From 2343f5329c0d5e7d8073810e56577d944b7c518e Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 28 Aug 2013 19:54:11 +0200
Subject: ec25519: ensure old sessions are invalidated quickly after a new one
 has been established

---
 src/method_xsalsa20_poly1305.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/method_xsalsa20_poly1305.c')

diff --git a/src/method_xsalsa20_poly1305.c b/src/method_xsalsa20_poly1305.c
index d0d31f4..395f322 100644
--- a/src/method_xsalsa20_poly1305.c
+++ b/src/method_xsalsa20_poly1305.c
@@ -129,6 +129,14 @@ static bool method_session_want_refresh(fastd_context_t *ctx, fastd_method_sessi
 	return timespec_after(&ctx->now, &session->refresh_after);
 }
 
+static void method_session_superseded(fastd_context_t *ctx, fastd_method_session_state_t *session) {
+	struct timespec valid_max = ctx->now;
+	valid_max.tv_sec += ctx->conf->key_valid_old;
+
+	if (timespec_after(&session->valid_till, &valid_max))
+		session->valid_till = valid_max;
+}
+
 static void method_session_free(fastd_context_t *ctx UNUSED, fastd_method_session_state_t *session) {
 	if(session) {
 		secure_memzero(session, sizeof(fastd_method_session_state_t));
@@ -231,6 +239,7 @@ const fastd_method_t fastd_method_xsalsa20_poly1305 = {
 	.session_is_valid = method_session_is_valid,
 	.session_is_initiator = method_session_is_initiator,
 	.session_want_refresh = method_session_want_refresh,
+	.session_superseded = method_session_superseded,
 	.session_free = method_session_free,
 
 	.encrypt = method_encrypt,
-- 
cgit v1.2.3