Use dhPubEq for publickey equality check

Dependency on the fixed cacophony commit was accidentally removed.
author: Bin Jin <bjin@ctrl-d.org> 2017-03-13 17:41:54 +0800
committer: Bin Jin <bjin@ctrl-d.org> 2017-03-13 17:44:18 +0800
commit: 041bdf8c84d141ec81fdb363e0a20f56721e31c4 (patch)
tree: abbbbe3c01321c654a8e7fd1558f936317fe5b4a
parent: README: more details with stack, minor changes (diff)
download: wireguard-hs-041bdf8c84d141ec81fdb363e0a20f56721e31c4.tar.xz
wireguard-hs-041bdf8c84d141ec81fdb363e0a20f56721e31c4.zip
2 files changed, 11 insertions, 7 deletions
diff --git a/src/Network/WireGuard/Core.hs b/src/Network/WireGuard/Core.hs
index e37554b..beb4e36 100644
--- a/src/Network/WireGuard/Core.hs
+++ b/src/Network/WireGuard/Core.hs
@@ -14,7 +14,8 @@ import           Control.Monad.STM                      (atomically)
 import           Control.Monad.Trans.Except             (ExceptT, runExceptT,
                                                          throwE)
 import           Crypto.Noise                           (HandshakeRole (..))
-import           Crypto.Noise.DH                        (dhGenKey, dhPubToBytes)
+import           Crypto.Noise.DH                        (dhGenKey, dhPubEq,
+                                                         dhPubToBytes)
 import qualified Data.ByteArray                         as BA
 import qualified Data.ByteString                        as BS
 import qualified Data.HashMap.Strict                    as HM
@@ -216,11 +217,11 @@ processPacket device@Device{..} _key _psk sock PacketData{..} = do
                     IPv4Packet src4 _ -> do
                         peer' <- assertJust SourceAddrBlockedError $
                             RT.lookup (makeAddrRange src4 32) <$> liftIO (readTVarIO routeTable4)
-                        when (remotePub peer /= remotePub peer') $ throwE SourceAddrBlockedError
+                        unless (remotePub peer `dhPubEq` remotePub peer') $ throwE SourceAddrBlockedError
                     IPv6Packet src6 _ -> do
                         peer' <- assertJust SourceAddrBlockedError $
                             RT.lookup (makeAddrRange src6 128) <$> liftIO (readTVarIO routeTable6)
-                        when (remotePub peer /= remotePub peer') $ throwE SourceAddrBlockedError
+                        unless (remotePub peer `dhPubEq` remotePub peer') $ throwE SourceAddrBlockedError
                 liftIO $ atomically $ writeTVar (lastReceiveTime peer) now
                 liftIO $ atomically $ modifyTVar' (receivedBytes peer) (+fromIntegral (BA.length decryptedPayload))
               else do
@@ -281,8 +282,8 @@ checkAndTryInitiateHandshake device key psk chan peer@Peer{..} endp now = do
         ma <- readTVar tvar
         case ma of
             Just a  | now > getStopTime a -> erase >> return False
-            Just _                        -> return True
-            Nothing                       -> return False
+            Just _  -> return True
+            Nothing -> return False
 
 
 tryInitiateHandshakeIfEmpty :: Device -> KeyPair -> Maybe PresharedKey
diff --git a/stack.yaml b/stack.yaml
index 5dd7ef2..aa8f4c0 100644
--- a/stack.yaml
+++ b/stack.yaml
@@ -1,7 +1,10 @@
 resolver: lts-8.4
 packages:
 - '.'
-extra-deps:
-- cacophony-0.9.2
+- location:
+    git: git://github.com/centromere/cacophony.git
+    commit: b7a8cff36d8966b0e274cdb4a338ef581be0d737
+  extra-dep: true
+extra-deps: []
 flags: {}
 extra-package-dbs: []
author	Bin Jin <bjin@ctrl-d.org>	2017-03-13 17:41:54 +0800
committer	Bin Jin <bjin@ctrl-d.org>	2017-03-13 17:44:18 +0800
commit	041bdf8c84d141ec81fdb363e0a20f56721e31c4 (patch)
tree	abbbbe3c01321c654a8e7fd1558f936317fe5b4a
parent	README: more details with stack, minor changes (diff)
download	wireguard-hs-041bdf8c84d141ec81fdb363e0a20f56721e31c4.tar.xz wireguard-hs-041bdf8c84d141ec81fdb363e0a20f56721e31c4.zip