[PATCH 1/2] peer: add wg_peer_reset_keys

Derrick Pallas derrick at pallas.us
Fri Jan 25 02:53:38 CET 2019


This function will clear the key state for the peer and reset its handshake
timer.  This is useful, for instance, if it is known that the current key
material is bad.  Currently, this happens when the private key is changed.

Signed-off-by: Derrick Pallas <derrick at pallas.us>
---
 src/peer.c | 14 ++++++++++++++
 src/peer.h |  1 +
 2 files changed, 15 insertions(+)

diff --git a/src/peer.c b/src/peer.c
index 020a97b..49af31f 100644
--- a/src/peer.c
+++ b/src/peer.c
@@ -87,6 +87,20 @@ struct wg_peer *wg_peer_get_maybe_zero(struct wg_peer *peer)
 	return peer;
 }
 
+void wg_peer_reset_keys(struct wg_peer *peer)
+{
+	if (unlikely(!peer))
+		return;
+	lockdep_assert_held(&peer->device->device_update_lock);
+
+	wg_noise_handshake_clear(&peer->handshake);
+	wg_noise_keypairs_clear(&peer->keypairs);
+	wg_cookie_checker_precompute_peer_keys(peer);
+	atomic64_set(&peer->last_sent_handshake,
+		ktime_get_boot_fast_ns() -
+			(u64)(REKEY_TIMEOUT + 1) * NSEC_PER_SEC);
+}
+
 /* We have a separate "remove" function make sure that all active places where
  * a peer is currently operating will eventually come to an end and not pass
  * their reference onto another context.
diff --git a/src/peer.h b/src/peer.h
index 2e04262..3800e6f 100644
--- a/src/peer.h
+++ b/src/peer.h
@@ -78,5 +78,6 @@ static inline struct wg_peer *wg_peer_get(struct wg_peer *peer)
 void wg_peer_put(struct wg_peer *peer);
 void wg_peer_remove(struct wg_peer *peer);
 void wg_peer_remove_all(struct wg_device *wg);
+void wg_peer_reset_keys(struct wg_peer *peer);
 
 #endif /* _WG_PEER_H */
-- 
2.19.2



More information about the WireGuard mailing list