Don't stop repeating handshakes until valid data using the new key is received

4 files changed, 18 insertions, 3 deletions

diff --git a/src/peer.c b/src/peer.c
index dd73584..9e3e501 100644
--- a/src/peer.c
+++ b/src/peer.c
@@ -148,6 +148,10 @@ fastd_peer* fastd_peer_add_temp(fastd_context *ctx, const fastd_peer_address *ad
 	return peer;
 }
 
+void fastd_peer_clean_handshakes(fastd_context *ctx, fastd_peer *peer) {
+	fastd_task_delete_peer_handshakes(ctx, peer);
+}
+
 fastd_peer* fastd_peer_set_established_merge(fastd_context *ctx, fastd_peer *perm_peer, fastd_peer *temp_peer) {
 	pr_debug(ctx, "merging peer %P into %P", temp_peer, perm_peer);
 
@@ -168,7 +172,6 @@ fastd_peer* fastd_peer_set_established_merge(fastd_context *ctx, fastd_peer *per
 	}
 
 	fastd_task_replace_peer(ctx, temp_peer, perm_peer);
-	fastd_task_delete_peer_handshakes(ctx, perm_peer);
 
 	fastd_peer_reset(ctx, temp_peer);
 
@@ -178,8 +181,6 @@ fastd_peer* fastd_peer_set_established_merge(fastd_context *ctx, fastd_peer *per
 }
 
 void fastd_peer_set_established(fastd_context *ctx, fastd_peer *peer) {
-	fastd_task_delete_peer_handshakes(ctx, peer);
-
 	switch(peer->state) {
 	case STATE_WAIT:
 		pr_info(ctx, "Connection with %P established.", peer);
diff --git a/src/peer.h b/src/peer.h
index 1ffa18b..f3b9a93 100644
--- a/src/peer.h
+++ b/src/peer.h
@@ -75,6 +75,7 @@ fastd_peer_config* fastd_peer_config_new(fastd_context *ctx, fastd_config *conf)
 void fastd_peer_reset(fastd_context *ctx, fastd_peer *peer);
 fastd_peer* fastd_peer_add(fastd_context *ctx, fastd_peer_config *conf);
 fastd_peer* fastd_peer_add_temp(fastd_context *ctx, const fastd_peer_address *address);
+void fastd_peer_clean_handshakes(fastd_context *ctx, fastd_peer *peer);
 fastd_peer* fastd_peer_set_established_merge(fastd_context *ctx, fastd_peer *perm_peer, fastd_peer *temp_peer);
 void fastd_peer_set_established(fastd_context *ctx, fastd_peer *peer);
 
diff --git a/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c b/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
index e22ef19..8336db5 100644
--- a/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
+++ b/src/protocol_ec25519_fhmqvc_xsalsa20_poly1305.c
@@ -90,6 +90,8 @@ typedef struct _protocol_handshake {
 } protocol_handshake;
 
 typedef struct _protocol_session {
+	bool handshakes_cleaned;
+
 	struct timespec valid_till;
 	struct timespec refresh_after;
 	bool refreshing;
@@ -369,6 +371,8 @@ static void establish(fastd_context *ctx, fastd_peer *peer, const fastd_peer_con
 	memcpy(hashinput+4*PUBLICKEYBYTES, sigma->p, PUBLICKEYBYTES);
 	crypto_hash_sha256(peer->protocol_state->session.key, hashinput, 5*PUBLICKEYBYTES);
 
+	peer->protocol_state->session.handshakes_cleaned = false;
+
 	peer->protocol_state->session.valid_till = ctx->now;
 	peer->protocol_state->session.valid_till.tv_sec += ctx->conf->key_valid;
 
@@ -674,6 +678,12 @@ static void protocol_handle_recv(fastd_context *ctx, fastd_peer *peer, fastd_buf
 		}
 
 		if (crypto_secretbox_xsalsa20poly1305_open(recv_buffer.data, buffer.data, buffer.len, nonce, session->key) == 0) {
+			if (!session->handshakes_cleaned) {
+				pr_debug(ctx, "cleaning left handshakes with %P", peer);
+				fastd_peer_clean_handshakes(ctx, peer);
+				session->handshakes_cleaned = true;
+			}
+
 			if (!is_session_zero(ctx, &peer->protocol_state->old_session)) {
 				pr_debug(ctx, "invalidating old session with %P", peer);
 				memset(&peer->protocol_state->old_session, 0, sizeof(protocol_session));
diff --git a/src/protocol_null.c b/src/protocol_null.c
index 8648c88..163d164 100644
--- a/src/protocol_null.c
+++ b/src/protocol_null.c
@@ -100,6 +100,9 @@ static void protocol_handshake_handle(fastd_context *ctx, fastd_peer *peer, cons
 
 static void protocol_handle_recv(fastd_context *ctx, fastd_peer *peer, fastd_buffer buffer) {
 	if (fastd_peer_is_established(peer) && buffer.len) {
+		/* this could be optimized a bit */
+		fastd_peer_clean_handshakes(ctx, peer);
+
 		fastd_peer_seen(ctx, peer);
 		fastd_task_put_handle_recv(ctx, peer, buffer);
 	}