Stop handshake when key is identity

1 files changed, 6 insertions, 0 deletions

diff --git a/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c b/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
index 6d7e652..9d7eaa7 100644
--- a/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
+++ b/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
@@ -336,6 +336,9 @@ static void respond_handshake(fastd_context *ctx, fastd_peer *peer) {
 	ecc_25519_add(&work, &workX, &work);
 	ecc_25519_scalarmult(&work, &s, &work);
 
+	if (ecc_25519_is_identity(&work))
+		return;
+
 	ecc_25519_store(&peer->protocol_state->accepting_handshake->sigma, &work);
 
 	memcpy(hashinput+4*PUBLICKEYBYTES, peer->protocol_state->accepting_handshake->sigma.p, PUBLICKEYBYTES);
@@ -419,6 +422,9 @@ static void finish_handshake(fastd_context *ctx, fastd_peer *peer, uint8_t t[HMA
 	ecc_25519_add(&work, &workY, &work);
 	ecc_25519_scalarmult(&work, &s, &work);
 
+	if (ecc_25519_is_identity(&work))
+		return;
+
 	ecc_25519_store(&peer->protocol_state->initiating_handshake->sigma, &work);
 
 	memcpy(hashinput+4*PUBLICKEYBYTES, peer->protocol_state->initiating_handshake->sigma.p, PUBLICKEYBYTES);