d27e85ecf2
Derive a 4-digit code from the shared DH secret via HKDF with label "warzone-sas-code". Both peers compute the same code; a MITM relay produces a different one. Users compare verbally during the call. - CryptoSession::sas_code() -> Option<u32> on the trait - ChaChaSession stores and returns the SAS - HKDF derivation in WarzoneKeyExchange::derive_session() - Tests: both peers match, MITM produces different code Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>