Added last_minute_handshake_guard

- Added last_minute_handshake_guard and reverted keypair changes.
- Added comment explaining the state of Go in releation to handling
  cryptographic state in memory.
- Decreased logging level of netsh test

1 files changed, 8 insertions, 28 deletions

diff --git a/src/keypair.go b/src/keypair.go
index 644d040..7e5297b 100644
--- a/src/keypair.go
+++ b/src/keypair.go
@@ -2,38 +2,20 @@ package main
 
 import (
 	"crypto/cipher"
-	"golang.org/x/crypto/chacha20poly1305"
-	"reflect"
 	"sync"
 	"time"
 )
 
-type safeAEAD struct {
-	mutex sync.RWMutex
-	aead  cipher.AEAD
-}
-
-func (con *safeAEAD) clear() {
-	// TODO: improve handling of key material
-	con.mutex.Lock()
-	if con.aead != nil {
-		val := reflect.ValueOf(con.aead)
-		elm := val.Elem()
-		typ := elm.Type()
-		elm.Set(reflect.Zero(typ))
-		con.aead = nil
-	}
-	con.mutex.Unlock()
-}
-
-func (con *safeAEAD) setKey(key *[chacha20poly1305.KeySize]byte) {
-	// TODO: improve handling of key material
-	con.aead, _ = chacha20poly1305.New(key[:])
-}
+/* Due to limitations in Go and /x/crypto there is currently
+ * no way to ensure that key material is securely ereased in memory.
+ *
+ * Since this may harm the forward secrecy property,
+ * we plan to resolve this issue; whenever Go allows us to do so.
+ */
 
 type KeyPair struct {
-	send         safeAEAD
-	receive      safeAEAD
+	send         cipher.AEAD
+	receive      cipher.AEAD
 	replayFilter ReplayFilter
 	sendNonce    uint64
 	isInitiator  bool
@@ -56,7 +38,5 @@ func (kp *KeyPairs) Current() *KeyPair {
 }
 
 func (device *Device) DeleteKeyPair(key *KeyPair) {
-	key.send.clear()
-	key.receive.clear()
 	device.indices.Delete(key.localIndex)
 }