noise: immediately rekey all peers after changing device private key

Reported-by: Derrick Pallas <derrick@pallas.us>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/src/noise.c b/src/noise.c
index a8f86df..57f749c 100644
--- a/src/noise.c
+++ b/src/noise.c
@@ -183,6 +183,25 @@ void wg_noise_keypairs_clear(struct noise_keypairs *keypairs)
 	spin_unlock_bh(&keypairs->keypair_update_lock);
 }
 
+void wg_noise_expire_current_peer_keypairs(struct wg_peer *peer)
+{
+	struct noise_keypair *keypair;
+
+	wg_noise_handshake_clear(&peer->handshake);
+	wg_noise_reset_last_sent_handshake(&peer->last_sent_handshake);
+
+	spin_lock_bh(&peer->keypairs.keypair_update_lock);
+	keypair = rcu_dereference_protected(peer->keypairs.next_keypair,
+			lockdep_is_held(&peer->keypairs.keypair_update_lock));
+	if (keypair)
+		keypair->sending.is_valid = false;
+	keypair = rcu_dereference_protected(peer->keypairs.current_keypair,
+			lockdep_is_held(&peer->keypairs.keypair_update_lock));
+	if (keypair)
+		keypair->sending.is_valid = false;
+	spin_unlock_bh(&peer->keypairs.keypair_update_lock);
+}
+
 static void add_new_keypair(struct noise_keypairs *keypairs,
 			    struct noise_keypair *new_keypair)
 {