From 2520c2445ef770d52f0fdf6ea39399574ecad228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20D=C3=B6lling?= Date: Fri, 6 Aug 2021 13:56:42 +0200 Subject: [PATCH] The handshake must also be deleted during a timer reset. Compare wg_queued_expired_zero_key_material in the file https://git.zx2c4.com/wireguard-linux/tree/drivers/net/wireguard/timers.c --- src/wireguard.c | 10 ++++++++++ src/wireguardif.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/wireguard.c b/src/wireguard.c index a04c4e5..ca86e9b 100644 --- a/src/wireguard.c +++ b/src/wireguard.c @@ -444,6 +444,16 @@ bool wireguard_check_mac2(struct wireguard_device *device, const uint8_t *data, return result; } +void handshake_destroy(struct wireguard_handshake *handshake) { + crypto_zero(handshake->ephemeral_private, WIREGUARD_PUBLIC_KEY_LEN); + crypto_zero(handshake->remote_ephemeral, WIREGUARD_PUBLIC_KEY_LEN); + crypto_zero(handshake->hash, WIREGUARD_HASH_LEN); + crypto_zero(handshake->chaining_key, WIREGUARD_HASH_LEN); + handshake->remote_index = 0; + handshake->local_index = 0; + handshake->valid = false; +} + void keypair_destroy(struct wireguard_keypair *keypair) { crypto_zero(keypair, sizeof(struct wireguard_keypair)); keypair->valid = false; diff --git a/src/wireguardif.c b/src/wireguardif.c index 2a58bdc..91b6717 100644 --- a/src/wireguardif.c +++ b/src/wireguardif.c @@ -863,7 +863,7 @@ static void wireguardif_tmr(void *arg) { keypair_destroy(&peer->next_keypair); keypair_destroy(&peer->curr_keypair); keypair_destroy(&peer->prev_keypair); - // TODO: Also destroy handshake? + handshake_destroy(&peer->handshake); // Revert back to default IP/port if these were altered peer->ip = peer->connect_ip;