|
|
@ -11,6 +11,9 @@ generation of the SAS string by including it in the info parameter of the HKDF.
|
|
|
|
Thus if an attacker sends them different public keys, the info parameters will
|
|
|
|
Thus if an attacker sends them different public keys, the info parameters will
|
|
|
|
be different, and so the key generated by the HKDF will be different.
|
|
|
|
be different, and so the key generated by the HKDF will be different.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Thanks to [David Wong](https://twitter.com/cryptodavidw) for identifying the
|
|
|
|
|
|
|
|
issue, disclosing responsibly, and for helping to design the fix.
|
|
|
|
|
|
|
|
|
|
|
|
## Proposal
|
|
|
|
## Proposal
|
|
|
|
|
|
|
|
|
|
|
|
A new `key_agreement_protocol`, `curve25519-hkdf-sha256` is introduced, and
|
|
|
|
A new `key_agreement_protocol`, `curve25519-hkdf-sha256` is introduced, and
|
|
|
|