aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorflu0r1ne <flu0r1ne@flu0r1ne.net>2023-08-27 04:17:54 -0500
committerflu0r1ne <flu0r1ne@flu0r1ne.net>2023-08-27 15:35:13 -0500
commit7605b2ab5ea2cdd619fafbe5eea981f689865676 (patch)
tree1bcd75bfe08fd60fed60a6f2f558ccfa2f8c4a30
parent0e8737b3afe1dc5410b45761b7c9e38e022292f6 (diff)
downloadwg2nd-7605b2ab5ea2cdd619fafbe5eea981f689865676.tar.xz
wg2nd-7605b2ab5ea2cdd619fafbe5eea981f689865676.zip
Encode key in base32 to exclude the Unix path sep
-rw-r--r--src/crypto/curve25519.c4
-rw-r--r--src/crypto/pubkey.c50
-rw-r--r--src/crypto/pubkey.hpp7
-rw-r--r--src/wg2nd.cpp21
4 files changed, 73 insertions, 9 deletions
diff --git a/src/crypto/curve25519.c b/src/crypto/curve25519.c
index 7121d1e..2f6f5d6 100644
--- a/src/crypto/curve25519.c
+++ b/src/crypto/curve25519.c
@@ -79,7 +79,9 @@ static noinline void memzero_explicit(void *s, size_t count)
asm volatile("": :"r"(s) : "memory");
}
-#ifdef __SIZEOF_INT128__
+#ifdef __EMSCRIPTEN__
+#include "curve25519-fiat32.h"
+#elif __SIZEOF_INT128__
#include "curve25519-hacl64.h"
#else
#include "curve25519-fiat32.h"
diff --git a/src/crypto/pubkey.c b/src/crypto/pubkey.c
index 1224b07..f43dbfc 100644
--- a/src/crypto/pubkey.c
+++ b/src/crypto/pubkey.c
@@ -1,9 +1,43 @@
#include "curve25519.h"
#include "encoding.h"
-int wg_pubkey_base64(char const * privkey, char * base64) {
+#define WG_KEY_LEN_BASE32 (((WG_KEY_LEN + 4) / 5) * 8 + 1)
+#define WG_KEY_LEN_BASE64 ((((WG_KEY_LEN) + 2) / 3) * 4 + 1)
+
+static inline void encode_base32(char dest[static 8], const uint8_t src[static 5]) {
+ const uint8_t input[] = {
+ src[0] >> 3,
+ ((src[0] & 0x07) << 2) | (src[1] >> 6),
+ (src[1] & 0x3F) >> 1,
+ ((src[1] & 0x01) << 4) | (src[2] >> 4),
+ ((src[2] & 0x0F) << 1) | (src[3] >> 7),
+ (src[3] & 0x7F) >> 2,
+ ((src[3] & 0x03) << 3) | (src[4] >> 5),
+ src[4] & 0x1F
+ };
+
+ for(unsigned int i = 0; i < 8; i++)
+ dest[i] = 'A' + input[i] - (((25 - input[i]) >> 8) & 41);
+}
+
+void key_to_base32(char base32[static WG_KEY_LEN_BASE32], const uint8_t key[static WG_KEY_LEN])
+{
+ unsigned int i;
+
+ for (i = 0; i < WG_KEY_LEN / 5; ++i)
+ encode_base32(&base32[i * 8], &key[i * 5]);
+ encode_base32(&base32[i * 8], (const uint8_t[]){ key[i * 5 + 0], key[i * 5 + 1], 0, 0, 0 });
+ base32[WG_KEY_LEN_BASE32 - 5] = '=';
+ base32[WG_KEY_LEN_BASE32 - 4] = '=';
+ base32[WG_KEY_LEN_BASE32 - 3] = '=';
+ base32[WG_KEY_LEN_BASE32 - 2] = '=';
+ base32[WG_KEY_LEN_BASE32 - 1] = '\0';
+}
+
+int wg_pubkey_base32(char const * privkey, char * base32) {
uint8_t key[WG_KEY_LEN] __attribute((aligned(sizeof(uintptr_t))));
+ char base64[WG_KEY_LEN_BASE64];
int i;
for(i = 0; privkey[i] && i < WG_KEY_LEN_BASE64 - 1; i++)
@@ -21,7 +55,19 @@ int wg_pubkey_base64(char const * privkey, char * base64) {
