coap: Fix occasional failure when both peers pick the same C_x

This would be legal in EDHOC, but OSCORE derivations will fail.
chrysn-pull-requests · May 15, 2024 · d238296 · d238296
1 parent 378c48a
commit d238296
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/examples/coap/src/seccontext.rs b/examples/coap/src/seccontext.rs
@@ -485,7 +485,10 @@ impl<'a, H: coap_handler::Handler, L: Write> coap_handler::Handler
                     let c_r = COwn::not_in_iter(
                         self.pool
                             .iter()
-                            .filter_map(|entry| entry.corresponding_cown()),
+                            .filter_map(|entry| entry.corresponding_cown())
+                            // C_R does not only need to be unique, it also must not be identical
+                            // to C_I
+                            .chain(COwn::from_kid(c_i.as_slice()).as_slice().into_iter().cloned())
                     );
 
                     writeln!(self.log, "Entries in pool:");