From 322001460520d0fec5c62f87cb0168570f6275ed Mon Sep 17 00:00:00 2001
From: Brian Warner <warner@lothar.com>
Date: Mon, 16 Nov 2015 16:56:19 -0800
Subject: [PATCH] send key-confirmation message upon receipt of PAKE

This will allow the first peer to detect a wrong password even though
the second peer bails before sending something encrypted.
---
 src/wormhole/blocking/transcribe.py | 2 ++
 src/wormhole/twisted/transcribe.py  | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/wormhole/blocking/transcribe.py b/src/wormhole/blocking/transcribe.py
index 97580e0..63ef206 100644
--- a/src/wormhole/blocking/transcribe.py
+++ b/src/wormhole/blocking/transcribe.py
@@ -314,6 +314,8 @@ class Wormhole:
             pake_msg = self._channel.get(u"pake")
             self.key = self.sp.finish(pake_msg)
             self.verifier = self.derive_key(u"wormhole:verifier")
+            conf = self.derive_key(u"wormhole:confirmation")
+            self._channel.send(u"_confirm", conf)
 
     @close_on_error
     def get_verifier(self):
diff --git a/src/wormhole/twisted/transcribe.py b/src/wormhole/twisted/transcribe.py
index 1065d0b..5a36d90 100644
--- a/src/wormhole/twisted/transcribe.py
+++ b/src/wormhole/twisted/transcribe.py
@@ -332,7 +332,10 @@ class Wormhole:
             key = self.sp.finish(pake_msg)
             self.key = key
             self.verifier = self.derive_key(u"wormhole:verifier")
-            return key
+            conf = self.derive_key(u"wormhole:confirmation")
+            d1 = self._channel.send(u"_confirm", conf)
+            d1.addCallback(lambda _: key)
+            return d1
         d.addCallback(_got_pake)
         return d