From ac6ec2b537eac12f93057ae1a4e9e2bbce62bd49 Mon Sep 17 00:00:00 2001
From: Rhys Weatherley <rhys.weatherley@gmail.com>
Date: Sun, 3 Jul 2016 09:09:31 +1000
Subject: [PATCH] Spec rev30: Call MixKey() on ephemeral pre-messages when PSK
 active

---
 .../noise/protocol/HandshakeState.java           | 10 ++++++++--
 .../noise/protocol/SymmetricState.java           | 16 ++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/NoiseJava/src/com/southernstorm/noise/protocol/HandshakeState.java b/NoiseJava/src/com/southernstorm/noise/protocol/HandshakeState.java
index 81089f8..3a58781 100644
--- a/NoiseJava/src/com/southernstorm/noise/protocol/HandshakeState.java
+++ b/NoiseJava/src/com/southernstorm/noise/protocol/HandshakeState.java
@@ -458,15 +458,21 @@ public class HandshakeState implements Destroyable {
 		if (isInitiator) {
 			if ((requirements & LOCAL_PREMSG) != 0)
 				symmetric.mixPublicKey(localKeyPair);
-			if ((requirements & FALLBACK_PREMSG) != 0)
+			if ((requirements & FALLBACK_PREMSG) != 0) {
 				symmetric.mixPublicKey(remoteEphemeral);
+				if (preSharedKey != null)
+					symmetric.mixPublicKeyIntoCK(remoteEphemeral);
+			}
 			if ((requirements & REMOTE_PREMSG) != 0)
 				symmetric.mixPublicKey(remotePublicKey);
 		} else {
 			if ((requirements & REMOTE_PREMSG) != 0)
 				symmetric.mixPublicKey(remotePublicKey);
-			if ((requirements & FALLBACK_PREMSG) != 0)
+			if ((requirements & FALLBACK_PREMSG) != 0) {
 				symmetric.mixPublicKey(localEphemeral);
+				if (preSharedKey != null)
+					symmetric.mixPublicKeyIntoCK(localEphemeral);
+			}
 			if ((requirements & LOCAL_PREMSG) != 0)
 				symmetric.mixPublicKey(localKeyPair);
 		}
diff --git a/NoiseJava/src/com/southernstorm/noise/protocol/SymmetricState.java b/NoiseJava/src/com/southernstorm/noise/protocol/SymmetricState.java
index 2212548..ae54fd3 100644
--- a/NoiseJava/src/com/southernstorm/noise/protocol/SymmetricState.java
+++ b/NoiseJava/src/com/southernstorm/noise/protocol/SymmetricState.java
@@ -165,6 +165,22 @@ class SymmetricState implements Destroyable {
 		}
 	}
 
+	/**
+	 * Mixes a pre-supplied public key into the chaining key.
+	 * 
+	 * @param dh The object containing the public key.
+	 */
+	public void mixPublicKeyIntoCK(DHState dh)
+	{
+		byte[] temp = new byte [dh.getPublicKeyLength()];
+		try {
+			dh.getPublicKey(temp, 0);
+			mixKey(temp, 0, temp.length);
+		} finally {
+			Noise.destroy(temp);
+		}
+	}
+
 	/**
 	 * Encrypts a block of plaintext and mixes the ciphertext into the handshake hash.
 	 *