device: immediately rekey all peers after changing device private key

Reported-by: Derrick Pallas <derrick@pallas.us>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2019-07-11 17:36:36 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2019-07-11 17:37:35 +0200
commit: a961aacc9f4dff9e617197c6433f8c9628928132 (patch)
tree: 7c1c0ed0ad713700e63776976d12ba9af8357f59 /device/device.go
parent: b0cf53b0787f63c643c7fe009527b5f4af1bd1e1 (diff)
download: wireguard-go-a961aacc9f4dff9e617197c6433f8c9628928132.tar.gz
wireguard-go-a961aacc9f4dff9e617197c6433f8c9628928132.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/device/device.go b/device/device.go
index a583fa9..ab5e4b0 100644
--- a/device/device.go
+++ b/device/device.go
@@ -207,6 +207,10 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
 	device.staticIdentity.Lock()
 	defer device.staticIdentity.Unlock()
 
+	if sk.Equals(device.staticIdentity.privateKey) {
+		return nil
+	}
+
 	device.peers.Lock()
 	defer device.peers.Unlock()
 
@@ -246,6 +250,8 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error {
 
 		if isZero(handshake.precomputedStaticStatic[:]) {
 			unsafeRemovePeer(device, peer, key)
+		} else {
+			peer.ExpireCurrentKeypairs()
 		}
 	}
author	Jason A. Donenfeld <Jason@zx2c4.com>	2019-07-11 17:36:36 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2019-07-11 17:37:35 +0200
commit	a961aacc9f4dff9e617197c6433f8c9628928132 (patch)
tree	7c1c0ed0ad713700e63776976d12ba9af8357f59 /device/device.go
parent	b0cf53b0787f63c643c7fe009527b5f4af1bd1e1 (diff)
download	wireguard-go-a961aacc9f4dff9e617197c6433f8c9628928132.tar.gz wireguard-go-a961aacc9f4dff9e617197c6433f8c9628928132.zip