keypair.go raw

   1  /* SPDX-License-Identifier: MIT
   2   *
   3   * Copyright (C) 2017-2025 WireGuard LLC. All Rights Reserved.
   4   */
   5  
   6  package device
   7  
   8  import (
   9  	"crypto/cipher"
  10  	"sync"
  11  	"sync/atomic"
  12  	"time"
  13  
  14  	"golang.zx2c4.com/wireguard/replay"
  15  )
  16  
  17  /* Due to limitations in Go and /x/crypto there is currently
  18   * no way to ensure that key material is securely ereased in memory.
  19   *
  20   * Since this may harm the forward secrecy property,
  21   * we plan to resolve this issue; whenever Go allows us to do so.
  22   */
  23  
  24  type Keypair struct {
  25  	sendNonce    atomic.Uint64
  26  	send         cipher.AEAD
  27  	receive      cipher.AEAD
  28  	replayFilter replay.Filter
  29  	isInitiator  bool
  30  	created      time.Time
  31  	localIndex   uint32
  32  	remoteIndex  uint32
  33  }
  34  
  35  type Keypairs struct {
  36  	sync.RWMutex
  37  	current  *Keypair
  38  	previous *Keypair
  39  	next     atomic.Pointer[Keypair]
  40  }
  41  
  42  func (kp *Keypairs) Current() *Keypair {
  43  	kp.RLock()
  44  	defer kp.RUnlock()
  45  	return kp.current
  46  }
  47  
  48  func (device *Device) DeleteKeypair(key *Keypair) {
  49  	if key != nil {
  50  		device.indexTable.Delete(key.localIndex)
  51  	}
  52  }
  53