[WireGuard] Session Key Extraction & Request for Dissector

Jason A. Donenfeld Jason at zx2c4.com
Thu Aug 25 00:40:16 CEST 2016

Hi folks,

WireGuard symmetric encryption keys are ephemeral, changing quite
frequently to ensure perfect forward secrecy. However, some folks
would like to be able to decrypt WireGuard packets inside of tcpdump
or WireGuard. I didn't want to compromise the integrity of the
ephemeral nature of the session keys by exposing them directly to
userspace, in any direct way at all, so instead I wrote a quick tool
that uses /dev/kmem to extract the session keys:


    # cd contrib/examples/extract-keys
    # make
    # ./extract-keys wg0
    0x57b56068 tMT...a1rQ= xvQ...KmY=
    0x01662508 LbM...osTs= 4VA...OYI=

The first value is the index, which should match against the index in
the transport packet. Then, the first key is the key used for sending,
and the second key is the key used for receiving. The ciphertext will
decrypt with standard ChaCha20Poly1305, and if you take a look at
wireguard.io/protocol/ you'll see that the nonce is prepended.

In my testing, this method turns out to be quite reliable.

I'm wondering: would anybody be interested in writing a wireshark
dissector to WireGuard packets? You can use the extract-keys/ code as
a jumping off point.


More information about the WireGuard mailing list