keyfork-shard: assert shared secrets are contributory

crates/keyfork-shard/src/lib.rs

@@ -248,10 +248,9 @@ pub trait Format {
         // create our shared key
         let our_key = EphemeralSecret::random();
         let our_pubkey_mnemonic = Mnemonic::from_bytes(PublicKey::from(&our_key).as_bytes())?;
-        let shared_secret = our_key
+        let shared_secret = our_key.diffie_hellman(&PublicKey::from(their_pubkey));
-            .diffie_hellman(&PublicKey::from(their_pubkey))
+        assert!(shared_secret.was_contributory(), bug!("shared secret might be insecure"));
-            .to_bytes();
+        let hkdf = Hkdf::<Sha256>::new(None, shared_secret.as_bytes());
-        let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
 
         let mut shared_key_data = [0u8; 256 / 8];
         hkdf.expand(b"key", &mut shared_key_data)?;
@@ -515,8 +514,9 @@ pub fn remote_decrypt(w: &mut impl Write) -> Result<(), Box<dyn std::error::Erro
             bug!("invalid payload data")
         );
 
-        let shared_secret = our_key.diffie_hellman(&PublicKey::from(pubkey)).to_bytes();
+        let shared_secret = our_key.diffie_hellman(&PublicKey::from(pubkey));
-        let hkdf = Hkdf::<Sha256>::new(None, &shared_secret);
+        assert!(shared_secret.was_contributory(), bug!("shared secret might be insecure"));
+        let hkdf = Hkdf::<Sha256>::new(None, shared_secret.as_bytes());
 
         let mut shared_key_data = [0u8; 256 / 8];
         hkdf.expand(b"key", &mut shared_key_data)?;