Don't reset axolotl state on receipt of a pseudo-duplicate AX key exchange.

Pseudo duplicate means same handshake key but different ratchet key. This
can happen if Alice's first KX message is lost, she receives Bob's KX and
send a payload message herself, advancing her ratchet. If Bob doesn't send
a payload message fast enough, or it gets lost, Alice will retransmit her
KX message, this time with a different ratchet key. If Bob only checks the
ratchet key (the handshake keys are discarded) it could reset the Axolotl
status and re-use keys for messages that got lost/delayed.

1 files changed, 5 insertions, 0 deletions

diff --git a/src/cadet/gnunet-service-cadet_tunnel.c b/src/cadet/gnunet-service-cadet_tunnel.c
index 67f770246..8986113e1 100644
--- a/src/cadet/gnunet-service-cadet_tunnel.c
+++ b/src/cadet/gnunet-service-cadet_tunnel.c
@@ -3019,6 +3019,11 @@ handle_kx_ax (struct CadetTunnel *t, const struct GNUNET_CADET_AX_KX *msg)
                      salt, sizeof (salt),
                      &key_material, sizeof (key_material), NULL);
 
+  if (0 == memcmp (&ax->RK, &keys[0], sizeof(ax->RK)))
+  {
+    LOG (GNUNET_ERROR_TYPE_INFO, " known handshake key, exit\n");
+    return;
+  }
   ax->RK = keys[0];
   if (GNUNET_YES == am_I_alice)
   {