github.com/noisysockets/noisysockets@v0.21.2-0.20240515114641-7f467e651c90/internal/transport/keypair.go (about) 1 // SPDX-License-Identifier: MPL-2.0 2 /* 3 * Copyright (C) 2024 The Noisy Sockets Authors. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 8 * 9 * Portions of this file are based on code originally from wireguard-go, 10 * 11 * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved. 12 * 13 * Permission is hereby granted, free of charge, to any person obtaining a copy of 14 * this software and associated documentation files (the "Software"), to deal in 15 * the Software without restriction, including without limitation the rights to 16 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 17 * of the Software, and to permit persons to whom the Software is furnished to do 18 * so, subject to the following conditions: 19 * 20 * The above copyright notice and this permission notice shall be included in all 21 * copies or substantial portions of the Software. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 24 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 25 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 26 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 27 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 28 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 29 * SOFTWARE. 30 */ 31 32 package transport 33 34 import ( 35 "crypto/cipher" 36 "sync" 37 "sync/atomic" 38 "time" 39 40 "github.com/noisysockets/noisysockets/internal/replay" 41 ) 42 43 /* Due to limitations in Go and /x/crypto there is currently 44 * no way to ensure that key material is securely ereased in memory. 45 * 46 * Since this may harm the forward secrecy property, 47 * we plan to resolve this issue; whenever Go allows us to do so. 48 */ 49 50 type Keypair struct { 51 sendNonce atomic.Uint64 52 send cipher.AEAD 53 receive cipher.AEAD 54 replayFilter replay.Filter 55 isInitiator bool 56 created time.Time 57 localIndex uint32 58 remoteIndex uint32 59 } 60 61 type Keypairs struct { 62 sync.RWMutex 63 current *Keypair 64 previous *Keypair 65 next atomic.Pointer[Keypair] 66 } 67 68 func (kp *Keypairs) Current() *Keypair { 69 kp.RLock() 70 defer kp.RUnlock() 71 return kp.current 72 } 73 74 func (transport *Transport) DeleteKeypair(key *Keypair) { 75 if key != nil { 76 transport.indexTable.Delete(key.localIndex) 77 } 78 }