| 510 | } |
| 511 | |
| 512 | func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer { |
| 513 | if msg.Type != MessageResponseType { |
| 514 | return nil |
| 515 | } |
| 516 | |
| 517 | // lookup handshake by receiver |
| 518 | |
| 519 | lookup := device.indexTable.Lookup(msg.Receiver) |
| 520 | handshake := lookup.handshake |
| 521 | if handshake == nil { |
| 522 | return nil |
| 523 | } |
| 524 | |
| 525 | var ( |
| 526 | hash [blake2s.Size]byte |
| 527 | chainKey [blake2s.Size]byte |
| 528 | ) |
| 529 | |
| 530 | ok := func() bool { |
| 531 | // lock handshake state |
| 532 | |
| 533 | handshake.mutex.RLock() |
| 534 | defer handshake.mutex.RUnlock() |
| 535 | |
| 536 | if handshake.state != handshakeInitiationCreated { |
| 537 | return false |
| 538 | } |
| 539 | |
| 540 | // lock private key for reading |
| 541 | |
| 542 | device.staticIdentity.RLock() |
| 543 | defer device.staticIdentity.RUnlock() |
| 544 | |
| 545 | // finish 3-way DH |
| 546 | |
| 547 | mixHash(&hash, &handshake.hash, msg.Ephemeral[:]) |
| 548 | mixKey(&chainKey, &handshake.chainKey, msg.Ephemeral[:]) |
| 549 | |
| 550 | ss, err := handshake.localEphemeral.sharedSecret(msg.Ephemeral) |
| 551 | if err != nil { |
| 552 | return false |
| 553 | } |
| 554 | mixKey(&chainKey, &chainKey, ss[:]) |
| 555 | setZero(ss[:]) |
| 556 | |
| 557 | ss, err = device.staticIdentity.privateKey.sharedSecret(msg.Ephemeral) |
| 558 | if err != nil { |
| 559 | return false |
| 560 | } |
| 561 | mixKey(&chainKey, &chainKey, ss[:]) |
| 562 | setZero(ss[:]) |
| 563 | |
| 564 | // add preshared key (psk) |
| 565 | |
| 566 | var tau [blake2s.Size]byte |
| 567 | var key [chacha20poly1305.KeySize]byte |
| 568 | KDF3( |
| 569 | &chainKey, |