add temporary forced session token generation

p2p/crypto.go

@@ -103,6 +103,9 @@ func (self *cryptoId) Run(conn io.ReadWriter, remotePubKeyS []byte, sessionToken
 		if auth, initNonce, randomPrivKey, _, err = self.startHandshake(remotePubKeyS, sessionToken); err != nil {
 			return
 		}
+		if sessionToken != nil {
+			clogger.Debugf("session-token: %v", hexkey(sessionToken))
+		}
 		clogger.Debugf("initiator-nonce: %v", hexkey(initNonce))
 		clogger.Debugf("initiator-random-private-key: %v", hexkey(crypto.FromECDSA(randomPrivKey)))
 		randomPublicKeyS, _ := ExportPublicKey(&randomPrivKey.PublicKey)

p2p/peer.go

@@ -3,6 +3,7 @@ package p2p
 import (
 	"bufio"
 	"bytes"
+	"crypto/rand"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -342,6 +343,10 @@ func (p *Peer) handleCryptoHandshake() (loop readLoop, err error) {
 	// it is survived by an encrypted readwriter
 	var initiator bool
 	var sessionToken []byte
+	sessionToken = make([]byte, keyLen)
+	if _, err = rand.Read(sessionToken); err != nil {
+		return
+	}
 	if p.dialAddr != nil { // this should have its own method Outgoing() bool
 		initiator = true
 	}