OpenBSD kernel implementation

Jason A. Donenfeld Jason at
Wed Dec 12 23:36:11 CET 2018

Hi David,

On Wed, Dec 12, 2018 at 11:35 PM David Gwynne <david at> wrote:
> Did you tie the handshake and data state machines together so you would only have to handle packet crypto operations with a single set of keys? If so, what happens to data packets that are in flight while the handshake is happening? Do you keep the old keys around for a bit to allow operation on them?

Yes. There's a rotation on a fixed amount of state.


More information about the WireGuard mailing list