[WireGuard] stricter inputs for wg genkey, genpsk, and pubkey

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jul 6 00:45:46 CEST 2016


On Sun 2016-07-03 13:48:52 -0400, Jason A. Donenfeld wrote:
>> + memcpy(private_key_normalized, private_key, sizeof(private_key_normalized));
>> + curve25519_normalize_secret(private_key_normalized);
>> + if (memcmp(private_key_normalized, private_key, sizeof(private_key_normalized))) {
>> + fprintf(stderr, "%s %s: private key was not in normalized form\n", PROG_NAME, argv[0]);
>> + return 1;
>> + }
>
> Do you have a justification for requiring normalized form?
> curve25519-donna doesn't care either way.

My justification was to ensure that the data "wg pubkey" received was as
close as possible to the data emitted by "wg genkey" -- genkey emits
normalized form, so i was following that form.  it makes it slightly
less likely to blindly accept some non-randomly-generated base64-encoded
256-bit string.

happy to go either way on this,

        --dkg


More information about the WireGuard mailing list