netlink: maintain static_identity lock over entire private key update

We don't want the local private key to not correspond with a precomputed
ss or precomputed cookie hash at any intermediate point.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 2 insertions, 4 deletions

diff --git a/src/noise.c b/src/noise.c
index bab8e7c..b70504f 100644
--- a/src/noise.c
+++ b/src/noise.c
@@ -42,17 +42,16 @@ void __init noise_init(void)
 	blake2s_final(&blake, handshake_init_hash, NOISE_HASH_LEN);
 }
 
+/* Must hold peer->handshake.static_identity->lock */
 bool noise_precompute_static_static(struct wireguard_peer *peer)
 {
 	bool ret = true;
-	down_read(&peer->handshake.static_identity->lock);
 	down_write(&peer->handshake.lock);
 	if (peer->handshake.static_identity->has_identity)
 		ret = curve25519(peer->handshake.precomputed_static_static, peer->handshake.static_identity->static_private, peer->handshake.remote_static);
 	else
 		memset(peer->handshake.precomputed_static_static, 0, NOISE_PUBLIC_KEY_LEN);
 	up_write(&peer->handshake.lock);
-	up_read(&peer->handshake.static_identity->lock);
 	return ret;
 }
 
@@ -227,12 +226,11 @@ bool noise_received_with_keypair(struct noise_keypairs *keypairs, struct noise_k
 	return true;
 }
 
+/* Must hold static_identity->lock */
 void noise_set_static_identity_private_key(struct noise_static_identity *static_identity, const u8 private_key[NOISE_PUBLIC_KEY_LEN])
 {
-	down_write(&static_identity->lock);
 	memcpy(static_identity->static_private, private_key, NOISE_PUBLIC_KEY_LEN);
 	static_identity->has_identity = curve25519_generate_public(static_identity->static_public, private_key);
-	up_write(&static_identity->lock);
 }
 
 /* This is Hugo Krawczyk's HKDF: