github.com/koomox/wireguard-go@v0.0.0-20230722134753-17a50b2f22a3/device/keypair.go (about) 1 /* SPDX-License-Identifier: MIT 2 * 3 * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved. 4 */ 5 6 package device 7 8 import ( 9 "crypto/cipher" 10 "sync" 11 "sync/atomic" 12 "time" 13 14 "github.com/koomox/wireguard-go/replay" 15 ) 16 17 /* Due to limitations in Go and /x/crypto there is currently 18 * no way to ensure that key material is securely ereased in memory. 19 * 20 * Since this may harm the forward secrecy property, 21 * we plan to resolve this issue; whenever Go allows us to do so. 22 */ 23 24 type Keypair struct { 25 sendNonce atomic.Uint64 26 send cipher.AEAD 27 receive cipher.AEAD 28 replayFilter replay.Filter 29 isInitiator bool 30 created time.Time 31 localIndex uint32 32 remoteIndex uint32 33 } 34 35 type Keypairs struct { 36 sync.RWMutex 37 current *Keypair 38 previous *Keypair 39 next atomic.Pointer[Keypair] 40 } 41 42 func (kp *Keypairs) Current() *Keypair { 43 kp.RLock() 44 defer kp.RUnlock() 45 return kp.current 46 } 47 48 func (device *Device) DeleteKeypair(key *Keypair) { 49 if key != nil { 50 device.indexTable.Delete(key.localIndex) 51 } 52 }