chiark / gitweb /
keyexch, keymgmt: Include the peer's public key in the check hash.
This turns out to be necessary for security: otherwise an adversary can
cross over two sessions, which is probably undesirable. This also
requires that we know our own public key, which was previously
unnecessary.
Except for session-ids (we don't care if two `sessions' with the same
peer get crossed over, because we don't distinguish them anyway), the
protocol now matches the one described and proved secure in the crypto
paper.