hsh.Reset()
}
+func (h *Handshake) Clear() {
+ setZero(h.localEphemeral[:])
+ setZero(h.remoteEphemeral[:])
+ setZero(h.chainKey[:])
+ setZero(h.hash[:])
+ h.localIndex = 0
+ h.state = HandshakeZeroed
+}
+
func (h *Handshake) mixHash(data []byte) {
mixHash(&h.hash, &h.hash, data)
}
func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error) {
- device.noise.mutex.Lock()
- defer device.noise.mutex.Unlock()
+ device.noise.mutex.RLock()
+ defer device.noise.mutex.RUnlock()
handshake := &peer.handshake
handshake.mutex.Lock()
ok := func() bool {
- // read lock handshake
+ // lock handshake state
handshake.mutex.RLock()
defer handshake.mutex.RUnlock()
return false
}
+ // lock private key for reading
+
+ device.noise.mutex.RLock()
+ defer device.noise.mutex.RUnlock()
+
// finish 3-way DH
mixHash(&hash, &handshake.hash, msg.Ephemeral[:])
)
mixHash(&hash, &hash, tau[:])
- // authenticate
+ // authenticate transcript
aead, _ := chacha20poly1305.New(key[:])
_, err := aead.Open(nil, ZeroNonce[:], msg.Empty[:], hash[:])
// state related to WireGuard timers
- keepalivePersistent Timer // set for persistent keepalives
- keepalivePassive Timer // set upon recieving messages
+ keepalivePersistent Timer // set for persistent keep-alive
+ keepalivePassive Timer // set upon receiving messages
zeroAllKeys Timer // zero all key material
handshakeNew Timer // begin a new handshake (stale)
handshakeDeadline Timer // complete handshake timeout
mutex deadlock.Mutex // held when stopping / starting routines
starting sync.WaitGroup // routines pending start
stopping sync.WaitGroup // routines pending stop
- stop Signal // size 0, stop all goroutines in peer
+ stop Signal // size 0, stop all go-routines in peer
}
mac CookieGenerator
}
device.peers.keyMap[pk] = peer
- // precompute DH
+ // pre-compute DH
handshake := &peer.handshake
handshake.mutex.Lock()
func (peer *Peer) Start() {
+ // should never start a peer on a closed device
+
if peer.device.isClosed.Get() {
return
}
+ // prevent simultaneous start/stop operations
+
peer.routines.mutex.Lock()
defer peer.routines.mutex.Unlock()
-
peer.device.log.Debug.Println("Starting:", peer.String())
- // stop & wait for ungoing routines (if any)
+ // stop & wait for ongoing routines (if any)
peer.isRunning.Set(false)
peer.routines.stop.Broadcast()
func (peer *Peer) Stop() {
+ // prevent simultaneous start/stop operations
+
peer.routines.mutex.Lock()
defer peer.routines.mutex.Unlock()
- peer.device.log.Debug.Println("Stopping:", peer.String())
+ device := peer.device
+ device.log.Debug.Println("Stopping:", peer.String())
- // stop & wait for ungoing routines (if any)
+ // stop & wait for ongoing peer routines (if any)
peer.routines.stop.Broadcast()
peer.routines.starting.Wait()
close(peer.queue.outbound)
close(peer.queue.inbound)
+ // clear key pairs
+
+ kp := &peer.keyPairs
+ kp.mutex.Lock()
+
+ device.DeleteKeyPair(kp.previous)
+ device.DeleteKeyPair(kp.current)
+ device.DeleteKeyPair(kp.next)
+
+ kp.previous = nil
+ kp.current = nil
+ kp.next = nil
+ kp.mutex.Unlock()
+
+ // clear handshake state
+
+ hs := &peer.handshake
+ hs.mutex.Lock()
+ device.indices.Delete(hs.localIndex)
+ hs.Clear()
+ hs.mutex.Unlock()
+
// reset signal (to handle repeated stopping)
peer.routines.stop = NewSignal()
projects / thirdparty / wireguard-go.git / commitdiff
