diff options
| author |   Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2017-09-20 09:26:08 +0200 |
|---|---|---|
| committer | Mathias Hall-Andersen <mathias@hall-andersen.dk> | 2017-09-20 09:26:08 +0200 |
| commit | 47a21c8bb08c84d5f84e66ffd3b81ded957dda6d (patch) | |
| tree | 99006a48c9aff4ba4c8bef0ae771715a20f1e2e2 /src/noise_protocol.go | |
| parent | Improved readability of send/receive code (diff) | |
| download | wireguard-go-47a21c8bb08c84d5f84e66ffd3b81ded957dda6d.tar.xz wireguard-go-47a21c8bb08c84d5f84e66ffd3b81ded957dda6d.zip | |
Added last_minute_handshake_guard
- Added last_minute_handshake_guard and reverted keypair changes.
- Added comment explaining the state of Go in releation to handling
cryptographic state in memory.
- Decreased logging level of netsh test
Diffstat (limited to 'src/noise_protocol.go')
| -rw-r--r-- | src/noise_protocol.go | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/src/noise_protocol.go b/src/noise_protocol.go index a50e3dc..9e5fdd8 100644 --- a/src/noise_protocol.go +++ b/src/noise_protocol.go @@ -502,8 +502,8 @@ func (peer *Peer) NewKeyPair() *KeyPair { // create AEAD instances keyPair := new(KeyPair) - keyPair.send.setKey(&sendKey) - keyPair.receive.setKey(&recvKey) + keyPair.send, _ = chacha20poly1305.New(sendKey[:]) + keyPair.receive, _ = chacha20poly1305.New(recvKey[:]) setZero(sendKey[:]) setZero(recvKey[:]) @@ -530,30 +530,29 @@ func (peer *Peer) NewKeyPair() *KeyPair { // rotate key pairs kp := &peer.keyPairs - func() { - kp.mutex.Lock() - defer kp.mutex.Unlock() - // TODO: Adapt kernel behavior noise.c:161 - if isInitiator { - if kp.previous != nil { - device.DeleteKeyPair(kp.previous) - kp.previous = nil - } - - if kp.next != nil { - kp.previous = kp.next - kp.next = keyPair - } else { - kp.previous = kp.current - kp.current = keyPair - signalSend(peer.signal.newKeyPair) // TODO: This more places (after confirming the key) - } + kp.mutex.Lock() - } else { + // TODO: Adapt kernel behavior noise.c:161 + if isInitiator { + if kp.previous != nil { + device.DeleteKeyPair(kp.previous) + kp.previous = nil + } + + if kp.next != nil { + kp.previous = kp.next kp.next = keyPair - kp.previous = nil // TODO: Discuss why + } else { + kp.previous = kp.current + kp.current = keyPair + signalSend(peer.signal.newKeyPair) // TODO: This more places (after confirming the key) } - }() + + } else { + kp.next = keyPair + kp.previous = nil + } + kp.mutex.Unlock() return keyPair } |