Following code checks the CSN:
|
final long previous = peer.getCsnPair().getTheirs(); |
|
final long current = nonce.getCombinedSequence(); |
|
if (current < previous) { |
|
throw new ValidationError(peer.getName() + " CSN is lower than last time"); |
|
} else if (current == previous) { |
|
throw new ValidationError(peer.getName() + " CSN hasn't been incremented"); |
|
} else { |
|
peer.getCsnPair().setTheirs(current); |
|
} |
accepting any CSN which is larger then the previous CSN.
But the spec states it must have been incremented by 1:
If the message is received by a client or received by and intended for a server (the destination address is 0x00), the peer does the following checks:
[...]
- In case that the peer does make use of the combined sequence number, it MUST check that the combined sequence number of the source peer has been increased by 1 and has not reset to 0. Implementations that use the combined sequence number SHALL ignore the following three checks.
Following code checks the CSN:
saltyrtc-client-java/src/main/java/org/saltyrtc/client/signaling/Signaling.java
Lines 1088 to 1096 in d01e553
accepting any CSN which is larger then the previous CSN.
But the spec states it must have been incremented by
1: