github.com/tailscale/wireguard-go@v0.0.20201119-0.20210522003738-46b531feb08a/device/keypair.go

github.com/tailscale/wireguard-go@v0.0.20201119-0.20210522003738-46b531feb08a/device/keypair.go (about)

     1  /* SPDX-License-Identifier: MIT
     2   *
     3   * Copyright (C) 2017-2021 WireGuard LLC. All Rights Reserved.
     4   */
     5  
     6  package device
     7  
     8  import (
     9  	"crypto/cipher"
    10  	"sync"
    11  	"sync/atomic"
    12  	"time"
    13  	"unsafe"
    14  
    15  	"github.com/tailscale/wireguard-go/replay"
    16  )
    17  
    18  /* Due to limitations in Go and /x/crypto there is currently
    19   * no way to ensure that key material is securely ereased in memory.
    20   *
    21   * Since this may harm the forward secrecy property,
    22   * we plan to resolve this issue; whenever Go allows us to do so.
    23   */
    24  
    25  type Keypair struct {
    26  	sendNonce    uint64 // accessed atomically
    27  	send         cipher.AEAD
    28  	receive      cipher.AEAD
    29  	replayFilter replay.Filter
    30  	isInitiator  bool
    31  	created      time.Time
    32  	localIndex   uint32
    33  	remoteIndex  uint32
    34  }
    35  
    36  type Keypairs struct {
    37  	sync.RWMutex
    38  	current  *Keypair
    39  	previous *Keypair
    40  	next     *Keypair
    41  }
    42  
    43  func (kp *Keypairs) storeNext(next *Keypair) {
    44  	atomic.StorePointer((*unsafe.Pointer)((unsafe.Pointer)(&kp.next)), (unsafe.Pointer)(next))
    45  }
    46  
    47  func (kp *Keypairs) loadNext() *Keypair {
    48  	return (*Keypair)(atomic.LoadPointer((*unsafe.Pointer)((unsafe.Pointer)(&kp.next))))
    49  }
    50  
    51  func (kp *Keypairs) Current() *Keypair {
    52  	kp.RLock()
    53  	defer kp.RUnlock()
    54  	return kp.current
    55  }
    56  
    57  func (device *Device) DeleteKeypair(key *Keypair) {
    58  	if key != nil {
    59  		device.indexTable.Delete(key.localIndex)
    60  	}
    61  }