summaryrefslogtreecommitdiffstats
path: root/src/method_xsalsa20_poly1305.c
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2013-08-28 19:54:11 +0200
committerMatthias Schiffer <mschiffer@universe-factory.net>2013-08-28 19:54:11 +0200
commit2343f5329c0d5e7d8073810e56577d944b7c518e (patch)
treee7a44cf6184a94e03538f179c2d95ac54611ef31 /src/method_xsalsa20_poly1305.c
parent6e63479b03df9c2189404fb631b1fbd4cab21186 (diff)
downloadfastd-2343f5329c0d5e7d8073810e56577d944b7c518e.tar
fastd-2343f5329c0d5e7d8073810e56577d944b7c518e.zip
ec25519: ensure old sessions are invalidated quickly after a new one has been established
Diffstat (limited to 'src/method_xsalsa20_poly1305.c')
-rw-r--r--src/method_xsalsa20_poly1305.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/method_xsalsa20_poly1305.c b/src/method_xsalsa20_poly1305.c
index d0d31f4..395f322 100644
--- a/src/method_xsalsa20_poly1305.c
+++ b/src/method_xsalsa20_poly1305.c
@@ -129,6 +129,14 @@ static bool method_session_want_refresh(fastd_context_t *ctx, fastd_method_sessi
return timespec_after(&ctx->now, &session->refresh_after);
}
+static void method_session_superseded(fastd_context_t *ctx, fastd_method_session_state_t *session) {
+ struct timespec valid_max = ctx->now;
+ valid_max.tv_sec += ctx->conf->key_valid_old;
+
+ if (timespec_after(&session->valid_till, &valid_max))
+ session->valid_till = valid_max;
+}
+
static void method_session_free(fastd_context_t *ctx UNUSED, fastd_method_session_state_t *session) {
if(session) {
secure_memzero(session, sizeof(fastd_method_session_state_t));
@@ -231,6 +239,7 @@ const fastd_method_t fastd_method_xsalsa20_poly1305 = {
.session_is_valid = method_session_is_valid,
.session_is_initiator = method_session_is_initiator,
.session_want_refresh = method_session_want_refresh,
+ .session_superseded = method_session_superseded,
.session_free = method_session_free,
.encrypt = method_encrypt,