Commit d8b81205 authored by Reinaldo de Souza Jr's avatar Reinaldo de Souza Jr
Browse files

Fix one issue

The issue is: Alice starts a new ratchet after we send a P1 but before
she receives it. She only know our previos key, and that's what we
should use to follow this ratchet and be able to decrypt the message.

Now test pass!
parent b1a7301f
......@@ -2,6 +2,7 @@ package main
import (
"bytes"
"crypto/sha512"
"fmt"
"golang.org/x/crypto/sha3"
......@@ -195,7 +196,18 @@ func (e *Entity) receiveData(m Msg) {
e.rid = m.rid
e.their_dh = m.dh
secret := c.ComputeSecret(e.our_dh_priv, e.their_dh)
var secret [sha512.Size]byte
if e.AuthState == AUTHSTATE_AWAITING_DRE_AUTH {
// We have sent a P1 but Alice started a NEW ratchet before receiving it.
// We must use our_prev_dh_priv (from before P1) and their_dh (from the msg).
// Once we receive P2, we should use their_dh from P2 and our_dh from P1.
fmt.Println(" - We are waiting P2")
secret = c.ComputeSecret(e.our_prev_dh_priv, e.their_dh)
} else {
secret = c.ComputeSecret(e.our_dh_priv, e.their_dh)
}
e.derive(secret[:])
e.j = 0 // need to ratchet next time when send
} else if e.k > m.mid {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment