Retrieve long term static key for Conn

noise/conn.go

@@ -239,12 +239,13 @@ func (c *Conn) Handshake() error {
 	var remoteKeyPair *KeyPair
 	if c.config.RemoteKey != nil {
 		if len(c.config.RemoteKey) != 32 {
-			return errors.New("Noise: the provided remote key is not 32-byte.")
+			return errors.New("noise: the provided remote key is not 32-byte")
 		}
 		remoteKeyPair = &KeyPair{}
 		copy(remoteKeyPair.PublicKey[:], c.config.RemoteKey)
 	}
-	hs := initialize(c.config.HandshakePattern, c.isClient, c.config.Prologue, c.config.KeyPair, nil, remoteKeyPair, nil)
+	c.hs = initialize(c.config.HandshakePattern, c.isClient, c.config.Prologue, c.config.KeyPair, nil, remoteKeyPair, nil)
+	hs := &c.hs
 
 	// pre-shared key
 	hs.psk = c.config.PreSharedKey
@@ -340,7 +341,6 @@ ContinueHandshake:
 	// TODO: preserve c.hs.symmetricState.h
 	// At that point the HandshakeState should be deleted except for the hash value h, which may be used for post-handshake channel binding (see Section 11.2).
 	c.hs.clear()
-
 	// no errors :)
 	c.handshakeComplete = true
 	return nil
@@ -351,6 +351,15 @@ func (c *Conn) IsRemoteAuthenticated() bool {
 	return c.isRemoteAuthenticated
 }
 
+// StaticKey returns the static key of the remote peer. It is useful in case the
+// static key is only transmitted during the handshake.
+func (c *Conn) StaticKey() ([]byte, error) {
+	if !c.handshakeComplete {
+		return nil, errors.New("noise: handshake not completed")
+	}
+	return c.hs.rs.PublicKey[:], nil
+}
+
 //
 // input/output functions
 //

noise/noise.go

@@ -232,7 +232,6 @@ type handshakeState struct {
 // * s, e, rs, re are the local and remote static/ephemeral key pairs to be set (if they exist)
 // the function returns a handshakeState object.
 func initialize(handshakeType noiseHandshakeType, initiator bool, prologue []byte, s, e, rs, re *KeyPair) (h handshakeState) {
-
 	handshakePattern, ok := patterns[handshakeType]
 	if !ok {
 		panic("Noise: the supplied handshakePattern does not exist")
@@ -500,7 +499,4 @@ func (kp *KeyPair) clear() {
 	for i := 0; i < len(kp.PrivateKey); i++ {
 		kp.PrivateKey[i] = 0
 	}
-	for i := 0; i < len(kp.PublicKey); i++ {
-		kp.PublicKey[i] = 0
-	}
 }

noise/patterns_test.go

@@ -191,7 +191,13 @@ func TestNoiseXX(t *testing.T) {
 		if _, err = serverSocket.Write([]byte("ca va?")); err != nil {
 			t.Fatal("server can't write on socket")
 		}
-
+		clientStatic, err := serverSocket.(*Conn).StaticKey()
+		if err != nil {
+			t.Fatal("client static key not retrieved")
+		}
+		if !bytes.Equal(clientStatic, clientKeyPair.PublicKey[:]) {
+			t.Fatalf("client static retrieved not correct %x", clientStatic)
+		}
 	}()
 
 	// Run the client
@@ -211,6 +217,15 @@ func TestNoiseXX(t *testing.T) {
 	if !bytes.Equal(buf[:n], []byte("ca va?")) {
 		t.Fatal("server message failed")
 	}
+
+	serverStatic, err := clientSocket.StaticKey()
+	if err != nil {
+		t.Fatal("server static key not retrieved after exchange", err)
+	}
+
+	if !bytes.Equal(serverStatic, serverKeyPair.PublicKey[:]) {
+		t.Fatalf("(conn %p) static key received different than server's one %x", clientSocket, serverStatic)
+	}
 }
 
 func TestNoiseN(t *testing.T) {