summaryrefslogtreecommitdiffhomepage
path: root/src/keypair.go
diff options
context:
space:
mode:
Diffstat (limited to 'src/keypair.go')
-rw-r--r--src/keypair.go36
1 files changed, 8 insertions, 28 deletions
diff --git a/src/keypair.go b/src/keypair.go
index 644d040..7e5297b 100644
--- a/src/keypair.go
+++ b/src/keypair.go
@@ -2,38 +2,20 @@ package main
import (
"crypto/cipher"
- "golang.org/x/crypto/chacha20poly1305"
- "reflect"
"sync"
"time"
)
-type safeAEAD struct {
- mutex sync.RWMutex
- aead cipher.AEAD
-}
-
-func (con *safeAEAD) clear() {
- // TODO: improve handling of key material
- con.mutex.Lock()
- if con.aead != nil {
- val := reflect.ValueOf(con.aead)
- elm := val.Elem()
- typ := elm.Type()
- elm.Set(reflect.Zero(typ))
- con.aead = nil
- }
- con.mutex.Unlock()
-}
-
-func (con *safeAEAD) setKey(key *[chacha20poly1305.KeySize]byte) {
- // TODO: improve handling of key material
- con.aead, _ = chacha20poly1305.New(key[:])
-}
+/* Due to limitations in Go and /x/crypto there is currently
+ * no way to ensure that key material is securely ereased in memory.
+ *
+ * Since this may harm the forward secrecy property,
+ * we plan to resolve this issue; whenever Go allows us to do so.
+ */
type KeyPair struct {
- send safeAEAD
- receive safeAEAD
+ send cipher.AEAD
+ receive cipher.AEAD
replayFilter ReplayFilter
sendNonce uint64
isInitiator bool
@@ -56,7 +38,5 @@ func (kp *KeyPairs) Current() *KeyPair {
}
func (device *Device) DeleteKeyPair(key *KeyPair) {
- key.send.clear()
- key.receive.clear()
device.indices.Delete(key.localIndex)
}