Re: [PATCH 1/2] peer: add wg_peer_reset_keys

[Derrick Lyndon Pallas]

Triffid, have you had a chance to test?

Jason, did you have any more thoughts? (You've clearly been busy given 
all the recent announcements!) This is the second version, which 
required a rebase but the code remained the same after verifying that 
the process did not change at all.

Thanks, ~Derrick


On 3/13/19 11:47 PM, Triffid Hunter wrote:
This sounds interesting, as I often get long (10-30 minute) stalls 
where wg is doing nothing but throwing keys back and forth. I'll let 
you know if it helps when I have a chance to test properly.

On Thu, 14 Mar 2019 at 06:44, <derr...@pallas.us 
<mailto:derr...@pallas.us>> wrote:

    From: Derrick Pallas <derr...@pallas.us <mailto:derr...@pallas.us>>

    This function will clear the key state for the peer and reset its
    handshake
    timer.  This is useful, for instance, if it is known that the
    current key
    material is bad.  Currently, this happens when the private key is
    changed.

    Signed-off-by: Derrick Pallas <derr...@pallas.us
    <mailto:derr...@pallas.us>>
    ---
     src/peer.c | 14 ++++++++++++++
     src/peer.h |  1 +
     2 files changed, 15 insertions(+)

    diff --git a/src/peer.c b/src/peer.c
    index 996f40b..be244a4 100644
    --- a/src/peer.c
    +++ b/src/peer.c
    @@ -160,6 +160,20 @@ static void peer_remove_after_dead(struct
    wg_peer *peer)
            wg_peer_put(peer);
     }

    +void wg_peer_reset_keys(struct wg_peer *peer)
    +{
    +       if (unlikely(!peer))
    +               return;
    +  lockdep_assert_held(&peer->device->device_update_lock);
    +
    +       wg_noise_handshake_clear(&peer->handshake);
    +       wg_noise_keypairs_clear(&peer->keypairs);
    +       wg_cookie_checker_precompute_peer_keys(peer);
    +       atomic64_set(&peer->last_sent_handshake,
    +               ktime_get_boot_fast_ns() -
    +                       (u64)(REKEY_TIMEOUT + 1) * NSEC_PER_SEC);
    +}
    +
     /* We have a separate "remove" function make sure that all active
    places where
      * a peer is currently operating will eventually come to an end
    and not pass
      * their reference onto another context.
    diff --git a/src/peer.h b/src/peer.h
    index 23af409..f85817f 100644
    --- a/src/peer.h
    +++ b/src/peer.h
    @@ -79,5 +79,6 @@ static inline struct wg_peer *wg_peer_get(struct
    wg_peer *peer)
     void wg_peer_put(struct wg_peer *peer);
     void wg_peer_remove(struct wg_peer *peer);
     void wg_peer_remove_all(struct wg_device *wg);
    +void wg_peer_reset_keys(struct wg_peer *peer);

     #endif /* _WG_PEER_H */
    -- 
    2.19.2

    _______________________________________________
    WireGuard mailing list
    WireGuard@lists.zx2c4.com <mailto:WireGuard@lists.zx2c4.com>
    https://lists.zx2c4.com/mailman/listinfo/wireguard

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard