From 47a21c8bb08c84d5f84e66ffd3b81ded957dda6d Mon Sep 17 00:00:00 2001 From: Mathias Hall-Andersen Date: Wed, 20 Sep 2017 09:26:08 +0200 Subject: Added last_minute_handshake_guard - Added last_minute_handshake_guard and reverted keypair changes. - Added comment explaining the state of Go in releation to handling cryptographic state in memory. - Decreased logging level of netsh test --- src/noise_protocol.go | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) (limited to 'src/noise_protocol.go') diff --git a/src/noise_protocol.go b/src/noise_protocol.go index a50e3dc..9e5fdd8 100644 --- a/src/noise_protocol.go +++ b/src/noise_protocol.go @@ -502,8 +502,8 @@ func (peer *Peer) NewKeyPair() *KeyPair { // create AEAD instances keyPair := new(KeyPair) - keyPair.send.setKey(&sendKey) - keyPair.receive.setKey(&recvKey) + keyPair.send, _ = chacha20poly1305.New(sendKey[:]) + keyPair.receive, _ = chacha20poly1305.New(recvKey[:]) setZero(sendKey[:]) setZero(recvKey[:]) @@ -530,30 +530,29 @@ func (peer *Peer) NewKeyPair() *KeyPair { // rotate key pairs kp := &peer.keyPairs - func() { - kp.mutex.Lock() - defer kp.mutex.Unlock() - // TODO: Adapt kernel behavior noise.c:161 - if isInitiator { - if kp.previous != nil { - device.DeleteKeyPair(kp.previous) - kp.previous = nil - } - - if kp.next != nil { - kp.previous = kp.next - kp.next = keyPair - } else { - kp.previous = kp.current - kp.current = keyPair - signalSend(peer.signal.newKeyPair) // TODO: This more places (after confirming the key) - } + kp.mutex.Lock() - } else { + // TODO: Adapt kernel behavior noise.c:161 + if isInitiator { + if kp.previous != nil { + device.DeleteKeyPair(kp.previous) + kp.previous = nil + } + + if kp.next != nil { + kp.previous = kp.next kp.next = keyPair - kp.previous = nil // TODO: Discuss why + } else { + kp.previous = kp.current + kp.current = keyPair + signalSend(peer.signal.newKeyPair) // TODO: This more places (after confirming the key) } - }() + + } else { + kp.next = keyPair + kp.previous = nil + } + kp.mutex.Unlock() return keyPair } -- cgit v1.2.3