wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/2] peer: add wg_peer_reset_keys
@ 2019-03-13 22:46 derrick
  2019-03-13 22:46 ` [PATCH 2/2] netdev: reset peer keys when changing private key derrick
  2019-03-14  6:47 ` [PATCH 1/2] peer: add wg_peer_reset_keys Triffid Hunter
  0 siblings, 2 replies; 8+ messages in thread
From: derrick @ 2019-03-13 22:46 UTC (permalink / raw)
  To: wireguard

From: Derrick Pallas <derrick@pallas.us>

This function will clear the key state for the peer and reset its handshake
timer.  This is useful, for instance, if it is known that the current key
material is bad.  Currently, this happens when the private key is changed.

Signed-off-by: Derrick Pallas <derrick@pallas.us>
---
 src/peer.c | 14 ++++++++++++++
 src/peer.h |  1 +
 2 files changed, 15 insertions(+)

diff --git a/src/peer.c b/src/peer.c
index 996f40b..be244a4 100644
--- a/src/peer.c
+++ b/src/peer.c
@@ -160,6 +160,20 @@ static void peer_remove_after_dead(struct wg_peer *peer)
 	wg_peer_put(peer);
 }
 
+void wg_peer_reset_keys(struct wg_peer *peer)
+{
+	if (unlikely(!peer))
+		return;
+	lockdep_assert_held(&peer->device->device_update_lock);
+
+	wg_noise_handshake_clear(&peer->handshake);
+	wg_noise_keypairs_clear(&peer->keypairs);
+	wg_cookie_checker_precompute_peer_keys(peer);
+	atomic64_set(&peer->last_sent_handshake,
+		ktime_get_boot_fast_ns() -
+			(u64)(REKEY_TIMEOUT + 1) * NSEC_PER_SEC);
+}
+
 /* We have a separate "remove" function make sure that all active places where
  * a peer is currently operating will eventually come to an end and not pass
  * their reference onto another context.
diff --git a/src/peer.h b/src/peer.h
index 23af409..f85817f 100644
--- a/src/peer.h
+++ b/src/peer.h
@@ -79,5 +79,6 @@ static inline struct wg_peer *wg_peer_get(struct wg_peer *peer)
 void wg_peer_put(struct wg_peer *peer);
 void wg_peer_remove(struct wg_peer *peer);
 void wg_peer_remove_all(struct wg_device *wg);
+void wg_peer_reset_keys(struct wg_peer *peer);
 
 #endif /* _WG_PEER_H */
-- 
2.19.2

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [PATCH 1/2] peer: add wg_peer_reset_keys
@ 2019-01-25  1:53 Derrick Pallas
  2019-01-25  1:53 ` [PATCH 2/2] netdev: reset peer keys when changing private key Derrick Pallas
  0 siblings, 1 reply; 8+ messages in thread
From: Derrick Pallas @ 2019-01-25  1:53 UTC (permalink / raw)
  To: wireguard

This function will clear the key state for the peer and reset its handshake
timer.  This is useful, for instance, if it is known that the current key
material is bad.  Currently, this happens when the private key is changed.

Signed-off-by: Derrick Pallas <derrick@pallas.us>
---
 src/peer.c | 14 ++++++++++++++
 src/peer.h |  1 +
 2 files changed, 15 insertions(+)

diff --git a/src/peer.c b/src/peer.c
index 020a97b..49af31f 100644
--- a/src/peer.c
+++ b/src/peer.c
@@ -87,6 +87,20 @@ struct wg_peer *wg_peer_get_maybe_zero(struct wg_peer *peer)
 	return peer;
 }
 
+void wg_peer_reset_keys(struct wg_peer *peer)
+{
+	if (unlikely(!peer))
+		return;
+	lockdep_assert_held(&peer->device->device_update_lock);
+
+	wg_noise_handshake_clear(&peer->handshake);
+	wg_noise_keypairs_clear(&peer->keypairs);
+	wg_cookie_checker_precompute_peer_keys(peer);
+	atomic64_set(&peer->last_sent_handshake,
+		ktime_get_boot_fast_ns() -
+			(u64)(REKEY_TIMEOUT + 1) * NSEC_PER_SEC);
+}
+
 /* We have a separate "remove" function make sure that all active places where
  * a peer is currently operating will eventually come to an end and not pass
  * their reference onto another context.
diff --git a/src/peer.h b/src/peer.h
index 2e04262..3800e6f 100644
--- a/src/peer.h
+++ b/src/peer.h
@@ -78,5 +78,6 @@ static inline struct wg_peer *wg_peer_get(struct wg_peer *peer)
 void wg_peer_put(struct wg_peer *peer);
 void wg_peer_remove(struct wg_peer *peer);
 void wg_peer_remove_all(struct wg_device *wg);
+void wg_peer_reset_keys(struct wg_peer *peer);
 
 #endif /* _WG_PEER_H */
-- 
2.19.2

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-07-15 20:00 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-13 22:46 [PATCH 1/2] peer: add wg_peer_reset_keys derrick
2019-03-13 22:46 ` [PATCH 2/2] netdev: reset peer keys when changing private key derrick
2019-03-14  6:47 ` [PATCH 1/2] peer: add wg_peer_reset_keys Triffid Hunter
2019-04-04 19:20   ` Derrick Lyndon Pallas
  -- strict thread matches above, loose matches on Subject: below --
2019-01-25  1:53 Derrick Pallas
2019-01-25  1:53 ` [PATCH 2/2] netdev: reset peer keys when changing private key Derrick Pallas
2019-07-11 15:37   ` Jason A. Donenfeld
2019-07-15 17:17     ` Derrick Lyndon Pallas
2019-07-15 20:00       ` Jason A. Donenfeld

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).