them have implications on security (e.g. MAX_FORWARD_JUMPS can be mapped directly to a specific line in the public specification for the double ratchet encryption process). A future change might be to make these constants into default values and allow consumers to override those by providing an additional parameter to the methods in {group_cipher,session_cipher,session,sender_keys}.rs that currently consume these constants.

[jrose-signal]

If they're all limits then maybe consts should just change to limits.

[cosmicexplorer]

Great idea! Done!

[jrose-signal]

This isn't really about how many messages you can decrypt at once; it's about how many messages you can not receive and still decrypt further messages on an existing chain. Hard to explain, though!

[cosmicexplorer]

I have spent some time to distill what it actually does, which ended up taking a couple paragraphs. Please let me know if I should move that documentation elsewhere.

[cosmicexplorer]

(this is now in limits.rs)

[jrose-signal]

Similarly, this one is about when you do encounter such a jump, how many past keys will the session retain in case you receive some of those missing messages (due to some kind of out-of-order delivery, I guess).

[cosmicexplorer]

I have spent a little time to rewrite this, referring to the documentation for MAX_FORWARD_JUMPS I rewrote above.

[cosmicexplorer]

(this is now in limits.rs)

[jrose-signal]

This is just about past chains within the Double Ratchet protocol, again to handle out-of-order delivery.

[cosmicexplorer]

I rewrote this to clarify that this only occurs for double ratchet chains.

[cosmicexplorer]

(this is now in limits.rs)

[cosmicexplorer]

So I spent some time to understand what each of these limits actually represents, and I think the more involved explanations I have now are useful, in particular the description of what each limit actually bounds and why that matters (avoiding denial-of-service attacks, for one). I'm going to spend some more time understanding what an archived session state is.

While these descriptions are quite useful for me to understand what the library is doing (as implementation notes for some parts which aren't fully defined in the Double Ratchet spec), they may be too verbose for this file, so one possibility might be to move this more involved documentation to {session,group}_cipher.rs and just leave the pared-down explanation of what each limit actually bounds in these module docs.

If that arrangement seems useful, then we might also consider making limits a pub mod in order to expose these docs? Not sure right now. Going to figure out how session archiving works first before thinking about where to put these docs.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue has been closed due to inactivity.