Do not use expired IKMs

2024-03-16 10:29:06 +01:00 · 2024-03-16 10:29:06 +01:00 · 94b1809ffa
commit 94b1809ffa
parent 66271877dc
1 changed files with 2 additions and 1 deletions
--- a/src/ikm.rs
+++ b/src/ikm.rs
@ -136,10 +136,11 @@ impl InputKeyMaterialList {

 	#[cfg(feature = "encryption")]
 	pub(crate) fn get_latest_ikm(&self) -> Result<&InputKeyMaterial> {
+		let now = SystemTime::now();
 		self.ikm_lst
 			.iter()
 			.rev()
-			.find(|&ikm| !ikm.is_revoked && ikm.created_at < SystemTime::now())
+			.find(|&ikm| !ikm.is_revoked && ikm.created_at < now && ikm.expire_at > now)
 			.ok_or(Error::IkmNoneAvailable)
 	}