BOLT 8: add missing MAC check in Act Three

2024-11-19 01:50:03 +01:00 · 2020-06-15 16:44:26 +02:00 · 2020-06-15 16:44:26 +02:00 · cc40afa88b
commit cc40afa88b
parent bdd4271101
1 changed files with 2 additions and 0 deletions
--- a/08-transport.md
+++ b/08-transport.md
@ -382,6 +382,8 @@ construction, and 16 bytes for a final authenticating tag.
 4. `rs = decryptWithAD(temp_k2, 1, h, c)`
     * At this point, the responder has recovered the static public key of the
       initiator.
+     * If the MAC check in this operation fails, then the responder MUST
+       terminate the connection without any further messages.
 5. `h = SHA-256(h || c)`
 6. `se = ECDH(e.priv, rs)`
     * where `e` is the responder's original ephemeral key