diff options
| author |   Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2017-09-01 14:21:53 +0200 |
|---|---|---|
| committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2017-09-01 14:21:53 +0200 |
| commit | 0294a5c0dd753786996e62236b7d8d524201ace4 (patch) | |
| tree | 6e4623154072100ff402b45c2ac26fcff30da0fd /src/keypair.go | |
| parent | Renamed config.go to follow general naming pattern (diff) | |
| download | wireguard-go-0294a5c0dd753786996e62236b7d8d524201ace4.tar.xz wireguard-go-0294a5c0dd753786996e62236b7d8d524201ace4.zip | |
Improved handling of key-material
Diffstat (limited to 'src/keypair.go')
| -rw-r--r-- | src/keypair.go | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/src/keypair.go b/src/keypair.go index ba9c437..644d040 100644 --- a/src/keypair.go +++ b/src/keypair.go @@ -2,14 +2,39 @@ package main import ( "crypto/cipher" + "golang.org/x/crypto/chacha20poly1305" + "reflect" "sync" "time" ) +type safeAEAD struct { + mutex sync.RWMutex + aead cipher.AEAD +} + +func (con *safeAEAD) clear() { + // TODO: improve handling of key material + con.mutex.Lock() + if con.aead != nil { + val := reflect.ValueOf(con.aead) + elm := val.Elem() + typ := elm.Type() + elm.Set(reflect.Zero(typ)) + con.aead = nil + } + con.mutex.Unlock() +} + +func (con *safeAEAD) setKey(key *[chacha20poly1305.KeySize]byte) { + // TODO: improve handling of key material + con.aead, _ = chacha20poly1305.New(key[:]) +} + type KeyPair struct { - receive cipher.AEAD + send safeAEAD + receive safeAEAD replayFilter ReplayFilter - send cipher.AEAD sendNonce uint64 isInitiator bool created time.Time @@ -31,7 +56,7 @@ func (kp *KeyPairs) Current() *KeyPair { } func (device *Device) DeleteKeyPair(key *KeyPair) { - key.send = nil - key.receive = nil + key.send.clear() + key.receive.clear() device.indices.Delete(key.localIndex) } |