aboutsummaryrefslogtreecommitdiffstats
path: root/src/Network/WireGuard
diff options
context:
space:
mode:
authorBin Jin <bjin@ctrl-d.org>2017-03-13 00:38:47 +0800
committerBin Jin <bjin@ctrl-d.org>2017-03-13 00:38:47 +0800
commit6a50ba8572d4fdb760c28dafd0ab652fab9c01fd (patch)
tree6daa5341f90b2ca9e15060be11f0333af2f9d58e /src/Network/WireGuard
parentAdd README.md (diff)
downloadwireguard-hs-6a50ba8572d4fdb760c28dafd0ab652fab9c01fd.tar.xz
wireguard-hs-6a50ba8572d4fdb760c28dafd0ab652fab9c01fd.zip
Remove unnecessary publickey check
Diffstat (limited to 'src/Network/WireGuard')
-rw-r--r--src/Network/WireGuard/Core.hs8
-rw-r--r--src/Network/WireGuard/Internal/Noise.hs6
2 files changed, 5 insertions, 9 deletions
diff --git a/src/Network/WireGuard/Core.hs b/src/Network/WireGuard/Core.hs
index f36b3c9..e37554b 100644
--- a/src/Network/WireGuard/Core.hs
+++ b/src/Network/WireGuard/Core.hs
@@ -14,8 +14,7 @@ import Control.Monad.STM (atomically)
import Control.Monad.Trans.Except (ExceptT, runExceptT,
throwE)
import Crypto.Noise (HandshakeRole (..))
-import Crypto.Noise.DH (dhGenKey, dhPubEq,
- dhPubToBytes)
+import Crypto.Noise.DH (dhGenKey, dhPubToBytes)
import qualified Data.ByteArray as BA
import qualified Data.ByteString as BS
import qualified Data.HashMap.Strict as HM
@@ -165,8 +164,8 @@ processPacket device@Device{..} _key _psk sock HandshakeResponse{..} = do
let state1 = initNoise iwait
outcome = recvSecondMessage state1 encryptedPayload
case outcome of
- Left err -> throwE (NoiseError err)
- Right (decryptedPayload, rpub, sks) -> do
+ Left err -> throwE (NoiseError err)
+ Right (decryptedPayload, sks) -> do
now <- liftIO epochTime
newCounter <- liftIO $ atomically $ newTVar 0
let newsession = Session receiverIndex senderIndex sks
@@ -175,7 +174,6 @@ processPacket device@Device{..} _key _psk sock HandshakeResponse{..} = do
newCounter
when (BA.length decryptedPayload /= 0) $
throwE $ InvalidWGPacketError "empty payload expected"
- unless (rpub `dhPubEq` remotePub peer) $ throwE RemotePeerNotFoundError
succeeded <- liftIO $ atomically $ do
erased <- eraseInitiatorWait device peer (Just receiverIndex)
when erased $ do
diff --git a/src/Network/WireGuard/Internal/Noise.hs b/src/Network/WireGuard/Internal/Noise.hs
index b529d25..842e002 100644
--- a/src/Network/WireGuard/Internal/Noise.hs
+++ b/src/Network/WireGuard/Internal/Noise.hs
@@ -59,13 +59,11 @@ recvFirstMessageAndReply state0 ciphertext1 plaintext2 = do
Just rpub -> return (ciphertext2, plaintext1, rpub, extractSessionKey state2)
recvSecondMessage :: NoiseStateWG -> ByteString
- -> Either SomeException (ScrubbedBytes, PublicKey, SessionKey)
+ -> Either SomeException (ScrubbedBytes, SessionKey)
recvSecondMessage state1 ciphertext2 = do
(plaintext2, state2) <- readMessage state1 ciphertext2
unless (handshakeComplete state2) internalError
- case remoteStaticKey state2 of
- Nothing -> internalError
- Just rpub -> return (plaintext2, rpub, extractSessionKey state2)
+ return (plaintext2, extractSessionKey state2)
encryptMessage :: SessionKey -> Counter -> ScrubbedBytes -> (EncryptedPayload, AuthTag)
encryptMessage key counter plaintext = (ciphertext, convert authtag)