From 82eba7901290b210ce4f4e1fe0221db211709c4a Mon Sep 17 00:00:00 2001
From: Jono Wenger <jono@elixxir.io>
Date: Mon, 29 Aug 2022 21:49:15 +0000
Subject: [PATCH] XX-4101 / QR Code Panic Fix

---
 auth/request.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/auth/request.go b/auth/request.go
index 8f39fc9db..78cd21606 100644
--- a/auth/request.go
+++ b/auth/request.go
@@ -137,6 +137,11 @@ func requestAuth(partner, me contact.Contact, rng io.Reader, reset bool,
 	sender := storage.GetUser().ReceptionID
 
 	//generate ownership proof
+	if !dhGrp.Inside(partner.DhPubKey.GetLargeInt()) {
+		return 0, errors.Errorf("partner's DH public key is not in the E2E "+
+			"group; E2E group fingerprint is %d and DH key has %d",
+			dhGrp.GetFingerprint(), partner.DhPubKey.GetGroupFingerprint())
+	}
 	ownership := cAuth.MakeOwnershipProof(originDHPrivKey, partner.DhPubKey,
 		dhGrp)
 	confirmFp := cAuth.MakeOwnershipProofFP(ownership)
-- 
GitLab