key::start_pake(): fix the argument order, closing a security bug

See https://github.com/warner/magic-wormhole.rs/issues/32 for details. This would have enabled a cheap online man-in-the-middle attack. The buggy version would interoperate silently with itself (although it wouldn't have spoken to the Python version, so we probably would have caught it pretty quickly).
magic-wormhole · May 27, 2018 · 3bde52c · 3bde52c
1 parent fb595ac
commit 3bde52c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/core/src/key.rs b/core/src/key.rs
@@ -118,7 +118,7 @@ impl KeyMachine {
     }
 }
 
-fn start_pake(appid: &str, code: &str) -> (SPAKE2<Ed25519Group>, Vec<u8>) {
+fn start_pake(code: &Code, appid: &str) -> (SPAKE2<Ed25519Group>, Vec<u8>) {
     let (pake_state, msg1) = SPAKE2::<Ed25519Group>::start_symmetric(
         code.as_bytes(),
         appid.as_bytes(),