Standardized IPv6 ULA from PublicKey
Derrick Lyndon Pallas
derrick at pallas.us
Sun Jun 28 17:19:01 CEST 2020
I've been using something similar for ORCHIDv2-ish addressing, q.v. [1].
from base64 import b64decode
from hashlib import shake_128
from ipaddress import IPv6Network
public_key = b64decode(...)
secret = "somesecret".encode('utf-8')
network = IPv6Network("2001:20::/28")
hash = shake_128(secret + public_key).digest(network.max_prefixlen//8)
mask = int.from_bytes(network.hostmask.packed, byteorder='big')
host = int.from_bytes(hash, byteorder='big')
addr = network[host & mask]
The use of secret is optional but allows one to mix the addresses based
on a shared secret. Substituting the link local range for the ORCHIDv2
range above should produce results similar to what you're getting. One
thing to note, it's worth checking to see if the algorithm generates the
network or broadcast addresses and either failing or shifting. (I'm
considering adding a +1 or -1 based on whether we hit said address to
the above; the real code just asserts right now.)
~Derrick
[1]
https://github.com/pallas/wgnlpy/commit/5c1f4bf876b39bad29135370e5f297e305dab840
On 6/28/20 3:15 AM, Arti Zirk wrote:
> On L, 2020-06-27 at 17:43 -0400, Reid Rankin wrote:
>> Luckily, Blake2s is a simple and elegant algorithm, and in an effort
>> to get some working code out there I've [implemented][1] it in ~100
>> lines of Bash script.
> It turns out that Python includes blake2s implementation that seems to
> work with default arguments. So it's possible to implement this IPv6
> address calculation algorithm in 7 lines.
>
> https://gist.github.com/artizirk/c91e4f8c237dec07e3ad1b286f1855a7
>
More information about the WireGuard
mailing list