void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-07 13:03:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

added missing ratcheting enforcement

Browse source
This commit is contained in:
monica 2023-01-03 11:19:32 -05:00
parent b47ef35321
commit 40ef370204
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
zssp/src/zssp.rs
View file

@ -1162,10 +1162,16 @@ impl<Application: ApplicationLayer> ReceiveContext<Application> {
let mut session_key = noise_ik_complete;
// Mix ratchet key from previous session key (if any) and Kyber1024 hybrid shared key (if any).
// We either have a session, in which case they should have supplied a ratchet key fingerprint, or
// we don't and they should not have supplied one.
if let Some(cur_session_key) = state.session_keys[key_id as usize].as_ref() {
if bob_ratchet_key_id.is_some() {
session_key = Secret(hmac_sha512(cur_session_key.ratchet_key.as_bytes(), session_key.as_bytes()));
} else {
return Err(Error::FailedAuthentication);
}
} else if bob_ratchet_key_id.is_some() {
return Err(Error::FailedAuthentication);
}
if let Some(hybrid_kk) = hybrid_kk.as_ref() {
session_key = Secret(hmac_sha512(hybrid_kk.as_bytes(), session_key.as_bytes()));