global: begin modularization

author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-03-03 04:04:41 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-03-03 05:00:40 +0100
commit: 69f0fe67b63d90e523a5a1241fb1b46c2e8dbe03 (patch)
tree: 1ef86da3242afde462dcadb7241bb09f499d5bd7 /device/keypair.go
parent: d435be35cac49af9367b2005d831d55e570c4b1b (diff)
1 files changed, 50 insertions, 0 deletions
diff --git a/device/keypair.go b/device/keypair.go
new file mode 100644
index 0000000..a9fbfce
--- /dev/null
+++ b/device/keypair.go
@@ -0,0 +1,50 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package device
+
+import (
+	"crypto/cipher"
+	"golang.zx2c4.com/wireguard/replay"
+	"sync"
+	"time"
+)
+
+/* Due to limitations in Go and /x/crypto there is currently
+ * no way to ensure that key material is securely ereased in memory.
+ *
+ * Since this may harm the forward secrecy property,
+ * we plan to resolve this issue; whenever Go allows us to do so.
+ */
+
+type Keypair struct {
+	sendNonce    uint64
+	send         cipher.AEAD
+	receive      cipher.AEAD
+	replayFilter replay.ReplayFilter
+	isInitiator  bool
+	created      time.Time
+	localIndex   uint32
+	remoteIndex  uint32
+}
+
+type Keypairs struct {
+	sync.RWMutex
+	current  *Keypair
+	previous *Keypair
+	next     *Keypair
+}
+
+func (kp *Keypairs) Current() *Keypair {
+	kp.RLock()
+	defer kp.RUnlock()
+	return kp.current
+}
+
+func (device *Device) DeleteKeypair(key *Keypair) {
+	if key != nil {
+		device.indexTable.Delete(key.localIndex)
+	}
+}
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-03-03 04:04:41 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-03-03 05:00:40 +0100
commit	69f0fe67b63d90e523a5a1241fb1b46c2e8dbe03 (patch)
tree	1ef86da3242afde462dcadb7241bb09f499d5bd7 /device/keypair.go
parent	d435be35cac49af9367b2005d831d55e570c4b1b (diff)