device: fix private key removal logic

author: Jason A. Donenfeld <Jason@zx2c4.com> 2020-02-04 18:08:51 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2020-02-04 22:02:53 +0100
commit: 6ed56ff2dfd57ba47cdf604eb3c455acb553c0df (patch)
tree: 859f33211a1923a8047a18bc9236c748548f0588 /device/device.go
parent: cb4bb63030d09afe7ee78fd49613b86709fdc006 (diff)
1 files changed, 4 insertions, 13 deletions
diff --git a/device/device.go b/device/device.go
index 569c5a8..0b909a7 100644
--- a/device/device.go
+++ b/device/device.go
@@ -236,23 +236,14 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
 
 	// do static-static DH pre-computations
 
-	rmKey := device.staticIdentity.privateKey.IsZero()
-
 	expiredPeers := make([]*Peer, 0, len(device.peers.keyMap))
-	for key, peer := range device.peers.keyMap {
+	for _, peer := range device.peers.keyMap {
 		handshake := &peer.handshake
-
-		if rmKey {
-			handshake.precomputedStaticStatic = [NoisePublicKeySize]byte{}
-		} else {
-			handshake.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(handshake.remoteStatic)
-		}
-
+		handshake.precomputedStaticStatic = device.staticIdentity.privateKey.sharedSecret(handshake.remoteStatic)
 		if isZero(handshake.precomputedStaticStatic[:]) {
-			unsafeRemovePeer(device, peer, key)
-		} else {
-			expiredPeers = append(expiredPeers, peer)
+			panic("an invalid peer public key made it into the configuration")
 		}
+		expiredPeers = append(expiredPeers, peer)
 	}
 
 	for _, peer := range lockedPeers {
author	Jason A. Donenfeld <Jason@zx2c4.com>	2020-02-04 18:08:51 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2020-02-04 22:02:53 +0100
commit	6ed56ff2dfd57ba47cdf604eb3c455acb553c0df (patch)
tree	859f33211a1923a8047a18bc9236c748548f0588 /device/device.go
parent	cb4bb63030d09afe7ee78fd49613b86709fdc006 (diff)