rodolphe/coffio
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Do not use expired IKMs

Browse source
This commit is contained in:
Rodolphe Bréard 2024-03-16 10:29:06 +01:00
parent 66271877dc
commit 94b1809ffa
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/ikm.rs
View file

@ -136,10 +136,11 @@ impl InputKeyMaterialList {
#[cfg(feature = "encryption")] #[cfg(feature = "encryption")]
pub(crate) fn get_latest_ikm(&self) -> Result<&InputKeyMaterial> { pub(crate) fn get_latest_ikm(&self) -> Result<&InputKeyMaterial> {
let now = SystemTime::now();
self.ikm_lst self.ikm_lst
.iter() .iter()
.rev() .rev()
.find(|&ikm| !ikm.is_revoked && ikm.created_at < SystemTime::now()) .find(|&ikm| !ikm.is_revoked && ikm.created_at < now && ikm.expire_at > now)
.ok_or(Error::IkmNoneAvailable) .ok_or(Error::IkmNoneAvailable)
} }