Removed the XR pattern and added the initiator check in WriteMessage and ReadMessage according to spec (#22)

* removed the XR pattern and added the initiator check in WriteMessage and ReadMessage according to spec

* removed extra space I shouldn't have added

* fixed vectors

* re-generated via vectorgen

patterns.go

@@ -13,7 +13,7 @@ var HandshakeKN = HandshakePattern{
 	InitiatorPreMessages: []MessagePattern{MessagePatternS},
 	Messages: [][]MessagePattern{
 		{MessagePatternE},
-		{MessagePatternE, MessagePatternDHEE, MessagePatternDHES},
+		{MessagePatternE, MessagePatternDHEE, MessagePatternDHSE},
 	},
 }
 
@@ -32,7 +32,7 @@ var HandshakeKK = HandshakePattern{
 	ResponderPreMessages: []MessagePattern{MessagePatternS},
 	Messages: [][]MessagePattern{
 		{MessagePatternE, MessagePatternDHES, MessagePatternDHSS},
-		{MessagePatternE, MessagePatternDHEE, MessagePatternDHES},
+		{MessagePatternE, MessagePatternDHEE, MessagePatternDHSE},
 	},
 }
 
@@ -40,7 +40,7 @@ var HandshakeNX = HandshakePattern{
 	Name: "NX",
 	Messages: [][]MessagePattern{
 		{MessagePatternE},
-		{MessagePatternE, MessagePatternDHEE, MessagePatternS, MessagePatternDHSE},
+		{MessagePatternE, MessagePatternDHEE, MessagePatternS, MessagePatternDHES},
 	},
 }
 
@@ -49,7 +49,7 @@ var HandshakeKX = HandshakePattern{
 	InitiatorPreMessages: []MessagePattern{MessagePatternS},
 	Messages: [][]MessagePattern{
 		{MessagePatternE},
-		{MessagePatternE, MessagePatternDHEE, MessagePatternDHES, MessagePatternS, MessagePatternDHSE},
+		{MessagePatternE, MessagePatternDHEE, MessagePatternDHSE, MessagePatternS, MessagePatternDHES},
 	},
 }
 
@@ -66,7 +66,7 @@ var HandshakeIN = HandshakePattern{
 	Name: "IN",
 	Messages: [][]MessagePattern{
 		{MessagePatternE, MessagePatternS},
-		{MessagePatternE, MessagePatternDHEE, MessagePatternDHES},
+		{MessagePatternE, MessagePatternDHEE, MessagePatternDHSE},
 	},
 }
 
@@ -85,7 +85,7 @@ var HandshakeIK = HandshakePattern{
 	ResponderPreMessages: []MessagePattern{MessagePatternS},
 	Messages: [][]MessagePattern{
 		{MessagePatternE, MessagePatternDHES, MessagePatternS, MessagePatternDHSS},
-		{MessagePatternE, MessagePatternDHEE, MessagePatternDHES},
+		{MessagePatternE, MessagePatternDHEE, MessagePatternDHSE},
 	},
 }
 
@@ -93,17 +93,7 @@ var HandshakeXX = HandshakePattern{
 	Name: "XX",
 	Messages: [][]MessagePattern{
 		{MessagePatternE},
-		{MessagePatternE, MessagePatternDHEE, MessagePatternS, MessagePatternDHSE},
+		{MessagePatternE, MessagePatternDHEE, MessagePatternS, MessagePatternDHES},
-		{MessagePatternS, MessagePatternDHSE},
-	},
-}
-
-var HandshakeXR = HandshakePattern{
-	Name: "XR",
-	Messages: [][]MessagePattern{
-		{MessagePatternE},
-		{MessagePatternE, MessagePatternDHEE},
-		{MessagePatternS, MessagePatternDHSE},
 		{MessagePatternS, MessagePatternDHSE},
 	},
 }
@@ -112,7 +102,7 @@ var HandshakeIX = HandshakePattern{
 	Name: "IX",
 	Messages: [][]MessagePattern{
 		{MessagePatternE, MessagePatternS},
-		{MessagePatternE, MessagePatternDHEE, MessagePatternDHES, MessagePatternS, MessagePatternDHSE},
+		{MessagePatternE, MessagePatternDHEE, MessagePatternDHSE, MessagePatternS, MessagePatternDHES},
 	},
 }
 

state.go

@@ -211,6 +211,7 @@ type HandshakeState struct {
 	psk             []byte // preshared key, maybe zero length
 	messagePatterns [][]MessagePattern
 	shouldWrite     bool
+	initiator       bool
 	msgIdx          int
 	rng             io.Reader
 }
@@ -269,6 +270,7 @@ func NewHandshakeState(c Config) *HandshakeState {
 		psk:             c.PresharedKey,
 		messagePatterns: c.Pattern.Messages,
 		shouldWrite:     c.Initiator,
+		initiator:       c.Initiator,
 		rng:             c.Random,
 	}
 	if hs.rng == nil {
@@ -355,9 +357,17 @@ func (s *HandshakeState) WriteMessage(out, payload []byte) ([]byte, *CipherState
 		case MessagePatternDHEE:
 			s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.re))
 		case MessagePatternDHES:
+			if s.initiator {
 				s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.rs))
-		case MessagePatternDHSE:
+			} else {
 				s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re))
+			}
+		case MessagePatternDHSE:
+			if s.initiator {
+				s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re))
+			} else {
+				s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.rs))
+			}
 		case MessagePatternDHSS:
 			s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.rs))
 		case MessagePatternPSK:
@@ -430,9 +440,17 @@ func (s *HandshakeState) ReadMessage(out, message []byte) ([]byte, *CipherState,
 		case MessagePatternDHEE:
 			s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.re))
 		case MessagePatternDHES:
-			s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re))
+			if s.initiator {
-		case MessagePatternDHSE:
 				s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.rs))
+			} else {
+				s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re))
+			}
+		case MessagePatternDHSE:
+			if s.initiator {
+				s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.re))
+			} else {
+				s.ss.MixKey(s.ss.cs.DH(s.e.Private, s.rs))
+			}
 		case MessagePatternDHSS:
 			s.ss.MixKey(s.ss.cs.DH(s.s.Private, s.rs))
 		case MessagePatternPSK:

vector_test.go

@@ -56,7 +56,6 @@ func init() {
 		HandshakeXK,
 		HandshakeIK,
 		HandshakeXX,
-		HandshakeXR,
 		HandshakeIX,
 		HandshakeN,
 		HandshakeK,

vectorgen/vectorgen.go

@@ -29,7 +29,6 @@ func main() {
 				HandshakeN,
 				HandshakeK,
 				HandshakeX,
-				HandshakeXR,
 			} {
 				for _, prologue := range []bool{false, true} {
 					for _, payloads := range []bool{false, true} {