Spec rev30: Call MixKey() on ephemeral pre-messages when PSK active

2016-07-03 09:09:31 +10:00 · 2016-07-03 09:09:31 +10:00 · ac6ec2b537
commit ac6ec2b537
parent 881da5a644
2 changed files with 24 additions and 2 deletions
--- a/NoiseJava/src/com/southernstorm/noise/protocol/HandshakeState.java
+++ b/NoiseJava/src/com/southernstorm/noise/protocol/HandshakeState.java
@ -458,15 +458,21 @@ public class HandshakeState implements Destroyable {
 		if (isInitiator) {
 			if ((requirements & LOCAL_PREMSG) != 0)
 				symmetric.mixPublicKey(localKeyPair);
-			if ((requirements & FALLBACK_PREMSG) != 0)
+			if ((requirements & FALLBACK_PREMSG) != 0) {
 				symmetric.mixPublicKey(remoteEphemeral);
+				if (preSharedKey != null)
+					symmetric.mixPublicKeyIntoCK(remoteEphemeral);
+			}
 			if ((requirements & REMOTE_PREMSG) != 0)
 				symmetric.mixPublicKey(remotePublicKey);
 		} else {
 			if ((requirements & REMOTE_PREMSG) != 0)
 				symmetric.mixPublicKey(remotePublicKey);
-			if ((requirements & FALLBACK_PREMSG) != 0)
+			if ((requirements & FALLBACK_PREMSG) != 0) {
 				symmetric.mixPublicKey(localEphemeral);
+				if (preSharedKey != null)
+					symmetric.mixPublicKeyIntoCK(localEphemeral);
+			}
 			if ((requirements & LOCAL_PREMSG) != 0)
 				symmetric.mixPublicKey(localKeyPair);
 		}
--- a/NoiseJava/src/com/southernstorm/noise/protocol/SymmetricState.java
+++ b/NoiseJava/src/com/southernstorm/noise/protocol/SymmetricState.java
@ -165,6 +165,22 @@ class SymmetricState implements Destroyable {
 		}
 	}

+	/**
+	 * Mixes a pre-supplied public key into the chaining key.
+	 * 
+	 * @param dh The object containing the public key.
+	 */
+	public void mixPublicKeyIntoCK(DHState dh)
+	{
+		byte[] temp = new byte [dh.getPublicKeyLength()];
+		try {
+			dh.getPublicKey(temp, 0);
+			mixKey(temp, 0, temp.length);
+		} finally {
+			Noise.destroy(temp);
+		}
+	}
+
 	/**
 	 * Encrypts a block of plaintext and mixes the ciphertext into the handshake hash.
 	 *