Clatter PSK Validity Rule Violation Vulnerability in Post-Quantum Handshake Patterns

A protocol compliance vulnerability has been identified in Clatter, a Rust library implementing the Noise protocol framework with post-quantum support. Versions prior to 2.2.0 allow post-quantum handshake patterns that violate the PSK validity rule, as outlined in Section 9.3 of the Noise Protocol Framework. This violation could enable PSK-derived keys to be used for encryption without proper randomization from self-chosen ephemeral randomness, thereby weakening security guarantees and potentially leading to catastrophic key reuse. The affected default patterns include 'noise_pqkk_psk0', 'noise_pqkn_psk0', 'noise_pqnk_psk0', 'noise_pqnn_psk0', and some hybrid variants. Users of these patterns may have been employing handshakes that do not align with the intended security properties.

Impact

The vulnerability could allow for improper use of PSK-derived keys in encryption, leading to weakened security and potential key reuse issues.

Reproduction

To reproduce this vulnerability, use Clatter versions prior to 2.2.0 and select one of the affected post-quantum handshake patterns that includes 'psk0'.

Remediation

Upgrade to Clatter version 2.2.0 or later, which includes the necessary runtime checks to enforce PSK validity. If the library has been customized, review any custom handshake patterns for compliance with the PSK validity rule.