curve25519_generate_public(key, key);
- key_to_base64(base64, key);
+ key_to_base32(base32, key);
+
+ return 0;
+}
+
+int wg_key_convert_base32(char const * base64, char * base32) {
+ uint8_t key[WG_KEY_LEN] __attribute((aligned(sizeof(uintptr_t))));
+
+ if(!key_from_base64(key, base64)) {
+ return 1;
+ }
+
+ key_to_base32(base32, key);
return 0;
}
diff --git a/src/crypto/pubkey.hpp b/src/crypto/pubkey.hpp
index 8596431..cb1f794 100644
--- a/src/crypto/pubkey.hpp
+++ b/src/crypto/pubkey.hpp
@@ -5,18 +5,21 @@ extern "C" {
#endif
#define WG_KEY_LEN_BASE64 ((((WG_KEY_LEN) + 2) / 3) * 4 + 1)
+#define WG_KEY_LEN_BASE32 (((WG_KEY_LEN + 4) / 5) * 8 + 1)
/*
* wg_pubkey_base64 is a C++-compatible wrapper for the curve25519 public-key
* derivation routines used natively in `wg(8)`
*
* PRIVKEY: a c-style string containing the base64-encoded private key
- * BASE64: a c-style string of capacity WG_KEY_LEN_BASE64 containing the
+ * BASE32: a c-style string of capacity WG_KEY_LEN_BASE64 containing the
* encoded public key
*
* returns: 0 on success
* > 0 when an error occurs (due to improper key formatting)
*/
-int wg_pubkey_base64(char const * privkey, char * base64);
+int wg_pubkey_base32(char const * privkey, char * base32);
+
+int wg_key_convert_base32(char const * base64, char * base32);
}
diff --git a/src/wg2nd.cpp b/src/wg2nd.cpp
index cbe3c29..9397a0b 100644
--- a/src/wg2nd.cpp
+++ b/src/wg2nd.cpp
@@ -25,11 +25,11 @@ constexpr char const * SYMMETRIC_KEY_SUFFIX = ".symkey";
namespace wg2nd {
std::string private_keyfile_name(std::string const & priv_key) {
- char pub_key[WG_KEY_LEN_BASE64];
+ char pub_key[WG_KEY_LEN_BASE32];
// Derive public key
- if(wg_pubkey_base64(priv_key.c_str(), pub_key)) {
- throw ParsingException("Private key is formatted improperly");
+ if(wg_pubkey_base32(priv_key.c_str(), pub_key)) {
+ throw ParsingException("Private key is formatted improperly");
}
std::string keyfile_name { pub_key };
@@ -38,6 +38,19 @@ namespace wg2nd {
return keyfile_name;
}
+ std::string public_keyfile_name(std::string const & pub_key) {
+ char pub_key32[WG_KEY_LEN_BASE32];
+
+ if(wg_key_convert_base32(pub_key.c_str(), pub_key32)) {
+ throw ParsingException("Public key for [Peer] " + pub_key + " is formatted improperly");
+ }
+
+ std::string keyfile_name { pub_key32 };
+ keyfile_name.append(SYMMETRIC_KEY_SUFFIX);
+
+ return keyfile_name;
+ }
+
uint32_t deterministic_fwmark(std::string const & interface_name) {
constexpr uint8_t const SIP_KEY[8] = {
0x90, 0x08, 0x82, 0xd7,
@@ -409,7 +422,7 @@ namespace wg2nd {
}
if(!peer.preshared_key.empty()) {
- std::string filename = peer.public_key + SYMMETRIC_KEY_SUFFIX;
+ std::string filename = public_keyfile_name(peer.public_key);
symmetric_keyfiles.push_back(SystemdFilespec {
.name = filename,