diff options
-rw-r--r-- | src/Network/WireGuard/Core.hs | 8 | ||||
-rw-r--r-- | src/Network/WireGuard/Internal/Noise.hs | 6 | ||||
-rw-r--r-- | stack.yaml | 7 |
3 files changed, 7 insertions, 14 deletions
diff --git a/src/Network/WireGuard/Core.hs b/src/Network/WireGuard/Core.hs index f36b3c9..e37554b 100644 --- a/src/Network/WireGuard/Core.hs +++ b/src/Network/WireGuard/Core.hs @@ -14,8 +14,7 @@ import Control.Monad.STM (atomically) import Control.Monad.Trans.Except (ExceptT, runExceptT, throwE) import Crypto.Noise (HandshakeRole (..)) -import Crypto.Noise.DH (dhGenKey, dhPubEq, - dhPubToBytes) +import Crypto.Noise.DH (dhGenKey, dhPubToBytes) import qualified Data.ByteArray as BA import qualified Data.ByteString as BS import qualified Data.HashMap.Strict as HM @@ -165,8 +164,8 @@ processPacket device@Device{..} _key _psk sock HandshakeResponse{..} = do let state1 = initNoise iwait outcome = recvSecondMessage state1 encryptedPayload case outcome of - Left err -> throwE (NoiseError err) - Right (decryptedPayload, rpub, sks) -> do + Left err -> throwE (NoiseError err) + Right (decryptedPayload, sks) -> do now <- liftIO epochTime newCounter <- liftIO $ atomically $ newTVar 0 let newsession = Session receiverIndex senderIndex sks @@ -175,7 +174,6 @@ processPacket device@Device{..} _key _psk sock HandshakeResponse{..} = do newCounter when (BA.length decryptedPayload /= 0) $ throwE $ InvalidWGPacketError "empty payload expected" - unless (rpub `dhPubEq` remotePub peer) $ throwE RemotePeerNotFoundError succeeded <- liftIO $ atomically $ do erased <- eraseInitiatorWait device peer (Just receiverIndex) when erased $ do diff --git a/src/Network/WireGuard/Internal/Noise.hs b/src/Network/WireGuard/Internal/Noise.hs index b529d25..842e002 100644 --- a/src/Network/WireGuard/Internal/Noise.hs +++ b/src/Network/WireGuard/Internal/Noise.hs @@ -59,13 +59,11 @@ recvFirstMessageAndReply state0 ciphertext1 plaintext2 = do Just rpub -> return (ciphertext2, plaintext1, rpub, extractSessionKey state2) recvSecondMessage :: NoiseStateWG -> ByteString - -> Either SomeException (ScrubbedBytes, PublicKey, SessionKey) + -> Either SomeException (ScrubbedBytes, SessionKey) recvSecondMessage state1 ciphertext2 = do (plaintext2, state2) <- readMessage state1 ciphertext2 unless (handshakeComplete state2) internalError - case remoteStaticKey state2 of - Nothing -> internalError - Just rpub -> return (plaintext2, rpub, extractSessionKey state2) + return (plaintext2, extractSessionKey state2) encryptMessage :: SessionKey -> Counter -> ScrubbedBytes -> (EncryptedPayload, AuthTag) encryptMessage key counter plaintext = (ciphertext, convert authtag) @@ -1,10 +1,7 @@ resolver: lts-8.4 packages: - '.' -- location: - git: git://github.com/centromere/cacophony.git - commit: b7a8cff36d8966b0e274cdb4a338ef581be0d737 - extra-dep: true -extra-deps: [] +extra-deps: +- cacophony-0.9.2 flags: {} extra-package-dbs: [] |