mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-04 21:57:44 +03:00
Code Issues Projects Releases Packages Wiki Activity

Make key exchange behaviors consistent

Browse source
This commit is contained in:
Frank Denis 2020-09-21 02:13:57 +02:00
parent e54056bc38
commit 8b72e58656
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
dnscrypt-proxy/crypto.go
View file

@ -50,10 +50,20 @@ func ComputeSharedKey(cryptoConstruction CryptoConstruction, secretKey *[32]byte
var err error var err error
sharedKey, err = xsecretbox.SharedKey(*secretKey, *serverPk) sharedKey, err = xsecretbox.SharedKey(*secretKey, *serverPk)
if err != nil { if err != nil {
dlog.Criticalf("[%v] Weak public key", providerName) dlog.Criticalf("[%v] Weak XChaCha20 public key", providerName)
} }
} else { } else {
box.Precompute(&sharedKey, serverPk, secretKey) box.Precompute(&sharedKey, serverPk, secretKey)
c := byte(0)
for i := 0; i < 32; i++ {
c |= sharedKey[i]
}
if c == 0 {
dlog.Criticalf("[%v] Weak XSalsa20 public key", providerName)
if _, err := crypto_rand.Read(sharedKey[:]); err != nil {
dlog.Fatal(err)
}
}
} }
return return
} }