commit 3d4a65d3eab9af4ddde2721e377402a4c60c4469
parent a101e9b37474e82102637b09de03c5d602201983
Author: Bart Polot <bart@net.in.tum.de>
Date: Fri, 2 Oct 2015 03:37:53 +0000
Don't reset axolotl state on receipt of a pseudo-duplicate AX key exchange.
Pseudo duplicate means same handshake key but different ratchet key. This
can happen if Alice's first KX message is lost, she receives Bob's KX and
send a payload message herself, advancing her ratchet. If Bob doesn't send
a payload message fast enough, or it gets lost, Alice will retransmit her
KX message, this time with a different ratchet key. If Bob only checks the
ratchet key (the handshake keys are discarded) it could reset the Axolotl
status and re-use keys for messages that got lost/delayed.
Diffstat:
1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c
@@ -3019,6 +3019,11 @@ handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg)
salt, sizeof (salt),
&key_material, sizeof (key_material), NULL);
+ if (0 == memcmp (&ax->RK, &keys[0], sizeof(ax->RK)))
+ {
+ LOG (GNUNET_ERROR_TYPE_INFO, " known handshake key, exit\n");
+ return;
+ }
ax->RK = keys[0];
if (GNUNET_YES == am_I_alice)
{
