Cleanup

peer/cipher-data.go

@@ -1,6 +1,7 @@
 package peer
 
 import (
+	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
@@ -38,6 +39,10 @@ func (sc *dataCipher) Key() [32]byte {
 	return sc.key
 }
 
+func (sc *dataCipher) HasKey(k [32]byte) bool {
+	return bytes.Equal(k[:], sc.key[:])
+}
+
 func (sc *dataCipher) Encrypt(h Header, data, out []byte) []byte {
 	const s = dataHeaderSize
 	out = out[:s+dataCipherOverhead+len(data)]

peer/remotefsm.go

@@ -1,7 +1,6 @@
 package peer
 
 import (
-	"bytes"
 	"net/netip"
 	"time"
 	"vppn/m"
@@ -21,7 +20,6 @@ type remoteFSM struct {
 	lastSeen  time.Time
 	traceID   uint64
 	probes    map[uint64]sentProbe
-	sharedKey [32]byte
 
 	buf []byte
 }
@@ -117,7 +115,6 @@ func (r *remoteFSM) enterServer() stateFunc {
 
 	r.pingTimer.Reset(pingInterval)
 	r.lastSeen = time.Now()
-	clear(r.sharedKey[:])
 	return r.stateServer
 }
 
@@ -174,9 +171,8 @@ func (r *remoteFSM) stateServer_onSyn(msg controlMsg[packetSyn]) {
 	conf.DirectAddr = msg.SrcAddr
 
 	// Update data cipher if the key has changed.
-	if !bytes.Equal(r.sharedKey[:], p.SharedKey[:]) {
+	if !conf.DataCipher.HasKey(p.SharedKey) {
 		conf.DataCipher = newDataCipherFromKey(p.SharedKey)
-		copy(r.sharedKey[:], p.SharedKey[:])
 	}
 
 	r.updateConf(conf)

peer/util_test.go

@@ -1,26 +0,0 @@
-package peer
-
-import (
-	"net/netip"
-	"testing"
-)
-
-func addrPort4(a, b, c, d byte, port uint16) netip.AddrPort {
-	return netip.AddrPortFrom(netip.AddrFrom4([4]byte{a, b, c, d}), port)
-}
-
-func assertType[T any](t *testing.T, obj any) T {
-	t.Helper()
-	x, ok := obj.(T)
-	if !ok {
-		t.Fatalf("invalid type: %#v", obj)
-	}
-	return x
-}
-
-func assertEqual[T comparable](t *testing.T, a, b T) {
-	t.Helper()
-	if a != b {
-		t.Fatal(a, " != ", b)
-	}
-}