From 361df1f39aef70bb8ad8ab71f68e417685a53792 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 11 Jul 2019 16:34:42 +0200
Subject: noise: immediately rekey all peers after changing device private key

Reported-by: Derrick Pallas <derrick@pallas.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 src/noise.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'src/noise.c')

diff --git a/src/noise.c b/src/noise.c
index a8f86df..57f749c 100644
--- a/src/noise.c
+++ b/src/noise.c
@@ -183,6 +183,25 @@ void wg_noise_keypairs_clear(struct noise_keypairs *keypairs)
 	spin_unlock_bh(&keypairs->keypair_update_lock);
 }
 
+void wg_noise_expire_current_peer_keypairs(struct wg_peer *peer)
+{
+	struct noise_keypair *keypair;
+
+	wg_noise_handshake_clear(&peer->handshake);
+	wg_noise_reset_last_sent_handshake(&peer->last_sent_handshake);
+
+	spin_lock_bh(&peer->keypairs.keypair_update_lock);
+	keypair = rcu_dereference_protected(peer->keypairs.next_keypair,
+			lockdep_is_held(&peer->keypairs.keypair_update_lock));
+	if (keypair)
+		keypair->sending.is_valid = false;
+	keypair = rcu_dereference_protected(peer->keypairs.current_keypair,
+			lockdep_is_held(&peer->keypairs.keypair_update_lock));
+	if (keypair)
+		keypair->sending.is_valid = false;
+	spin_unlock_bh(&peer->keypairs.keypair_update_lock);
+}
+
 static void add_new_keypair(struct noise_keypairs *keypairs,
 			    struct noise_keypair *new_keypair)
 {
-- 
cgit v1.2.3-59-g8ed1b