Improved handling of key-material

author: Mathias Hall-Andersen <mathias@hall-andersen.dk> 2017-09-01 14:21:53 +0200
committer: Mathias Hall-Andersen <mathias@hall-andersen.dk> 2017-09-01 14:21:53 +0200
commit: 0294a5c0dd753786996e62236b7d8d524201ace4 (patch)
tree: 6e4623154072100ff402b45c2ac26fcff30da0fd /src/receive.go
parent: 239d582cb213775d6896908bbcdaad79e143cbd6 (diff)
1 files changed, 17 insertions, 7 deletions
diff --git a/src/receive.go b/src/receive.go
index ca7bb6e..97646d8 100644
--- a/src/receive.go
+++ b/src/receive.go
@@ -251,15 +251,22 @@ func (device *Device) RoutineDecryption() {
 		var err error
 		copy(nonce[4:], counter)
 		elem.counter = binary.LittleEndian.Uint64(counter)
-		elem.packet, err = elem.keyPair.receive.Open(
-			elem.buffer[:0],
-			nonce[:],
-			content,
-			nil,
-		)
-		if err != nil {
+		elem.keyPair.receive.mutex.RLock()
+		if elem.keyPair.receive.aead == nil {
+			// very unlikely (the key was deleted during queuing)
 			elem.Drop()
+		} else {
+			elem.packet, err = elem.keyPair.receive.aead.Open(
+				elem.buffer[:0],
+				nonce[:],
+				content,
+				nil,
+			)
+			if err != nil {
+				elem.Drop()
+			}
 		}
+		elem.keyPair.receive.mutex.RUnlock()
 		elem.mutex.Unlock()
 	}
 }
@@ -507,6 +514,9 @@ func (peer *Peer) RoutineSequentialReceiver() {
 		kp.mutex.Lock()
 		if kp.next == elem.keyPair {
 			peer.TimerHandshakeComplete()
+			if kp.previous != nil {
+				device.DeleteKeyPair(kp.previous)
+			}
 			kp.previous = kp.current
 			kp.current = kp.next
 			kp.next = nil
author	Mathias Hall-Andersen <mathias@hall-andersen.dk>	2017-09-01 14:21:53 +0200
committer	Mathias Hall-Andersen <mathias@hall-andersen.dk>	2017-09-01 14:21:53 +0200
commit	0294a5c0dd753786996e62236b7d8d524201ace4 (patch)
tree	6e4623154072100ff402b45c2ac26fcff30da0fd /src/receive.go
parent	239d582cb213775d6896908bbcdaad79e143cbd6 (diff)