device: immediately rekey all peers after changing device private key

Reported-by: Derrick Pallas <derrick@pallas.us>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-07-11 17:36:36 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-07-11 17:37:35 +0200
commit: a961aacc9f4dff9e617197c6433f8c9628928132 (patch)
tree: 7c1c0ed0ad713700e63776976d12ba9af8357f59 /device/peer.go
parent: b0cf53b0787f63c643c7fe009527b5f4af1bd1e1 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/device/peer.go b/device/peer.go
index 4e7f2da..256e4f5 100644
--- a/device/peer.go
+++ b/device/peer.go
@@ -232,6 +232,25 @@ func (peer *Peer) ZeroAndFlushAll() {
 	peer.FlushNonceQueue()
 }
 
+func (peer *Peer) ExpireCurrentKeypairs() {
+	handshake := &peer.handshake
+	handshake.mutex.Lock()
+	peer.device.indexTable.Delete(handshake.localIndex)
+	handshake.Clear()
+	handshake.mutex.Unlock()
+	peer.handshake.lastSentHandshake = time.Now().Add(-(RekeyTimeout + time.Second))
+
+	keypairs := &peer.keypairs
+	keypairs.Lock()
+	if keypairs.current != nil {
+		keypairs.current.sendNonce = RejectAfterMessages
+	}
+	if keypairs.next != nil {
+		keypairs.next.sendNonce = RejectAfterMessages
+	}
+	keypairs.Unlock()
+}
+
 func (peer *Peer) Stop() {
 
 	// prevent simultaneous start/stop operations
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-07-11 17:36:36 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-07-11 17:37:35 +0200
commit	a961aacc9f4dff9e617197c6433f8c9628928132 (patch)
tree	7c1c0ed0ad713700e63776976d12ba9af8357f59 /device/peer.go
parent	b0cf53b0787f63c643c7fe009527b5f4af1bd1e1 (diff)